From ef4577acdd0670895b0b038468b0394665555d55 Mon Sep 17 00:00:00 2001
From: Thomas <gltron3000@gmail.com>
Date: Wed, 20 May 2020 00:59:34 +0200
Subject: [PATCH] Added admin power
---
.../mozen/auth/JwtUserDetailsService.java | 3 +-
.../src/main/java/mozen/auth/WebSecurity.java | 2 +
.../java/mozen/business/IModelManager.java | 1 +
.../java/mozen/business/IUserManager.java | 7 ++-
.../java/mozen/business/ModelManager.java | 8 +++
.../java/mozen/business/ModelRepository.java | 3 +-
.../main/java/mozen/business/UserManager.java | 26 ++++++--
.../java/mozen/business/UserRepository.java | 1 +
mozen/src/main/java/mozen/model/Role.java | 2 +-
mozen/src/main/java/mozen/model/User.java | 5 +-
.../main/java/mozen/utils/DatabaseFiller.java | 32 +++-------
.../main/java/mozen/web/AdminController.java | 20 ------
.../main/java/mozen/web/ModelController.java | 19 +++---
.../main/java/mozen/web/UserController.java | 61 +++++++++++++++++++
14 files changed, 124 insertions(+), 66 deletions(-)
delete mode 100644 mozen/src/main/java/mozen/web/AdminController.java
diff --git a/mozen/src/main/java/mozen/auth/JwtUserDetailsService.java b/mozen/src/main/java/mozen/auth/JwtUserDetailsService.java
index 56e3b53..a4e2503 100644
--- a/mozen/src/main/java/mozen/auth/JwtUserDetailsService.java
+++ b/mozen/src/main/java/mozen/auth/JwtUserDetailsService.java
@@ -37,6 +37,5 @@ public class JwtUserDetailsService implements UserDetailsService {
grantedAuthorities.add(new SimpleGrantedAuthority(user.getRole().toString()));
return new User(user.getUsername(), user.getPassword(), grantedAuthorities);
- }
-
+ }
}
\ No newline at end of file
diff --git a/mozen/src/main/java/mozen/auth/WebSecurity.java b/mozen/src/main/java/mozen/auth/WebSecurity.java
index b220efd..014bb26 100644
--- a/mozen/src/main/java/mozen/auth/WebSecurity.java
+++ b/mozen/src/main/java/mozen/auth/WebSecurity.java
@@ -31,6 +31,8 @@ public class WebSecurity extends WebSecurityConfigurerAdapter{
.antMatchers(HttpMethod.GET, "/search").permitAll()
.antMatchers(HttpMethod.GET, "/models").permitAll()
.antMatchers(HttpMethod.GET, "/models/tags").permitAll()
+ .antMatchers(HttpMethod.GET, "/user/list").hasRole("ADMIN")
+ .antMatchers(HttpMethod.GET, "/model/list").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.addFilter(new JwtAuthenticationFilter(authenticationManager()))
diff --git a/mozen/src/main/java/mozen/business/IModelManager.java b/mozen/src/main/java/mozen/business/IModelManager.java
index f4de25d..b559eb8 100644
--- a/mozen/src/main/java/mozen/business/IModelManager.java
+++ b/mozen/src/main/java/mozen/business/IModelManager.java
@@ -23,6 +23,7 @@ public interface IModelManager {
void addTag(TagMessage message);
Model getModel(long id);
+ Collection<Model> getModels();
Collection<TagCategory> getTags();
SearchResult findModel(String name, int page, int size, String sort);
diff --git a/mozen/src/main/java/mozen/business/IUserManager.java b/mozen/src/main/java/mozen/business/IUserManager.java
index 66e92bf..58cfdf2 100644
--- a/mozen/src/main/java/mozen/business/IUserManager.java
+++ b/mozen/src/main/java/mozen/business/IUserManager.java
@@ -1,13 +1,16 @@
package mozen.business;
+import java.util.Collection;
+
import mozen.messages.SignupMessage;
import mozen.model.User;
public interface IUserManager {
Long addUser(SignupMessage message);
