feat: add SecurityContext class
This commit is contained in:
parent
7f80c876d3
commit
bd386d1b0a
@ -30,7 +30,6 @@ import io.smallrye.mutiny.unchecked.Unchecked;
|
|||||||
import jakarta.enterprise.context.ApplicationScoped;
|
import jakarta.enterprise.context.ApplicationScoped;
|
||||||
import jakarta.inject.Inject;
|
import jakarta.inject.Inject;
|
||||||
import org.eclipse.microprofile.config.inject.ConfigProperty;
|
import org.eclipse.microprofile.config.inject.ConfigProperty;
|
||||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
|
||||||
import org.hibernate.reactive.mutiny.Mutiny;
|
import org.hibernate.reactive.mutiny.Mutiny;
|
||||||
|
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
@ -121,8 +120,8 @@ public class ClubService {
|
|||||||
return repository.find("clubId", clubId).firstResult();
|
return repository.find("clubId", clubId).firstResult();
|
||||||
}
|
}
|
||||||
|
|
||||||
public Uni<ClubModel> getOfUser(JsonWebToken idToken) {
|
public Uni<ClubModel> getOfUser(SecurityCtx securityCtx) {
|
||||||
return combRepository.find("userId = ?1", idToken.getSubject()).firstResult().invoke(Unchecked.consumer(m -> {
|
return combRepository.find("userId = ?1", securityCtx.getSubject()).firstResult().invoke(Unchecked.consumer(m -> {
|
||||||
if (m == null || m.getClub() == null)
|
if (m == null || m.getClub() == null)
|
||||||
throw new DNotFoundException("Club non trouvé");
|
throw new DNotFoundException("Club non trouvé");
|
||||||
}))
|
}))
|
||||||
@ -140,14 +139,14 @@ public class ClubService {
|
|||||||
.toList());
|
.toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
public Uni<String> updateOfUser(JsonWebToken idToken, PartClubForm form) {
|
public Uni<String> updateOfUser(SecurityCtx securityCtx, PartClubForm form) {
|
||||||
TypeReference<HashMap<Contact, String>> typeRef = new TypeReference<>() {
|
TypeReference<HashMap<Contact, String>> typeRef = new TypeReference<>() {
|
||||||
};
|
};
|
||||||
|
|
||||||
return combRepository.find("userId = ?1", idToken.getSubject()).firstResult().invoke(Unchecked.consumer(m -> {
|
return combRepository.find("userId = ?1", securityCtx.getSubject()).firstResult().invoke(Unchecked.consumer(m -> {
|
||||||
if (m == null || m.getClub() == null)
|
if (m == null || m.getClub() == null)
|
||||||
throw new DNotFoundException("Club non trouvé");
|
throw new DNotFoundException("Club non trouvé");
|
||||||
if (!GroupeUtils.isInClubGroup(m.getClub().getId(), idToken))
|
if (!securityCtx.isInClubGroup(m.getClub().getId()))
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
}))
|
}))
|
||||||
.map(MembreModel::getClub)
|
.map(MembreModel::getClub)
|
||||||
|
|||||||
@ -7,15 +7,13 @@ import fr.titionfire.ffsaf.net2.data.SimpleCompet;
|
|||||||
import fr.titionfire.ffsaf.net2.request.SReqCompet;
|
import fr.titionfire.ffsaf.net2.request.SReqCompet;
|
||||||
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
||||||
import fr.titionfire.ffsaf.utils.CompetitionSystem;
|
import fr.titionfire.ffsaf.utils.CompetitionSystem;
|
||||||
import fr.titionfire.ffsaf.utils.GroupeUtils;
|
import fr.titionfire.ffsaf.utils.SecurityCtx;
|
||||||
import io.quarkus.cache.Cache;
|
import io.quarkus.cache.Cache;
|
||||||
import io.quarkus.cache.CacheName;
|
import io.quarkus.cache.CacheName;
|
||||||
import io.quarkus.security.identity.SecurityIdentity;
|
|
||||||
import io.smallrye.mutiny.Uni;
|
import io.smallrye.mutiny.Uni;
|
||||||
import io.smallrye.mutiny.unchecked.Unchecked;
|
import io.smallrye.mutiny.unchecked.Unchecked;
|
||||||
import jakarta.enterprise.context.ApplicationScoped;
|
import jakarta.enterprise.context.ApplicationScoped;
|
||||||
import jakarta.inject.Inject;
|
import jakarta.inject.Inject;
|
||||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
|
||||||
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
@ -54,7 +52,7 @@ public class CompetPermService {
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
public Uni<HashMap<Long, String>> getAllHaveAccess (String subject) {
|
public Uni<HashMap<Long, String>> getAllHaveAccess(String subject) {
|
||||||
return cacheAccess.get(subject, k -> {
|
return cacheAccess.get(subject, k -> {
|
||||||
CompletableFuture<HashMap<Long, String>> f = new CompletableFuture<>();
|
CompletableFuture<HashMap<Long, String>> f = new CompletableFuture<>();
|
||||||
SReqCompet.getAllHaveAccess(serverCustom.clients, subject, f);
|
SReqCompet.getAllHaveAccess(serverCustom.clients, subject, f);
|
||||||
@ -67,52 +65,52 @@ public class CompetPermService {
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
public Uni<CompetitionModel> hasViewPerm(JsonWebToken idToken, SecurityIdentity sid, long id) {
|
public Uni<CompetitionModel> hasViewPerm(SecurityCtx securityCtx, long id) {
|
||||||
return competitionRepository.findById(id).call(o -> (
|
return competitionRepository.findById(id).call(o -> (
|
||||||
idToken.getSubject().equals(o.getOwner()) || sid.getRoles().contains("federation_admin")) ?
|
securityCtx.getSubject().equals(o.getOwner()) || securityCtx.roleHas("federation_admin")) ?
|
||||||
Uni.createFrom().nullItem()
|
Uni.createFrom().nullItem()
|
||||||
:
|
:
|
||||||
o.getSystem() == CompetitionSystem.SAFCA ?
|
o.getSystem() == CompetitionSystem.SAFCA ?
|
||||||
hasSafcaViewPerm(idToken, sid, id)
|
hasSafcaViewPerm(securityCtx, id)
|
||||||
: Uni.createFrom().nullItem().invoke(Unchecked.consumer(__ -> {
|
: Uni.createFrom().nullItem().invoke(Unchecked.consumer(__ -> {
|
||||||
if (!GroupeUtils.isInClubGroup(o.getClub().getId(), idToken))
|
if (!securityCtx.isInClubGroup(o.getClub().getId()))
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
})
|
})
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
public Uni<CompetitionModel> hasEditPerm(JsonWebToken idToken, SecurityIdentity sid, long id) {
|
public Uni<CompetitionModel> hasEditPerm(SecurityCtx securityCtx, long id) {
|
||||||
return competitionRepository.findById(id).call(o -> (
|
return competitionRepository.findById(id).call(o -> (
|
||||||
idToken.getSubject().equals(o.getOwner()) || sid.getRoles().contains("federation_admin")) ?
|
securityCtx.getSubject().equals(o.getOwner()) || securityCtx.roleHas("federation_admin")) ?
|
||||||
Uni.createFrom().nullItem()
|
Uni.createFrom().nullItem()
|
||||||
:
|
:
|
||||||
o.getSystem() == CompetitionSystem.SAFCA ?
|
o.getSystem() == CompetitionSystem.SAFCA ?
|
||||||
hasSafcaEditPerm(idToken, sid, id)
|
hasSafcaEditPerm(securityCtx, id)
|
||||||
: Uni.createFrom().nullItem().invoke(Unchecked.consumer(__ -> {
|
: Uni.createFrom().nullItem().invoke(Unchecked.consumer(__ -> {
|
||||||
if (!GroupeUtils.isInClubGroup(o.getClub().getId(), idToken))
|
if (!securityCtx.isInClubGroup(o.getClub().getId()))
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
})
|
})
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
private Uni<?> hasSafcaViewPerm(JsonWebToken idToken, SecurityIdentity sid, long id) {
|
private Uni<?> hasSafcaViewPerm(SecurityCtx securityCtx, long id) {
|
||||||
return sid.getRoles().contains("safca_super_admin") ?
|
return securityCtx.roleHas("safca_super_admin") ?
|
||||||
Uni.createFrom().nullItem()
|
Uni.createFrom().nullItem()
|
||||||
:
|
:
|
||||||
getSafcaConfig(id).chain(Unchecked.function(o -> {
|
getSafcaConfig(id).chain(Unchecked.function(o -> {
|
||||||
if (!o.admin().contains(UUID.fromString(idToken.getSubject())) && !o.table()
|
if (!o.admin().contains(UUID.fromString(securityCtx.getSubject())) && !o.table()
|
||||||
.contains(UUID.fromString(idToken.getSubject())))
|
.contains(UUID.fromString(securityCtx.getSubject())))
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
return Uni.createFrom().nullItem();
|
return Uni.createFrom().nullItem();
|
||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
|
|
||||||
private Uni<?> hasSafcaEditPerm(JsonWebToken idToken, SecurityIdentity sid, long id) {
|
private Uni<?> hasSafcaEditPerm(SecurityCtx securityCtx, long id) {
|
||||||
return sid.getRoles().contains("safca_super_admin") ?
|
return securityCtx.roleHas("safca_super_admin") ?
