Thibaut/ffsaf-site
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity

feat: allow admin and club admin to get comp result

Browse Source
This commit is contained in:
Thibaut Valentin 2026-01-05 14:20:22 +01:00
parent a871b52006
commit 0757ae7198
3 changed files with 73 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
src/main/java/fr/titionfire/ffsaf/domain/service/ResultService.java
View File

@ -93,12 +93,21 @@ public class ResultService {
public Uni<List<Object[]>> getList(SecurityCtx securityCtx) { public Uni<List<Object[]>> getList(SecurityCtx securityCtx) {
return membreService.getByAccountId(securityCtx.getSubject()) return membreService.getByAccountId(securityCtx.getSubject())
.chain(m -> registerRepository.list("membre = ?1", m)) .chain(m -> registerRepository.list(
"membre = ?1 OR (TRUE = ?2 AND membre.club = ?3)",
m, securityCtx.isClubAdmin(), m.getClub()))
.onItem().transformToMulti(Multi.createFrom()::iterable) .onItem().transformToMulti(Multi.createFrom()::iterable)
.onItem().call(r -> Mutiny.fetch(r.getCompetition())) .onItem().call(r -> Mutiny.fetch(r.getCompetition()))
.onItem().transform(r -> new Object[]{r.getCompetition().getUuid(), r.getCompetition().getName(), .onItem().transform(RegisterModel::getCompetition)
r.getCompetition().getDate()}) .collect().asList()
.collect().asList(); .chain(l -> compRepository.list("owner = ?1 OR ?1 IN admin", securityCtx.getSubject())
.map(l2 -> Stream.concat(l.stream(), l2.stream()).distinct()
.map(c -> new Object[]{c.getUuid(), c.getName(), c.getDate()}).toList())
);
}
public Uni<HashMap<String, Long>> getCategoryList(String uuid, SecurityCtx securityCtx) {
return hasAccess(uuid, securityCtx).chain(__ -> getCategoryList(uuid));
} }
public Uni<HashMap<String, Long>> getCategoryList(String uuid) { public Uni<HashMap<String, Long>> getCategoryList(String uuid) {
@ -113,11 +122,11 @@ public class ResultService {
} }
public Uni<ResultCategoryData> getCategory(String uuid, long poule, SecurityCtx securityCtx) { public Uni<ResultCategoryData> getCategory(String uuid, long poule, SecurityCtx securityCtx) {
return hasAccess(uuid, securityCtx).chain(r -> return hasAccess(uuid, securityCtx).chain(membreModel ->
matchRepository.list("category.compet.uuid = ?1 AND category.id = ?2", uuid, poule) matchRepository.list("category.compet.uuid = ?1 AND category.id = ?2", uuid, poule)
.call(list -> list.isEmpty() ? Uni.createFrom().voidItem() : .call(list -> list.isEmpty() ? Uni.createFrom().voidItem() :
Mutiny.fetch(list.get(0).getCategory().getTree())) Mutiny.fetch(list.get(0).getCategory().getTree()))
.map(list -> getData(list, r.getMembre()))); .map(list -> getData(list, membreModel)));
} }
public Uni<ResultCategoryData> getCategory(String uuid, long poule) { public Uni<ResultCategoryData> getCategory(String uuid, long poule) {
@ -242,7 +251,7 @@ public class ResultService {
public Uni<CombsArrayData> getAllCombArray(String uuid, SecurityCtx securityCtx) { public Uni<CombsArrayData> getAllCombArray(String uuid, SecurityCtx securityCtx) {
return hasAccess(uuid, securityCtx) return hasAccess(uuid, securityCtx)
.chain(r -> getAllCombArray_(uuid, r.getMembre())); .chain(membreModel -> getAllCombArray_(uuid, membreModel));
} }
public Uni<CombsArrayData> getAllCombArrayPublic(String uuid) { public Uni<CombsArrayData> getAllCombArrayPublic(String uuid) {
@ -315,7 +324,16 @@ public class ResultService {
}); });
} }
public Uni<HashMap<String, String>> getCombList(String uuid, ResultPrivacy privacy) { public Uni<HashMap<String, String>> getCombList(String uuid, SecurityCtx securityCtx) {
return hasAccess(uuid, securityCtx)
.chain(membreModel -> getCombList(uuid, ResultPrivacy.REGISTERED_ONLY));
}
public Uni<HashMap<String, String>> getCombList(String uuid) {
return getCombList(uuid, ResultPrivacy.PUBLIC);
}
private Uni<HashMap<String, String>> getCombList(String uuid, ResultPrivacy privacy) {