- void updateUser(User u);
- void removeUser(Long id);
+ void updateUser(User user, User userToUpdate);
+ void removeUser(User user, Long id);
+ Collection<User> getUsers();
User getUser(Long id);
User getUserByUsername(String username);
diff --git a/mozen/src/main/java/mozen/business/ModelManager.java b/mozen/src/main/java/mozen/business/ModelManager.java
index 718f383..dcaeed6 100644
--- a/mozen/src/main/java/mozen/business/ModelManager.java
+++ b/mozen/src/main/java/mozen/business/ModelManager.java
@@ -17,6 +17,7 @@ import mozen.messages.ModelMessage;
import mozen.messages.TagMessage;
import mozen.model.CustomLayer;
import mozen.model.Model;
+import mozen.model.Role;
import mozen.messages.SearchResult;
import mozen.model.Tag;
import mozen.model.TagCategory;
@@ -188,10 +189,12 @@ public class ModelManager implements IModelManager {
}
private boolean isLayerAuthor(CustomLayer layer, User user) {
+ if (user.getRole() == Role.ROLE_ADMIN) return true;
return layer.getModel().getAuthor() == user;
}
private boolean isModelAuthor(Model model, User user) {
+ if (user.getRole() == Role.ROLE_ADMIN) return true;
return model.getAuthor() == user;
}
@@ -218,4 +221,9 @@ public class ModelManager implements IModelManager {
return result;
}
+ @Override
+ public Collection<Model> getModels() {
+ return modelRepo.findAll();
+ }
+
}
\ No newline at end of file
diff --git a/mozen/src/main/java/mozen/business/ModelRepository.java b/mozen/src/main/java/mozen/business/ModelRepository.java
index 18120e0..649ecb3 100644
--- a/mozen/src/main/java/mozen/business/ModelRepository.java
+++ b/mozen/src/main/java/mozen/business/ModelRepository.java
@@ -10,10 +10,11 @@ import mozen.model.Model;
import mozen.model.Tag;
public interface ModelRepository extends PagingAndSortingRepository<Model, Long> {
+ Collection<Model> findAll();
Page<Model> findByNameContainingIgnoreCase(String name, Pageable pageable);
Page<Model> findByNameContainingIgnoreCaseAndTagsIn(String name, Collection<Tag> tags, Pageable pageable);
- // @Query("SELECT m FROM Model m WHERE m.name LIKE :name AND m.tags CONTAINS (SELECT t FROM Tag WHERE t.name IN :tags)") <- horrible et c'est même pas complet
+ // @Query("SELECT m FROM Model m WHERE m.name LIKE :name AND m.tags CONTAINS (SELECT t FROM Tag WHERE t.name IN :tags)") <- enfer absolu
// Page<Model> findByNameContainingIgnoreCaseTags(@Param("name") String name, @Param("tags") Collection<String> tags, Pageable pageable);
}
\ No newline at end of file
diff --git a/mozen/src/main/java/mozen/business/UserManager.java b/mozen/src/main/java/mozen/business/UserManager.java
index d42d17d..6cbfb61 100644
--- a/mozen/src/main/java/mozen/business/UserManager.java
+++ b/mozen/src/main/java/mozen/business/UserManager.java
@@ -1,5 +1,7 @@
package mozen.business;
+import java.util.Collection;
+
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;
@@ -19,25 +21,27 @@ public class UserManager implements IUserManager {
@Override
public Long addUser(SignupMessage message) {
- System.err.println("[USER MANAGER] add new user u:"+message.getUsername()+" e:"+message.getEmail()+" p:"+message.getPassword());
+ System.err.println("[USER MANAGER] add new user u:" + message.getUsername() + " e:" + message.getEmail() + " p:"
+ + message.getPassword());
User u = new User();
u.setEmail(message.getEmail());
u.setUsername(message.getUsername());
