Add Security to Citizen
This commit is contained in:
@@ -13,10 +13,12 @@ import fr.dcproject.entity.User
|
||||
import fr.dcproject.routes.*
|
||||
import fr.dcproject.security.voter.ArticleVoter
|
||||
import fr.dcproject.security.voter.AuthorizationVoter
|
||||
import fr.dcproject.security.voter.CitizenVoter
|
||||
import fr.postgresjson.migration.Migrations
|
||||
import io.ktor.application.Application
|
||||
import io.ktor.application.install
|
||||
import io.ktor.auth.Authentication
|
||||
import io.ktor.auth.authenticate
|
||||
import io.ktor.auth.jwt.jwt
|
||||
import io.ktor.features.AutoHeadResponse
|
||||
import io.ktor.features.CallLogging
|
||||
@@ -99,7 +101,8 @@ fun Application.module() {
|
||||
|
||||
install(AuthorizationVoter) {
|
||||
voters = mutableListOf(
|
||||
ArticleVoter()
|
||||
ArticleVoter(),
|
||||
CitizenVoter()
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -9,8 +9,12 @@ class User(
|
||||
id: UUID? = UUID.randomUUID(),
|
||||
var username: String?,
|
||||
var blockedAt: DateTime? = null,
|
||||
var plainPassword: String?
|
||||
var plainPassword: String?,
|
||||
var roles: List<Roles> = emptyList()
|
||||
) : UuidEntity(id),
|
||||
EntityCreatedAt by EntityCreatedAtImp(),
|
||||
EntityUpdatedAt by EntityUpdatedAtImp(),
|
||||
Principal
|
||||
{
|
||||
enum class Roles { ROLE_USER, ROLE_ADMIN }
|
||||
}
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
package fr.dcproject.routes
|
||||
|
||||
import Paths
|
||||
import fr.dcproject.security.voter.ArticleVoter
|
||||
import fr.dcproject.security.voter.ArticleVoter.Action.CREATE
|
||||
import fr.dcproject.security.voter.ArticleVoter.Action.VIEW
|
||||
import fr.dcproject.security.voter.assertCan
|
||||
import io.ktor.application.call
|
||||
import io.ktor.locations.KtorExperimentalLocationsAPI
|
||||
@@ -16,16 +17,21 @@ import fr.dcproject.repository.Article as ArticleRepository
|
||||
@KtorExperimentalLocationsAPI
|
||||
fun Route.article(repo: ArticleRepository) {
|
||||
get<Paths.ArticlesRequest> {
|
||||
assertCan(VIEW)
|
||||
|
||||
val articles = repo.find(it.page, it.limit, it.sort, it.direction, it.search)
|
||||
call.respond(articles)
|
||||
}
|
||||
|
||||
get<Paths.ArticleRequest> {
|
||||
assertCan(VIEW, it.article)
|
||||
|
||||
call.respond(it.article)
|
||||
}
|
||||
|
||||
post<Paths.PostArticleRequest> {
|
||||
call.assertCan(ArticleVoter.Action.CREATE)
|
||||
assertCan(CREATE)
|
||||
|
||||
val article = call.receive<ArticleEntity>()
|
||||
repo.upsert(article)
|
||||
call.respond(article)
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
package fr.dcproject.routes
|
||||
|
||||
import Paths
|
||||
import fr.dcproject.security.voter.CitizenVoter.Action.VIEW
|
||||
import fr.dcproject.security.voter.assertCan
|
||||
import io.ktor.application.call
|
||||
import io.ktor.locations.KtorExperimentalLocationsAPI
|
||||
import io.ktor.locations.get
|
||||
@@ -11,11 +13,15 @@ import fr.dcproject.repository.Citizen as CitizenRepository
|
||||
@KtorExperimentalLocationsAPI
|
||||
fun Route.citizen(repo: CitizenRepository) {
|
||||
get<Paths.CitizensRequest> {
|
||||
assertCan(VIEW)
|
||||
|
||||
val citizens = repo.find(it.page, it.limit, it.sort, it.direction, it.search)
|
||||
call.respond(citizens)
|
||||
}
|
||||
|
||||
get<Paths.CitizenRequest> {
|
||||
assertCan(VIEW, it.citizen)
|
||||
|
||||
call.respond(it.citizen)
|
||||
}
|
||||
}
|
||||
42
src/main/kotlin/fr/dcproject/security/voter/CitizenVoter.kt
Normal file
42
src/main/kotlin/fr/dcproject/security/voter/CitizenVoter.kt
Normal file
@@ -0,0 +1,42 @@
|
||||
package fr.dcproject.security.voter
|
||||
|
||||
import fr.dcproject.entity.Citizen
|
||||
import fr.dcproject.entity.User
|
||||
import io.ktor.application.ApplicationCall
|
||||
|
||||
class CitizenVoter: Voter {
|
||||
enum class Action: ActionI {
|
||||
CREATE,
|
||||
UPDATE,
|
||||
VIEW,
|
||||
DELETE
|
||||
}
|
||||
|
||||
override fun supports(action: ActionI, call: ApplicationCall, subject: Any?): Boolean {
|
||||
return action is Action && subject is Citizen?
|
||||
}
|
||||
|
||||
override fun vote(action: ActionI, call: ApplicationCall, subject: Any?): Vote {
|
||||
val user = call.user
|
||||
if (action == Action.CREATE && user != null) {
|
||||
return Vote.GRANTED
|
||||
}
|
||||
|
||||
if (action == Action.VIEW) {
|
||||
return Vote.GRANTED
|
||||
}
|
||||
|
||||
if (action == Action.DELETE) {
|
||||
return Vote.DENIED
|
||||
}
|
||||
|
||||
if (action == Action.UPDATE &&
|
||||
user is User &&
|
||||
subject is Citizen &&
|
||||
subject.user?.id == user.id) {
|
||||
return Vote.GRANTED
|
||||
}
|
||||
|
||||
return Vote.ABSTAIN
|
||||
}
|
||||
}
|
||||
@@ -9,6 +9,7 @@ import io.ktor.http.HttpStatusCode
|
||||
import io.ktor.response.respond
|
||||
import io.ktor.util.AttributeKey
|
||||
import io.ktor.util.KtorExperimentalAPI
|
||||
import io.ktor.util.pipeline.PipelineContext
|
||||
|
||||
interface ActionI
|
||||
|
||||
@@ -39,6 +40,13 @@ fun ApplicationCall.assertCan(action: ActionI, subject: Any? = null) {
|
||||
throw UnauthorizedException(action)
|
||||
}
|
||||
}
|
||||
|
||||
fun PipelineContext<Unit, ApplicationCall>.assertCan(action: ActionI, subject: Any? = null) =
|
||||
context.assertCan(action, subject)
|
||||
|
||||
fun PipelineContext<Unit, ApplicationCall>.can(action: ActionI, subject: Any? = null) =
|
||||
context.can(action, subject)
|
||||
|
||||
fun ApplicationCall.can(action: ActionI, subject: Any? = null): Boolean {
|
||||
val voters = attributes[votersAttributeKey]
|
||||
|
||||
|
||||
Reference in New Issue
Block a user