light and room controller routes check for guest authorization
This commit is contained in:
parent
7b80b52f9e
commit
db102f75e4
4 changed files with 108 additions and 19 deletions
|
@ -8,6 +8,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
|
||||||
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
|
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
|
||||||
import java.security.Principal;
|
import java.security.Principal;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.Optional;
|
||||||
import javax.validation.Valid;
|
import javax.validation.Valid;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||||
|
@ -18,6 +19,8 @@ import org.springframework.web.bind.annotation.*;
|
||||||
@RequestMapping("/dimmableLight")
|
@RequestMapping("/dimmableLight")
|
||||||
public class DimmableLightController {
|
public class DimmableLightController {
|
||||||
|
|
||||||
|
@Autowired private UserRepository userRepository;
|
||||||
|
@Autowired private RoomRepository roomRepository;
|
||||||
@Autowired private DimmableLightRepository dimmableLightService;
|
@Autowired private DimmableLightRepository dimmableLightService;
|
||||||
@Autowired private SceneRepository sceneRepository;
|
@Autowired private SceneRepository sceneRepository;
|
||||||
@Autowired private StateRepository<State<?>> stateRepository;
|
@Autowired private StateRepository<State<?>> stateRepository;
|
||||||
|
@ -47,13 +50,33 @@ public class DimmableLightController {
|
||||||
|
|
||||||
@PutMapping
|
@PutMapping
|
||||||
public DimmableLight update(
|
public DimmableLight update(
|
||||||
@Valid @RequestBody DimmableSaveRequest sp, final Principal principal)
|
@Valid @RequestBody DimmableSaveRequest sp,
|
||||||
|
final Principal principal,
|
||||||
|
Optional<Long> guestId)
|
||||||
throws NotFoundException {
|
throws NotFoundException {
|
||||||
return save(
|
|
||||||
dimmableLightService
|
/**
|
||||||
.findByIdAndUsername(sp.getId(), principal.getName())
|
* Extremely verbose check through various repositories to control user/guest authorization.
|
||||||
.orElseThrow(NotFoundException::new),
|
*/
|
||||||
sp);
|
if (guestId.isPresent()
|
||||||
|
&& userRepository
|
||||||
|
.findById(
|
||||||
|
roomRepository
|
||||||
|
.findById(sp.getRoomId().longValue())
|
||||||
|
.get()
|
||||||
|
.getUserId()
|
||||||
|
.longValue())
|
||||||
|
.get()
|
||||||
|
.getGuests()
|
||||||
|
.contains(userRepository.findById(guestId.get().longValue()))) {
|
||||||
|
return save(
|
||||||
|
dimmableLightService
|
||||||
|
.findByIdAndUsername(sp.getId(), principal.getName())
|
||||||
|
.orElseThrow(NotFoundException::new),
|
||||||
|
sp);
|
||||||
|
} else {
|
||||||
|
throw new Error("401: Unauthorized user. Not a guest.");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@DeleteMapping("/{id}")
|
@DeleteMapping("/{id}")
|
||||||
|
|
|
@ -8,6 +8,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
|
||||||
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
|
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
|
||||||
import java.security.Principal;
|
import java.security.Principal;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.Optional;
|
||||||
import javax.validation.Valid;
|
import javax.validation.Valid;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||||
|
@ -26,6 +27,8 @@ import org.springframework.web.bind.annotation.RestController;
|
||||||
@RequestMapping("/regularLight")
|
@RequestMapping("/regularLight")
|
||||||
public class RegularLightController {
|
public class RegularLightController {
|
||||||
|
|
||||||
|
@Autowired private UserRepository userRepository;
|
||||||
|
@Autowired private RoomRepository roomRepository;
|
||||||
@Autowired private RegularLightRepository regularLightService;
|
@Autowired private RegularLightRepository regularLightService;
|
||||||
@Autowired private SceneRepository sceneRepository;
|
@Autowired private SceneRepository sceneRepository;
|
||||||
@Autowired private StateRepository<State<?>> stateRepository;
|
@Autowired private StateRepository<State<?>> stateRepository;
|
||||||
|
@ -55,13 +58,31 @@ public class RegularLightController {
|
||||||
|
|
||||||
@PutMapping
|
@PutMapping
|
||||||
public RegularLight update(
|
public RegularLight update(
|
||||||
@Valid @RequestBody SwitchableSaveRequest rl, final Principal principal)
|
@Valid @RequestBody SwitchableSaveRequest rl,
|
||||||
|
final Principal principal,
|
||||||
|
Optional<Long> guestId)
|
||||||
throws NotFoundException {
|
throws NotFoundException {
|
||||||
return save(
|
|
||||||
regularLightService
|
/** Extremely verbose check for guest/user authorization */