|
||||||
Uni.createFrom().nullItem()
|
Uni.createFrom().nullItem()
|
||||||
:
|
:
|
||||||
getSafcaConfig(id).chain(Unchecked.function(o -> {
|
getSafcaConfig(id).chain(Unchecked.function(o -> {
|
||||||
if (!o.admin().contains(UUID.fromString(idToken.getSubject())))
|
if (!o.admin().contains(UUID.fromString(securityCtx.getSubject())))
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
return Uni.createFrom().nullItem();
|
return Uni.createFrom().nullItem();
|
||||||
}));
|
}));
|
||||||
|
|||||||
@ -13,16 +13,14 @@ import fr.titionfire.ffsaf.rest.data.SimpleCompetData;
|
|||||||
import fr.titionfire.ffsaf.rest.exception.DBadRequestException;
|
import fr.titionfire.ffsaf.rest.exception.DBadRequestException;
|
||||||
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
||||||
import fr.titionfire.ffsaf.utils.CompetitionSystem;
|
import fr.titionfire.ffsaf.utils.CompetitionSystem;
|
||||||
import fr.titionfire.ffsaf.utils.GroupeUtils;
|
import fr.titionfire.ffsaf.utils.SecurityCtx;
|
||||||
import io.quarkus.hibernate.reactive.panache.Panache;
|
import io.quarkus.hibernate.reactive.panache.Panache;
|
||||||
import io.quarkus.hibernate.reactive.panache.common.WithSession;
|
import io.quarkus.hibernate.reactive.panache.common.WithSession;
|
||||||
import io.quarkus.security.identity.SecurityIdentity;
|
|
||||||
import io.smallrye.mutiny.Uni;
|
import io.smallrye.mutiny.Uni;
|
||||||
import io.smallrye.mutiny.unchecked.Unchecked;
|
import io.smallrye.mutiny.unchecked.Unchecked;
|
||||||
import io.vertx.mutiny.core.Vertx;
|
import io.vertx.mutiny.core.Vertx;
|
||||||
import jakarta.enterprise.context.ApplicationScoped;
|
import jakarta.enterprise.context.ApplicationScoped;
|
||||||
import jakarta.inject.Inject;
|
import jakarta.inject.Inject;
|
||||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
import org.keycloak.representations.idm.UserRepresentation;
|
||||||
|
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
@ -53,13 +51,13 @@ public class CompetitionService {
|
|||||||
@Inject
|
@Inject
|
||||||
Vertx vertx;
|
Vertx vertx;
|
||||||
|
|
||||||
public Uni<CompetitionData> getById(JsonWebToken idToken, SecurityIdentity sid, Long id) {
|
public Uni<CompetitionData> getById(SecurityCtx securityCtx, Long id) {
|
||||||
if (id == 0) {
|
if (id == 0) {
|
||||||
return Uni.createFrom()
|
return Uni.createFrom()
|
||||||
.item(new CompetitionData(null, "", "", new Date(), CompetitionSystem.SAFCA,
|
.item(new CompetitionData(null, "", "", new Date(), CompetitionSystem.SAFCA,
|
||||||
null, "", ""));
|
null, "", ""));
|
||||||
}
|
}
|
||||||
return permService.hasViewPerm(idToken, sid, id)
|
return permService.hasViewPerm(securityCtx, id)
|
||||||
.map(CompetitionData::fromModel)
|
.map(CompetitionData::fromModel)
|
||||||
.chain(data ->
|
.chain(data ->
|
||||||
vertx.getOrCreateContext().executeBlocking(() -> {
|
vertx.getOrCreateContext().executeBlocking(() -> {
|
||||||
@ -70,40 +68,40 @@ public class CompetitionService {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
public Uni<List<CompetitionData>> getAll(JsonWebToken idToken, SecurityIdentity securityIdentity) {
|
public Uni<List<CompetitionData>> getAll(SecurityCtx securityCtx) {
|
||||||
return repository.listAll()
|
return repository.listAll()
|
||||||
.chain(o ->
|
.chain(o ->
|
||||||
permService.getAllHaveAccess(idToken.getSubject())
|
permService.getAllHaveAccess(securityCtx.getSubject())
|
||||||
.chain(map -> Uni.createFrom().item(o.stream()
|
.chain(map -> Uni.createFrom().item(o.stream()
|
||||||
.filter(p -> {
|
.filter(p -> {
|
||||||
if (idToken.getSubject().equals(p.getOwner()))
|
if (securityCtx.getSubject().equals(p.getOwner()))
|
||||||
return true;
|
return true;
|
||||||
if (p.getSystem() == CompetitionSystem.SAFCA) {
|
if (p.getSystem() == CompetitionSystem.SAFCA) {
|
||||||
if (map.containsKey(p.getId()))
|
if (map.containsKey(p.getId()))
|
||||||
return map.get(p.getId()).equals("admin");
|
return map.get(p.getId()).equals("admin");
|
||||||
return securityIdentity.getRoles().contains("federation_admin")
|
return securityCtx.roleHas("federation_admin")
|
||||||
|| securityIdentity.getRoles().contains("safca_super_admin");
|
|| securityCtx.roleHas("safca_super_admin");
|
||||||
}
|
}
|
||||||
return securityIdentity.getRoles().contains("federation_admin");
|
return securityCtx.roleHas("federation_admin");
|
||||||
})
|
})
|
||||||
.map(CompetitionData::fromModel).toList())
|
.map(CompetitionData::fromModel).toList())
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
public Uni<List<CompetitionData>> getAllSystem(JsonWebToken idToken, SecurityIdentity securityIdentity,
|
public Uni<List<CompetitionData>> getAllSystem(SecurityCtx securityCtx,
|
||||||
CompetitionSystem system) {
|
CompetitionSystem system) {
|
||||||
if (system == CompetitionSystem.SAFCA) {
|
if (system == CompetitionSystem.SAFCA) {
|
||||||
return permService.getAllHaveAccess(idToken.getSubject())
|
return permService.getAllHaveAccess(securityCtx.getSubject())
|
||||||
.chain(map ->
|
.chain(map ->
|
||||||
repository.list("system = ?1", system)
|
repository.list("system = ?1", system)
|
||||||
.map(data -> data.stream()
|
.map(data -> data.stream()
|
||||||
.filter(p -> {
|
.filter(p -> {
|
||||||
if (idToken.getSubject().equals(p.getOwner()))
|
if (securityCtx.getSubject().equals(p.getOwner()))
|
||||||
return true;
|
return true;
|
||||||
if (map.containsKey(p.getId()))
|
if (map.containsKey(p.getId()))
|
||||||
return map.get(p.getId()).equals("admin");
|
return map.get(p.getId()).equals("admin");
|
||||||
return securityIdentity.getRoles().contains("federation_admin")
|
return securityCtx.roleHas("federation_admin")
|
||||||
|| securityIdentity.getRoles().contains("safca_super_admin");
|
|| securityCtx.roleHas("safca_super_admin");
|
||||||
})
|
})
|
||||||
.map(CompetitionData::fromModel).toList())
|
.map(CompetitionData::fromModel).toList())
|
||||||
);
|
);
|
||||||
@ -112,18 +110,18 @@ public class CompetitionService {
|
|||||||
return repository.list("system = ?1", system)
|
return repository.list("system = ?1", system)
|
||||||
.map(data -> data.stream()
|
.map(data -> data.stream()
|
||||||
.filter(p -> {
|
.filter(p -> {
|
||||||
if (idToken.getSubject().equals(p.getOwner()))
|
if (securityCtx.getSubject().equals(p.getOwner()))
|
||||||
return true;
|
return true;
|
||||||
return securityIdentity.getRoles().contains("federation_admin") ||
|
return securityCtx.roleHas("federation_admin") ||
|
||||||
GroupeUtils.isInClubGroup(p.getClub().getId(), idToken);
|
securityCtx.isInClubGroup(p.getClub().getId());
|
||||||
})
|
})
|
||||||
.map(CompetitionData::fromModel).toList());
|
.map(CompetitionData::fromModel).toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
public Uni<CompetitionData> addOrUpdate(JsonWebToken idToken, SecurityIdentity sid, CompetitionData data) {
|
public Uni<CompetitionData> addOrUpdate(SecurityCtx securityCtx, CompetitionData data) {
|
||||||
if (data.getId() == null) {
|
if (data.getId() == null) {
|
||||||
return new ClubRepository().findById(data.getClub()).invoke(Unchecked.consumer(clubModel -> {
|
return new ClubRepository().findById(data.getClub()).invoke(Unchecked.consumer(clubModel -> {
|
||||||
if (!GroupeUtils.isInClubGroup(clubModel.getId(), idToken))
|
if (!securityCtx.isInClubGroup(clubModel.getId()))
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
})) // TODO check if user can create competition
|
})) // TODO check if user can create competition
|
||||||
.chain(clubModel -> {
|
.chain(clubModel -> {
|
||||||
@ -136,13 +134,13 @@ public class CompetitionService {
|
|||||||
model.setInsc(new ArrayList<>());
|
model.setInsc(new ArrayList<>());
|
||||||
model.setUuid(UUID.randomUUID().toString());
|
model.setUuid(UUID.randomUUID().toString());
|
||||||
model.setName(data.getName());
|
model.setName(data.getName());
|
||||||
model.setOwner(idToken.getSubject());
|
model.setOwner(securityCtx.getSubject());
|
||||||
|
|
||||||
return Panache.withTransaction(() -> repository.persist(model));
|
return Panache.withTransaction(() -> repository.persist(model));
|
||||||
}).map(CompetitionData::fromModel)
|
}).map(CompetitionData::fromModel)
|
||||||
.call(__ -> permService.cacheAccess.invalidate(idToken.getSubject()));
|
.call(__ -> permService.cacheAccess.invalidate(securityCtx.getSubject()));
|
||||||
} else {
|
} else {
|
||||||
return permService.hasEditPerm(idToken, sid, data.getId())
|
return permService.hasEditPerm(securityCtx, data.getId())
|
||||||
.chain(model -> {
|
.chain(model -> {
|
||||||
