sp

nkonev · Nov 16, 2023 · 8a4ba79 · 8a4ba79
1 parent c0522ea
commit 8a4ba79
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 40 deletions.
diff --git a/aaa/src/main/java/com/github/nkonev/aaa/converter/UserAccountConverter.java b/aaa/src/main/java/com/github/nkonev/aaa/converter/UserAccountConverter.java
@@ -28,6 +28,9 @@ public class UserAccountConverter {
     @Autowired
     private AaaSecurityService aaaSecurityService;
 
+    @Autowired
+    private UserRoleService userRoleService;
+
     private static UserRole getDefaultUserRole(){
         return UserRole.ROLE_USER;
     }
@@ -107,7 +110,7 @@ public static com.github.nkonev.aaa.dto.UserAccountDTO convertToUserAccountDTO(U
         );
     }
 
-    public com.github.nkonev.aaa.dto.UserAccountDTOExtended convertToUserAccountDTOExtended(UserAccountDetailsDTO currentUser, UserAccount userAccount) {
+    public com.github.nkonev.aaa.dto.UserAccountDTOExtended convertToUserAccountDTOExtended(PrincipalToCheck currentUser, UserAccount userAccount) {
         if (userAccount == null) { return null; }
         com.github.nkonev.aaa.dto.UserAccountDTOExtended.DataDTO dataDTO;
         if (aaaSecurityService.hasSessionManagementPermission(currentUser)){
@@ -130,30 +133,6 @@ public com.github.nkonev.aaa.dto.UserAccountDTOExtended convertToUserAccountDTOE
         );
     }
 
-    public com.github.nkonev.aaa.dto.UserAccountDTOExtended convertToUserAccountDTOExtendedForAdmin(UserAccount userAccount) {
-        if (userAccount == null) { return null; }
-        com.github.nkonev.aaa.dto.UserAccountDTOExtended.DataDTO dataDTO;
-        if (aaaSecurityService.hasSessionManagementPermissionForAdmin()){
-            dataDTO = new com.github.nkonev.aaa.dto.UserAccountDTOExtended.DataDTO(userAccount.enabled(), userAccount.expired(), userAccount.locked(), Set.of(userAccount.role()));
-        } else {
-            dataDTO = null;
-        }
-        return new UserAccountDTOExtended(
-            userAccount.id(),
-            userAccount.username(),
-            userAccount.avatar(),
-            userAccount.avatarBig(),
-            userAccount.shortInfo(),
-            dataDTO,
-            userAccount.lastLoginDateTime(),
-            convertOauth(userAccount.oauth2Identifiers()),
-            aaaSecurityService.canLock(currentUser, userAccount),
-            aaaSecurityService.canDelete(currentUser, userAccount),
-            aaaSecurityService.canChangeRole(currentUser, userAccount)
-        );
-    }
-
-
     private static void validateUserPassword(String password) {
         Assert.notNull(password, "password must be set");
         if (password.length() < Constants.MIN_PASSWORD_LENGTH || password.length() > Constants.MAX_PASSWORD_LENGTH) {

diff --git a/aaa/src/main/java/com/github/nkonev/aaa/security/AaaSecurityService.java b/aaa/src/main/java/com/github/nkonev/aaa/security/AaaSecurityService.java
@@ -5,10 +5,7 @@
 import com.github.nkonev.aaa.dto.LockDTO;
 import com.github.nkonev.aaa.dto.UserAccountDetailsDTO;
 import com.github.nkonev.aaa.entity.jdbc.UserAccount;
-import com.github.nkonev.aaa.dto.UserRole;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.stereotype.Service;
 
 import javax.annotation.PostConstruct;
@@ -20,7 +17,7 @@
 @Service
 public class AaaSecurityService {
     @Autowired
-    private RoleHierarchy roleHierarchy;
+    private UserRoleService userRoleService;
 
