DC/dc-project
1
1
Fork 0
Code Issues 25 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Refactoring of WorkgroupVoter

Browse Source
This commit is contained in:
Fabrice Lecomte
2021-01-17 15:01:49 +01:00
parent ecda29abe5
commit c380ba47a5
17 changed files with 154 additions and 286 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/main/kotlin/Application.kt
View File

@@ -28,7 +28,6 @@ import fr.dcproject.component.comment.generic.routes.createCommentChildren
import fr.dcproject.component.comment.generic.routes.editComment
import fr.dcproject.component.comment.generic.routes.getChildrenComments
import fr.dcproject.component.comment.generic.routes.getOneComment
import fr.dcproject.component.workgroup.routes.*
import fr.dcproject.component.workgroup.routes.CreateWorkgroup.createWorkgroup
import fr.dcproject.component.workgroup.routes.DeleteWorkgroup.deleteWorkgroup
import fr.dcproject.component.workgroup.routes.EditWorkgroup.editWorkgroup
@@ -97,8 +96,7 @@ fun Application.module(env: Env = PROD) {
VoteVoter(),
FollowVoter(),
OpinionVoter(),
OpinionChoiceVoter(),
WorkgroupVoter()
OpinionChoiceVoter()
)
}
@@ -196,15 +194,15 @@ fun Application.module(env: Env = PROD) {
authRegister(get())
authSso(get())
/* Workgroup */
getWorkgroups(get())
getWorkgroup(get())
createWorkgroup(get())
editWorkgroup(get())
deleteWorkgroup(get())
getWorkgroups(get(), get())
getWorkgroup(get(), get())
createWorkgroup(get(), get())
editWorkgroup(get(), get())
deleteWorkgroup(get(), get())
/* Workgroup members */
addMemberToWorkgroup(get())
deleteMemberOfWorkgroup(get())
updateMemberOfWorkgroup(get())
addMemberToWorkgroup(get(), get())
deleteMemberOfWorkgroup(get(), get())
updateMemberOfWorkgroup(get(), get())
/* TODO */
constitution(get())
followArticle(get())

2
src/main/kotlin/KoinModule.kt
View File

@@ -18,6 +18,7 @@ import fr.dcproject.component.citizen.CitizenVoter
import fr.dcproject.component.comment.article.CommentArticleRepository
import fr.dcproject.component.comment.generic.CommentVoter
import fr.dcproject.component.workgroup.WorkgroupRepository
import fr.dcproject.component.workgroup.WorkgroupVoter
import fr.dcproject.event.publisher.Publisher
import fr.dcproject.messages.Mailer
import fr.dcproject.messages.NotificationEmailSender
@@ -121,6 +122,7 @@ val KoinModule = module {
single { ArticleVoter(get()) }
single { CitizenVoter() }
single { CommentVoter() }
single { WorkgroupVoter() }
// Elasticsearch Client
single<RestClient> {

2
src/main/kotlin/component/workgroup/Workgroup.kt
View File

@@ -59,7 +59,7 @@ interface WorkgroupWithAuthI<Z : CitizenWithUserI> : WorkgroupWithMembersI<Z>, E
val anonymous: Boolean
fun isMember(user: UserI): Boolean = members.isMember(user)
fun isMember(citizen: CitizenWithUserI): Boolean = members.isMember(citizen)
fun isMember(citizen: CitizenI): Boolean = members.isMember(citizen)
fun hasRole(expectedRole: Role, user: UserI): Boolean = members.hasRole(expectedRole, user)
fun hasRole(expectedRole: Role, citizen: CitizenI): Boolean = members.hasRole(expectedRole, citizen)

