light and room controller routes check for guest authorization

This commit is contained in:
Tommaso Rodolfo Masera 2020-04-20 16:41:11 +02:00
parent 7b80b52f9e
commit db102f75e4
4 changed files with 108 additions and 19 deletions

View file

@ -8,6 +8,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
import java.security.Principal;
import java.util.List;
import java.util.Optional;
import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
@ -18,6 +19,8 @@ import org.springframework.web.bind.annotation.*;
@RequestMapping("/dimmableLight")
public class DimmableLightController {
@Autowired private UserRepository userRepository;
@Autowired private RoomRepository roomRepository;
@Autowired private DimmableLightRepository dimmableLightService;
@Autowired private SceneRepository sceneRepository;
@Autowired private StateRepository<State<?>> stateRepository;
@ -47,13 +50,33 @@ public class DimmableLightController {
@PutMapping
public DimmableLight update(
@Valid @RequestBody DimmableSaveRequest sp, final Principal principal)
@Valid @RequestBody DimmableSaveRequest sp,
final Principal principal,
Optional<Long> guestId)
throws NotFoundException {
return save(
dimmableLightService
.findByIdAndUsername(sp.getId(), principal.getName())
.orElseThrow(NotFoundException::new),
sp);
/**
* Extremely verbose check through various repositories to control user/guest authorization.
*/
if (guestId.isPresent()
&& userRepository
.findById(
roomRepository
.findById(sp.getRoomId().longValue())
.get()
.getUserId()
.longValue())
.get()
.getGuests()
.contains(userRepository.findById(guestId.get().longValue()))) {
return save(
dimmableLightService
.findByIdAndUsername(sp.getId(), principal.getName())
.orElseThrow(NotFoundException::new),
sp);
} else {
throw new Error("401: Unauthorized user. Not a guest.");
}
}
@DeleteMapping("/{id}")

View file

@ -8,6 +8,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
import java.security.Principal;
import java.util.List;
import java.util.Optional;
import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
@ -26,6 +27,8 @@ import org.springframework.web.bind.annotation.RestController;
@RequestMapping("/regularLight")
public class RegularLightController {
@Autowired private UserRepository userRepository;
@Autowired private RoomRepository roomRepository;
@Autowired private RegularLightRepository regularLightService;
@Autowired private SceneRepository sceneRepository;
@Autowired private StateRepository<State<?>> stateRepository;
@ -55,13 +58,31 @@ public class RegularLightController {
@PutMapping
public RegularLight update(
@Valid @RequestBody SwitchableSaveRequest rl, final Principal principal)
@Valid @RequestBody SwitchableSaveRequest rl,
final Principal principal,
Optional<Long> guestId)
throws NotFoundException {
return save(
regularLightService
.findByIdAndUsername(rl.getId(), principal.getName())
.orElseThrow(NotFoundException::new),
rl);
/** Extremely verbose check for guest/user authorization */
if (guestId.isPresent()
&& userRepository
.findById(
roomRepository
.findById(rl.getRoomId())
.get()
.getUserId()
.longValue())
.get()
.getGuests()
.contains(userRepository.findById(guestId.get().longValue()))) {
return save(
regularLightService
.findByIdAndUsername(rl.getId(), principal.getName())
.orElseThrow(NotFoundException::new),
rl);
} else {
throw new Error("401: Unauthorized user. Not a guest.");
}
}
@DeleteMapping("/{id}")

View file

@ -33,13 +33,38 @@ public class RoomController {
@Autowired private ThermostatService thermostatService;
@GetMapping
public List<Room> findAll() {
return toList(roomRepository.findAll());
public List<Room> findAll(Optional<Long> guestId) {
List<Room> rooms = toList(roomRepository.findAll());
if (guestId.isPresent()
&& !rooms.isEmpty()
&& userRepository
.findById(rooms.get(0).getUserId())
.get()
.getGuests()
.contains(userRepository.findById(guestId.get().longValue()))) {
return rooms;
} else {
throw new Error("401: Unauthorized user. Not a guest.");
}
}
@GetMapping("/{id}")
public @ResponseBody Room findById(@PathVariable("id") long id) throws NotFoundException {
return roomRepository.findById(id).orElseThrow(NotFoundException::new);
public @ResponseBody Room findById(@PathVariable("id") long id, Optional<Long> guestId)
throws NotFoundException {
Room room = roomRepository.findById(id).orElseThrow(NotFoundException::new);
if (guestId.isPresent()
&& userRepository
.findById(room.getUserId().longValue())
.get()
.getGuests()
.contains(userRepository.findById(guestId.get()))) {
return room;
} else {
throw new Error("401: Unauthorized user. Not a guest.");
}
}
@PostMapping
@ -101,13 +126,34 @@ public class RoomController {
* id).
*/
@GetMapping(path = "/{roomId}/devices")
public List<Device> getDevices(@PathVariable("roomId") long roomid) {
public List<Device> getDevices(@PathVariable("roomId") long roomid, Optional<Long> guestId) {
Iterable<Device> devices = deviceRepository.findByRoomId(roomid);
for (Device d : devices) {
if (d instanceof Thermostat) {
thermostatService.populateMeasuredTemperature((Thermostat) d);
}
}
return toList(devices);
List<Device> dl = toList(devices);
/**
* Extremely verbose method calls to find the current user and check if the optional user is
* one of their guests
*/
if (guestId.isPresent()
&& !dl.isEmpty()
&& userRepository
.findById(
roomRepository
.findById(dl.get(0).getRoomId().longValue())
.get()
.getUserId()
.longValue())
.get()
.getGuests()
.contains(userRepository.findById(guestId.get().longValue()))) {
return dl;
} else {
throw new Error("401: Unauthorized user. Not a guest.");
}
}
}

View file

@ -145,7 +145,6 @@ public class Room {
*/
@NotNull
@Column(name = "user_id", nullable = false)
@GsonExclude
private Long userId;
/** The user given name of this room (e.g. 'Master bedroom') */