DC/dc-project
1
1
Fork 0
Code Issues 25 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Refactors Articles and Voter

Browse Source 
- Move files into components (article)
- Split articles routes
- Refactoring for remove ktor-voter (ArticleVoter)
- Remove mutability
- Move DataConversion to separate file (Converter.kt)
- Add Schemas for Articles routes
- Fix SQL Query for Workgroup roles
- rename container_name in docker-compose
This commit is contained in:
Fabrice Lecomte
2021-01-14 11:23:27 +01:00
parent 03401f711e
commit a1c1accc87
124 changed files with 2026 additions and 1828 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
src/main/kotlin/voter/WorkgroupVoter.kt
View File

@@ -1,13 +1,14 @@
package fr.dcproject.security.voter
import fr.dcproject.entity.*
import fr.dcproject.entity.UserI
import fr.dcproject.entity.WorkgroupI
import fr.dcproject.entity.WorkgroupWithAuthI
import fr.dcproject.entity.WorkgroupWithMembersI.Member.Role
import fr.dcproject.user
import fr.ktorVoter.ActionI
import fr.ktorVoter.Vote
import fr.ktorVoter.Voter
import fr.ktorVoter.VoterException
import io.ktor.application.ApplicationCall
import fr.dcproject.voter.NoRuleDefinedException
import fr.dcproject.voter.NoSubjectDefinedException
import fr.ktorVoter.*
import io.ktor.application.*
class WorkgroupVoter : Voter<ApplicationCall> {
enum class Action : ActionI {
@@ -24,67 +25,72 @@ class WorkgroupVoter : Voter<ApplicationCall> {
REMOVE,
}
override fun invoke(action: Any, context: ApplicationCall, subject: Any?): Vote {
override fun invoke(action: Any, context: ApplicationCall, subject: Any?): VoterResponseI {
if ((action is Action && subject == null)) throw NoSubjectDefinedException(action)
if (!((action is Action || action is ActionMembers)
&& (subject is WorkgroupI? || (subject is List<*> && subject.first() is WorkgroupI)))) return Vote.ABSTAIN
&& (subject is WorkgroupI? || (subject is List<*> && subject.first() is WorkgroupI)))) return abstain()
val user = context.user
if (subject is WorkgroupI && action == Action.CREATE && user is UserI) {
return Vote.GRANTED
if (action == Action.CREATE) {
if (user == null) return denied("You must be connected to delete workgroup", "workgroup.delete.notConnected")
if (subject is WorkgroupI) {
return granted()
}
}
if (action == Action.VIEW) {
if (subject is WorkgroupWithAuthI<*>) {
return if (subject.isDeleted()) Vote.DENIED
else if (!subject.anonymous) Vote.GRANTED
else if (subject.anonymous && user != null && subject.isMember(user)) Vote.GRANTED
else Vote.DENIED
return if (subject.isDeleted()) denied("You cannot view a deleted workgroup", "workgroup.view.deleted")
else if (!subject.anonymous) granted()
else if (subject.anonymous && user != null && subject.isMember(user)) granted()
else denied("You cannot view anonymous workgroup", "workgroup.view.anonymous")
}
return Vote.DENIED
throw NoSubjectDefinedException(action as ActionI)
}
if (subject is WorkgroupWithAuthI<*>) {
if (action == Action.DELETE && user is UserI && subject.hasRole(Role.MASTER, user)) {
return Vote.GRANTED
if (subject is WorkgroupWithAuthI<*> && (action == Action.DELETE || action == Action.UPDATE)) {
if (action == Action.DELETE) {
if (user == null) return denied("You must be connected to delete workgroup", "workgroup.delete.notConnected")
return if (subject.hasRole(Role.MASTER, user)) granted()
else denied("You must hase role MASTER to delete workgroup", "workgroup.delete.role")
}
if (action == Action.UPDATE) {
if (user == null) return denied("You must be connected to delete workgroup", "workgroup.delete.notConnected")
return if (subject.hasRole(Role.MASTER, user)) granted()
else denied("You must hase role MASTER to delete workgroup", "workgroup.delete.role")
}
if (action == Action.UPDATE && user is UserI && subject.hasRole(Role.MASTER, user)) {
return Vote.GRANTED
}
return Vote.DENIED
throw NoRuleDefinedException(action as ActionI)
} else if (subject !is WorkgroupWithAuthI<*> && (action == Action.DELETE || action == Action.UPDATE)) {
throw object :
VoterException("Unable to define if your are granted, the subject must implement 'WorkgroupWithAuthI'") {}
throw NoSubjectDefinedException(action as ActionI)
}
if (action == ActionMembers.ADD) {
// TODO create ROLES
return Vote.toVote {
user is UserI &&
subject is WorkgroupWithAuthI<*> &&
subject.hasRole(Role.MASTER, user)
}
if (user !is UserI) return denied("You must be connected to add member to the workgroup", "workgroup.addMember.notConnected")
if (subject !is WorkgroupWithAuthI<*>) throw NoSubjectDefinedException(action as ActionI)
return if (subject.hasRole(Role.MASTER, user)) granted() else denied("You must have MASTER Role for add member to workgroup", "workgroup.addMember.role")
}
if (action == ActionMembers.UPDATE) {
// TODO create ROLES
return Vote.toVote {
user is UserI &&
subject is WorkgroupWithAuthI<*> &&
subject.hasRole(Role.MASTER, user)
}
if (user !is UserI) return denied("You must be connected to update member of the workgroup", "workgroup.updateMember.notConnected")
if (subject !is WorkgroupWithAuthI<*>) throw NoSubjectDefinedException(action as ActionI)
return if (subject.hasRole(Role.MASTER, user)) granted() else denied("You must have MASTER Role for update members of workgroup", "workgroup.updateMember.role")
}
if (action == ActionMembers.REMOVE) {
// TODO create ROLES
return Vote.toVote {
user is UserI &&
subject is WorkgroupWithAuthI<*> &&
subject.hasRole(Role.MASTER, user)
}
if (user !is UserI) return denied("You must be connected to remove member of the workgroup", "workgroup.removeMember.notConnected")
if (subject !is WorkgroupWithAuthI<*>) throw NoSubjectDefinedException(action as ActionI)
return if (subject.hasRole(Role.MASTER, user)) granted() else denied("You must have MASTER Role for remove members of workgroup", "workgroup.removeMember.role")
}
return Vote.ABSTAIN
if (action is Action) {
throw NoRuleDefinedException(action)
}
return abstain()
}
}