return registerRepository.list("competition.uuid = ?1 AND membre.resultPrivacy <= ?2", uuid, privacy) return registerRepository.list("competition.uuid = ?1 AND membre.resultPrivacy <= ?2", uuid, privacy)
.map(models -> { .map(models -> {
HashMap<String, String> map = new HashMap<>(); HashMap<String, String> map = new HashMap<>();
@ -332,7 +350,16 @@ public class ResultService {
); );
} }
public Uni<?> getCombArrayPublic(String uuid, String combTempId, ResultPrivacy privacy) { public Uni<?> getCombArrayPublic(String uuid, String combTempId, SecurityCtx securityCtx) {
return hasAccess(uuid, securityCtx)
.chain(membreModel -> getCombArrayPublic(uuid, combTempId, ResultPrivacy.REGISTERED_ONLY));
}
public Uni<?> getCombArrayPublic(String uuid, String combTempId) {
return getCombArrayPublic(uuid, combTempId, ResultPrivacy.PUBLIC);
}
private Uni<?> getCombArrayPublic(String uuid, String combTempId, ResultPrivacy privacy) {
CombArrayData.CombArrayDataBuilder builder = CombArrayData.builder(); CombArrayData.CombArrayDataBuilder builder = CombArrayData.builder();
Long id = getCombTempId(combTempId); Long id = getCombTempId(combTempId);
@ -471,6 +498,10 @@ public class ResultService {
} }
} }
public Uni<HashMap<String, Long>> getClubList(String uuid, SecurityCtx securityCtx) {
return hasAccess(uuid, securityCtx).chain(__ -> getClubList(uuid));
}
public Uni<HashMap<String, Long>> getClubList(String uuid) { public Uni<HashMap<String, Long>> getClubList(String uuid) {
return registerRepository.list("competition.uuid = ?1", uuid) return registerRepository.list("competition.uuid = ?1", uuid)
.map(registers -> { .map(registers -> {
@ -491,7 +522,7 @@ public class ResultService {
} }
public Uni<ClubArrayData> getClubArray(String uuid, Long id, SecurityCtx securityCtx) { public Uni<ClubArrayData> getClubArray(String uuid, Long id, SecurityCtx securityCtx) {
return hasAccess(uuid, securityCtx).chain(cm_register -> getClubArray2(uuid, id, cm_register.getMembre())); return hasAccess(uuid, securityCtx).chain(membreModel -> getClubArray2(uuid, id, membreModel));
} }
public Uni<ClubArrayData> getClubArray2(String uuid, Long id, MembreModel membreModel) { public Uni<ClubArrayData> getClubArray2(String uuid, Long id, MembreModel membreModel) {
@ -620,21 +651,35 @@ public class ResultService {
} }
} }
private Uni<RegisterModel> hasAccess(String uuid, SecurityCtx securityCtx) { private Uni<MembreModel> hasAccess(String uuid, SecurityCtx securityCtx) {
return registerRepository.find("membre.userId = ?1 AND competition.uuid = ?2", securityCtx.getSubject(), uuid) return registerRepository.find("membre.userId = ?1 AND competition.uuid = ?2", securityCtx.getSubject(), uuid)
.firstResult() .firstResult()
.invoke(Unchecked.consumer(o -> { .chain(Unchecked.function(o -> {
if (o == null) if (o != null)
throw new DForbiddenException("Access denied"); return Uni.createFrom().item(o.getMembre());
}));
}
private Uni<RegisterModel> hasAccess(Long compId, SecurityCtx securityCtx) { return membreService.getByAccountId(securityCtx.getSubject()).chain(m -> {
return registerRepository.find("membre.userId = ?1 AND competition.id = ?2", securityCtx.getSubject(), compId) if (securityCtx.isClubAdmin()) {
.firstResult() return registerRepository.count("membre.club = ?2 AND competition.uuid = ?1",
.invoke(Unchecked.consumer(o -> { uuid, m.getClub()).chain(c -> {
if (o == null) if (c > 0) return Uni.createFrom().item(m);
throw new DForbiddenException("Access denied");
return compRepository.count("uuid = ?1 AND (owner = ?2 OR ?2 IN admin)",
uuid, securityCtx.getSubject())
.chain(c2 -> {
if (c2 > 0) return Uni.createFrom().item(m);
return Uni.createFrom().failure(new DForbiddenException("Access denied"));
});
});
} else {
return compRepository.count("uuid = ?1 AND (owner = ?2 OR ?2 IN admin)", uuid,
securityCtx.getSubject())
.chain(c2 -> {
if (c2 > 0) return Uni.createFrom().item(m);
return Uni.createFrom().failure(new DForbiddenException("Access denied"));
});
}
});
})); }));
} }
} }

