controllers now check if devices belong to the correct user

This commit is contained in:
Tommaso Rodolfo Masera 2020-03-17 17:38:26 +01:00
parent 60927fff3b
commit 35540fac80
8 changed files with 58 additions and 16 deletions

View file

@ -6,6 +6,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.ButtonDimmerDimRequest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.GenericDeviceSaveReguest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
import java.security.Principal;
import java.util.List;
import java.util.Set;
import javax.validation.Valid;
@ -52,10 +53,13 @@ public class ButtonDimmerController
}
@PutMapping("/dim")
public Set<DimmableLight> dim(@Valid @RequestBody final ButtonDimmerDimRequest bd)
public Set<DimmableLight> dim(
@Valid @RequestBody final ButtonDimmerDimRequest bd, final Principal principal)
throws NotFoundException {
final ButtonDimmer buttonDimmer =
buttonDimmerRepository.findById(bd.getId()).orElseThrow(NotFoundException::new);
buttonDimmerRepository
.findByIdAndUsername(bd.getId(), principal.getName())
.orElseThrow(NotFoundException::new);
switch (bd.getDimType()) {
case UP:

View file

@ -27,16 +27,17 @@ public class DeviceController {
}
@PutMapping
public Device update(@Valid @RequestBody DeviceSaveRequest deviceSaveRequest)
public Device update(
@Valid @RequestBody DeviceSaveRequest deviceSaveRequest, final Principal principal)
throws NotFoundException, BadDataException {
final Device d =
deviceRepository
.findById(deviceSaveRequest.getId())
.findByIdAndUsername(deviceSaveRequest.getId(), principal.getName())
.orElseThrow(NotFoundException::new);
// check if roomId is valid
roomRepository
.findById(deviceSaveRequest.getRoomId())
.findByIdAndUsername(deviceSaveRequest.getRoomId(), principal.getName())
.orElseThrow(() -> new BadDataException("roomId is not a valid room id"));
d.setRoomId(deviceSaveRequest.getRoomId());

View file

@ -6,6 +6,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.DimmableLightSaveRequest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.DimmableLight;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.DimmableLightRepository;
import java.security.Principal;
import java.util.List;
import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired;
@ -43,10 +44,14 @@ public class DimmableLightController {
}
@PutMapping
public DimmableLight update(@Valid @RequestBody DimmableLightSaveRequest sp)
public DimmableLight update(
@Valid @RequestBody DimmableLightSaveRequest sp, final Principal principal)
throws NotFoundException {
return save(
dimmableLightService.findById(sp.getId()).orElseThrow(NotFoundException::new), sp);
dimmableLightService
.findByIdAndUsername(sp.getId(), principal.getName())
.orElseThrow(NotFoundException::new),
sp);
}
@DeleteMapping("/{id}")

View file

@ -6,6 +6,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.GenericDeviceSaveReguest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.KnobDimmerDimRequest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
import java.security.Principal;
import java.util.List;
import java.util.Set;
import javax.validation.Valid;
@ -53,10 +54,13 @@ public class KnobDimmerController
}
@PutMapping("/dimTo")
public Set<DimmableLight> dimTo(@Valid @RequestBody final KnobDimmerDimRequest bd)
public Set<DimmableLight> dimTo(
@Valid @RequestBody final KnobDimmerDimRequest bd, final Principal principal)
throws NotFoundException {
final KnobDimmer dimmer =
knobDimmerRepository.findById(bd.getId()).orElseThrow(NotFoundException::new);
knobDimmerRepository
.findByIdAndUsername(bd.getId(), principal.getName())
.orElseThrow(NotFoundException::new);
dimmer.setLightIntensity(bd.getIntensity());
dimmableLightRepository.saveAll(dimmer.getOutputs());

View file

@ -6,6 +6,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.RegularLightSaveRequest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.RegularLight;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.RegularLightRepository;
import java.security.Principal;
import java.util.List;
import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired;
@ -50,10 +51,14 @@ public class RegularLightController {
}
@PutMapping
public RegularLight update(@Valid @RequestBody RegularLightSaveRequest rl)
public RegularLight update(
@Valid @RequestBody RegularLightSaveRequest rl, final Principal principal)
throws NotFoundException {
return save(
regularLightService.findById(rl.getId()).orElseThrow(NotFoundException::new), rl);
regularLightService
.findByIdAndUsername(rl.getId(), principal.getName())
.orElseThrow(NotFoundException::new),
rl);
}
@DeleteMapping("/{id}")

View file

@ -5,6 +5,7 @@ import static ch.usi.inf.sa4.sanmarinoes.smarthut.utils.Utils.toList;
import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.SmartPlugSaveRequest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
import java.security.Principal;
import java.util.*;
import java.util.List;
import javax.validation.Valid;
@ -44,9 +45,13 @@ public class SmartPlugController {
}
@PutMapping
public SmartPlug update(@Valid @RequestBody SmartPlugSaveRequest sp) throws NotFoundException {
public SmartPlug update(@Valid @RequestBody SmartPlugSaveRequest sp, final Principal principal)
throws NotFoundException {
return save(
smartPlugRepository.findById(sp.getId()).orElseThrow(NotFoundException::new), sp);
smartPlugRepository
.findByIdAndUsername(sp.getId(), principal.getName())
.orElseThrow(NotFoundException::new),
sp);
}
@DeleteMapping("/{id}")

View file

@ -6,6 +6,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.GenericDeviceSaveReguest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.SwitchOperationRequest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
import java.security.Principal;
import java.util.*;
import java.util.List;
import javax.validation.Valid;
@ -55,9 +56,13 @@ public class SwitchController extends InputDeviceConnectionController<Switch, Sw
}
@PutMapping("/operate")
public Set<Switchable> operate(@Valid @RequestBody final SwitchOperationRequest sr)
public Set<Switchable> operate(
@Valid @RequestBody final SwitchOperationRequest sr, final Principal principal)
throws NotFoundException {
final Switch s = switchRepository.findById(sr.getId()).orElseThrow(NotFoundException::new);
final Switch s =
switchRepository
.findByIdAndUsername(sr.getId(), principal.getName())
.orElseThrow(NotFoundException::new);
switch (sr.getType()) {
case ON:

View file

@ -1,5 +1,18 @@
package ch.usi.inf.sa4.sanmarinoes.smarthut.models;
import java.util.Optional;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.CrudRepository;
public interface RoomRepository extends CrudRepository<Room, Long> {}
public interface RoomRepository extends CrudRepository<Room, Long> {
/**
* Finds a room by their id and a username
*
* @param id the room id
* @param username a User's username
* @return an optional device, empty if none found
*/
@Query("SELECT r FROM Room r JOIN r.user u WHERE r.id = ?1 AND u.username = ?2")
Optional<Room> findByIdAndUsername(Long id, String username);
}