From 35540fac80a85cc83cfea4753eed9d37ea323ab9 Mon Sep 17 00:00:00 2001 From: tommi27 Date: Tue, 17 Mar 2020 17:38:26 +0100 Subject: [PATCH] controllers now check if devices belong to the correct user --- .../controller/ButtonDimmerController.java | 8 ++++++-- .../smarthut/controller/DeviceController.java | 7 ++++--- .../controller/DimmableLightController.java | 9 +++++++-- .../smarthut/controller/KnobDimmerController.java | 8 ++++++-- .../controller/RegularLightController.java | 9 +++++++-- .../smarthut/controller/SmartPlugController.java | 9 +++++++-- .../smarthut/controller/SwitchController.java | 9 +++++++-- .../smarthut/models/RoomRepository.java | 15 ++++++++++++++- 8 files changed, 58 insertions(+), 16 deletions(-) diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/ButtonDimmerController.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/ButtonDimmerController.java index 061c6b9..944bd8e 100644 --- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/ButtonDimmerController.java +++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/ButtonDimmerController.java @@ -6,6 +6,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.ButtonDimmerDimRequest; import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.GenericDeviceSaveReguest; import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*; +import java.security.Principal; import java.util.List; import java.util.Set; import javax.validation.Valid; @@ -52,10 +53,13 @@ public class ButtonDimmerController } @PutMapping("/dim") - public Set dim(@Valid @RequestBody final ButtonDimmerDimRequest bd) + public Set dim( + @Valid @RequestBody final ButtonDimmerDimRequest bd, final Principal principal) throws NotFoundException { final ButtonDimmer buttonDimmer = - buttonDimmerRepository.findById(bd.getId()).orElseThrow(NotFoundException::new); + buttonDimmerRepository + .findByIdAndUsername(bd.getId(), principal.getName()) + .orElseThrow(NotFoundException::new); switch (bd.getDimType()) { case UP: diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/DeviceController.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/DeviceController.java index 2d8dd99..17bdec7 100644 --- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/DeviceController.java +++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/DeviceController.java @@ -27,16 +27,17 @@ public class DeviceController { } @PutMapping - public Device update(@Valid @RequestBody DeviceSaveRequest deviceSaveRequest) + public Device update( + @Valid @RequestBody DeviceSaveRequest deviceSaveRequest, final Principal principal) throws NotFoundException, BadDataException { final Device d = deviceRepository - .findById(deviceSaveRequest.getId()) + .findByIdAndUsername(deviceSaveRequest.getId(), principal.getName()) .orElseThrow(NotFoundException::new); // check if roomId is valid roomRepository - .findById(deviceSaveRequest.getRoomId()) + .findByIdAndUsername(deviceSaveRequest.getRoomId(), principal.getName()) .orElseThrow(() -> new BadDataException("roomId is not a valid room id")); d.setRoomId(deviceSaveRequest.getRoomId()); diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/DimmableLightController.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/DimmableLightController.java index dd2e1e3..944b6c2 100644 --- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/DimmableLightController.java +++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/DimmableLightController.java @@ -6,6 +6,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.DimmableLightSaveRequest; import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.DimmableLight; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.DimmableLightRepository; +import java.security.Principal; import java.util.List; import javax.validation.Valid; import org.springframework.beans.factory.annotation.Autowired; @@ -43,10 +44,14 @@ public class DimmableLightController { } @PutMapping - public DimmableLight update(@Valid @RequestBody DimmableLightSaveRequest sp) + public DimmableLight update( + @Valid @RequestBody DimmableLightSaveRequest sp, final Principal principal) throws NotFoundException { return save( - dimmableLightService.findById(sp.getId()).orElseThrow(NotFoundException::new), sp); + dimmableLightService + .findByIdAndUsername(sp.getId(), principal.getName()) + .orElseThrow(NotFoundException::new), + sp); } @DeleteMapping("/{id}") diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/KnobDimmerController.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/KnobDimmerController.java index 9f59889..c15d867 100644 --- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/KnobDimmerController.java +++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/KnobDimmerController.java @@ -6,6 +6,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.GenericDeviceSaveReguest; import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.KnobDimmerDimRequest; import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*; +import java.security.Principal; import java.util.List; import java.util.Set; import javax.validation.Valid; @@ -53,10 +54,13 @@ public class KnobDimmerController } @PutMapping("/dimTo") - public Set dimTo(@Valid @RequestBody final KnobDimmerDimRequest bd) + public Set dimTo( + @Valid @RequestBody final KnobDimmerDimRequest bd, final Principal principal) throws NotFoundException { final KnobDimmer dimmer = - knobDimmerRepository.findById(bd.getId()).orElseThrow(NotFoundException::new); + knobDimmerRepository + .findByIdAndUsername(bd.getId(), principal.getName()) + .orElseThrow(NotFoundException::new); dimmer.setLightIntensity(bd.getIntensity()); dimmableLightRepository.saveAll(dimmer.getOutputs()); diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/RegularLightController.