model.setDate(data.getDate());
|
model.setDate(data.getDate());
|
||||||
model.setName(data.getName());
|
model.setName(data.getName());
|
||||||
@ -153,22 +151,22 @@ public class CompetitionService {
|
|||||||
if (newOwner == null)
|
if (newOwner == null)
|
||||||
throw new DBadRequestException("User " + data.getOwner() + " not found");
|
throw new DBadRequestException("User " + data.getOwner() + " not found");
|
||||||
if (!newOwner.equals(model.getOwner())) {
|
if (!newOwner.equals(model.getOwner())) {
|
||||||
if (!sid.getRoles().contains("federation_admin")
|
if (!securityCtx.roleHas("federation_admin")
|
||||||
&& !sid.getRoles().contains("safca_super_admin")
|
&& !securityCtx.roleHas("safca_super_admin")
|
||||||
&& !idToken.getSubject().equals(model.getOwner()))
|
&& !securityCtx.getSubject().equals(model.getOwner()))
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
model.setOwner(newOwner);
|
model.setOwner(newOwner);
|
||||||
}
|
}
|
||||||
}))
|
}))
|
||||||
.chain(__ -> Panache.withTransaction(() -> repository.persist(model)));
|
.chain(__ -> Panache.withTransaction(() -> repository.persist(model)));
|
||||||
}).map(CompetitionData::fromModel)
|
}).map(CompetitionData::fromModel)
|
||||||
.call(__ -> permService.cacheAccess.invalidate(idToken.getSubject()));
|
.call(__ -> permService.cacheAccess.invalidate(securityCtx.getSubject()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public Uni<?> delete(JsonWebToken idToken, SecurityIdentity sid, Long id) {
|
public Uni<?> delete(SecurityCtx securityCtx, Long id) {
|
||||||
return repository.findById(id).invoke(Unchecked.consumer(c -> {
|
return repository.findById(id).invoke(Unchecked.consumer(c -> {
|
||||||
if (!idToken.getSubject().equals(c.getOwner()) || sid.getRoles().contains("federation_admin"))
|
if (!securityCtx.getSubject().equals(c.getOwner()) || securityCtx.roleHas("federation_admin"))
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
}))
|
}))
|
||||||
.call(competitionModel -> pouleRepository.list("compet = ?1", competitionModel)
|
.call(competitionModel -> pouleRepository.list("compet = ?1", competitionModel)
|
||||||
@ -185,14 +183,14 @@ public class CompetitionService {
|
|||||||
.call(__ -> permService.cache.invalidate(id));
|
.call(__ -> permService.cache.invalidate(id));
|
||||||
}
|
}
|
||||||
|
|
||||||
public Uni<SimpleCompetData> getSafcaData(JsonWebToken idToken, SecurityIdentity sid, Long id) {
|
public Uni<SimpleCompetData> getSafcaData(SecurityCtx securityCtx, Long id) {
|
||||||
return permService.getSafcaConfig(id)
|
return permService.getSafcaConfig(id)
|
||||||
.call(Unchecked.function(o -> {
|
.call(Unchecked.function(o -> {
|
||||||
if (!idToken.getSubject().equals(o.owner())
|
if (!securityCtx.getSubject().equals(o.owner())
|
||||||
&& !sid.getRoles().contains("federation_admin")
|
&& !securityCtx.roleHas("federation_admin")
|
||||||
&& !sid.getRoles().contains("safca_super_admin")
|
&& !securityCtx.roleHas("safca_super_admin")
|
||||||
&& !o.admin().contains(UUID.fromString(idToken.getSubject()))
|
&& !o.admin().contains(UUID.fromString(securityCtx.getSubject()))
|
||||||
&& !o.table().contains(UUID.fromString(idToken.getSubject())))
|
&& !o.table().contains(UUID.fromString(securityCtx.getSubject())))
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
return Uni.createFrom().nullItem();
|
return Uni.createFrom().nullItem();
|
||||||
}))
|
}))
|
||||||
@ -213,8 +211,8 @@ public class CompetitionService {
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
public Uni<?> setSafcaData(JsonWebToken idToken, SecurityIdentity sid, SimpleCompetData data) {
|
public Uni<?> setSafcaData(SecurityCtx securityCtx, SimpleCompetData data) {
|
||||||
return permService.hasEditPerm(idToken, sid, data.getId())
|
return permService.hasEditPerm(securityCtx, data.getId())
|
||||||
.chain(__ -> vertx.getOrCreateContext().executeBlocking(() -> {
|
.chain(__ -> vertx.getOrCreateContext().executeBlocking(() -> {
|
||||||
ArrayList<UUID> admin = new ArrayList<>();
|
ArrayList<UUID> admin = new ArrayList<>();
|
||||||
ArrayList<UUID> table = new ArrayList<>();
|
ArrayList<UUID> table = new ArrayList<>();
|
||||||
|
|||||||
@ -7,6 +7,7 @@ import fr.titionfire.ffsaf.data.repository.LicenceRepository;
|
|||||||
import fr.titionfire.ffsaf.data.repository.SequenceRepository;
|
import fr.titionfire.ffsaf.data.repository.SequenceRepository;
|
||||||
import fr.titionfire.ffsaf.rest.exception.DBadRequestException;
|
import fr.titionfire.ffsaf.rest.exception.DBadRequestException;
|
||||||
import fr.titionfire.ffsaf.rest.from.LicenceForm;
|
import fr.titionfire.ffsaf.rest.from.LicenceForm;
|
||||||
|
import fr.titionfire.ffsaf.utils.SecurityCtx;
|
||||||
import fr.titionfire.ffsaf.utils.SequenceType;
|
import fr.titionfire.ffsaf.utils.SequenceType;
|
||||||
import fr.titionfire.ffsaf.utils.Utils;
|
import fr.titionfire.ffsaf.utils.Utils;
|
||||||
import io.quarkus.hibernate.reactive.panache.Panache;
|
import io.quarkus.hibernate.reactive.panache.Panache;
|
||||||
@ -15,7 +16,6 @@ import io.smallrye.mutiny.Uni;
|
|||||||
import io.smallrye.mutiny.unchecked.Unchecked;
|
import io.smallrye.mutiny.unchecked.Unchecked;
|
||||||
import jakarta.enterprise.context.ApplicationScoped;
|
import jakarta.enterprise.context.ApplicationScoped;
|
||||||
import jakarta.inject.Inject;
|
import jakarta.inject.Inject;
|
||||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
|
||||||
import org.hibernate.reactive.mutiny.Mutiny;
|
import org.hibernate.reactive.mutiny.Mutiny;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
@ -39,11 +39,11 @@ public class LicenceService {
|
|||||||
.chain(combRepository -> Mutiny.fetch(combRepository.getLicences()));
|
.chain(combRepository -> Mutiny.fetch(combRepository.getLicences()));
|
||||||
}
|
}
|
||||||
|
|
||||||
public Uni<List<LicenceModel>> getCurrentSaisonLicence(JsonWebToken idToken) {
|
public Uni<List<LicenceModel>> getCurrentSaisonLicence(SecurityCtx securityCtx) {
|
||||||
if (idToken == null)
|
if (securityCtx.getSubject() == null)
|
||||||
return repository.find("saison = ?1", Utils.getSaison()).list();
|
return repository.find("saison = ?1", Utils.getSaison()).list();
|
||||||
|
|
||||||
return combRepository.find("userId = ?1", idToken.getSubject()).firstResult().map(MembreModel::getClub)
|
return combRepository.find("userId = ?1", securityCtx.getSubject()).firstResult().map(MembreModel::getClub)
|
||||||
.chain(clubModel -> combRepository.find("club = ?1", clubModel).list())
|
.chain(clubModel -> combRepository.find("club = ?1", clubModel).list())
|
||||||
.chain(membres -> repository.find("saison = ?1 AND membre IN ?2", Utils.getSaison(), membres).list());
|
.chain(membres -> repository.find("saison = ?1 AND membre IN ?2", Utils.getSaison(), membres).list());
|
||||||
}
|
}
|
||||||
|
|||||||
@ -21,14 +21,12 @@ import io.quarkus.hibernate.reactive.panache.PanacheQuery;
|
|||||||
import io.quarkus.hibernate.reactive.panache.common.WithSession;
|
import io.quarkus.hibernate.reactive.panache.common.WithSession;
|
||||||
import io.quarkus.panache.common.Page;
|
import io.quarkus.panache.common.Page;
|
||||||
import io.quarkus.panache.common.Sort;
|
import io.quarkus.panache.common.Sort;
|
||||||
import io.quarkus.security.identity.SecurityIdentity;
|
|
||||||
import io.quarkus.vertx.VertxContextSupport;
|
import io.quarkus.vertx.VertxContextSupport;
|
||||||
import io.smallrye.mutiny.Uni;
|
import io.smallrye.mutiny.Uni;
|
||||||
import io.smallrye.mutiny.unchecked.Unchecked;
|
import io.smallrye.mutiny.unchecked.Unchecked;
|
||||||
import jakarta.enterprise.context.ApplicationScoped;
|
import jakarta.enterprise.context.ApplicationScoped;
|
||||||
import jakarta.inject.Inject;
|
import jakarta.inject.Inject;
|
||||||
import org.eclipse.microprofile.config.inject.ConfigProperty;
|
import org.eclipse.microprofile.config.inject.ConfigProperty;
|
||||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
|
||||||
import org.hibernate.reactive.mutiny.Mutiny;
|
import org.hibernate.reactive.mutiny.Mutiny;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
@ -151,17 +149,17 @@ public class MembreService {
|
|||||||
.map(__ -> "OK");
|
.map(__ -> "OK");
|
||||||
}
|
}
|
||||||
|
|
||||||
public Uni<String> update(long id, ClubMemberForm membre, JsonWebToken idToken, SecurityIdentity securityIdentity) {
|
public Uni<String> update(long id, ClubMemberForm membre, SecurityCtx securityCtx) {
|
||||||
return repository.findById(id)
|
return repository.findById(id)
|
||||||
.invoke(Unchecked.consumer(membreModel -> {
|
