DC/dc-project
1
1
Fork 0
Code Issues 25 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Add security for follow

Browse Source
This commit is contained in:
Fabrice Lecomte
2019-08-31 00:14:05 +02:00
parent 52dfaaf814
commit cb91c50e58
8 changed files with 75 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/main/kotlin/fr/dcproject/routes/FollowArticle.kt
View File

@@ -2,6 +2,8 @@ package fr.dcproject.routes
import fr.dcproject.citizen
import fr.dcproject.entity.Citizen
import fr.dcproject.security.voter.FollowVoter.Action.*
import fr.dcproject.security.voter.assertCan
import io.ktor.application.call
import io.ktor.http.HttpStatusCode
import io.ktor.locations.*
@@ -21,24 +23,21 @@ object FollowArticlePaths {
fun Route.followArticle(repo: FollowArticleRepository) {
post<FollowArticlePaths.ArticleFollowRequest> {
val follow = FollowEntity(target = it.article, createdBy = this.citizen)
// TODO create voter
// assertCan(FollowVoter.Action.CREATE, follow)
assertCan(CREATE, follow)
repo.follow(follow)
call.respond(HttpStatusCode.Created)
}
delete<FollowArticlePaths.ArticleFollowRequest> {
val follow = FollowEntity(target = it.article, createdBy = this.citizen)
// TODO create voter
// assertCan(FollowVoter.Action.DELETE, follow)
assertCan(DELETE, follow)
repo.unfollow(follow)
call.respond(HttpStatusCode.NoContent)
}
get<FollowArticlePaths.CitizenFollowArticleRequest> {
val follows = repo.findByCitizen(it.citizen)
// TODO add security
// assertCan(FollowVoter.Action.VIEW, follows)
assertCan(VIEW, follows.result)
call.respond(follows)
}
}

11
src/main/kotlin/fr/dcproject/routes/FollowConstitution.kt
View File

@@ -2,6 +2,8 @@ package fr.dcproject.routes
import fr.dcproject.citizen
import fr.dcproject.entity.Citizen
import fr.dcproject.security.voter.FollowVoter.Action.*
import fr.dcproject.security.voter.assertCan
import io.ktor.application.call
import io.ktor.http.HttpStatusCode
import io.ktor.locations.*
@@ -21,24 +23,21 @@ object FollowConstitutionPaths {
fun Route.followConstitution(repo: FollowConstitutionRepository) {
post<FollowConstitutionPaths.ConstitutionFollowRequest> {
val follow = FollowEntity(target = it.constitution, createdBy = this.citizen)
// TODO create voter
// assertCan(FollowVoter.Action.CREATE, follow)
assertCan(CREATE, follow)
repo.follow(follow)
call.respond(HttpStatusCode.Created)
}
delete<FollowConstitutionPaths.ConstitutionFollowRequest> {
val follow = FollowEntity(target = it.constitution, createdBy = this.citizen)
// TODO create voter
// assertCan(FollowVoter.Action.DELETE, follow)
assertCan(DELETE, follow)
repo.unfollow(follow)
call.respond(HttpStatusCode.NoContent)
}
get<FollowConstitutionPaths.CitizenFollowConstitutionRequest> {
val follows = repo.findByCitizen(it.citizen)
// TODO create voter
// assertCan(FollowVoter.Action.VIEW, follows)
assertCan(VIEW, follows.result)
call.respond(follows)
}
}