Refactoring of WorkgroupVoter
This commit is contained in:
@@ -59,7 +59,7 @@ interface WorkgroupWithAuthI<Z : CitizenWithUserI> : WorkgroupWithMembersI<Z>, E
|
||||
val anonymous: Boolean
|
||||
|
||||
fun isMember(user: UserI): Boolean = members.isMember(user)
|
||||
fun isMember(citizen: CitizenWithUserI): Boolean = members.isMember(citizen)
|
||||
fun isMember(citizen: CitizenI): Boolean = members.isMember(citizen)
|
||||
|
||||
fun hasRole(expectedRole: Role, user: UserI): Boolean = members.hasRole(expectedRole, user)
|
||||
fun hasRole(expectedRole: Role, citizen: CitizenI): Boolean = members.hasRole(expectedRole, citizen)
|
||||
|
||||
51
src/main/kotlin/component/workgroup/WorkgroupVoter.kt
Normal file
51
src/main/kotlin/component/workgroup/WorkgroupVoter.kt
Normal file
@@ -0,0 +1,51 @@
|
||||
package fr.dcproject.component.workgroup
|
||||
|
||||
import fr.dcproject.component.citizen.CitizenI
|
||||
import fr.dcproject.component.workgroup.WorkgroupWithMembersI.Member.Role
|
||||
import fr.dcproject.voter.Voter
|
||||
import fr.dcproject.voter.VoterResponse
|
||||
|
||||
class WorkgroupVoter : Voter() {
|
||||
fun canCreate(subject: WorkgroupI, citizen: CitizenI?): VoterResponse {
|
||||
if (citizen == null) return denied("You must be connected to create workgroup", "workgroup.create.notConnected")
|
||||
return granted()
|
||||
}
|
||||
|
||||
fun <S : WorkgroupWithAuthI<*>> canView(subjects: List<S>, citizen: CitizenI?): VoterResponse =
|
||||
canAll(subjects) { canView(it, citizen) }
|
||||
|
||||
fun canView(subject: WorkgroupWithAuthI<*>, citizen: CitizenI?): VoterResponse =
|
||||
if (subject.isDeleted()) denied("You cannot view a deleted workgroup", "workgroup.view.deleted")
|
||||
else if (!subject.anonymous) granted()
|
||||
else if (subject.anonymous && citizen != null && subject.isMember(citizen)) granted()
|
||||
else denied("You cannot view anonymous workgroup", "workgroup.view.anonymous")
|
||||
|
||||
fun canDelete(subject: WorkgroupWithAuthI<*>, citizen: CitizenI?): VoterResponse {
|
||||
if (citizen == null) return denied("You must be connected to delete workgroup", "workgroup.delete.notConnected")
|
||||
return if (subject.hasRole(Role.MASTER, citizen)) granted()
|
||||
else denied("You must hase role MASTER to delete workgroup", "workgroup.delete.role")
|
||||
}
|
||||
fun canUpdate(subject: WorkgroupWithAuthI<*>, citizen: CitizenI?): VoterResponse {
|
||||
if (citizen == null) return denied("You must be connected to update workgroup", "workgroup.update.notConnected")
|
||||
return if (subject.hasRole(Role.MASTER, citizen)) granted()
|
||||
else denied("You must hase role MASTER to delete workgroup", "workgroup.delete.role")
|
||||
}
|
||||
|
||||
fun canAddMembers(subject: WorkgroupWithAuthI<*>, citizen: CitizenI?): VoterResponse = when {
|
||||
citizen == null -> denied("You must be connected to add member to the workgroup", "workgroup.addMember.notConnected")
|
||||
subject.hasRole(Role.MASTER, citizen) -> granted()
|
||||
else -> denied("You must have MASTER Role for add member to workgroup", "workgroup.addMember.role")
|
||||
}
|
||||
|
||||
fun canUpdateMembers(subject: WorkgroupWithAuthI<*>, citizen: CitizenI?): VoterResponse = when {
|
||||
citizen == null -> denied("You must be connected to update member of the workgroup", "workgroup.updateMember.notConnected")
|
||||
subject.hasRole(Role.MASTER, citizen) -> granted()
|
||||
else -> denied("You must have MASTER Role for update members of workgroup", "workgroup.updateMember.role")