.invoke(Unchecked.consumer(membreModel -> {
|
||||||
if (!GroupeUtils.isInClubGroup(membreModel.getClub().getId(), idToken))
|
if (!securityCtx.isInClubGroup(membreModel.getClub().getId()))
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
}))
|
}))
|
||||||
.invoke(Unchecked.consumer(membreModel -> {
|
.invoke(Unchecked.consumer(membreModel -> {
|
||||||
RoleAsso source = RoleAsso.MEMBRE;
|
RoleAsso source = RoleAsso.MEMBRE;
|
||||||
if (securityIdentity.getRoles().contains("club_president")) source = RoleAsso.PRESIDENT;
|
if (securityCtx.roleHas("club_president")) source = RoleAsso.PRESIDENT;
|
||||||
else if (securityIdentity.getRoles().contains("club_secretaire")) source = RoleAsso.SECRETAIRE;
|
else if (securityCtx.roleHas("club_secretaire")) source = RoleAsso.SECRETAIRE;
|
||||||
else if (securityIdentity.getRoles().contains("club_respo_intra")) source = RoleAsso.MEMBREBUREAU;
|
else if (securityCtx.roleHas("club_respo_intra")) source = RoleAsso.MEMBREBUREAU;
|
||||||
if (!membre.getRole().equals(membreModel.getRole()) && membre.getRole().level >= source.level)
|
if (!membre.getRole().equals(membreModel.getRole()) && membre.getRole().level >= source.level)
|
||||||
throw new DForbiddenException("Permission insuffisante");
|
throw new DForbiddenException("Permission insuffisante");
|
||||||
}))
|
}))
|
||||||
@ -173,7 +171,7 @@ public class MembreService {
|
|||||||
target.setGenre(membre.getGenre());
|
target.setGenre(membre.getGenre());
|
||||||
target.setCategorie(membre.getCategorie());
|
target.setCategorie(membre.getCategorie());
|
||||||
target.setEmail(membre.getEmail());
|
target.setEmail(membre.getEmail());
|
||||||
if (!idToken.getSubject().equals(target.getUserId()))
|
if (!securityCtx.getSubject().equals(target.getUserId()))
|
||||||
target.setRole(membre.getRole());
|
target.setRole(membre.getRole());
|
||||||
return Panache.withTransaction(() -> repository.persist(target));
|
return Panache.withTransaction(() -> repository.persist(target));
|
||||||
})
|
})
|
||||||
@ -221,10 +219,10 @@ public class MembreService {
|
|||||||
.map(__ -> "Ok");
|
.map(__ -> "Ok");
|
||||||
}
|
}
|
||||||
|
|
||||||
public Uni<String> delete(long id, JsonWebToken idToken) {
|
public Uni<String> delete(long id, SecurityCtx securityCtx) {
|
||||||
return repository.findById(id)
|
return repository.findById(id)
|
||||||
.invoke(Unchecked.consumer(membreModel -> {
|
.invoke(Unchecked.consumer(membreModel -> {
|
||||||
if (!GroupeUtils.isInClubGroup(membreModel.getClub().getId(), idToken))
|
if (!securityCtx.isInClubGroup(membreModel.getClub().getId()))
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
}))
|
}))
|
||||||
.call(membreModel -> licenceRepository.find("membre = ?1", membreModel).count()
|
.call(membreModel -> licenceRepository.find("membre = ?1", membreModel).count()
|
||||||
|
|||||||
@ -6,14 +6,12 @@ import fr.titionfire.ffsaf.rest.data.PouleData;
|
|||||||
import fr.titionfire.ffsaf.rest.data.PouleFullData;
|
import fr.titionfire.ffsaf.rest.data.PouleFullData;
|
||||||
import fr.titionfire.ffsaf.rest.data.TreeData;
|
import fr.titionfire.ffsaf.rest.data.TreeData;
|
||||||
import fr.titionfire.ffsaf.utils.CompetitionSystem;
|
import fr.titionfire.ffsaf.utils.CompetitionSystem;
|
||||||
import fr.titionfire.ffsaf.utils.GroupeUtils;
|
import fr.titionfire.ffsaf.utils.SecurityCtx;
|
||||||
import io.quarkus.hibernate.reactive.panache.Panache;
|
import io.quarkus.hibernate.reactive.panache.Panache;
|
||||||
import io.quarkus.hibernate.reactive.panache.common.WithSession;
|
import io.quarkus.hibernate.reactive.panache.common.WithSession;
|
||||||
import io.quarkus.security.identity.SecurityIdentity;
|
|
||||||
import io.smallrye.mutiny.Uni;
|
import io.smallrye.mutiny.Uni;
|
||||||
import jakarta.enterprise.context.ApplicationScoped;
|
import jakarta.enterprise.context.ApplicationScoped;
|
||||||
import jakarta.inject.Inject;
|
import jakarta.inject.Inject;
|
||||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
|
||||||
import org.hibernate.reactive.mutiny.Mutiny;
|
import org.hibernate.reactive.mutiny.Mutiny;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
@ -50,12 +48,11 @@ public class PouleService {
|
|||||||
.map(PouleData::fromModel);
|
.map(PouleData::fromModel);
|
||||||
}
|
}
|
||||||
|
|
||||||
public Uni<List<PouleData>> getAll(JsonWebToken idToken, SecurityIdentity securityIdentity,
|
public Uni<List<PouleData>> getAll(SecurityCtx securityCtx, CompetitionSystem system) {
|
||||||
CompetitionSystem system) {
|
|
||||||
return repository.list("system = ?1", system)
|
return repository.list("system = ?1", system)
|
||||||
.map(data -> data.stream()
|
.map(data -> data.stream()
|
||||||
.filter(p -> securityIdentity.getRoles().contains("federation_admin") ||
|
.filter(p -> securityCtx.roleHas("federation_admin") ||
|
||||||
GroupeUtils.isInClubGroup(p.getCompet().getClub().getId(), idToken))
|
securityCtx.isInClubGroup(p.getCompet().getClub().getId()))
|
||||||
.map(PouleData::fromModel).toList());
|
.map(PouleData::fromModel).toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -3,16 +3,13 @@ package fr.titionfire.ffsaf.rest;
|
|||||||
import fr.titionfire.ffsaf.domain.service.AffiliationService;
|
import fr.titionfire.ffsaf.domain.service.AffiliationService;
|
||||||
import fr.titionfire.ffsaf.rest.data.SimpleAffiliation;
|
import fr.titionfire.ffsaf.rest.data.SimpleAffiliation;
|
||||||
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
||||||
import fr.titionfire.ffsaf.utils.GroupeUtils;
|
import fr.titionfire.ffsaf.utils.SecurityCtx;
|
||||||
import io.quarkus.oidc.IdToken;
|
|
||||||
import io.quarkus.security.identity.SecurityIdentity;
|
|
||||||
import io.smallrye.mutiny.Uni;
|
import io.smallrye.mutiny.Uni;
|
||||||
import io.smallrye.mutiny.unchecked.Unchecked;
|
import io.smallrye.mutiny.unchecked.Unchecked;
|
||||||
import jakarta.annotation.security.RolesAllowed;
|
import jakarta.annotation.security.RolesAllowed;
|
||||||
import jakarta.inject.Inject;
|
import jakarta.inject.Inject;
|
||||||
import jakarta.ws.rs.*;
|
import jakarta.ws.rs.*;
|
||||||
import jakarta.ws.rs.core.MediaType;
|
import jakarta.ws.rs.core.MediaType;
|
||||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.Operation;
|
import org.eclipse.microprofile.openapi.annotations.Operation;
|
||||||
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
|
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
|
||||||
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
||||||
@ -30,13 +27,10 @@ public class AffiliationEndpoints {
|
|||||||
AffiliationService service;
|
AffiliationService service;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
JsonWebToken idToken;
|
SecurityCtx securityCtx;
|
||||||
|
|
||||||
@Inject
|
|
||||||
SecurityIdentity securityIdentity;
|
|
||||||
|
|
||||||
Consumer<Long> checkPerm = Unchecked.consumer(id -> {
|
Consumer<Long> checkPerm = Unchecked.consumer(id -> {
|
||||||
if (!securityIdentity.getRoles().contains("federation_admin") && !GroupeUtils.isInClubGroup(id, idToken))
|
if (!securityCtx.roleHas("federation_admin") && !securityCtx.isInClubGroup(id))
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|||||||
@ -6,10 +6,8 @@ import fr.titionfire.ffsaf.rest.data.SimpleReqAffiliationResume;
|
|||||||
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
||||||
import fr.titionfire.ffsaf.rest.from.AffiliationRequestForm;
|
import fr.titionfire.ffsaf.rest.from.AffiliationRequestForm;
|
||||||
import fr.titionfire.ffsaf.rest.from.AffiliationRequestSaveForm;
|
import fr.titionfire.ffsaf.rest.from.AffiliationRequestSaveForm;
|
||||||
import fr.titionfire.ffsaf.utils.GroupeUtils;
|
import fr.titionfire.ffsaf.utils.SecurityCtx;
|
||||||
import fr.titionfire.ffsaf.utils.Utils;
|
import fr.titionfire.ffsaf.utils.Utils;
|
||||||
import io.quarkus.oidc.IdToken;
|
|
||||||
import io.quarkus.security.identity.SecurityIdentity;
|
|
||||||
import io.smallrye.mutiny.Uni;
|
import io.smallrye.mutiny.Uni;
|
||||||
import io.smallrye.mutiny.unchecked.Unchecked;
|
import io.smallrye.mutiny.unchecked.Unchecked;
|
||||||
import jakarta.annotation.security.RolesAllowed;
|
import jakarta.annotation.security.RolesAllowed;
|
||||||
@ -18,7 +16,6 @@ import jakarta.ws.rs.*;
|
|||||||
import jakarta.ws.rs.core.MediaType;
|
import jakarta.ws.rs.core.MediaType;
|
||||||
import jakarta.ws.rs.core.Response;
|
import jakarta.ws.rs.core.Response;
|
||||||
import org.eclipse.microprofile.config.inject.ConfigProperty;
|
import org.eclipse.microprofile.config.inject.ConfigProperty;
|
