Thibaut/ffsaf-site
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity

feat(comp): check perm for creation
All checks were successful
Deploy Production Server / if_merged (pull_request) Successful in 8m22s
Details

Browse Source
This commit is contained in:
Thibaut Valentin 2025-03-11 11:07:56 +01:00
parent 15c88c4943
commit fbbfef37ba
2 changed files with 21 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/main/java/fr/titionfire/ffsaf/domain/service/CompetitionService.java
View File

@ -2,7 +2,10 @@ package fr.titionfire.ffsaf.domain.service;
import fr.titionfire.ffsaf.data.model.CompetitionModel;
import fr.titionfire.ffsaf.data.model.MembreModel;
import fr.titionfire.ffsaf.data.repository.*;
import fr.titionfire.ffsaf.data.repository.CombRepository;
import fr.titionfire.ffsaf.data.repository.CompetitionRepository;
import fr.titionfire.ffsaf.data.repository.MatchRepository;
import fr.titionfire.ffsaf.data.repository.PouleRepository;
import fr.titionfire.ffsaf.net2.ServerCustom;
import fr.titionfire.ffsaf.net2.data.SimpleCompet;
import fr.titionfire.ffsaf.net2.request.SReqCompet;
@ -13,6 +16,7 @@ import fr.titionfire.ffsaf.rest.data.SimpleCompetData;
import fr.titionfire.ffsaf.rest.data.SimpleRegisterComb;
import fr.titionfire.ffsaf.rest.exception.DBadRequestException;
import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
import fr.titionfire.ffsaf.rest.exception.DNotFoundException;
import fr.titionfire.ffsaf.utils.CompetitionSystem;
import fr.titionfire.ffsaf.utils.RegisterEmbeddable;
import fr.titionfire.ffsaf.utils.SecurityCtx;
@ -138,10 +142,15 @@ public class CompetitionService {
public Uni<CompetitionData> addOrUpdate(SecurityCtx securityCtx, CompetitionData data) {
if (data.getId() == null) {
return new ClubRepository().findById(data.getClub()).invoke(Unchecked.consumer(clubModel -> {
if (!securityCtx.isInClubGroup(clubModel.getId()))
throw new DForbiddenException();
})) // TODO check if user can create competition
return combRepository.find("userId = ?1", securityCtx.getSubject()).firstResult()
.invoke(Unchecked.consumer(combModel -> {
if (combModel == null)
throw new DNotFoundException("Profile non trouvé");
if (data.getSystem() == CompetitionSystem.SAFCA)
if (!securityCtx.getRoles().contains("safca_create_compet"))
throw new DForbiddenException("Vous ne pouvez pas créer de compétition SAFCA");
}))
.map(MembreModel::getClub)
.chain(clubModel -> {
CompetitionModel model = new CompetitionModel();

13
src/main/webapp/src/pages/competition/CompetitionEdit.jsx
View File

@ -46,8 +46,8 @@ export function CompetitionEdit() {
<Content data={data} refresh={refresh}/>
{data.id !== null && <button style={{marginBottom: "1.5em", width: "100%"}} className="btn btn-primary"
onClick={_ => navigate(`/competition/${data.id}/register`)}>Voir/Modifier les participants</button>}
{data.id !== null && <button style={{marginBottom: "1.5em", width: "100%"}} className="btn btn-primary"
onClick={_ => navigate(`/competition/${data.id}/register`)}>Voir/Modifier les participants</button>}
{data.id !== null && <ContentSAFCA data2={data}/>}
@ -259,10 +259,11 @@ function Content({data}) {
<OptionField name="system" text="System" value={data.system} values={{SAFCA: 'SAFCA'}} disabled={data.id !== null}/>
<div className="row">
<ClubSelect defaultValue={data.club} name="club" na={false} disabled={data.id !== null}/>
</div>
{data.id !== null &&
<div className="row">
<ClubSelect defaultValue={data.club} name="club" na={false} disabled={true}/>
</div>
}
</div>
<div className="row mb-3">