light and room controller routes check for guest authorization
This commit is contained in:
parent
7b80b52f9e
commit
db102f75e4
4 changed files with 108 additions and 19 deletions
|
@ -8,6 +8,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
|
|||
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
|
||||
import java.security.Principal;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import javax.validation.Valid;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||
|
@ -18,6 +19,8 @@ import org.springframework.web.bind.annotation.*;
|
|||
@RequestMapping("/dimmableLight")
|
||||
public class DimmableLightController {
|
||||
|
||||
@Autowired private UserRepository userRepository;
|
||||
@Autowired private RoomRepository roomRepository;
|
||||
@Autowired private DimmableLightRepository dimmableLightService;
|
||||
@Autowired private SceneRepository sceneRepository;
|
||||
@Autowired private StateRepository<State<?>> stateRepository;
|
||||
|
@ -47,13 +50,33 @@ public class DimmableLightController {
|
|||
|
||||
@PutMapping
|
||||
public DimmableLight update(
|
||||
@Valid @RequestBody DimmableSaveRequest sp, final Principal principal)
|
||||
@Valid @RequestBody DimmableSaveRequest sp,
|
||||
final Principal principal,
|
||||
Optional<Long> guestId)
|
||||
throws NotFoundException {
|
||||
return save(
|
||||
dimmableLightService
|
||||
.findByIdAndUsername(sp.getId(), principal.getName())
|
||||
.orElseThrow(NotFoundException::new),
|
||||
sp);
|
||||
|
||||
/**
|
||||
* Extremely verbose check through various repositories to control user/guest authorization.
|
||||
*/
|
||||
if (guestId.isPresent()
|
||||
&& userRepository
|
||||
.findById(
|
||||
roomRepository
|
||||
.findById(sp.getRoomId().longValue())
|
||||
.get()
|
||||
.getUserId()
|
||||
.longValue())
|
||||
.get()
|
||||
.getGuests()
|
||||
.contains(userRepository.findById(guestId.get().longValue()))) {
|
||||
return save(
|
||||
dimmableLightService
|
||||
.findByIdAndUsername(sp.getId(), principal.getName())
|
||||
.orElseThrow(NotFoundException::new),
|
||||
sp);
|
||||
} else {
|
||||
throw new Error("401: Unauthorized user. Not a guest.");
|
||||
}
|
||||
}
|
||||
|
||||
@DeleteMapping("/{id}")
|
||||
|
|
|
@ -8,6 +8,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
|
|||
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
|
||||
import java.security.Principal;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import javax.validation.Valid;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||
|
@ -26,6 +27,8 @@ import org.springframework.web.bind.annotation.RestController;
|
|||
@RequestMapping("/regularLight")
|
||||
public class RegularLightController {
|
||||
|
||||
@Autowired private UserRepository userRepository;
|
||||
@Autowired private RoomRepository roomRepository;
|
||||
@Autowired private RegularLightRepository regularLightService;
|
||||
@Autowired private SceneRepository sceneRepository;
|
||||
@Autowired private StateRepository<State<?>> stateRepository;
|
||||
|
@ -55,13 +58,31 @@ public class RegularLightController {
|
|||
|
||||
@PutMapping
|
||||
public RegularLight update(
|
||||
@Valid @RequestBody SwitchableSaveRequest rl, final Principal principal)
|
||||
@Valid @RequestBody SwitchableSaveRequest rl,
|
||||
final Principal principal,
|
||||
Optional<Long> guestId)
|
||||
throws NotFoundException {
|
||||
return save(
|
||||
regularLightService
|
||||
.findByIdAndUsername(rl.getId(), principal.getName())
|
||||
.orElseThrow(NotFoundException::new),
|
||||
rl);
|
||||
|
||||
/** Extremely verbose check for guest/user authorization */
|