51
src/main/kotlin/component/workgroup/WorkgroupVoter.kt Normal file
View File

@@ -0,0 +1,51 @@
package fr.dcproject.component.workgroup
import fr.dcproject.component.citizen.CitizenI
import fr.dcproject.component.workgroup.WorkgroupWithMembersI.Member.Role
import fr.dcproject.voter.Voter
import fr.dcproject.voter.VoterResponse
class WorkgroupVoter : Voter() {
fun canCreate(subject: WorkgroupI, citizen: CitizenI?): VoterResponse {
if (citizen == null) return denied("You must be connected to create workgroup", "workgroup.create.notConnected")
return granted()
}
fun <S : WorkgroupWithAuthI<*>> canView(subjects: List<S>, citizen: CitizenI?): VoterResponse =
canAll(subjects) { canView(it, citizen) }
fun canView(subject: WorkgroupWithAuthI<*>, citizen: CitizenI?): VoterResponse =
if (subject.isDeleted()) denied("You cannot view a deleted workgroup", "workgroup.view.deleted")
else if (!subject.anonymous) granted()
else if (subject.anonymous && citizen != null && subject.isMember(citizen)) granted()
else denied("You cannot view anonymous workgroup", "workgroup.view.anonymous")
fun canDelete(subject: WorkgroupWithAuthI<*>, citizen: CitizenI?): VoterResponse {
if (citizen == null) return denied("You must be connected to delete workgroup", "workgroup.delete.notConnected")
return if (subject.hasRole(Role.MASTER, citizen)) granted()
else denied("You must hase role MASTER to delete workgroup", "workgroup.delete.role")
}
fun canUpdate(subject: WorkgroupWithAuthI<*>, citizen: CitizenI?): VoterResponse {
if (citizen == null) return denied("You must be connected to update workgroup", "workgroup.update.notConnected")
return if (subject.hasRole(Role.MASTER, citizen)) granted()
else denied("You must hase role MASTER to delete workgroup", "workgroup.delete.role")
}
fun canAddMembers(subject: WorkgroupWithAuthI<*>, citizen: CitizenI?): VoterResponse = when {
citizen == null -> denied("You must be connected to add member to the workgroup", "workgroup.addMember.notConnected")
subject.hasRole(Role.MASTER, citizen) -> granted()
else -> denied("You must have MASTER Role for add member to workgroup", "workgroup.addMember.role")
}
fun canUpdateMembers(subject: WorkgroupWithAuthI<*>, citizen: CitizenI?): VoterResponse = when {
citizen == null -> denied("You must be connected to update member of the workgroup", "workgroup.updateMember.notConnected")
subject.hasRole(Role.MASTER, citizen) -> granted()
else -> denied("You must have MASTER Role for update members of workgroup", "workgroup.updateMember.role")
}
fun canRemoveMembers(subject: WorkgroupWithAuthI<*>, citizen: CitizenI?): VoterResponse = when {
citizen == null -> denied("You must be connected to remove member of the workgroup", "workgroup.removeMember.notConnected")
subject.hasRole(Role.MASTER, citizen) -> granted()
else -> denied("You must have MASTER Role for remove members of workgroup", "workgroup.removeMember.role")
}
}

9
src/main/kotlin/component/workgroup/routes/CreateWorkgroup.kt
View File

@@ -1,11 +1,12 @@
package fr.dcproject.component.workgroup.routes
import fr.dcproject.citizen
import fr.dcproject.citizenOrNull
import fr.dcproject.component.workgroup.WorkgroupRepository
import fr.dcproject.component.workgroup.WorkgroupSimple
import fr.dcproject.component.workgroup.routes.CreateWorkgroup.PostWorkgroupRequest.Input
import fr.dcproject.security.voter.WorkgroupVoter
import fr.ktorVoter.assertCan
import fr.dcproject.component.workgroup.WorkgroupVoter
import fr.dcproject.voter.assert
import io.ktor.application.*
import io.ktor.http.*
import io.ktor.locations.*
@@ -27,7 +28,7 @@ object CreateWorkgroup {
)
}
fun Route.createWorkgroup(repo: WorkgroupRepository) {
fun Route.createWorkgroup(repo: WorkgroupRepository, voter: WorkgroupVoter) {
post<PostWorkgroupRequest> {
call.receive<Input>().run {
WorkgroupSimple(
@@ -39,7 +40,7 @@ object CreateWorkgroup {
citizen
)
}.let { workgroup ->
assertCan(WorkgroupVoter.Action.CREATE, workgroup)
voter.assert { canCreate(workgroup, citizenOrNull) }
repo.upsert(workgroup)
}.let {
call.respond(HttpStatusCode.Created, it)

9
src/main/kotlin/component/workgroup/routes/DeleteWorkgroup.kt
View File

@@ -1,8 +1,9 @@
package fr.dcproject.component.workgroup.routes
import fr.dcproject.citizenOrNull
import fr.dcproject.component.workgroup.WorkgroupRepository
import fr.dcproject.security.voter.WorkgroupVoter
import fr.ktorVoter.assertCan
import fr.dcproject.component.workgroup.WorkgroupVoter
import fr.dcproject.voter.assert
import io.ktor.application.*
import io.ktor.http.*
import io.ktor.locations.*
@@ -15,10 +16,10 @@ object DeleteWorkgroup {
@Location("/workgroups/{workgroupId}")
class DeleteWorkgroupRequest(val workgroupId: UUID)
fun Route.deleteWorkgroup(repo: WorkgroupRepository) {
fun Route.deleteWorkgroup(repo: WorkgroupRepository, voter: WorkgroupVoter) {
delete<DeleteWorkgroupRequest> {
repo.findById(it.workgroupId)?.let { workgroup ->
assertCan(WorkgroupVoter.Action.DELETE, workgroup)
voter.assert { canDelete(workgroup, citizenOrNull) }
repo.delete(workgroup)
call.respond(HttpStatusCode.NoContent)
} ?: call.respond(HttpStatusCode.NotFound)