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/RegularLightController.java index 15ce2e8..e033555 100644 --- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/RegularLightController.java +++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/RegularLightController.java @@ -6,6 +6,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.RegularLightSaveRequest; import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.RegularLight; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.RegularLightRepository; +import java.security.Principal; import java.util.List; import javax.validation.Valid; import org.springframework.beans.factory.annotation.Autowired; @@ -50,10 +51,14 @@ public class RegularLightController { } @PutMapping - public RegularLight update(@Valid @RequestBody RegularLightSaveRequest rl) + public RegularLight update( + @Valid @RequestBody RegularLightSaveRequest rl, final Principal principal) throws NotFoundException { return save( - regularLightService.findById(rl.getId()).orElseThrow(NotFoundException::new), rl); + regularLightService + .findByIdAndUsername(rl.getId(), principal.getName()) + .orElseThrow(NotFoundException::new), + rl); } @DeleteMapping("/{id}") diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/SmartPlugController.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/SmartPlugController.java index 8a57430..893b85b 100644 --- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/SmartPlugController.java +++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/SmartPlugController.java @@ -5,6 +5,7 @@ import static ch.usi.inf.sa4.sanmarinoes.smarthut.utils.Utils.toList; import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.SmartPlugSaveRequest; import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*; +import java.security.Principal; import java.util.*; import java.util.List; import javax.validation.Valid; @@ -44,9 +45,13 @@ public class SmartPlugController { } @PutMapping - public SmartPlug update(@Valid @RequestBody SmartPlugSaveRequest sp) throws NotFoundException { + public SmartPlug update(@Valid @RequestBody SmartPlugSaveRequest sp, final Principal principal) + throws NotFoundException { return save( - smartPlugRepository.findById(sp.getId()).orElseThrow(NotFoundException::new), sp); + smartPlugRepository + .findByIdAndUsername(sp.getId(), principal.getName()) + .orElseThrow(NotFoundException::new), + sp); } @DeleteMapping("/{id}") diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/SwitchController.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/SwitchController.java index f90108c..fc64ccb 100644 --- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/SwitchController.java +++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/SwitchController.java @@ -6,6 +6,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.GenericDeviceSaveReguest; import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.SwitchOperationRequest; import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*; +import java.security.Principal; import java.util.*; import java.util.List; import javax.validation.Valid; @@ -55,9 +56,13 @@ public class SwitchController extends InputDeviceConnectionController operate(@Valid @RequestBody final SwitchOperationRequest sr) + public Set operate( + @Valid @RequestBody final SwitchOperationRequest sr, final Principal principal) throws NotFoundException { - final Switch s = switchRepository.findById(sr.getId()).orElseThrow(NotFoundException::new); + final Switch s = + switchRepository + .findByIdAndUsername(sr.getId(), principal.getName()) + .orElseThrow(NotFoundException::new); switch (sr.getType()) { case ON: diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/models/RoomRepository.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/models/RoomRepository.java index 08b4298..b02413d 100644 --- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/models/RoomRepository.java +++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/models/RoomRepository.java @@ -1,5 +1,18 @@ package ch.usi.inf.sa4.sanmarinoes.smarthut.models; +import java.util.Optional; +import org.springframework.data.jpa.repository.Query; import org.springframework.data.repository.CrudRepository; -public interface RoomRepository extends CrudRepository {} +public interface RoomRepository extends CrudRepository { + + /** + * Finds a room by their id and a username + * + * @param id the room id + * @param username a User's username + * @return an optional device, empty if none found + */ + @Query("SELECT r FROM Room r JOIN r.user u WHERE r.id = ?1 AND u.username = ?2") + Optional findByIdAndUsername(Long id, String username); +}