||||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.Operation;
|
import org.eclipse.microprofile.openapi.annotations.Operation;
|
||||||
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
|
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
|
||||||
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
||||||
@ -35,16 +32,13 @@ public class AffiliationRequestEndpoints {
|
|||||||
AffiliationService service;
|
AffiliationService service;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
JsonWebToken idToken;
|
SecurityCtx securityCtx;
|
||||||
|
|
||||||
@Inject
|
|
||||||
SecurityIdentity securityIdentity;
|
|
||||||
|
|
||||||
@ConfigProperty(name = "upload_dir")
|
@ConfigProperty(name = "upload_dir")
|
||||||
String media;
|
String media;
|
||||||
|
|
||||||
Consumer<Long> checkPerm = Unchecked.consumer(id -> {
|
Consumer<Long> checkPerm = Unchecked.consumer(id -> {
|
||||||
if (!securityIdentity.getRoles().contains("federation_admin") && !GroupeUtils.isInClubGroup(id, idToken))
|
if (!securityCtx.roleHas("federation_admin") && !securityCtx.isInClubGroup(id))
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -91,7 +85,7 @@ public class AffiliationRequestEndpoints {
|
|||||||
public Uni<SimpleReqAffiliation> getAffRequest(
|
public Uni<SimpleReqAffiliation> getAffRequest(
|
||||||
@Parameter(description = "L'identifiant de la demande d'affiliation") @PathParam("id") long id) {
|
@Parameter(description = "L'identifiant de la demande d'affiliation") @PathParam("id") long id) {
|
||||||
return service.getRequest(id).invoke(Unchecked.consumer(o -> {
|
return service.getRequest(id).invoke(Unchecked.consumer(o -> {
|
||||||
if (o.getClub() == null && !securityIdentity.getRoles().contains("federation_admin"))
|
if (o.getClub() == null && !securityCtx.roleHas("federation_admin"))
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
})).invoke(o -> checkPerm.accept(o.getClub()));
|
})).invoke(o -> checkPerm.accept(o.getClub()));
|
||||||
}
|
}
|
||||||
@ -110,7 +104,7 @@ public class AffiliationRequestEndpoints {
|
|||||||
public Uni<?> getDelAffRequest(
|
public Uni<?> getDelAffRequest(
|
||||||
@Parameter(description = "L'identifiant de la demande d'affiliation") @PathParam("id") long id) {
|
@Parameter(description = "L'identifiant de la demande d'affiliation") @PathParam("id") long id) {
|
||||||
return service.getRequest(id).invoke(Unchecked.consumer(o -> {
|
return service.getRequest(id).invoke(Unchecked.consumer(o -> {
|
||||||
if (o.getClub() == null && !securityIdentity.getRoles().contains("federation_admin"))
|
if (o.getClub() == null && !securityCtx.roleHas("federation_admin"))
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
})).invoke(o -> checkPerm.accept(o.getClub()))
|
})).invoke(o -> checkPerm.accept(o.getClub()))
|
||||||
.chain(o -> service.deleteReqAffiliation(id));
|
.chain(o -> service.deleteReqAffiliation(id));
|
||||||
|
|||||||
@ -12,11 +12,10 @@ import fr.titionfire.ffsaf.rest.exception.DInternalError;
|
|||||||
import fr.titionfire.ffsaf.rest.from.FullClubForm;
|
import fr.titionfire.ffsaf.rest.from.FullClubForm;
|
||||||
import fr.titionfire.ffsaf.rest.from.PartClubForm;
|
import fr.titionfire.ffsaf.rest.from.PartClubForm;
|
||||||
import fr.titionfire.ffsaf.utils.Contact;
|
import fr.titionfire.ffsaf.utils.Contact;
|
||||||
import fr.titionfire.ffsaf.utils.GroupeUtils;
|
|
||||||
import fr.titionfire.ffsaf.utils.PageResult;
|
import fr.titionfire.ffsaf.utils.PageResult;
|
||||||
|
import fr.titionfire.ffsaf.utils.SecurityCtx;
|
||||||
import fr.titionfire.ffsaf.utils.Utils;
|
import fr.titionfire.ffsaf.utils.Utils;
|
||||||
import io.quarkus.security.Authenticated;
|
import io.quarkus.security.Authenticated;
|
||||||
import io.quarkus.security.identity.SecurityIdentity;
|
|
||||||
import io.smallrye.mutiny.Uni;
|
import io.smallrye.mutiny.Uni;
|
||||||
import io.smallrye.mutiny.unchecked.Unchecked;
|
import io.smallrye.mutiny.unchecked.Unchecked;
|
||||||
import jakarta.annotation.security.RolesAllowed;
|
import jakarta.annotation.security.RolesAllowed;
|
||||||
@ -25,7 +24,6 @@ import jakarta.ws.rs.*;
|
|||||||
import jakarta.ws.rs.core.MediaType;
|
import jakarta.ws.rs.core.MediaType;
|
||||||
import jakarta.ws.rs.core.Response;
|
import jakarta.ws.rs.core.Response;
|
||||||
import org.eclipse.microprofile.config.inject.ConfigProperty;
|
import org.eclipse.microprofile.config.inject.ConfigProperty;
|
||||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.Operation;
|
import org.eclipse.microprofile.openapi.annotations.Operation;
|
||||||
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
|
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
|
||||||
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
||||||
@ -45,21 +43,17 @@ public class ClubEndpoints {
|
|||||||
ClubService clubService;
|
ClubService clubService;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
JsonWebToken idToken;
|
SecurityCtx securityCtx;
|
||||||
|
|
||||||
@Inject
|
|
||||||
SecurityIdentity securityIdentity;
|
|
||||||
|
|
||||||
@ConfigProperty(name = "upload_dir")
|
@ConfigProperty(name = "upload_dir")
|
||||||
String media;
|
String media;
|
||||||
|
|
||||||
Consumer<ClubModel> checkPerm = Unchecked.consumer(clubModel -> {
|
Consumer<ClubModel> checkPerm = Unchecked.consumer(clubModel -> {
|
||||||
if (!securityIdentity.getRoles().contains("federation_admin") && !GroupeUtils.isInClubGroup(clubModel.getId(),
|
if (!securityCtx.roleHas("federation_admin") && !securityCtx.isInClubGroup(clubModel.getId()))
|
||||||
idToken))
|
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
});
|
});
|
||||||
Consumer<Long> checkPerm2 = Unchecked.consumer(id -> {
|
Consumer<Long> checkPerm2 = Unchecked.consumer(id -> {
|
||||||
if (!securityIdentity.getRoles().contains("federation_admin") && !GroupeUtils.isInClubGroup(id, idToken))
|
if (!securityCtx.roleHas("federation_admin") && !securityCtx.isInClubGroup(id))
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -229,7 +223,7 @@ public class ClubEndpoints {
|
|||||||
@APIResponse(responseCode = "500", description = "Erreur interne du serveur")
|
@APIResponse(responseCode = "500", description = "Erreur interne du serveur")
|
||||||
})
|
})
|
||||||
public Uni<SimpleClub> getOfUser() {
|
public Uni<SimpleClub> getOfUser() {
|
||||||
return clubService.getOfUser(idToken).map(SimpleClub::fromModel)
|
return clubService.getOfUser(securityCtx).map(SimpleClub::fromModel)
|
||||||
.invoke(m -> m.setContactMap(Contact.toSite()));
|
.invoke(m -> m.setContactMap(Contact.toSite()));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -247,7 +241,7 @@ public class ClubEndpoints {
|
|||||||
@APIResponse(responseCode = "500", description = "Erreur interne du serveur")
|
@APIResponse(responseCode = "500", description = "Erreur interne du serveur")
|
||||||
})
|
})
|
||||||
public Uni<String> setClubOfUser(PartClubForm form) {
|
public Uni<String> setClubOfUser(PartClubForm form) {
|
||||||
return clubService.updateOfUser(idToken, form);
|
return clubService.updateOfUser(securityCtx, form);
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
|||||||
@ -4,13 +4,12 @@ import fr.titionfire.ffsaf.domain.service.CompetitionService;
|
|||||||
import fr.titionfire.ffsaf.rest.data.CompetitionData;
|
import fr.titionfire.ffsaf.rest.data.CompetitionData;
|
||||||
import fr.titionfire.ffsaf.rest.data.SimpleCompetData;
|
import fr.titionfire.ffsaf.rest.data.SimpleCompetData;
|
||||||
import fr.titionfire.ffsaf.utils.CompetitionSystem;
|
import fr.titionfire.ffsaf.utils.CompetitionSystem;
|
||||||
|
import fr.titionfire.ffsaf.utils.SecurityCtx;
|
||||||
import io.quarkus.security.Authenticated;
|
import io.quarkus.security.Authenticated;
|
||||||
import io.quarkus.security.identity.SecurityIdentity;
|
|
||||||
import io.smallrye.mutiny.Uni;
|
import io.smallrye.mutiny.Uni;
|
||||||
import jakarta.inject.Inject;
|
import jakarta.inject.Inject;
|
||||||
import jakarta.ws.rs.*;
|
import jakarta.ws.rs.*;
|
||||||
import jakarta.ws.rs.core.MediaType;
|
import jakarta.ws.rs.core.MediaType;
|
||||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
@ -21,17 +20,14 @@ public class CompetitionEndpoints {
|
|||||||
CompetitionService service;
|
CompetitionService service;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
JsonWebToken idToken;
|
SecurityCtx securityCtx;
|
||||||
|
|
||||||
@Inject
|
|
||||||
SecurityIdentity securityIdentity;
|
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
@Authenticated
|
@Authenticated
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Uni<CompetitionData> getById(@PathParam("id") Long id) {