9
src/main/kotlin/component/workgroup/routes/EditWorkgroup.kt
View File

@@ -1,9 +1,10 @@
package fr.dcproject.component.workgroup.routes
import fr.dcproject.citizenOrNull
import fr.dcproject.component.workgroup.WorkgroupRepository
import fr.dcproject.component.workgroup.routes.EditWorkgroup.PutWorkgroupRequest.Input
import fr.dcproject.security.voter.WorkgroupVoter
import fr.ktorVoter.assertCan
import fr.dcproject.component.workgroup.WorkgroupVoter
import fr.dcproject.voter.assert
import io.ktor.application.*
import io.ktor.http.*
import io.ktor.locations.*
@@ -25,7 +26,7 @@ object EditWorkgroup {
)
}
fun Route.editWorkgroup(repo: WorkgroupRepository) {
fun Route.editWorkgroup(repo: WorkgroupRepository, voter: WorkgroupVoter) {
put<PutWorkgroupRequest> {
repo.findById(it.workgroupId)?.let { old ->
call.receive<Input>().run {
@@ -35,7 +36,7 @@ object EditWorkgroup {
logo = logo ?: old.logo,
anonymous = anonymous ?: old.anonymous
).let { workgroup ->
assertCan(WorkgroupVoter.Action.UPDATE, workgroup)
voter.assert { canUpdate(workgroup, citizenOrNull) }
repo.upsert(workgroup)
call.respond(HttpStatusCode.OK, it)
}

9
src/main/kotlin/component/workgroup/routes/GetWorkgroup.kt
View File

@@ -1,8 +1,9 @@
package fr.dcproject.component.workgroup.routes
import fr.dcproject.citizenOrNull
import fr.dcproject.component.workgroup.WorkgroupRepository
import fr.dcproject.security.voter.WorkgroupVoter
import fr.ktorVoter.assertCan
import fr.dcproject.component.workgroup.WorkgroupVoter
import fr.dcproject.voter.assert
import io.ktor.application.*
import io.ktor.http.*
import io.ktor.locations.*
@@ -15,10 +16,10 @@ object GetWorkgroup {
@Location("/workgroups/{workgroupId}")
class WorkgroupRequest(val workgroupId: UUID)
fun Route.getWorkgroup(repo: WorkgroupRepository) {
fun Route.getWorkgroup(repo: WorkgroupRepository, voter: WorkgroupVoter) {
get<WorkgroupRequest> {
repo.findById(it.workgroupId)?.let { workgroup ->
assertCan(WorkgroupVoter.Action.VIEW, workgroup)
voter.assert { canView(workgroup, citizenOrNull) }
call.respond(workgroup)
} ?: call.respond(HttpStatusCode.NotFound)
}

9
src/main/kotlin/component/workgroup/routes/GetWorkgroups.kt
View File

@@ -1,9 +1,10 @@
package fr.dcproject.component.workgroup.routes
import fr.dcproject.citizenOrNull
import fr.dcproject.component.workgroup.WorkgroupRepository
import fr.dcproject.security.voter.WorkgroupVoter
import fr.dcproject.component.workgroup.WorkgroupVoter
import fr.dcproject.utils.toUUID
import fr.ktorVoter.assertCanAll
import fr.dcproject.voter.assert
import fr.postgresjson.repository.RepositoryI
import io.ktor.application.*
import io.ktor.locations.*
@@ -28,13 +29,13 @@ object GetWorkgroups {
val members: List<UUID>? = members?.toUUID()
}
fun Route.getWorkgroups(repo: WorkgroupRepository) {
fun Route.getWorkgroups(repo: WorkgroupRepository, voter: WorkgroupVoter) {
get<WorkgroupsRequest> {
val workgroups =
repo.find(it.page, it.limit, it.sort, it.direction, it.search,
WorkgroupRepository.Filter(createdById = it.createdBy, members = it.members)
)
assertCanAll(WorkgroupVoter.Action.VIEW, workgroups.result)
voter.assert { canView(workgroups.result, citizenOrNull) }
call.respond(workgroups)
}
}

