controllers now check if devices belong to the correct user

This commit is contained in:
Tommaso Rodolfo Masera 2020-03-17 17:38:26 +01:00
parent 60927fff3b
commit 35540fac80
8 changed files with 58 additions and 16 deletions

View file

@ -6,6 +6,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.ButtonDimmerDimRequest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.GenericDeviceSaveReguest; import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.GenericDeviceSaveReguest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException; import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
import java.security.Principal;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import javax.validation.Valid; import javax.validation.Valid;
@ -52,10 +53,13 @@ public class ButtonDimmerController
} }
@PutMapping("/dim") @PutMapping("/dim")
public Set<DimmableLight> dim(@Valid @RequestBody final ButtonDimmerDimRequest bd) public Set<DimmableLight> dim(
@Valid @RequestBody final ButtonDimmerDimRequest bd, final Principal principal)
throws NotFoundException { throws NotFoundException {
final ButtonDimmer buttonDimmer = final ButtonDimmer buttonDimmer =
buttonDimmerRepository.findById(bd.getId()).orElseThrow(NotFoundException::new); buttonDimmerRepository
.findByIdAndUsername(bd.getId(), principal.getName())
.orElseThrow(NotFoundException::new);
switch (bd.getDimType()) { switch (bd.getDimType()) {
case UP: case UP:

View file

@ -27,16 +27,17 @@ public class DeviceController {
} }
@PutMapping @PutMapping
public Device update(@Valid @RequestBody DeviceSaveRequest deviceSaveRequest) public Device update(
@Valid @RequestBody DeviceSaveRequest deviceSaveRequest, final Principal principal)
throws NotFoundException, BadDataException { throws NotFoundException, BadDataException {
final Device d = final Device d =
deviceRepository deviceRepository
.findById(deviceSaveRequest.getId()) .findByIdAndUsername(deviceSaveRequest.getId(), principal.getName())
.orElseThrow(NotFoundException::new); .orElseThrow(NotFoundException::new);
// check if roomId is valid // check if roomId is valid
roomRepository roomRepository
.findById(deviceSaveRequest.getRoomId()) .findByIdAndUsername(deviceSaveRequest.getRoomId(), principal.getName())
.orElseThrow(() -> new BadDataException("roomId is not a valid room id")); .orElseThrow(() -> new BadDataException("roomId is not a valid room id"));
d.setRoomId(deviceSaveRequest.getRoomId()); d.setRoomId(deviceSaveRequest.getRoomId());

View file

@ -6,6 +6,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.DimmableLightSaveRequest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException; import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.DimmableLight; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.DimmableLight;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.DimmableLightRepository; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.DimmableLightRepository;
import java.security.Principal;
import java.util.List; import java.util.List;
import javax.validation.Valid; import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -43,10 +44,14 @@ public class DimmableLightController {
} }
@PutMapping @PutMapping
public DimmableLight update(@Valid @RequestBody DimmableLightSaveRequest sp) public DimmableLight update(
@Valid @RequestBody DimmableLightSaveRequest sp, final Principal principal)
throws NotFoundException { throws NotFoundException {
return save( return save(
dimmableLightService.findById(sp.getId()).orElseThrow(NotFoundException::new), sp); dimmableLightService
.findByIdAndUsername(sp.getId(), principal.getName())
.orElseThrow(NotFoundException::new),
sp);
} }
@DeleteMapping("/{id}") @DeleteMapping("/{id}")

View file

@ -6,6 +6,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.GenericDeviceSaveReguest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.KnobDimmerDimRequest; import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.KnobDimmerDimRequest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException; import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
import java.security.Principal;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import javax.validation.Valid; import javax.validation.Valid;
@ -53,10 +54,13 @@ public class KnobDimmerController
} }
@PutMapping("/dimTo") @PutMapping("/dimTo")
public Set<DimmableLight> dimTo(@Valid @RequestBody final KnobDimmerDimRequest bd) public Set<DimmableLight> dimTo(
@Valid @RequestBody final KnobDimmerDimRequest bd, final Principal principal)
throws NotFoundException { throws NotFoundException {
final KnobDimmer dimmer = final KnobDimmer dimmer =
knobDimmerRepository.findById(bd.getId()).orElseThrow(NotFoundException::new); knobDimmerRepository
.findByIdAndUsername(bd.getId(), principal.getName())
.orElseThrow(NotFoundException::new);
dimmer.setLightIntensity(bd.getIntensity()); dimmer.setLightIntensity(bd.getIntensity());
dimmableLightRepository.saveAll(dimmer.getOutputs()); dimmableLightRepository.saveAll(dimmer.getOutputs());