|
public Uni<CompetitionData> getById(@PathParam("id") Long id) {
|
||||||
return service.getById(idToken, securityIdentity, id);
|
return service.getById(securityCtx, id);
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
@ -39,7 +35,7 @@ public class CompetitionEndpoints {
|
|||||||
@Authenticated
|
@Authenticated
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Uni<SimpleCompetData> getSafcaData(@PathParam("id") Long id) {
|
public Uni<SimpleCompetData> getSafcaData(@PathParam("id") Long id) {
|
||||||
return service.getSafcaData(idToken, securityIdentity, id);
|
return service.getSafcaData(securityCtx, id);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -48,7 +44,7 @@ public class CompetitionEndpoints {
|
|||||||
@Authenticated
|
@Authenticated
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Uni<List<CompetitionData>> getAll() {
|
public Uni<List<CompetitionData>> getAll() {
|
||||||
return service.getAll(idToken, securityIdentity);
|
return service.getAll(securityCtx);
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
@ -56,14 +52,14 @@ public class CompetitionEndpoints {
|
|||||||
@Authenticated
|
@Authenticated
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Uni<List<CompetitionData>> getAllSystem(@PathParam("system") CompetitionSystem system) {
|
public Uni<List<CompetitionData>> getAllSystem(@PathParam("system") CompetitionSystem system) {
|
||||||
return service.getAllSystem(idToken, securityIdentity, system);
|
return service.getAllSystem(securityCtx, system);
|
||||||
}
|
}
|
||||||
|
|
||||||
@POST
|
@POST
|
||||||
@Authenticated
|
@Authenticated
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Uni<CompetitionData> addOrUpdate(CompetitionData data) {
|
public Uni<CompetitionData> addOrUpdate(CompetitionData data) {
|
||||||
return service.addOrUpdate(idToken, securityIdentity, data);
|
return service.addOrUpdate(securityCtx, data);
|
||||||
}
|
}
|
||||||
|
|
||||||
@POST
|
@POST
|
||||||
@ -71,7 +67,7 @@ public class CompetitionEndpoints {
|
|||||||
@Authenticated
|
@Authenticated
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Uni<?> setSafcaData(SimpleCompetData data) {
|
public Uni<?> setSafcaData(SimpleCompetData data) {
|
||||||
return service.setSafcaData(idToken, securityIdentity, data);
|
return service.setSafcaData(securityCtx, data);
|
||||||
}
|
}
|
||||||
|
|
||||||
@DELETE
|
@DELETE
|
||||||
@ -79,6 +75,6 @@ public class CompetitionEndpoints {
|
|||||||
@Authenticated
|
@Authenticated
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Uni<?> delete(@PathParam("id") Long id) {
|
public Uni<?> delete(@PathParam("id") Long id) {
|
||||||
return service.delete(idToken, securityIdentity, id);
|
return service.delete(securityCtx, id);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -3,9 +3,8 @@ package fr.titionfire.ffsaf.rest;
|
|||||||
import fr.titionfire.ffsaf.domain.service.KeycloakService;
|
import fr.titionfire.ffsaf.domain.service.KeycloakService;
|
||||||
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
||||||
import fr.titionfire.ffsaf.rest.from.MemberPermForm;
|
import fr.titionfire.ffsaf.rest.from.MemberPermForm;
|
||||||
import fr.titionfire.ffsaf.utils.GroupeUtils;
|
|
||||||
import fr.titionfire.ffsaf.utils.Pair;
|
import fr.titionfire.ffsaf.utils.Pair;
|
||||||
import io.quarkus.security.identity.SecurityIdentity;
|
import fr.titionfire.ffsaf.utils.SecurityCtx;
|
||||||
import io.smallrye.mutiny.Uni;
|
import io.smallrye.mutiny.Uni;
|
||||||
import io.vertx.mutiny.core.Vertx;
|
import io.vertx.mutiny.core.Vertx;
|
||||||
import jakarta.annotation.security.RolesAllowed;
|
import jakarta.annotation.security.RolesAllowed;
|
||||||
@ -14,7 +13,6 @@ import jakarta.ws.rs.GET;
|
|||||||
import jakarta.ws.rs.PUT;
|
import jakarta.ws.rs.PUT;
|
||||||
import jakarta.ws.rs.Path;
|
import jakarta.ws.rs.Path;
|
||||||
import jakarta.ws.rs.PathParam;
|
import jakarta.ws.rs.PathParam;
|
||||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.Operation;
|
import org.eclipse.microprofile.openapi.annotations.Operation;
|
||||||
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
||||||
import org.eclipse.microprofile.openapi.annotations.responses.APIResponses;
|
import org.eclipse.microprofile.openapi.annotations.responses.APIResponses;
|
||||||
@ -32,10 +30,7 @@ public class CompteEndpoints {
|
|||||||
KeycloakService service;
|
KeycloakService service;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
JsonWebToken idToken;
|
SecurityCtx securityCtx;
|
||||||
|
|
||||||
@Inject
|
|
||||||
SecurityIdentity securityIdentity;
|
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
Vertx vertx;
|
Vertx vertx;
|
||||||
@ -53,9 +48,9 @@ public class CompteEndpoints {
|
|||||||
})
|
})
|
||||||
public Uni<KeycloakService.UserCompteState> getCompte(@PathParam("id") String id) {
|
public Uni<KeycloakService.UserCompteState> getCompte(@PathParam("id") String id) {
|
||||||
return service.fetchCompte(id).call(pair -> vertx.getOrCreateContext().executeBlocking(() -> {
|
return service.fetchCompte(id).call(pair -> vertx.getOrCreateContext().executeBlocking(() -> {
|
||||||
if (!securityIdentity.getRoles().contains("federation_admin") && pair.getKey().groups().stream()
|
if (!securityCtx.roleHas("federation_admin") && pair.getKey().groups().stream()
|
||||||
.map(GroupRepresentation::getPath)
|
.map(GroupRepresentation::getPath)
|
||||||
.noneMatch(s -> s.startsWith("/club/") && GroupeUtils.contains(s, idToken)))
|
.noneMatch(s -> s.startsWith("/club/") && securityCtx.contains(s)))
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
return pair;
|
return pair;
|
||||||
})).map(Pair::getValue);
|
})).map(Pair::getValue);
|
||||||
|
|||||||
@ -5,16 +5,13 @@ import fr.titionfire.ffsaf.domain.service.LicenceService;
|
|||||||
import fr.titionfire.ffsaf.rest.data.SimpleLicence;
|
import fr.titionfire.ffsaf.rest.data.SimpleLicence;
|
||||||
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
||||||
import fr.titionfire.ffsaf.rest.from.LicenceForm;
|
import fr.titionfire.ffsaf.rest.from.LicenceForm;
|
||||||
import fr.titionfire.ffsaf.utils.GroupeUtils;
|
import fr.titionfire.ffsaf.utils.SecurityCtx;
|
||||||
import io.quarkus.oidc.IdToken;
|
|
||||||
import io.quarkus.security.identity.SecurityIdentity;
|
|
||||||
import io.smallrye.mutiny.Uni;
|
import io.smallrye.mutiny.Uni;
|
||||||
import io.smallrye.mutiny.unchecked.Unchecked;
|
import io.smallrye.mutiny.unchecked.Unchecked;
|
||||||
import jakarta.annotation.security.RolesAllowed;
|
import jakarta.annotation.security.RolesAllowed;
|
||||||
import jakarta.inject.Inject;
|
import jakarta.inject.Inject;
|
||||||
import jakarta.ws.rs.*;
|
import jakarta.ws.rs.*;
|
||||||
import jakarta.ws.rs.core.MediaType;
|
import jakarta.ws.rs.core.MediaType;
|
||||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.Operation;
|
import org.eclipse.microprofile.openapi.annotations.Operation;
|
||||||
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
||||||
import org.eclipse.microprofile.openapi.annotations.responses.APIResponses;
|
import org.eclipse.microprofile.openapi.annotations.responses.APIResponses;
|
||||||
@ -29,13 +26,10 @@ public class LicenceEndpoints {
|
|||||||
LicenceService licenceService;
|
LicenceService licenceService;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
JsonWebToken idToken;
|
SecurityCtx securityCtx;
|
||||||
|
|
||||||
@Inject
|
|
||||||
SecurityIdentity securityIdentity;
|
|
||||||
|
|
||||||
Consumer<MembreModel> checkPerm = Unchecked.consumer(membreModel -> {
|
Consumer<MembreModel> checkPerm = Unchecked.consumer(membreModel -> {
|
||||||
if (!securityIdentity.getRoles().contains("federation_admin") && !GroupeUtils.isInClubGroup(membreModel.getClub().getId(), idToken))
|
if (!securityCtx.roleHas("federation_admin") && !securityCtx.isInClubGroup(membreModel.getClub().getId()))
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -80,7 +74,7 @@ public class LicenceEndpoints {
|
|||||||
@APIResponse(responseCode = "500", description = "Erreur interne du serveur")
|
@APIResponse(responseCode = "500", description = "Erreur interne du serveur")
|
||||||
})
|
})
|
||||||
public Uni<List<SimpleLicence>> getCurrentSaisonLicenceClub() {
|
public Uni<List<SimpleLicence>> getCurrentSaisonLicenceClub() {
|
||||||
return licenceService.getCurrentSaisonLicence(idToken).map(licenceModels -> licenceModels.stream().map(SimpleLicence::fromModel).toList());
|