9
src/main/kotlin/component/workgroup/routes/members/AddMemberToWorkgroup.kt
View File

@@ -1,10 +1,11 @@
package fr.dcproject.component.workgroup.routes.members
import fr.dcproject.citizenOrNull
import fr.dcproject.component.citizen.CitizenRef
import fr.dcproject.component.workgroup.WorkgroupRepository
import fr.dcproject.component.workgroup.WorkgroupWithMembersI
import fr.dcproject.security.voter.WorkgroupVoter
import fr.ktorVoter.assertCan
import fr.dcproject.component.workgroup.WorkgroupVoter
import fr.dcproject.voter.assert
import io.ktor.application.*
import io.ktor.http.*
import io.ktor.locations.*
@@ -36,12 +37,12 @@ object AddMemberToWorkgroup {
}
@KtorExperimentalLocationsAPI
fun Route.addMemberToWorkgroup(repo: WorkgroupRepository) {
fun Route.addMemberToWorkgroup(repo: WorkgroupRepository, voter: WorkgroupVoter) {
/* Add members to workgroup */
post<WorkgroupsMembersRequest> {
repo.findById(it.workgroupId)?.let { workgroup ->
call.getMembersFromRequest().let { members ->
assertCan(WorkgroupVoter.ActionMembers.ADD, workgroup)
voter.assert { canAddMembers(workgroup, citizenOrNull) }
repo.addMembers(workgroup, members)
}.let { members ->
call.respond(HttpStatusCode.Created, members)

9
src/main/kotlin/component/workgroup/routes/members/DeleteMembersOfWorkgroup.kt
View File

@@ -1,10 +1,11 @@
package fr.dcproject.component.workgroup.routes.members
import fr.dcproject.citizenOrNull
import fr.dcproject.component.citizen.CitizenRef
import fr.dcproject.component.workgroup.WorkgroupRepository
import fr.dcproject.component.workgroup.WorkgroupWithMembersI
import fr.dcproject.security.voter.WorkgroupVoter
import fr.ktorVoter.assertCan
import fr.dcproject.component.workgroup.WorkgroupVoter
import fr.dcproject.voter.assert
import io.ktor.application.*
import io.ktor.http.*
import io.ktor.locations.*
@@ -34,12 +35,12 @@ object DeleteMembersOfWorkgroup {
)
}
fun Route.deleteMemberOfWorkgroup(repo: WorkgroupRepository) {
fun Route.deleteMemberOfWorkgroup(repo: WorkgroupRepository, voter: WorkgroupVoter) {
/* Delete members of workgroup */
delete<WorkgroupsMembersRequest> {
repo.findById(it.workgroupId)?.let { workgroup ->
call.getMembersFromRequest().let { members ->
assertCan(WorkgroupVoter.ActionMembers.REMOVE, workgroup)
voter.assert { canView(workgroup, citizenOrNull) }
repo.removeMembers(workgroup, members)
}.let { members ->
call.respond(HttpStatusCode.OK, members)

9
src/main/kotlin/component/workgroup/routes/members/UpdateMemberOfWorkgroup.kt
View File

@@ -1,10 +1,11 @@
package fr.dcproject.component.workgroup.routes.members
import fr.dcproject.citizenOrNull
import fr.dcproject.component.citizen.CitizenRef
import fr.dcproject.component.workgroup.WorkgroupRepository
import fr.dcproject.component.workgroup.WorkgroupWithMembersI
import fr.dcproject.security.voter.WorkgroupVoter
import fr.ktorVoter.assertCan
import fr.dcproject.component.workgroup.WorkgroupVoter
import fr.dcproject.voter.assert
import io.ktor.application.*
import io.ktor.http.*
import io.ktor.locations.*
@@ -34,12 +35,12 @@ object UpdateMemberOfWorkgroup {
)
}
fun Route.updateMemberOfWorkgroup(repo: WorkgroupRepository) {
fun Route.updateMemberOfWorkgroup(repo: WorkgroupRepository, voter: WorkgroupVoter) {
/* Update members of workgroup */
put<WorkgroupsMembersRequest> {
repo.findById(it.workgroupId)?.let { workgroup ->
call.getMembersFromRequest().let { members ->
assertCan(WorkgroupVoter.ActionMembers.UPDATE, workgroup)
voter.assert { canUpdateMembers(workgroup, citizenOrNull) }
repo.updateMembers(workgroup, members)
}.let { members ->
call.respond(HttpStatusCode.OK, members)