u.setPassword(bCryptPasswordEncoder.encode(message.getPassword()));
- u.setRole(Role.Default);
+ u.setRole(Role.ROLE_DEFAULT);
repo.save(u);
return u.getId();
}
@Override
- public void updateUser(User u) {
- repo.save(u);
+ public void updateUser(User user, User userToUpdate) {
+ if(isRightUser(user, userToUpdate)) repo.save(userToUpdate);
}
@Override
- public void removeUser(Long id) {
- repo.deleteById(id);
+ public void removeUser(User user, Long id) {
+ User userToRemove = repo.findById(id).get();
+ if(isRightUser(user, userToRemove)) repo.deleteById(id);
}
@Override
@@ -61,5 +65,15 @@ public class UserManager implements IUserManager {
public User getUserByUsername(String username) {
return repo.findByUsername(username).get(0);
}
+
+ @Override
+ public Collection<User> getUsers() {
+ return repo.findAll();
+ }
+
+ private boolean isRightUser(User userToCheck, User user) {
+ if (userToCheck.getRole() == Role.ROLE_ADMIN) return true;
+ return userToCheck.getId().equals(user.getId());
+ }
}
\ No newline at end of file
diff --git a/mozen/src/main/java/mozen/business/UserRepository.java b/mozen/src/main/java/mozen/business/UserRepository.java
index adb8194..e02411a 100644
--- a/mozen/src/main/java/mozen/business/UserRepository.java
+++ b/mozen/src/main/java/mozen/business/UserRepository.java
@@ -8,4 +8,5 @@ import mozen.model.User;
public interface UserRepository extends PagingAndSortingRepository<User, Long> {
List<User> findByUsername(String username);
+ List<User> findAll();
}
\ No newline at end of file
diff --git a/mozen/src/main/java/mozen/model/Role.java b/mozen/src/main/java/mozen/model/Role.java
index 1db11ea..1be603d 100644
--- a/mozen/src/main/java/mozen/model/Role.java
+++ b/mozen/src/main/java/mozen/model/Role.java
@@ -1,5 +1,5 @@
package mozen.model;
public enum Role {
- Default, Admin
+ ROLE_DEFAULT, ROLE_ADMIN
}
\ No newline at end of file
diff --git a/mozen/src/main/java/mozen/model/User.java b/mozen/src/main/java/mozen/model/User.java
index eb80be6..f5666c6 100644
--- a/mozen/src/main/java/mozen/model/User.java
+++ b/mozen/src/main/java/mozen/model/User.java
@@ -116,14 +116,11 @@ public class User implements Serializable{
this.models = models;
}
- @JsonIgnore
public Role getRole() {
return this.role;
}
public void setRole(Role role) {
this.role = role;
- }
-
-
+ }
}
\ No newline at end of file
diff --git a/mozen/src/main/java/mozen/utils/DatabaseFiller.java b/mozen/src/main/java/mozen/utils/DatabaseFiller.java
index 378c8e6..75e0b15 100644
--- a/mozen/src/main/java/mozen/utils/DatabaseFiller.java
+++ b/mozen/src/main/java/mozen/utils/DatabaseFiller.java
@@ -47,13 +47,19 @@ public class DatabaseFiller {
u1.setEmail("user1@email.com");
u1.setPassword(bCryptPasswordEncoder.encode("1234"));
u1.setUsername("user 1");
- u1.setRole(Role.Default);
+ u1.setRole(Role.ROLE_DEFAULT);
User u2 = new User();
u2.setEmail("user2@email.com");
u2.setPassword(bCryptPasswordEncoder.encode("1234"));
u2.setUsername("user 2");
- u2.setRole(Role.Admin);
+ u2.setRole(Role.ROLE_DEFAULT);
+
+ User admin = new User();
+ admin.setEmail("admin@admin.admin");
+ admin.setPassword(bCryptPasswordEncoder.encode("1234"));
+ admin.setUsername("admin");
+ admin.setRole(Role.ROLE_ADMIN);
Model m1 = new Model();
m1.setAuthor(u1);
@@ -63,27 +69,6 @@ public class DatabaseFiller {
m1.setVotes(0);