return licenceService.getCurrentSaisonLicence(securityCtx).map(licenceModels -> licenceModels.stream().map(SimpleLicence::fromModel).toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
@POST
|
@POST
|
||||||
|
|||||||
@ -5,16 +5,14 @@ import fr.titionfire.ffsaf.domain.service.MatchService;
|
|||||||
import fr.titionfire.ffsaf.rest.data.MatchData;
|
import fr.titionfire.ffsaf.rest.data.MatchData;
|
||||||
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
||||||
import fr.titionfire.ffsaf.utils.CompetitionSystem;
|
import fr.titionfire.ffsaf.utils.CompetitionSystem;
|
||||||
import fr.titionfire.ffsaf.utils.GroupeUtils;
|
|
||||||
import fr.titionfire.ffsaf.utils.ScoreEmbeddable;
|
import fr.titionfire.ffsaf.utils.ScoreEmbeddable;
|
||||||
|
import fr.titionfire.ffsaf.utils.SecurityCtx;
|
||||||
import io.quarkus.security.Authenticated;
|
import io.quarkus.security.Authenticated;
|
||||||
import io.quarkus.security.identity.SecurityIdentity;
|
|
||||||
import io.smallrye.mutiny.Uni;
|
import io.smallrye.mutiny.Uni;
|
||||||
import io.smallrye.mutiny.unchecked.Unchecked;
|
import io.smallrye.mutiny.unchecked.Unchecked;
|
||||||
import jakarta.inject.Inject;
|
import jakarta.inject.Inject;
|
||||||
import jakarta.ws.rs.*;
|
import jakarta.ws.rs.*;
|
||||||
import jakarta.ws.rs.core.MediaType;
|
import jakarta.ws.rs.core.MediaType;
|
||||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.function.Consumer;
|
import java.util.function.Consumer;
|
||||||
@ -30,14 +28,10 @@ public class MatchEndpoints {
|
|||||||
MatchService service;
|
MatchService service;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
JsonWebToken idToken;
|
SecurityCtx securityCtx;
|
||||||
|
|
||||||
@Inject
|
|
||||||
SecurityIdentity securityIdentity;
|
|
||||||
|
|
||||||
Consumer<ClubModel> checkPerm = Unchecked.consumer(clubModel -> {
|
Consumer<ClubModel> checkPerm = Unchecked.consumer(clubModel -> {
|
||||||
if (!securityIdentity.getRoles().contains("federation_admin") && !GroupeUtils.isInClubGroup(clubModel.getId(),
|
if (!securityCtx.roleHas("federation_admin") && !securityCtx.isInClubGroup(clubModel.getId()))
|
||||||
idToken))
|
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|||||||
@ -6,11 +6,9 @@ import fr.titionfire.ffsaf.rest.data.SimpleMembre;
|
|||||||
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
||||||
import fr.titionfire.ffsaf.rest.exception.DInternalError;
|
import fr.titionfire.ffsaf.rest.exception.DInternalError;
|
||||||
import fr.titionfire.ffsaf.rest.from.FullMemberForm;
|
import fr.titionfire.ffsaf.rest.from.FullMemberForm;
|
||||||
import fr.titionfire.ffsaf.utils.GroupeUtils;
|
|
||||||
import fr.titionfire.ffsaf.utils.PageResult;
|
import fr.titionfire.ffsaf.utils.PageResult;
|
||||||
|
import fr.titionfire.ffsaf.utils.SecurityCtx;
|
||||||
import fr.titionfire.ffsaf.utils.Utils;
|
import fr.titionfire.ffsaf.utils.Utils;
|
||||||
import io.quarkus.oidc.IdToken;
|
|
||||||
import io.quarkus.security.identity.SecurityIdentity;
|
|
||||||
import io.smallrye.mutiny.Uni;
|
import io.smallrye.mutiny.Uni;
|
||||||
import io.smallrye.mutiny.unchecked.Unchecked;
|
import io.smallrye.mutiny.unchecked.Unchecked;
|
||||||
import jakarta.annotation.security.RolesAllowed;
|
import jakarta.annotation.security.RolesAllowed;
|
||||||
@ -18,7 +16,6 @@ import jakarta.inject.Inject;
|
|||||||
import jakarta.ws.rs.*;
|
import jakarta.ws.rs.*;
|
||||||
import jakarta.ws.rs.core.MediaType;
|
import jakarta.ws.rs.core.MediaType;
|
||||||
import org.eclipse.microprofile.config.inject.ConfigProperty;
|
import org.eclipse.microprofile.config.inject.ConfigProperty;
|
||||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.Operation;
|
import org.eclipse.microprofile.openapi.annotations.Operation;
|
||||||
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
|
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
|
||||||
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
||||||
@ -40,14 +37,10 @@ public class MembreAdminEndpoints {
|
|||||||
String media;
|
String media;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
JsonWebToken idToken;
|
SecurityCtx securityCtx;
|
||||||
|
|
||||||
@Inject
|
|
||||||
SecurityIdentity securityIdentity;
|
|
||||||
|
|
||||||
Consumer<MembreModel> checkPerm = Unchecked.consumer(membreModel -> {
|
Consumer<MembreModel> checkPerm = Unchecked.consumer(membreModel -> {
|
||||||
if (!securityIdentity.getRoles().contains("federation_admin") && !GroupeUtils.isInClubGroup(
|
if (!securityCtx.roleHas("federation_admin") && !securityCtx.isInClubGroup(membreModel.getClub().getId()))
|
||||||
membreModel.getClub().getId(), idToken))
|
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|||||||
@ -6,9 +6,8 @@ import fr.titionfire.ffsaf.rest.exception.DInternalError;
|
|||||||
import fr.titionfire.ffsaf.rest.from.ClubMemberForm;
|
import fr.titionfire.ffsaf.rest.from.ClubMemberForm;
|
||||||
import fr.titionfire.ffsaf.rest.from.FullMemberForm;
|
import fr.titionfire.ffsaf.rest.from.FullMemberForm;
|
||||||
import fr.titionfire.ffsaf.utils.PageResult;
|
import fr.titionfire.ffsaf.utils.PageResult;
|
||||||
|
import fr.titionfire.ffsaf.utils.SecurityCtx;
|
||||||
import fr.titionfire.ffsaf.utils.Utils;
|
import fr.titionfire.ffsaf.utils.Utils;
|
||||||
import io.quarkus.oidc.IdToken;
|
|
||||||
import io.quarkus.security.identity.SecurityIdentity;
|
|
||||||
import io.smallrye.mutiny.Uni;
|
import io.smallrye.mutiny.Uni;
|
||||||
import io.smallrye.mutiny.unchecked.Unchecked;
|
import io.smallrye.mutiny.unchecked.Unchecked;
|
||||||
import jakarta.annotation.security.RolesAllowed;
|
import jakarta.annotation.security.RolesAllowed;
|
||||||
@ -16,7 +15,6 @@ import jakarta.inject.Inject;
|
|||||||
import jakarta.ws.rs.*;
|
import jakarta.ws.rs.*;
|
||||||
import jakarta.ws.rs.core.MediaType;
|
import jakarta.ws.rs.core.MediaType;
|
||||||
import org.eclipse.microprofile.config.inject.ConfigProperty;
|
import org.eclipse.microprofile.config.inject.ConfigProperty;
|
||||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.Operation;
|
import org.eclipse.microprofile.openapi.annotations.Operation;
|
||||||
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
|
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
|
||||||
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
||||||
@ -35,10 +33,7 @@ public class MembreClubEndpoints {
|
|||||||
String media;
|
String media;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
JsonWebToken idToken;
|
SecurityCtx securityCtx;
|
||||||
|
|
||||||
@Inject
|
|
||||||
SecurityIdentity securityIdentity;
|
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
@Path("/find/club")
|
@Path("/find/club")
|
||||||
@ -57,7 +52,7 @@ public class MembreClubEndpoints {
|
|||||||
limit = 50;
|
limit = 50;
|
||||||
if (page == null || page < 1)
|
if (page == null || page < 1)
|
||||||
page = 1;
|
page = 1;
|
||||||
return membreService.search(limit, page - 1, search, idToken.getSubject());
|
return membreService.search(limit, page - 1, search, securityCtx.getSubject());
|
||||||
}
|
}
|
||||||
|
|
||||||
@PUT
|
@PUT
|
||||||
@ -74,7 +69,7 @@ public class MembreClubEndpoints {
|
|||||||
})
|
})
|
||||||
public Uni<String> setMembre(
|
public Uni<String> setMembre(
|
||||||
@Parameter(description = "Identifiant de membre") @PathParam("id") long id, ClubMemberForm input) {
|
@Parameter(description = "Identifiant de membre") @PathParam("id") long id, ClubMemberForm input) {
|
||||||
return membreService.update(id, input, idToken, securityIdentity)
|
return membreService.update(id, input, securityCtx)
|
||||||
.invoke(Unchecked.consumer(out -> {
|
.invoke(Unchecked.consumer(out -> {
|
||||||
if (!out.equals("OK")) throw new InternalError("Fail to update data: " + out);
|
if (!out.equals("OK")) throw new InternalError("Fail to update data: " + out);
|
||||||
})).chain(() -> {
|
})).chain(() -> {
|
||||||
@ -101,7 +96,7 @@ public class MembreClubEndpoints {
|
|||||||
@APIResponse(responseCode = "500", description = "Erreur interne du serveur")
|
@APIResponse(responseCode = "500", description = "Erreur interne du serveur")
|
||||||
})
|
})
|
||||||
public Uni<Long> addMembre(FullMemberForm input) {
|
public Uni<Long> addMembre(FullMemberForm input) {
|
||||||
return membreService.add(input, idToken.getSubject())
|
return membreService.add(input, securityCtx.getSubject())
|
||||||
.invoke(Unchecked.consumer(id -> {
|
.invoke(Unchecked.consumer(id -> {
|
||||||
if (id == null) throw new InternalError("Fail to creat member data");
|
if (id == null) throw new InternalError("Fail to creat member data");
|
||||||
})).call(id -> {
|
})).call(id -> {
|
||||||