|
||||
}
|
||||
|
||||
fun canRemoveMembers(subject: WorkgroupWithAuthI<*>, citizen: CitizenI?): VoterResponse = when {
|
||||
citizen == null -> denied("You must be connected to remove member of the workgroup", "workgroup.removeMember.notConnected")
|
||||
subject.hasRole(Role.MASTER, citizen) -> granted()
|
||||
else -> denied("You must have MASTER Role for remove members of workgroup", "workgroup.removeMember.role")
|
||||
}
|
||||
}
|
||||
@@ -1,11 +1,12 @@
|
||||
package fr.dcproject.component.workgroup.routes
|
||||
|
||||
import fr.dcproject.citizen
|
||||
import fr.dcproject.citizenOrNull
|
||||
import fr.dcproject.component.workgroup.WorkgroupRepository
|
||||
import fr.dcproject.component.workgroup.WorkgroupSimple
|
||||
import fr.dcproject.component.workgroup.routes.CreateWorkgroup.PostWorkgroupRequest.Input
|
||||
import fr.dcproject.security.voter.WorkgroupVoter
|
||||
import fr.ktorVoter.assertCan
|
||||
import fr.dcproject.component.workgroup.WorkgroupVoter
|
||||
import fr.dcproject.voter.assert
|
||||
import io.ktor.application.*
|
||||
import io.ktor.http.*
|
||||
import io.ktor.locations.*
|
||||
@@ -27,7 +28,7 @@ object CreateWorkgroup {
|
||||
)
|
||||
}
|
||||
|
||||
fun Route.createWorkgroup(repo: WorkgroupRepository) {
|
||||
fun Route.createWorkgroup(repo: WorkgroupRepository, voter: WorkgroupVoter) {
|
||||
post<PostWorkgroupRequest> {
|
||||
call.receive<Input>().run {
|
||||
WorkgroupSimple(
|
||||
@@ -39,7 +40,7 @@ object CreateWorkgroup {
|
||||
citizen
|
||||
)
|
||||
}.let { workgroup ->
|
||||
assertCan(WorkgroupVoter.Action.CREATE, workgroup)
|
||||
voter.assert { canCreate(workgroup, citizenOrNull) }
|
||||
repo.upsert(workgroup)
|
||||
}.let {
|
||||
call.respond(HttpStatusCode.Created, it)
|
||||
|
||||
@@ -1,8 +1,9 @@
|
||||
package fr.dcproject.component.workgroup.routes
|
||||
|
||||
import fr.dcproject.citizenOrNull
|
||||
import fr.dcproject.component.workgroup.WorkgroupRepository
|
||||
import fr.dcproject.security.voter.WorkgroupVoter
|
||||
import fr.ktorVoter.assertCan
|
||||
import fr.dcproject.component.workgroup.WorkgroupVoter
|
||||
import fr.dcproject.voter.assert
|
||||
import io.ktor.application.*
|
||||
import io.ktor.http.*
|
||||
import io.ktor.locations.*
|
||||
@@ -15,10 +16,10 @@ object DeleteWorkgroup {
|
||||
@Location("/workgroups/{workgroupId}")
|
||||
class DeleteWorkgroupRequest(val workgroupId: UUID)
|
||||
|
||||
fun Route.deleteWorkgroup(repo: WorkgroupRepository) {
|
||||
fun Route.deleteWorkgroup(repo: WorkgroupRepository, voter: WorkgroupVoter) {
|
||||
delete<DeleteWorkgroupRequest> {
|
||||
repo.findById(it.workgroupId)?.let { workgroup ->
|
||||
assertCan(WorkgroupVoter.Action.DELETE, workgroup)
|
||||
voter.assert { canDelete(workgroup, citizenOrNull) }
|
||||
repo.delete(workgroup)
|
||||
call.respond(HttpStatusCode.NoContent)
|
||||
} ?: call.respond(HttpStatusCode.NotFound)
|
||||
|
||||
@@ -1,9 +1,10 @@
|
||||
package fr.dcproject.component.workgroup.routes
|
||||
|
||||
import fr.dcproject.citizenOrNull
|
||||
import fr.dcproject.component.workgroup.WorkgroupRepository
|
||||
import fr.dcproject.component.workgroup.routes.EditWorkgroup.PutWorkgroupRequest.Input
|
||||
import fr.dcproject.security.voter.WorkgroupVoter
|
||||
import fr.ktorVoter.assertCan
|
||||
import fr.dcproject.component.workgroup.WorkgroupVoter
|
||||
import fr.dcproject.voter.assert
|
||||
import io.ktor.application.*
|
||||
import io.ktor.http.*
|
||||
import io.ktor.locations.*
|