m1.setAdded(new Date());
m1.setLastModified(new Date());
-
- /*Set<Tag> m1tags = new HashSet<Tag>();
-
- TagCategory ca1 = new TagCategory();
- ca1.setName("Layer");
-
- Tag t1 = new Tag();
- t1.setCategory(ca1);
- t1.setName("Conv2D");
-
- TagCategory ca2 = new TagCategory();
- ca2.setName("Architecture");
-
- Tag t2 = new Tag();
- t2.setCategory(ca2);
- t2.setName("VGG19");
-
- m1tags.add(t1);
- m1tags.add(t2);
- m1.setTags(m1tags);
- */
m1.setTags(tagLoader("tags.txt"));
Set<CustomLayer> m1layers = new HashSet<CustomLayer>();
@@ -99,6 +84,7 @@ public class DatabaseFiller {
userRepo.save(u1);
userRepo.save(u2);
+ userRepo.save(admin);
modelRepo.save(m1);
}
diff --git a/mozen/src/main/java/mozen/web/AdminController.java b/mozen/src/main/java/mozen/web/AdminController.java
deleted file mode 100644
index 8136b1c..0000000
--- a/mozen/src/main/java/mozen/web/AdminController.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package mozen.web;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.CrossOrigin;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
-
-import mozen.business.IModelManager;
-import mozen.business.IUserManager;
-
-@RestController
-@RequestMapping("/admin")
-@CrossOrigin
-public class AdminController {
- @Autowired
- IModelManager modelManager;
-
- @Autowired
- IUserManager userManager;
-}
\ No newline at end of file
diff --git a/mozen/src/main/java/mozen/web/ModelController.java b/mozen/src/main/java/mozen/web/ModelController.java
index 9746876..8a19b40 100644
--- a/mozen/src/main/java/mozen/web/ModelController.java
+++ b/mozen/src/main/java/mozen/web/ModelController.java
@@ -45,7 +45,7 @@ public class ModelController {
@GetMapping("")
public ResponseEntity<?> getModelDetails(@RequestParam(value = "id", required = false) Long id) {
- User user = getUser();
+ User user = getCurrentUser();
if(user != null) {
return ResponseEntity.ok().body(user.getModels());
} else {
@@ -57,7 +57,7 @@ public class ModelController {
@PostMapping("")
public ResponseEntity<ResponseMessage> addModel(@RequestBody @Valid ModelMessage message) {
ResponseMessage response = new ResponseMessage(false, "");
- User user = getUser();
+ User user = getCurrentUser();
if(user == null) {
response.setError(true);
response.setMessage("User unknown");
@@ -78,7 +78,7 @@ public class ModelController {
@PutMapping("")
public ResponseEntity<ResponseMessage> updateModel(@RequestParam(value = "id", required = true) Long id, @RequestBody @Valid Model model) {
ResponseMessage response = new ResponseMessage(false, "");
- User user = getUser();
+ User user = getCurrentUser();
if(user == null) {
response.setError(true);
response.setMessage("User unknown");
@@ -98,7 +98,7 @@ public class ModelController {
@DeleteMapping("")
public ResponseEntity<ResponseMessage> deleteModel(@RequestParam(value = "id", required = true) Long id) {
ResponseMessage response = new ResponseMessage(false, "");
- User user = getUser();
+ User user = getCurrentUser();
if(user == null) {
response.setError(true);
response.setMessage("User unknown");
@@ -115,6 +115,11 @@ public class ModelController {
return ResponseEntity.ok(response);
}
+ @GetMapping("/list")
+ public Collection<Model> getAllModels() {
+ return modelManager.getModels();
+ }
+
@GetMapping("/tags")
public Collection<TagCategory> getTags() {
return modelManager.getTags();