@ -126,6 +121,6 @@ public class MembreClubEndpoints {
|
|||||||
})
|
})
|
||||||
public Uni<String> deleteMembre(
|
public Uni<String> deleteMembre(
|
||||||
@Parameter(description = "Identifiant de membre") @PathParam("id") long id) {
|
@Parameter(description = "Identifiant de membre") @PathParam("id") long id) {
|
||||||
return membreService.delete(id, idToken);
|
return membreService.delete(id, securityCtx);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -5,11 +5,9 @@ import fr.titionfire.ffsaf.domain.service.MembreService;
|
|||||||
import fr.titionfire.ffsaf.rest.data.MeData;
|
import fr.titionfire.ffsaf.rest.data.MeData;
|
||||||
import fr.titionfire.ffsaf.rest.data.SimpleMembre;
|
import fr.titionfire.ffsaf.rest.data.SimpleMembre;
|
||||||
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
||||||
import fr.titionfire.ffsaf.utils.GroupeUtils;
|
import fr.titionfire.ffsaf.utils.SecurityCtx;
|
||||||
import fr.titionfire.ffsaf.utils.Utils;
|
import fr.titionfire.ffsaf.utils.Utils;
|
||||||
import io.quarkus.oidc.IdToken;
|
|
||||||
import io.quarkus.security.Authenticated;
|
import io.quarkus.security.Authenticated;
|
||||||
import io.quarkus.security.identity.SecurityIdentity;
|
|
||||||
import io.smallrye.mutiny.Uni;
|
import io.smallrye.mutiny.Uni;
|
||||||
import io.smallrye.mutiny.unchecked.Unchecked;
|
import io.smallrye.mutiny.unchecked.Unchecked;
|
||||||
import jakarta.annotation.security.RolesAllowed;
|
import jakarta.annotation.security.RolesAllowed;
|
||||||
@ -18,7 +16,6 @@ import jakarta.ws.rs.*;
|
|||||||
import jakarta.ws.rs.core.MediaType;
|
import jakarta.ws.rs.core.MediaType;
|
||||||
import jakarta.ws.rs.core.Response;
|
import jakarta.ws.rs.core.Response;
|
||||||
import org.eclipse.microprofile.config.inject.ConfigProperty;
|
import org.eclipse.microprofile.config.inject.ConfigProperty;
|
||||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.Operation;
|
import org.eclipse.microprofile.openapi.annotations.Operation;
|
||||||
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
|
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
|
||||||
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
||||||
@ -40,14 +37,10 @@ public class MembreEndpoints {
|
|||||||
String media;
|
String media;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
JsonWebToken idToken;
|
SecurityCtx securityCtx;
|
||||||
|
|
||||||
@Inject
|
|
||||||
SecurityIdentity securityIdentity;
|
|
||||||
|
|
||||||
Consumer<MembreModel> checkPerm = Unchecked.consumer(membreModel -> {
|
Consumer<MembreModel> checkPerm = Unchecked.consumer(membreModel -> {
|
||||||
if (!securityIdentity.getRoles().contains("federation_admin") && !GroupeUtils.isInClubGroup(
|
if (!securityCtx.roleHas("federation_admin") && !securityCtx.isInClubGroup(membreModel.getClub().getId()))
|
||||||
membreModel.getClub().getId(), idToken))
|
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -95,7 +88,7 @@ public class MembreEndpoints {
|
|||||||
@APIResponse(responseCode = "500", description = "Erreur interne du serveur")
|
@APIResponse(responseCode = "500", description = "Erreur interne du serveur")
|
||||||
})
|
})
|
||||||
public Uni<MeData> getMe() {
|
public Uni<MeData> getMe() {
|
||||||
return membreService.getMembre(idToken.getSubject());
|
return membreService.getMembre(securityCtx.getSubject());
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
|||||||
@ -6,14 +6,12 @@ import fr.titionfire.ffsaf.rest.data.PouleData;
|
|||||||
import fr.titionfire.ffsaf.rest.data.PouleFullData;
|
import fr.titionfire.ffsaf.rest.data.PouleFullData;
|
||||||
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
|
||||||
import fr.titionfire.ffsaf.utils.CompetitionSystem;
|
import fr.titionfire.ffsaf.utils.CompetitionSystem;
|
||||||
import fr.titionfire.ffsaf.utils.GroupeUtils;
|
import fr.titionfire.ffsaf.utils.SecurityCtx;
|
||||||
import io.quarkus.security.identity.SecurityIdentity;
|
|
||||||
import io.smallrye.mutiny.Uni;
|
import io.smallrye.mutiny.Uni;
|
||||||
import io.smallrye.mutiny.unchecked.Unchecked;
|
import io.smallrye.mutiny.unchecked.Unchecked;
|
||||||
import jakarta.inject.Inject;
|
import jakarta.inject.Inject;
|
||||||
import jakarta.ws.rs.*;
|
import jakarta.ws.rs.*;
|
||||||
import jakarta.ws.rs.core.MediaType;
|
import jakarta.ws.rs.core.MediaType;
|
||||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.function.Consumer;
|
import java.util.function.Consumer;
|
||||||
@ -29,14 +27,10 @@ public class PouleEndpoints {
|
|||||||
PouleService service;
|
PouleService service;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
JsonWebToken idToken;
|
SecurityCtx securityCtx;
|
||||||
|
|
||||||
@Inject
|
|
||||||
SecurityIdentity securityIdentity;
|
|
||||||
|
|
||||||
Consumer<ClubModel> checkPerm = Unchecked.consumer(clubModel -> {
|
Consumer<ClubModel> checkPerm = Unchecked.consumer(clubModel -> {
|
||||||
if (!securityIdentity.getRoles().contains("federation_admin") && !GroupeUtils.isInClubGroup(clubModel.getId(),
|
if (!securityCtx.roleHas("federation_admin") && !securityCtx.isInClubGroup(clubModel.getId()))
|
||||||
idToken))
|
|
||||||
throw new DForbiddenException();
|
throw new DForbiddenException();
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -50,7 +44,7 @@ public class PouleEndpoints {
|
|||||||
@GET
|
@GET
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Uni<List<PouleData>> getAll() {
|
public Uni<List<PouleData>> getAll() {
|
||||||
return service.getAll(idToken, securityIdentity, system);
|
return service.getAll(securityCtx, system);
|
||||||
}
|
}
|
||||||
|
|
||||||
@POST
|
@POST
|
||||||
|
|||||||
@ -1,25 +0,0 @@
|
|||||||
package fr.titionfire.ffsaf.utils;
|
|
||||||
|
|
||||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
|
||||||
|
|
||||||
public class GroupeUtils {
|
|
||||||
public static boolean isInClubGroup(long id, JsonWebToken accessToken) {
|
|
||||||
if (accessToken.getClaim("user_groups") instanceof Iterable<?>) {
|
|
||||||
for (Object str : (Iterable<?>) accessToken.getClaim("user_groups")) {
|
|
||||||
if (str.toString().substring(1, str.toString().length() - 1).startsWith("/club/" + id + "-"))
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static boolean contains(String string, JsonWebToken accessToken) {
|
|
||||||
if (accessToken.getClaim("user_groups") instanceof Iterable<?>) {
|
|
||||||
for (Object str : (Iterable<?>) accessToken.getClaim("user_groups")) {
|
|
||||||
if (str.toString().substring(1, str.toString().length() - 1).contains(string))
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
56
src/main/java/fr/titionfire/ffsaf/utils/SecurityCtx.java
Normal file
56
src/main/java/fr/titionfire/ffsaf/utils/SecurityCtx.java
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
package fr.titionfire.ffsaf.utils;
|
||||||
|
|
||||||
|
import io.quarkus.security.identity.SecurityIdentity;
|
||||||
|
import jakarta.enterprise.context.RequestScoped;
|
||||||
|
import jakarta.inject.Inject;
|
||||||
|
import org.eclipse.microprofile.jwt.JsonWebToken;
|
||||||
|
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
@RequestScoped
|
||||||
|
public class SecurityCtx {
|
||||||
|
@Inject
|
||||||
|
JsonWebToken idToken;
|
||||||
|
|
||||||
|
@Inject
|
||||||
|
SecurityIdentity securityIdentity;
|
||||||
|
|
||||||
|
public Set<String> getRoles() {
|
||||||
|
return securityIdentity.getRoles();
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getSubject() {
|
||||||
|
if (idToken == null)
|
||||||
|
return null;
|
||||||
|
return idToken.getSubject();
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean roleHas(String role) {
|
||||||
|
if (role == null)
|
||||||
|
return false;
|
||||||
|
return securityIdentity.getRoles().contains(role);
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean isInClubGroup(long id) {
|
||||||
|
if (idToken == null || idToken.getClaim("user_groups") == null)
|
||||||
|
return false;
|
||||||
|
|
||||||
|
if (idToken.getClaim("user_groups") instanceof Iterable<?>) {
|
||||||
|
for (Object str : (Iterable<?>) idToken.getClaim("user_groups")) {
|
||||||
|
if (str.toString().substring(1, str.toString().length() - 1).startsWith("/club/" + id + "-"))
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean contains(String string) {
|
||||||
|
if (idToken.getClaim("user_groups") instanceof Iterable<?>) {
|
||||||
|
for (Object str : (Iterable<?>) idToken.getClaim("user_groups")) {
|
||||||
|
if (str.toString().substring(1, str.toString().length() - 1).contains(string))
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user