From dd9dd72f358c52d5b5c0f9943b369fc83c1bc6a6 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Mon, 25 Dec 2023 12:58:49 +0000 Subject: [PATCH] Role stuff --- .../config/security/InitialSecuritySetup.java | 2 +- .../SPDF/config/security/UserService.java | 6 ++++++ .../SPDF/controller/api/UserController.java | 13 +++++++++++++ .../api/pipeline/PipelineController.java | 4 +++- .../controller/web/AccountWebController.java | 19 ++++++++++++++++++- 5 files changed, 41 insertions(+), 3 deletions(-) diff --git a/src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java b/src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java index fd89af30..f7b3586f 100644 --- a/src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java +++ b/src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java @@ -38,7 +38,7 @@ public class InitialSecuritySetup { userService.saveUser(initialUsername, initialPassword, Role.ADMIN.getRoleId(), true); } - userService.saveUser(Role.INTERNAL_API_USER.getRoleId(), UUID.randomUUID().toString(), Role.USER.getRoleId()); + userService.saveUser(Role.INTERNAL_API_USER.getRoleId(), UUID.randomUUID().toString(), Role.INTERNAL_API_USER.getRoleId()); userService.addApiKeyToUser(Role.INTERNAL_API_USER.getRoleId()); } } diff --git a/src/main/java/stirling/software/SPDF/config/security/UserService.java b/src/main/java/stirling/software/SPDF/config/security/UserService.java index 5708a5fd..45794d92 100644 --- a/src/main/java/stirling/software/SPDF/config/security/UserService.java +++ b/src/main/java/stirling/software/SPDF/config/security/UserService.java @@ -18,6 +18,7 @@ import org.springframework.stereotype.Service; import stirling.software.SPDF.controller.api.pipeline.UserServiceInterface; import stirling.software.SPDF.model.Authority; +import stirling.software.SPDF.model.Role; import stirling.software.SPDF.model.User; import stirling.software.SPDF.repository.UserRepository; @Service @@ -137,6 +138,11 @@ public class UserService implements UserServiceInterface{ public void deleteUser(String username) { Optional userOpt = userRepository.findByUsername(username); if (userOpt.isPresent()) { + for (Authority authority : userOpt.get().getAuthorities()) { + if (authority.getAuthority().equals(Role.INTERNAL_API_USER.getRoleId())) { + return; + } + } userRepository.delete(userOpt.get()); } } diff --git a/src/main/java/stirling/software/SPDF/controller/api/UserController.java b/src/main/java/stirling/software/SPDF/controller/api/UserController.java index bf451567..def9a0bc 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/UserController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/UserController.java @@ -23,6 +23,7 @@ import org.springframework.web.servlet.view.RedirectView; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import stirling.software.SPDF.config.security.UserService; +import stirling.software.SPDF.model.Role; import stirling.software.SPDF.model.User; @Controller @@ -182,6 +183,18 @@ public class UserController { if(userService.usernameExists(username)) { return new RedirectView("/addUsers?messageType=usernameExists"); } + try { + // Validate the role + Role roleEnum = Role.fromString(role); + if (roleEnum == Role.INTERNAL_API_USER) { + // If the role is INTERNAL_API_USER, reject the request + return new RedirectView("/addUsers?messageType=invalidRole"); + } + } catch (IllegalArgumentException e) { + // If the role ID is not valid, redirect with an error message + return new RedirectView("/addUsers?messageType=invalidRole"); + } + userService.saveUser(username, password, role, forceChange); return new RedirectView("/addUsers"); // Redirect to account page after adding the user } diff --git a/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineController.java b/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineController.java index 25fa811f..d04017e2 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineController.java @@ -100,10 +100,12 @@ public class PipelineController { @Autowired ApplicationProperties applicationProperties; - @Autowired + @Autowired(required=false) private UserServiceInterface userService; private String getApiKeyForUser() { + if(userService == null) + return ""; return userService.getApiKeyForUser(Role.INTERNAL_API_USER.getRoleId()); } diff --git a/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java b/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java index cba7ebb5..ce2e5219 100644 --- a/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java +++ b/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java @@ -1,4 +1,5 @@ package stirling.software.SPDF.controller.web; +import java.util.Iterator; import java.util.List; import java.util.Optional; @@ -15,6 +16,8 @@ import com.fasterxml.jackson.databind.ObjectMapper; import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.servlet.http.HttpServletRequest; +import stirling.software.SPDF.model.Authority; +import stirling.software.SPDF.model.Role; import stirling.software.SPDF.model.User; import stirling.software.SPDF.repository.UserRepository; @Controller @@ -46,7 +49,21 @@ public class AccountWebController { @PreAuthorize("hasRole('ROLE_ADMIN')") @GetMapping("/addUsers") public String showAddUserForm(Model model, Authentication authentication) { - List allUsers = userRepository.findAll(); + List allUsers = userRepository.findAll(); + Iterator iterator = allUsers.iterator(); + + while(iterator.hasNext()) { + User user = iterator.next(); + if(user != null) { + for (Authority authority : user.getAuthorities()) { + if (authority.getAuthority().equals(Role.INTERNAL_API_USER.getRoleId())) { + iterator.remove(); + break; // Break out of the inner loop once the user is removed + } + } + } + } + model.addAttribute("users", allUsers); model.addAttribute("currentUsername", authentication.getName()); return "addUsers";