improve security.

2019-08-30 22:32:30 +02:00
parent f5bff403f0
commit 9e88b33595
14 changed files with 109 additions and 39 deletions
--- a/src/main/kotlin/fr/dcproject/security/voter/CitizenVoter.kt
+++ b/src/main/kotlin/fr/dcproject/security/voter/CitizenVoter.kt
@@ -13,7 +13,9 @@ class CitizenVoter: Voter {
    }

    override fun supports(action: ActionI, call: ApplicationCall, subject: Any?): Boolean {
-        return action is Action && subject is Citizen?
+        return (action is Action)
+               &&
+               (subject is List<*> || subject is Citizen?)
    }

    override fun vote(action: ActionI, call: ApplicationCall, subject: Any?): Vote {
@@ -22,8 +24,20 @@ class CitizenVoter: Voter {
            return Vote.GRANTED
        }

-        if (action == Action.VIEW && user != null) {
-            return Vote.GRANTED
+        if (action == Action.VIEW) {
+            if (subject is Citizen) {
+                return if (subject.isDeleted()) Vote.DENIED
+                else Vote.GRANTED
+            }
+            if (subject is List<*>) {
+                subject.forEach {
+                    if (it !is Citizen || it.isDeleted()) {
+                        return Vote.DENIED
+                    }
+                }
+                return Vote.GRANTED
+            }
+            return Vote.DENIED
        }

        if (action == Action.DELETE) {