||||
if (guestId.isPresent()
|
||||
&& userRepository
|
||||
.findById(
|
||||
roomRepository
|
||||
.findById(rl.getRoomId())
|
||||
.get()
|
||||
.getUserId()
|
||||
.longValue())
|
||||
.get()
|
||||
.getGuests()
|
||||
.contains(userRepository.findById(guestId.get().longValue()))) {
|
||||
return save(
|
||||
regularLightService
|
||||
.findByIdAndUsername(rl.getId(), principal.getName())
|
||||
.orElseThrow(NotFoundException::new),
|
||||
rl);
|
||||
} else {
|
||||
throw new Error("401: Unauthorized user. Not a guest.");
|
||||
}
|
||||
}
|
||||
|
||||
@DeleteMapping("/{id}")
|
||||
|
|
|
@ -33,13 +33,38 @@ public class RoomController {
|
|||
@Autowired private ThermostatService thermostatService;
|
||||
|
||||
@GetMapping
|
||||
public List<Room> findAll() {
|
||||
return toList(roomRepository.findAll());
|
||||
public List<Room> findAll(Optional<Long> guestId) {
|
||||
|
||||
List<Room> rooms = toList(roomRepository.findAll());
|
||||
|
||||
if (guestId.isPresent()
|
||||
&& !rooms.isEmpty()
|
||||
&& userRepository
|
||||
.findById(rooms.get(0).getUserId())
|
||||
.get()
|
||||
.getGuests()
|
||||
.contains(userRepository.findById(guestId.get().longValue()))) {
|
||||
return rooms;
|
||||
} else {
|
||||
throw new Error("401: Unauthorized user. Not a guest.");
|
||||
}
|
||||
}
|
||||
|
||||
@GetMapping("/{id}")
|
||||
public @ResponseBody Room findById(@PathVariable("id") long id) throws NotFoundException {
|
||||
return roomRepository.findById(id).orElseThrow(NotFoundException::new);
|
||||
public @ResponseBody Room findById(@PathVariable("id") long id, Optional<Long> guestId)
|
||||
throws NotFoundException {
|
||||
Room room = roomRepository.findById(id).orElseThrow(NotFoundException::new);
|
||||
|
||||
if (guestId.isPresent()
|
||||
&& userRepository
|
||||
.findById(room.getUserId().longValue())
|
||||
.get()
|
||||
.getGuests()
|
||||
.contains(userRepository.findById(guestId.get()))) {
|
||||
return room;
|
||||
} else {
|
||||
throw new Error("401: Unauthorized user. Not a guest.");
|
||||
}
|
||||
}
|
||||
|
||||
@PostMapping
|
||||
|
@ -101,13 +126,34 @@ public class RoomController {
|
|||
* id).
|
||||
*/
|
||||
@GetMapping(path = "/{roomId}/devices")
|
||||
public List<Device> getDevices(@PathVariable("roomId") long roomid) {
|
||||
public List<Device> getDevices(@PathVariable("roomId") long roomid, Optional<Long> guestId) {
|
||||
Iterable<Device> devices = deviceRepository.findByRoomId(roomid);
|
||||
for (Device d : devices) {
|
||||
if (d instanceof Thermostat) {
|
||||
thermostatService.populateMeasuredTemperature((Thermostat) d);
|
||||
}
|
||||
}
|
||||
return toList(devices);
|
||||
List<Device> dl = toList(devices);
|
||||
|
||||
/**
|
||||
* Extremely verbose method calls to find the current user and check if the optional user is
|
||||
* one of their guests
|
||||
*/
|
||||
if (guestId.isPresent()
|
||||
&& !dl.isEmpty()
|
||||
&& userRepository
|
||||
.findById(
|
||||
roomRepository
|
||||
.findById(dl.get(0).getRoomId().longValue())
|
||||
.get()
|
||||
.getUserId()
|
||||
.longValue())
|
||||
.get()
|
||||
.getGuests()
|
||||
.contains(userRepository.findById(guestId.get().longValue()))) {
|
||||
return dl;
|
||||
} else {
|
||||
throw new Error("401: Unauthorized user. Not a guest.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -145,7 +145,6 @@ public class Room {
|
|||
*/
|
||||
@NotNull
|
||||
@Column(name = "user_id", nullable = false)
|
||||
@GsonExclude
|
||||
private Long userId;
|
||||
|
||||
/** The user given name of this room (e.g. 'Master bedroom') */
|
||||
|
|
Loading…
Reference in a new issue