|
||||||
.findByIdAndUsername(rl.getId(), principal.getName())
|
if (guestId.isPresent()
|
||||||
.orElseThrow(NotFoundException::new),
|
&& userRepository
|
||||||
rl);
|
.findById(
|
||||||
|
roomRepository
|
||||||
|
.findById(rl.getRoomId())
|
||||||
|
.get()
|
||||||
|
.getUserId()
|
||||||
|
.longValue())
|
||||||
|
.get()
|
||||||
|
.getGuests()
|
||||||
|
.contains(userRepository.findById(guestId.get().longValue()))) {
|
||||||
|
return save(
|
||||||
|
regularLightService
|
||||||
|
.findByIdAndUsername(rl.getId(), principal.getName())
|
||||||
|
.orElseThrow(NotFoundException::new),
|
||||||
|
rl);
|
||||||
|
} else {
|
||||||
|
throw new Error("401: Unauthorized user. Not a guest.");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@DeleteMapping("/{id}")
|
@DeleteMapping("/{id}")
|
||||||
|
|
|
@ -33,13 +33,38 @@ public class RoomController {
|
||||||
@Autowired private ThermostatService thermostatService;
|
@Autowired private ThermostatService thermostatService;
|
||||||
|
|
||||||
@GetMapping
|
@GetMapping
|
||||||
public List<Room> findAll() {
|
public List<Room> findAll(Optional<Long> guestId) {
|
||||||
return toList(roomRepository.findAll());
|
|
||||||
|
List<Room> rooms = toList(roomRepository.findAll());
|
||||||
|
|
||||||
|
if (guestId.isPresent()
|
||||||
|
&& !rooms.isEmpty()
|
||||||
|
&& userRepository
|
||||||
|
.findById(rooms.get(0).getUserId())
|
||||||
|
.get()
|
||||||
|
.getGuests()
|
||||||
|
.contains(userRepository.findById(guestId.get().longValue()))) {
|
||||||
|
return rooms;
|
||||||
|
} else {
|
||||||
|
throw new Error("401: Unauthorized user. Not a guest.");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@GetMapping("/{id}")
|
@GetMapping("/{id}")
|
||||||
public @ResponseBody Room findById(@PathVariable("id") long id) throws NotFoundException {
|
public @ResponseBody Room findById(@PathVariable("id") long id, Optional<Long> guestId)
|
||||||
return roomRepository.findById(id).orElseThrow(NotFoundException::new);
|
throws NotFoundException {
|
||||||
|
Room room = roomRepository.findById(id).orElseThrow(NotFoundException::new);
|
||||||
|
|
||||||
|
if (guestId.isPresent()
|
||||||
|
&& userRepository
|
||||||
|
.findById(room.getUserId().longValue())
|
||||||
|
.get()
|
||||||
|
.getGuests()
|
||||||
|
.contains(userRepository.findById(guestId.get()))) {
|
||||||
|
return room;
|
||||||
|
} else {
|
||||||
|
throw new Error("401: Unauthorized user. Not a guest.");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping
|
@PostMapping
|
||||||
|
@ -101,13 +126,34 @@ public class RoomController {
|
||||||
* id).
|
* id).
|
||||||
*/
|
*/
|
||||||
@GetMapping(path = "/{roomId}/devices")
|
@GetMapping(path = "/{roomId}/devices")
|
||||||
public List<Device> getDevices(@PathVariable("roomId") long roomid) {
|
public List<Device> getDevices(@PathVariable("roomId") long roomid, Optional<Long> guestId) {
|
||||||
Iterable<Device> devices = deviceRepository.findByRoomId(roomid);
|
Iterable<Device> devices = deviceRepository.findByRoomId(roomid);
|
||||||
for (Device d : devices) {
|
for (Device d : devices) {
|
||||||
if (d instanceof Thermostat) {
|
if (d instanceof Thermostat) {
|
||||||
thermostatService.populateMeasuredTemperature((Thermostat) d);
|
thermostatService.populateMeasuredTemperature((Thermostat) d);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return toList(devices);
|
List<Device> dl = toList(devices);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Extremely verbose method calls to find the current user and check if the optional user is
|
||||||
|
* one of their guests
|
||||||
|
*/
|
||||||
|
if (guestId.isPresent()
|
||||||
|
&& !dl.isEmpty()
|
||||||
|
&& userRepository
|
||||||
|
.findById(
|
||||||
|
roomRepository
|
||||||
|
.findById(dl.get(0).getRoomId().longValue())
|
||||||
|
.get()
|
||||||
|
.getUserId()
|
||||||
|
.longValue())
|
||||||
|
.get()
|
||||||
|
.getGuests()
|
||||||
|
.contains(userRepository.findById(guestId.get().longValue()))) {
|
||||||
|
return dl;
|
||||||
|
} else {
|
||||||
|
throw new Error("401: Unauthorized user. Not a guest.");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -145,7 +145,6 @@ public class Room {
|
||||||
*/
|
*/
|
||||||
@NotNull
|
@NotNull
|
||||||
@Column(name = "user_id", nullable = false)
|
@Column(name = "user_id", nullable = false)
|
||||||
@GsonExclude
|
|
||||||
private Long userId;
|
private Long userId;
|
||||||
|
|
||||||
/** The user given name of this room (e.g. 'Master bedroom') */
|
/** The user given name of this room (e.g. 'Master bedroom') */
|
||||||
|
|
Loading…
Reference in a new issue