||||
@@ -25,7 +26,7 @@ object EditWorkgroup {
|
||||
)
|
||||
}
|
||||
|
||||
fun Route.editWorkgroup(repo: WorkgroupRepository) {
|
||||
fun Route.editWorkgroup(repo: WorkgroupRepository, voter: WorkgroupVoter) {
|
||||
put<PutWorkgroupRequest> {
|
||||
repo.findById(it.workgroupId)?.let { old ->
|
||||
call.receive<Input>().run {
|
||||
@@ -35,7 +36,7 @@ object EditWorkgroup {
|
||||
logo = logo ?: old.logo,
|
||||
anonymous = anonymous ?: old.anonymous
|
||||
).let { workgroup ->
|
||||
assertCan(WorkgroupVoter.Action.UPDATE, workgroup)
|
||||
voter.assert { canUpdate(workgroup, citizenOrNull) }
|
||||
repo.upsert(workgroup)
|
||||
call.respond(HttpStatusCode.OK, it)
|
||||
}
|
||||
|
||||
@@ -1,8 +1,9 @@
|
||||
package fr.dcproject.component.workgroup.routes
|
||||
|
||||
import fr.dcproject.citizenOrNull
|
||||
import fr.dcproject.component.workgroup.WorkgroupRepository
|
||||
import fr.dcproject.security.voter.WorkgroupVoter
|
||||
import fr.ktorVoter.assertCan
|
||||
import fr.dcproject.component.workgroup.WorkgroupVoter
|
||||
import fr.dcproject.voter.assert
|
||||
import io.ktor.application.*
|
||||
import io.ktor.http.*
|
||||
import io.ktor.locations.*
|
||||
@@ -15,10 +16,10 @@ object GetWorkgroup {
|
||||
@Location("/workgroups/{workgroupId}")
|
||||
class WorkgroupRequest(val workgroupId: UUID)
|
||||
|
||||
fun Route.getWorkgroup(repo: WorkgroupRepository) {
|
||||
fun Route.getWorkgroup(repo: WorkgroupRepository, voter: WorkgroupVoter) {
|
||||
get<WorkgroupRequest> {
|
||||
repo.findById(it.workgroupId)?.let { workgroup ->
|
||||
assertCan(WorkgroupVoter.Action.VIEW, workgroup)
|
||||
voter.assert { canView(workgroup, citizenOrNull) }
|
||||
call.respond(workgroup)
|
||||
} ?: call.respond(HttpStatusCode.NotFound)
|
||||
}
|
||||
|
||||
@@ -1,9 +1,10 @@
|
||||
package fr.dcproject.component.workgroup.routes
|
||||
|
||||
import fr.dcproject.citizenOrNull
|
||||
import fr.dcproject.component.workgroup.WorkgroupRepository
|
||||
import fr.dcproject.security.voter.WorkgroupVoter
|
||||
import fr.dcproject.component.workgroup.WorkgroupVoter
|
||||
import fr.dcproject.utils.toUUID
|
||||
import fr.ktorVoter.assertCanAll
|
||||
import fr.dcproject.voter.assert
|
||||
import fr.postgresjson.repository.RepositoryI
|
||||
import io.ktor.application.*
|
||||
import io.ktor.locations.*
|
||||
@@ -28,13 +29,13 @@ object GetWorkgroups {
|
||||
val members: List<UUID>? = members?.toUUID()
|
||||
}
|
||||
|
||||
fun Route.getWorkgroups(repo: WorkgroupRepository) {
|
||||
fun Route.getWorkgroups(repo: WorkgroupRepository, voter: WorkgroupVoter) {
|
||||
get<WorkgroupsRequest> {
|
||||
val workgroups =
|
||||
repo.find(it.page, it.limit, it.sort, it.direction, it.search,
|
||||
WorkgroupRepository.Filter(createdById = it.createdBy, members = it.members)
|
||||
)
|
||||
assertCanAll(WorkgroupVoter.Action.VIEW, workgroups.result)
|
||||
voter.assert { canView(workgroups.result, citizenOrNull) }
|
||||
call.respond(workgroups)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,10 +1,11 @@
|
||||
package fr.dcproject.component.workgroup.routes.members
|
||||
|
||||
import fr.dcproject.citizenOrNull
|
||||
import fr.dcproject.component.citizen.CitizenRef
|
||||
import fr.dcproject.component.workgroup.WorkgroupRepository
|
||||
import fr.dcproject.component.workgroup.WorkgroupWithMembersI
|
||||
import fr.dcproject.security.voter.WorkgroupVoter
|
||||
import fr.ktorVoter.assertCan
|
||||
import fr.dcproject.component.workgroup.WorkgroupVoter
|
||||