5
src/main/java/fr/titionfire/ffsaf/rest/ExternalResultEndpoints.java
View File

@ -2,7 +2,6 @@ package fr.titionfire.ffsaf.rest;
import fr.titionfire.ffsaf.domain.service.ResultService; import fr.titionfire.ffsaf.domain.service.ResultService;
import fr.titionfire.ffsaf.domain.service.UpdateService; import fr.titionfire.ffsaf.domain.service.UpdateService;
import fr.titionfire.ffsaf.utils.ResultPrivacy;
import io.smallrye.mutiny.Uni; import io.smallrye.mutiny.Uni;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import jakarta.ws.rs.*; import jakarta.ws.rs.*;
@ -47,7 +46,7 @@ public class ExternalResultEndpoints {
@Path("/comb/list") @Path("/comb/list")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
public Uni<HashMap<String, String>> combList() { public Uni<HashMap<String, String>> combList() {
return resultService.getCombList(id, ResultPrivacy.PUBLIC); return resultService.getCombList(id);
} }
@GET @GET
@ -56,7 +55,7 @@ public class ExternalResultEndpoints {
public Uni<?> getArray(@QueryParam("comb") String comb) { public Uni<?> getArray(@QueryParam("comb") String comb) {
if (comb.equals("0")) if (comb.equals("0"))
return Uni.createFrom().item(""); return Uni.createFrom().item("");
return resultService.getCombArrayPublic(id, comb, ResultPrivacy.PUBLIC); return resultService.getCombArrayPublic(id, comb);
} }
@GET @GET

9
src/main/java/fr/titionfire/ffsaf/rest/ResultEndpoints.java
View File

@ -2,7 +2,6 @@ package fr.titionfire.ffsaf.rest;
import fr.titionfire.ffsaf.domain.service.ResultService; import fr.titionfire.ffsaf.domain.service.ResultService;
import fr.titionfire.ffsaf.rest.data.ResultCategoryData; import fr.titionfire.ffsaf.rest.data.ResultCategoryData;
import fr.titionfire.ffsaf.utils.ResultPrivacy;
import fr.titionfire.ffsaf.utils.SecurityCtx; import fr.titionfire.ffsaf.utils.SecurityCtx;
import io.quarkus.security.Authenticated; import io.quarkus.security.Authenticated;
import io.smallrye.mutiny.Uni; import io.smallrye.mutiny.Uni;
@ -33,7 +32,7 @@ public class ResultEndpoints {
@GET @GET
@Path("{uuid}/category/list") @Path("{uuid}/category/list")
public Uni<HashMap<String, Long>> getCategoryList(@PathParam("uuid") String uuid) { public Uni<HashMap<String, Long>> getCategoryList(@PathParam("uuid") String uuid) {
return resultService.getCategoryList(uuid); return resultService.getCategoryList(uuid, securityCtx);
} }
@GET @GET
@ -45,7 +44,7 @@ public class ResultEndpoints {
@GET @GET
@Path("{uuid}/club/list") @Path("{uuid}/club/list")
public Uni<HashMap<String, Long>> getClubList(@PathParam("uuid") String uuid) { public Uni<HashMap<String, Long>> getClubList(@PathParam("uuid") String uuid) {
return resultService.getClubList(uuid); return resultService.getClubList(uuid, securityCtx);
} }
@GET @GET
@ -57,13 +56,13 @@ public class ResultEndpoints {
@GET @GET
@Path("{uuid}/comb/list") @Path("{uuid}/comb/list")
public Uni<HashMap<String, String>> getCombList(@PathParam("uuid") String uuid) { public Uni<HashMap<String, String>> getCombList(@PathParam("uuid") String uuid) {
return resultService.getCombList(uuid, ResultPrivacy.REGISTERED_ONLY); return resultService.getCombList(uuid, securityCtx);
} }
@GET @GET
@Path("{uuid}/comb/{id}") @Path("{uuid}/comb/{id}")
public Uni<?> getCombList(@PathParam("uuid") String uuid, @PathParam("id") String id) { public Uni<?> getCombList(@PathParam("uuid") String uuid, @PathParam("id") String id) {
return resultService.getCombArrayPublic(uuid, id, ResultPrivacy.REGISTERED_ONLY); return resultService.getCombArrayPublic(uuid, id, securityCtx);
} }
@GET @GET