View file

@ -6,6 +6,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.RegularLightSaveRequest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException; import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.RegularLight; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.RegularLight;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.RegularLightRepository; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.RegularLightRepository;
import java.security.Principal;
import java.util.List; import java.util.List;
import javax.validation.Valid; import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -50,10 +51,14 @@ public class RegularLightController {
} }
@PutMapping @PutMapping
public RegularLight update(@Valid @RequestBody RegularLightSaveRequest rl) public RegularLight update(
@Valid @RequestBody RegularLightSaveRequest rl, final Principal principal)
throws NotFoundException { throws NotFoundException {
return save( return save(
regularLightService.findById(rl.getId()).orElseThrow(NotFoundException::new), rl); regularLightService
.findByIdAndUsername(rl.getId(), principal.getName())
.orElseThrow(NotFoundException::new),
rl);
} }
@DeleteMapping("/{id}") @DeleteMapping("/{id}")

View file

@ -5,6 +5,7 @@ import static ch.usi.inf.sa4.sanmarinoes.smarthut.utils.Utils.toList;
import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.SmartPlugSaveRequest; import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.SmartPlugSaveRequest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException; import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
import java.security.Principal;
import java.util.*; import java.util.*;
import java.util.List; import java.util.List;
import javax.validation.Valid; import javax.validation.Valid;
@ -44,9 +45,13 @@ public class SmartPlugController {
} }
@PutMapping @PutMapping
public SmartPlug update(@Valid @RequestBody SmartPlugSaveRequest sp) throws NotFoundException { public SmartPlug update(@Valid @RequestBody SmartPlugSaveRequest sp, final Principal principal)
throws NotFoundException {
return save( return save(
smartPlugRepository.findById(sp.getId()).orElseThrow(NotFoundException::new), sp); smartPlugRepository
.findByIdAndUsername(sp.getId(), principal.getName())
.orElseThrow(NotFoundException::new),
sp);
} }
@DeleteMapping("/{id}") @DeleteMapping("/{id}")

View file

@ -6,6 +6,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.GenericDeviceSaveReguest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.SwitchOperationRequest; import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.SwitchOperationRequest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException; import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
import java.security.Principal;
import java.util.*; import java.util.*;
import java.util.List; import java.util.List;
import javax.validation.Valid; import javax.validation.Valid;
@ -55,9 +56,13 @@ public class SwitchController extends InputDeviceConnectionController<Switch, Sw
} }
@PutMapping("/operate") @PutMapping("/operate")
public Set<Switchable> operate(@Valid @RequestBody final SwitchOperationRequest sr) public Set<Switchable> operate(
@Valid @RequestBody final SwitchOperationRequest sr, final Principal principal)
throws NotFoundException { throws NotFoundException {
final Switch s = switchRepository.findById(sr.getId()).orElseThrow(NotFoundException::new); final Switch s =
switchRepository
.findByIdAndUsername(sr.getId(), principal.getName())
.orElseThrow(NotFoundException::new);
switch (sr.getType()) { switch (sr.getType()) {
case ON: case ON:

View file

@ -1,5 +1,18 @@
package ch.usi.inf.sa4.sanmarinoes.smarthut.models; package ch.usi.inf.sa4.sanmarinoes.smarthut.models;
import java.util.Optional;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.CrudRepository; import org.springframework.data.repository.CrudRepository;
public interface RoomRepository extends CrudRepository<Room, Long> {} public interface RoomRepository extends CrudRepository<Room, Long> {
/**
* Finds a room by their id and a username
*
* @param id the room id
* @param username a User's username
* @return an optional device, empty if none found
*/
@Query("SELECT r FROM Room r JOIN r.user u WHERE r.id = ?1 AND u.username = ?2")
Optional<Room> findByIdAndUsername(Long id, String username);
}