@@ -129,7 +134,7 @@ public class ModelController {
@PostMapping("/upload")
public ResponseEntity<ResponseMessage> uploadModelFile(@RequestParam("file") MultipartFile file, @RequestParam(value = "id", required = true) Long id) {
ResponseMessage response = new ResponseMessage(false, "");
- User user = getUser();
+ User user = getCurrentUser();
if(user == null) {
response.setError(true);
response.setMessage("User unknown");
@@ -171,7 +176,7 @@ public class ModelController {
@RequestParam(value = "id", required = true) Long id,
@RequestParam(value = "name", required = true) String name) {
ResponseMessage response = new ResponseMessage(false, "");
- User user = getUser();
+ User user = getCurrentUser();
if(user == null) {
response.setError(true);
response.setMessage("User unknown");
@@ -189,7 +194,7 @@ public class ModelController {
return ResponseEntity.ok(response);
}
- private User getUser() {
+ private User getCurrentUser() {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (!(auth instanceof AnonymousAuthenticationToken)) {
diff --git a/mozen/src/main/java/mozen/web/UserController.java b/mozen/src/main/java/mozen/web/UserController.java
index 227b848..fe4de26 100644
--- a/mozen/src/main/java/mozen/web/UserController.java
+++ b/mozen/src/main/java/mozen/web/UserController.java
@@ -1,16 +1,22 @@
package mozen.web;
+import java.util.Collection;
+
import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import mozen.business.IUserManager;
@@ -32,6 +38,50 @@ public class UserController {
return manager.getUserByUsername(username);
}
+ @GetMapping("/list")
+ public Collection<User> getUserList() {
+ return manager.getUsers();
+ }
+
+ @PostMapping("")
+ public ResponseEntity<ResponseMessage> changeUserDetails(@RequestParam User userToUpdate) {
+ ResponseMessage response = new ResponseMessage(false, "");
+ User user = getCurrentUser();
+ if(user == null) {
+ response.setError(true);
+ response.setMessage("User unknown");
+ return ResponseEntity.ok(response);
+ }
+
+ try {
+ manager.updateUser(user ,userToUpdate);
+ } catch (Exception e) {
+ response.setError(true);
+ response.setMessage(e.getMessage());
+ }
+
+ return ResponseEntity.ok().build();
+ }
+
+ @DeleteMapping("")
+ public ResponseEntity<ResponseMessage> deleteUser(@RequestParam Long id) {
+ ResponseMessage response = new ResponseMessage(false, "");
+ User user = getCurrentUser();
+ if(user == null) {
+ response.setError(true);
+ response.setMessage("User unknown");
+ return ResponseEntity.ok(response);
+ }
+
+ try {
+ manager.removeUser(user, id);
+ } catch (Exception e) {
+ response.setError(true);
+ response.setMessage(e.getMessage());
+ }
+ return ResponseEntity.ok().build();
+ }
+
@PostMapping("/signup")
public ResponseEntity<ResponseMessage> addUser(@RequestBody @Valid SignupMessage message, BindingResult result) {
System.err.println("SIGNUP u:"+message.getUsername()+" e:"+message.getEmail()+" p:"+message.getPassword());
@@ -48,4 +98,15 @@ public class UserController {
return ResponseEntity.ok(response);
}
+ private User getCurrentUser() {
+ Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+
+ if (!(auth instanceof AnonymousAuthenticationToken)) {
+ String username = (String) auth.getPrincipal();
+ return manager.getUserByUsername(username);
+ } else {
+ return null;
+ }
+ }
+
}
\ No newline at end of file
--
GitLab