95
src/main/kotlin/voter/WorkgroupVoter.kt
View File

@@ -1,95 +0,0 @@
package fr.dcproject.security.voter
import fr.dcproject.component.auth.UserI
import fr.dcproject.component.workgroup.WorkgroupI
import fr.dcproject.component.workgroup.WorkgroupWithAuthI
import fr.dcproject.component.workgroup.WorkgroupWithMembersI.Member.Role
import fr.dcproject.user
import fr.dcproject.voter.NoRuleDefinedException
import fr.dcproject.voter.NoSubjectDefinedException
import fr.ktorVoter.*
import io.ktor.application.*
class WorkgroupVoter : Voter<ApplicationCall> {
enum class Action : ActionI {
CREATE,
UPDATE,
VIEW,
DELETE,
}
enum class ActionMembers : ActionI {
ADD,
UPDATE,
VIEW,
REMOVE,
}
override fun invoke(action: Any, context: ApplicationCall, subject: Any?): VoterResponseI {
if ((action is Action && subject == null)) throw NoSubjectDefinedException(action)
if (!((action is Action || action is ActionMembers) &&
(subject is WorkgroupI? || (subject is List<*> && subject.first() is WorkgroupI)))) return abstain()
val user = context.user
if (action == Action.CREATE) {
if (user == null) return denied("You must be connected to delete workgroup", "workgroup.delete.notConnected")
if (subject is WorkgroupI) {
return granted()
}
}
if (action == Action.VIEW) {
if (subject is WorkgroupWithAuthI<*>) {
return if (subject.isDeleted()) denied("You cannot view a deleted workgroup", "workgroup.view.deleted")
else if (!subject.anonymous) granted()
else if (subject.anonymous && user != null && subject.isMember(user)) granted()
else denied("You cannot view anonymous workgroup", "workgroup.view.anonymous")
}
throw NoSubjectDefinedException(action as ActionI)
}
if (subject is WorkgroupWithAuthI<*> && (action == Action.DELETE || action == Action.UPDATE)) {
if (action == Action.DELETE) {
if (user == null) return denied("You must be connected to delete workgroup", "workgroup.delete.notConnected")
return if (subject.hasRole(Role.MASTER, user)) granted()
else denied("You must hase role MASTER to delete workgroup", "workgroup.delete.role")
}
if (action == Action.UPDATE) {
if (user == null) return denied("You must be connected to delete workgroup", "workgroup.delete.notConnected")
return if (subject.hasRole(Role.MASTER, user)) granted()
else denied("You must hase role MASTER to delete workgroup", "workgroup.delete.role")
}
throw NoRuleDefinedException(action as ActionI)
} else if (subject !is WorkgroupWithAuthI<*> && (action == Action.DELETE || action == Action.UPDATE)) {
throw NoSubjectDefinedException(action as ActionI)
}
if (action == ActionMembers.ADD) {
// TODO create ROLES
if (user !is UserI) return denied("You must be connected to add member to the workgroup", "workgroup.addMember.notConnected")
if (subject !is WorkgroupWithAuthI<*>) throw NoSubjectDefinedException(action as ActionI)
return if (subject.hasRole(Role.MASTER, user)) granted() else denied("You must have MASTER Role for add member to workgroup", "workgroup.addMember.role")
}
if (action == ActionMembers.UPDATE) {
// TODO create ROLES
if (user !is UserI) return denied("You must be connected to update member of the workgroup", "workgroup.updateMember.notConnected")
if (subject !is WorkgroupWithAuthI<*>) throw NoSubjectDefinedException(action as ActionI)
return if (subject.hasRole(Role.MASTER, user)) granted() else denied("You must have MASTER Role for update members of workgroup", "workgroup.updateMember.role")
}
if (action == ActionMembers.REMOVE) {
// TODO create ROLES
if (user !is UserI) return denied("You must be connected to remove member of the workgroup", "workgroup.removeMember.notConnected")
if (subject !is WorkgroupWithAuthI<*>) throw NoSubjectDefinedException(action as ActionI)
return if (subject.hasRole(Role.MASTER, user)) granted() else denied("You must have MASTER Role for remove members of workgroup", "workgroup.removeMember.role")
}
if (action is Action) {
throw NoRuleDefinedException(action)
}
return abstain()
}
}