import fr.dcproject.voter.assert
|
||||
import io.ktor.application.*
|
||||
import io.ktor.http.*
|
||||
import io.ktor.locations.*
|
||||
@@ -36,12 +37,12 @@ object AddMemberToWorkgroup {
|
||||
}
|
||||
|
||||
@KtorExperimentalLocationsAPI
|
||||
fun Route.addMemberToWorkgroup(repo: WorkgroupRepository) {
|
||||
fun Route.addMemberToWorkgroup(repo: WorkgroupRepository, voter: WorkgroupVoter) {
|
||||
/* Add members to workgroup */
|
||||
post<WorkgroupsMembersRequest> {
|
||||
repo.findById(it.workgroupId)?.let { workgroup ->
|
||||
call.getMembersFromRequest().let { members ->
|
||||
assertCan(WorkgroupVoter.ActionMembers.ADD, workgroup)
|
||||
voter.assert { canAddMembers(workgroup, citizenOrNull) }
|
||||
repo.addMembers(workgroup, members)
|
||||
}.let { members ->
|
||||
call.respond(HttpStatusCode.Created, members)
|
||||
|
||||
@@ -1,10 +1,11 @@
|
||||
package fr.dcproject.component.workgroup.routes.members
|
||||
|
||||
import fr.dcproject.citizenOrNull
|
||||
import fr.dcproject.component.citizen.CitizenRef
|
||||
import fr.dcproject.component.workgroup.WorkgroupRepository
|
||||
import fr.dcproject.component.workgroup.WorkgroupWithMembersI
|
||||
import fr.dcproject.security.voter.WorkgroupVoter
|
||||
import fr.ktorVoter.assertCan
|
||||
import fr.dcproject.component.workgroup.WorkgroupVoter
|
||||
import fr.dcproject.voter.assert
|
||||
import io.ktor.application.*
|
||||
import io.ktor.http.*
|
||||
import io.ktor.locations.*
|
||||
@@ -34,12 +35,12 @@ object DeleteMembersOfWorkgroup {
|
||||
)
|
||||
}
|
||||
|
||||
fun Route.deleteMemberOfWorkgroup(repo: WorkgroupRepository) {
|
||||
fun Route.deleteMemberOfWorkgroup(repo: WorkgroupRepository, voter: WorkgroupVoter) {
|
||||
/* Delete members of workgroup */
|
||||
delete<WorkgroupsMembersRequest> {
|
||||
repo.findById(it.workgroupId)?.let { workgroup ->
|
||||
call.getMembersFromRequest().let { members ->
|
||||
assertCan(WorkgroupVoter.ActionMembers.REMOVE, workgroup)
|
||||
voter.assert { canView(workgroup, citizenOrNull) }
|
||||
repo.removeMembers(workgroup, members)
|
||||
}.let { members ->
|
||||
call.respond(HttpStatusCode.OK, members)
|
||||
|
||||
@@ -1,10 +1,11 @@
|
||||
package fr.dcproject.component.workgroup.routes.members
|
||||
|
||||
import fr.dcproject.citizenOrNull
|
||||
import fr.dcproject.component.citizen.CitizenRef
|
||||
import fr.dcproject.component.workgroup.WorkgroupRepository
|
||||
import fr.dcproject.component.workgroup.WorkgroupWithMembersI
|
||||
import fr.dcproject.security.voter.WorkgroupVoter
|
||||
import fr.ktorVoter.assertCan
|
||||
import fr.dcproject.component.workgroup.WorkgroupVoter
|
||||
import fr.dcproject.voter.assert
|
||||
import io.ktor.application.*
|
||||
import io.ktor.http.*
|
||||
import io.ktor.locations.*
|
||||
@@ -34,12 +35,12 @@ object UpdateMemberOfWorkgroup {
|
||||
)
|
||||
}
|
||||
|
||||
fun Route.updateMemberOfWorkgroup(repo: WorkgroupRepository) {
|
||||
fun Route.updateMemberOfWorkgroup(repo: WorkgroupRepository, voter: WorkgroupVoter) {
|
||||
/* Update members of workgroup */
|
||||
put<WorkgroupsMembersRequest> {
|
||||
repo.findById(it.workgroupId)?.let { workgroup ->
|
||||
call.getMembersFromRequest().let { members ->
|
||||
assertCan(WorkgroupVoter.ActionMembers.UPDATE, workgroup)
|
||||
voter.assert { canUpdateMembers(workgroup, citizenOrNull) }
|
||||
repo.updateMembers(workgroup, members)
|
||||
}.let { members ->
|
||||
call.respond(HttpStatusCode.OK, members)
|
||||
|
||||
Reference in New Issue
Block a user