     @Autowired
     private UserAccountRepository userAccountRepository;
@@ -55,8 +52,8 @@ public boolean canDelete(UserAccountDetailsDTO userAccount, long userIdToDelete)
         }
         return Optional
                 .ofNullable(userAccount)
-                .map(u -> u.getAuthorities()
-                        .contains(new SimpleGrantedAuthority(UserRole.ROLE_ADMIN.name())) &&
+                .map(u ->
+                        userRoleService.isAdmin(u) &&
                         !u.getId().equals(userIdToDelete))
                 .orElse(false);
     }
@@ -96,6 +93,6 @@ private boolean lockAndDelete(PrincipalToCheck currentUser, UserAccount userAcco
         if (userAccount.id().equals(currentUser.getId())){
             return false;
         }
-        return roleHierarchy.getReachableGrantedAuthorities(currentUser.getAuthorities()).contains(new SimpleGrantedAuthority(UserRole.ROLE_ADMIN.name()));
+        return currentUser.isAdmin();
     }
 }
diff --git a/aaa/src/main/java/com/github/nkonev/aaa/security/PrincipalToCheck.java b/aaa/src/main/java/com/github/nkonev/aaa/security/PrincipalToCheck.java
@@ -16,8 +16,8 @@ static PrincipalToCheck knownAdmin() {
         return new KnownAdmin();
     }
 
-    static PrincipalToCheck ofUserAccount(UserAccountDetailsDTO userAccount, RoleHierarchy roleHierarchy) {
-        return new UserToCheck(userAccount, roleHierarchy);
+    static PrincipalToCheck ofUserAccount(UserAccountDetailsDTO userAccount, UserRoleService userRoleService) {
+        return new UserToCheck(userAccount, userRoleService);
     }
 }
 
@@ -38,16 +38,16 @@ final class UserToCheck implements PrincipalToCheck {
 
     private final UserAccountDetailsDTO userAccount;
 
-    private final RoleHierarchy roleHierarchy;
+    private final UserRoleService userRoleService;
 
-    UserToCheck(UserAccountDetailsDTO userAccount, RoleHierarchy roleHierarchy) {
+    UserToCheck(UserAccountDetailsDTO userAccount, UserRoleService userRoleService) {
         this.userAccount = userAccount;
-        this.roleHierarchy = roleHierarchy;
+        this.userRoleService = userRoleService;
     }
 
     @Override
     public boolean isAdmin() {
-        return roleHierarchy.getReachableGrantedAuthorities(userAccount.getAuthorities()).contains(new SimpleGrantedAuthority(UserRole.ROLE_ADMIN.name()));
+        return userRoleService.isAdmin(userAccount);
     }
 
     @Override

diff --git a/aaa/src/main/java/com/github/nkonev/aaa/security/UserRoleService.java b/aaa/src/main/java/com/github/nkonev/aaa/security/UserRoleService.java
@@ -0,0 +1,20 @@
+package com.github.nkonev.aaa.security;
+
+import com.github.nkonev.aaa.dto.UserAccountDetailsDTO;
+import com.github.nkonev.aaa.dto.UserRole;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.stereotype.Service;
+
+@Service
+public class UserRoleService {
+
+    @Autowired
+    private RoleHierarchy roleHierarchy;
+
+    public boolean isAdmin(UserAccountDetailsDTO userAccount) {
+        return roleHierarchy.getReachableGrantedAuthorities(userAccount.getAuthorities()).contains(new SimpleGrantedAuthority(UserRole.ROLE_ADMIN.name()));
+    }
+
+}
diff --git a/aaa/src/main/java/com/github/nkonev/aaa/services/EventService.java b/aaa/src/main/java/com/github/nkonev/aaa/services/EventService.java
@@ -3,7 +3,6 @@
 import com.github.nkonev.aaa.controllers.UserProfileController;
 import com.github.nkonev.aaa.converter.UserAccountConverter;
 import com.github.nkonev.aaa.dto.UserAccountEventDTO;
-import com.github.nkonev.aaa.dto.UserRole;
 import com.github.nkonev.aaa.entity.jdbc.UserAccount;
 import org.springframework.amqp.rabbit.core.RabbitTemplate;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -37,7 +36,7 @@ public void notifyProfileUpdated(UserAccount userAccount) {
                 UserAccountEventDTO.ForWho.FOR_ROLE_ADMIN,
                 null,
                 "user_account_changed",
-                userAccountConverter.convertToUserAccountDTOExtendedForAdmin(userAccount)
+                userAccountConverter.convertToUserAccountDTOExtended(userAccount)
             ),
             new UserAccountEventDTO(
                 UserAccountEventDTO.ForWho.FOR_ROLE_USER,