From b10a8de29e80d1f82e91343ff77f7cae1ba856e4 Mon Sep 17 00:00:00 2001 From: this-Aditya Date: Tue, 12 Mar 2024 22:39:35 +0530 Subject: [PATCH 1/2] Replaced MEASUREMENT.CREATE permissions --- .../controller/NotificationStateEventController.java | 10 +++++----- .../appserver/controller/RadarProjectController.java | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/main/java/org/radarbase/appserver/controller/NotificationStateEventController.java b/src/main/java/org/radarbase/appserver/controller/NotificationStateEventController.java index 60d729c8..3deb789b 100644 --- a/src/main/java/org/radarbase/appserver/controller/NotificationStateEventController.java +++ b/src/main/java/org/radarbase/appserver/controller/NotificationStateEventController.java @@ -48,7 +48,7 @@ public NotificationStateEventController( this.notificationStateEventService = notificationStateEventService; } - @Authorized(permission = AuthPermissions.CREATE, entity = AuthEntities.MEASUREMENT) + @Authorized(permission = AuthPermissions.READ, entity = AuthEntities.PROJECT) @GetMapping( value = "/" @@ -64,8 +64,8 @@ public ResponseEntity> getNotificationStateEvent } @Authorized( - permission = AuthPermissions.CREATE, - entity = AuthEntities.MEASUREMENT, + permission = AuthPermissions.READ, + entity = AuthEntities.SUBJECT, permissionOn = PermissionOn.SUBJECT) @GetMapping( value = @@ -93,8 +93,8 @@ public ResponseEntity> getNotificationStateEvent } @Authorized( - permission = AuthPermissions.CREATE, - entity = AuthEntities.MEASUREMENT, + permission = AuthPermissions.UPDATE, + entity = AuthEntities.SUBJECT, permissionOn = PermissionOn.SUBJECT) @PostMapping( value = diff --git a/src/main/java/org/radarbase/appserver/controller/RadarProjectController.java b/src/main/java/org/radarbase/appserver/controller/RadarProjectController.java index a4b8062c..c833bcc2 100644 --- a/src/main/java/org/radarbase/appserver/controller/RadarProjectController.java +++ b/src/main/java/org/radarbase/appserver/controller/RadarProjectController.java @@ -120,8 +120,8 @@ public ResponseEntity addProject( * org.radarbase.appserver.exception.NotFoundException} if project was not found. */ @Authorized( - permission = AuthPermissions.CREATE, - entity = AuthEntities.MEASUREMENT, + permission = AuthPermissions.UPDATE, + entity = AuthEntities.PROJECT, permissionOn = PermissionOn.PROJECT) @PutMapping( value = "/" + PathsUtil.PROJECT_PATH + "/" + PathsUtil.PROJECT_ID_CONSTANT, @@ -160,7 +160,7 @@ public ResponseEntity getAllProjects(HttpServletRequest request) { } // TODO think about plain authorized - @Authorized(permission = AuthPermissions.CREATE, entity = AuthEntities.MEASUREMENT) + @Authorized(permission = AuthPermissions.READ, entity = AuthEntities.PROJECT) @GetMapping("/" + PathsUtil.PROJECT_PATH + "/project") public ResponseEntity getProjectsUsingId( HttpServletRequest request, @Valid @PathParam("id") Long id) { @@ -169,8 +169,8 @@ public ResponseEntity getProjectsUsingId( RadarToken token = (RadarToken) request.getAttribute(AuthAspect.TOKEN_KEY); if (authorization.hasPermission( token, - AuthPermissions.CREATE, - AuthEntities.MEASUREMENT, + AuthPermissions.READ, + AuthEntities.PROJECT, PermissionOn.PROJECT, projectDto.getProjectId(), null, From a556a1e8c9eaa977652542be5d093d6d67ae3fa1 Mon Sep 17 00:00:00 2001 From: this-Aditya Date: Fri, 15 Mar 2024 19:30:33 +0530 Subject: [PATCH 2/2] Changed permission to SUBJECT.UPDATE on PROJECT --- .../controller/RadarProjectController.java | 28 ++++++++++++++++--- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/src/main/java/org/radarbase/appserver/controller/RadarProjectController.java b/src/main/java/org/radarbase/appserver/controller/RadarProjectController.java index c833bcc2..f51de00d 100644 --- a/src/main/java/org/radarbase/appserver/controller/RadarProjectController.java +++ b/src/main/java/org/radarbase/appserver/controller/RadarProjectController.java @@ -121,15 +121,35 @@ public ResponseEntity addProject( */ @Authorized( permission = AuthPermissions.UPDATE, - entity = AuthEntities.PROJECT, + entity = AuthEntities.SUBJECT, permissionOn = PermissionOn.PROJECT) @PutMapping( value = "/" + PathsUtil.PROJECT_PATH + "/" + PathsUtil.PROJECT_ID_CONSTANT, consumes = {MediaType.APPLICATION_JSON_VALUE}) public ResponseEntity updateProject( - @Valid @PathParam("projectId") String projectId, @Valid @RequestBody ProjectDto projectDto) { - ProjectDto projectDto1 = this.projectService.updateProject(projectDto); - return ResponseEntity.ok(projectDto1); + @Valid @PathParam("projectId") String projectId, @Valid @RequestBody ProjectDto projectDto, + HttpServletRequest request) { + + if (authorization != null) { + RadarToken token = (RadarToken) request.getAttribute(AuthAspect.TOKEN_KEY); + if (authorization.hasPermission( + token, + AuthPermissions.UPDATE, + AuthEntities.SUBJECT, + PermissionOn.PROJECT, + projectDto.getProjectId(), + null, + null)) { + ProjectDto projectDto1 = this.projectService.updateProject(projectDto); + return ResponseEntity.ok(projectDto1); + } else { + throw new AuthorizationFailedException( + "The token does not have permission for the project " + projectDto.getProjectId()); + } + } else { + ProjectDto projectDto1 = this.projectService.updateProject(projectDto); + return ResponseEntity.ok(projectDto1); + } } @Authorized(permission = AuthPermissions.READ, entity = AuthEntities.PROJECT)