isAdmin interface fixes

2026-02-01 20:10:35 +01:00 · 2025-10-25 10:51:20 +01:00 · 2025-10-25 10:51:20 +01:00 · 8f84bb1349
commit 8f84bb1349
parent 81374d9b7c
3 changed files with 29 additions and 21 deletions
--- a/app/common/src/main/java/stirling/software/common/service/UserServiceInterface.java
+++ b/app/common/src/main/java/stirling/software/common/service/UserServiceInterface.java
@ -6,4 +6,6 @@ public interface UserServiceInterface {
    String getCurrentUsername();

    long getTotalUsersCount();
+
+    boolean isCurrentUserAdmin();
 }
--- a/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/ConfigController.java
+++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/ConfigController.java
@ -5,8 +5,6 @@ import java.util.Map;

 import org.springframework.context.ApplicationContext;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestParam;

@ -16,8 +14,8 @@ import stirling.software.SPDF.config.EndpointConfiguration;
 import stirling.software.common.annotations.api.ConfigApi;
 import stirling.software.common.configuration.AppConfig;
 import stirling.software.common.model.ApplicationProperties;
-import stirling.software.common.model.enumeration.Role;
 import stirling.software.common.service.ServerCertificateServiceInterface;
+import stirling.software.common.service.UserServiceInterface;

@ConfigApi
@Hidden
@ -27,17 +25,21 @@ public class ConfigController {
    private final ApplicationContext applicationContext;
    private final EndpointConfiguration endpointConfiguration;
    private final ServerCertificateServiceInterface serverCertificateService;
+    private final UserServiceInterface userService;

    public ConfigController(
            ApplicationProperties applicationProperties,
            ApplicationContext applicationContext,
            EndpointConfiguration endpointConfiguration,
            @org.springframework.beans.factory.annotation.Autowired(required = false)
-                    ServerCertificateServiceInterface serverCertificateService) {
+                    ServerCertificateServiceInterface serverCertificateService,
+            @org.springframework.beans.factory.annotation.Autowired(required = false)
+                    UserServiceInterface userService) {
        this.applicationProperties = applicationProperties;
        this.applicationContext = applicationContext;
        this.endpointConfiguration = endpointConfiguration;
        this.serverCertificateService = serverCertificateService;
+        this.userService = userService;
    }

    @GetMapping("/app-config")
@ -60,25 +62,14 @@ public class ConfigController {
            // Security settings
            configData.put("enableLogin", applicationProperties.getSecurity().getEnableLogin());

-            // Check if user is admin based on authentication
+            // Check if user is admin using UserServiceInterface
            boolean isAdmin = false;
-            try {
-                Authentication authentication =
-                        SecurityContextHolder.getContext().getAuthentication();
-                if (authentication != null
-                        && authentication.isAuthenticated()
-                        && !"anonymousUser".equals(authentication.getPrincipal())) {
-                    // Check if user has ROLE_ADMIN authority
-                    isAdmin =
-                            authentication.getAuthorities().stream()
-                                    .anyMatch(
-                                            auth ->
-                                                    Role.ADMIN
-                                                            .getRoleId()
-                                                            .equals(auth.getAuthority()));
+            if (userService != null) {
+                try {
+                    isAdmin = userService.isCurrentUserAdmin();
+                } catch (Exception e) {
+                    // If there's an error, isAdmin remains false
                }
-            } catch (Exception e) {
-                // If security is not enabled or there's an error, isAdmin remains false
            }
            configData.put("isAdmin", isAdmin);

--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/service/UserService.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/service/UserService.java
@ -642,6 +642,21 @@ public class UserService implements UserServiceInterface {
        return null;
    }

+    public boolean isCurrentUserAdmin() {
+        try {
+            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+            if (authentication != null
+                    && authentication.isAuthenticated()
+                    && !"anonymousUser".equals(authentication.getPrincipal())) {
+                return authentication.getAuthorities().stream()
+                        .anyMatch(auth -> Role.ADMIN.getRoleId().equals(auth.getAuthority()));
+            }
+        } catch (Exception e) {
+            log.debug("Error checking admin status", e);
+        }
+        return false;
+    }
+
    @Transactional
    public void syncCustomApiUser(String customApiKey) {
        if (customApiKey == null || customApiKey.trim().isBlank()) {