light and room controller routes check for guest authorization

This commit is contained in:
Tommaso Rodolfo Masera 2020-04-20 16:41:11 +02:00
parent 7b80b52f9e
commit db102f75e4
4 changed files with 108 additions and 19 deletions

View file

@ -8,6 +8,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
import java.security.Principal; import java.security.Principal;
import java.util.List; import java.util.List;
import java.util.Optional;
import javax.validation.Valid; import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
@ -18,6 +19,8 @@ import org.springframework.web.bind.annotation.*;
@RequestMapping("/dimmableLight") @RequestMapping("/dimmableLight")
public class DimmableLightController { public class DimmableLightController {
@Autowired private UserRepository userRepository;
@Autowired private RoomRepository roomRepository;
@Autowired private DimmableLightRepository dimmableLightService; @Autowired private DimmableLightRepository dimmableLightService;
@Autowired private SceneRepository sceneRepository; @Autowired private SceneRepository sceneRepository;
@Autowired private StateRepository<State<?>> stateRepository; @Autowired private StateRepository<State<?>> stateRepository;
@ -47,13 +50,33 @@ public class DimmableLightController {
@PutMapping @PutMapping
public DimmableLight update( public DimmableLight update(
@Valid @RequestBody DimmableSaveRequest sp, final Principal principal) @Valid @RequestBody DimmableSaveRequest sp,
final Principal principal,
Optional<Long> guestId)
throws NotFoundException { throws NotFoundException {
return save(
dimmableLightService /**
.findByIdAndUsername(sp.getId(), principal.getName()) * Extremely verbose check through various repositories to control user/guest authorization.
.orElseThrow(NotFoundException::new), */
sp); if (guestId.isPresent()
&& userRepository
.findById(
roomRepository
.findById(sp.getRoomId().longValue())
.get()
.getUserId()
.longValue())
.get()
.getGuests()
.contains(userRepository.findById(guestId.get().longValue()))) {
return save(
dimmableLightService
.findByIdAndUsername(sp.getId(), principal.getName())
.orElseThrow(NotFoundException::new),
sp);
} else {
throw new Error("401: Unauthorized user. Not a guest.");
}
} }
@DeleteMapping("/{id}") @DeleteMapping("/{id}")

View file

@ -8,6 +8,7 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
import java.security.Principal; import java.security.Principal;
import java.util.List; import java.util.List;
import java.util.Optional;
import javax.validation.Valid; import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
@ -26,6 +27,8 @@ import org.springframework.web.bind.annotation.RestController;
@RequestMapping("/regularLight") @RequestMapping("/regularLight")
public class RegularLightController { public class RegularLightController {
@Autowired private UserRepository userRepository;
@Autowired private RoomRepository roomRepository;
@Autowired private RegularLightRepository regularLightService; @Autowired private RegularLightRepository regularLightService;
@Autowired private SceneRepository sceneRepository; @Autowired private SceneRepository sceneRepository;
@Autowired private StateRepository<State<?>> stateRepository; @Autowired private StateRepository<State<?>> stateRepository;
@ -55,13 +58,31 @@ public class RegularLightController {
@PutMapping @PutMapping
public RegularLight update( public RegularLight update(
@Valid @RequestBody SwitchableSaveRequest rl, final Principal principal) @Valid @RequestBody SwitchableSaveRequest rl,
final Principal principal,
Optional<Long> guestId)
throws NotFoundException { throws NotFoundException {
return save(
regularLightService /** Extremely verbose check for guest/user authorization */
.findByIdAndUsername(rl.getId(), principal.getName()) if (guestId.isPresent()
.orElseThrow(NotFoundException::new), && userRepository
rl); .findById(
roomRepository
.findById(rl.getRoomId())
.get()
.getUserId()
.longValue())
.get()
.getGuests()
.contains(userRepository.findById(guestId.get().longValue()))) {
return save(
regularLightService
.findByIdAndUsername(rl.getId(), principal.getName())
.orElseThrow(NotFoundException::new),
rl);
} else {
throw new Error("401: Unauthorized user. Not a guest.");
}
} }
@DeleteMapping("/{id}") @DeleteMapping("/{id}")

View file

@ -33,13 +33,38 @@ public class RoomController {
@Autowired private ThermostatService thermostatService; @Autowired private ThermostatService thermostatService;
@GetMapping @GetMapping
public List<Room> findAll() { public List<Room> findAll(Optional<Long> guestId) {
return toList(roomRepository.findAll());
List<Room> rooms = toList(roomRepository.findAll());
if (guestId.isPresent()
&& !rooms.isEmpty()
&& userRepository
.findById(rooms.get(0).getUserId())
.get()
.getGuests()
.contains(userRepository.findById(guestId.get().longValue()))) {
return rooms;
} else {
throw new Error("401: Unauthorized user. Not a guest.");
}
} }
@GetMapping("/{id}") @GetMapping("/{id}")
public @ResponseBody Room findById(@PathVariable("id") long id) throws NotFoundException { public @ResponseBody Room findById(@PathVariable("id") long id, Optional<Long> guestId)
return roomRepository.findById(id).orElseThrow(NotFoundException::new); throws NotFoundException {
Room room = roomRepository.findById(id).orElseThrow(NotFoundException::new);
if (guestId.isPresent()
&& userRepository
.findById(room.getUserId().longValue())
.get()
.getGuests()
.contains(userRepository.findById(guestId.get()))) {
return room;
} else {
throw new Error("401: Unauthorized user. Not a guest.");
}
} }
@PostMapping @PostMapping
@ -101,13 +126,34 @@ public class RoomController {
* id). * id).
*/ */
@GetMapping(path = "/{roomId}/devices") @GetMapping(path = "/{roomId}/devices")
public List<Device> getDevices(@PathVariable("roomId") long roomid) { public List<Device> getDevices(@PathVariable("roomId") long roomid, Optional<Long> guestId) {
Iterable<Device> devices = deviceRepository.findByRoomId(roomid); Iterable<Device> devices = deviceRepository.findByRoomId(roomid);
for (Device d : devices) { for (Device d : devices) {
if (d instanceof Thermostat) { if (d instanceof Thermostat) {
thermostatService.populateMeasuredTemperature((Thermostat) d); thermostatService.populateMeasuredTemperature((Thermostat) d);
} }
} }
return toList(devices); List<Device> dl = toList(devices);
/**
* Extremely verbose method calls to find the current user and check if the optional user is
* one of their guests
*/
if (guestId.isPresent()
&& !dl.isEmpty()
&& userRepository
.findById(
roomRepository
.findById(dl.get(0).getRoomId().longValue())
.get()
.getUserId()
.longValue())
.get()
.getGuests()
.contains(userRepository.findById(guestId.get().longValue()))) {
return dl;
} else {
throw new Error("401: Unauthorized user. Not a guest.");
}
} }
} }

View file

@ -145,7 +145,6 @@ public class Room {
*/ */
@NotNull @NotNull
@Column(name = "user_id", nullable = false) @Column(name = "user_id", nullable = false)
@GsonExclude
private Long userId; private Long userId;
/** The user given name of this room (e.g. 'Master bedroom') */ /** The user given name of this room (e.g. 'Master bedroom') */