Role stuff

2023-12-25 12:58:49 +00:00 · 2023-12-25 12:58:49 +00:00 · dd9dd72f35
commit dd9dd72f35
parent 690720f4e3
5 changed files with 41 additions and 3 deletions
--- a/src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java
+++ b/src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java
@ -38,7 +38,7 @@ public class InitialSecuritySetup {
 				userService.saveUser(initialUsername, initialPassword, Role.ADMIN.getRoleId(), true);
 			}
 			
-			userService.saveUser(Role.INTERNAL_API_USER.getRoleId(), UUID.randomUUID().toString(), Role.USER.getRoleId());
+			userService.saveUser(Role.INTERNAL_API_USER.getRoleId(), UUID.randomUUID().toString(), Role.INTERNAL_API_USER.getRoleId());
 			userService.addApiKeyToUser(Role.INTERNAL_API_USER.getRoleId());
 		}
 	}
--- a/src/main/java/stirling/software/SPDF/config/security/UserService.java
+++ b/src/main/java/stirling/software/SPDF/config/security/UserService.java
@ -18,6 +18,7 @@ import org.springframework.stereotype.Service;

 import stirling.software.SPDF.controller.api.pipeline.UserServiceInterface;
 import stirling.software.SPDF.model.Authority;
+import stirling.software.SPDF.model.Role;
 import stirling.software.SPDF.model.User;
 import stirling.software.SPDF.repository.UserRepository;
@Service
@ -137,6 +138,11 @@ public class UserService  implements UserServiceInterface{
    public void deleteUser(String username) {
    	 Optional<User> userOpt = userRepository.findByUsername(username);
         if (userOpt.isPresent()) {
+        	 for (Authority authority : userOpt.get().getAuthorities()) {
+	             if (authority.getAuthority().equals(Role.INTERNAL_API_USER.getRoleId())) {
+	                 return;
+	             }
+	         }
        	 userRepository.delete(userOpt.get());
         }
    }
--- a/src/main/java/stirling/software/SPDF/controller/api/UserController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/UserController.java
@ -23,6 +23,7 @@ import org.springframework.web.servlet.view.RedirectView;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import stirling.software.SPDF.config.security.UserService;
+import stirling.software.SPDF.model.Role;
 import stirling.software.SPDF.model.User;

@Controller
@ -182,6 +183,18 @@ public class UserController {
    	if(userService.usernameExists(username)) {
    		return new RedirectView("/addUsers?messageType=usernameExists");
    	}
+    	try {
+            // Validate the role
+            Role roleEnum = Role.fromString(role);
+            if (roleEnum == Role.INTERNAL_API_USER) {
+                // If the role is INTERNAL_API_USER, reject the request
+                return new RedirectView("/addUsers?messageType=invalidRole");
+            }
+        } catch (IllegalArgumentException e) {
+            // If the role ID is not valid, redirect with an error message
+            return new RedirectView("/addUsers?messageType=invalidRole");
+        }
+    	
        userService.saveUser(username, password, role, forceChange);
        return new RedirectView("/addUsers");  // Redirect to account page after adding the user
    }
--- a/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineController.java
@ -100,10 +100,12 @@ public class PipelineController {
 	@Autowired
 	ApplicationProperties applicationProperties;
 	
-	@Autowired
+	@Autowired(required=false)
 	private UserServiceInterface userService;

 	private String getApiKeyForUser() {
+		if(userService == null)
+			return "";
 		return userService.getApiKeyForUser(Role.INTERNAL_API_USER.getRoleId());
 	}
 	
--- a/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java
+++ b/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java
@ -1,4 +1,5 @@
 package stirling.software.SPDF.controller.web;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Optional;

@ -15,6 +16,8 @@ import com.fasterxml.jackson.databind.ObjectMapper;

 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.servlet.http.HttpServletRequest;
+import stirling.software.SPDF.model.Authority;
+import stirling.software.SPDF.model.Role;
 import stirling.software.SPDF.model.User;
 import stirling.software.SPDF.repository.UserRepository;
@Controller
@ -46,7 +49,21 @@ public class AccountWebController {
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping("/addUsers")
 	public String showAddUserForm(Model model,  Authentication authentication) {
-	    List<User> allUsers = userRepository.findAll();
+		List<User> allUsers = userRepository.findAll();
+		Iterator<User> iterator = allUsers.iterator();
+
+		while(iterator.hasNext()) {
+		    User user = iterator.next();
+		    if(user != null) {
+		    	 for (Authority authority : user.getAuthorities()) {
+		             if (authority.getAuthority().equals(Role.INTERNAL_API_USER.getRoleId())) {
+		                 iterator.remove();
+		                 break; // Break out of the inner loop once the user is removed
+		             }
+		         }
+		    }
+		}
+
 	    model.addAttribute("users", allUsers);
 	    model.addAttribute("currentUsername", authentication.getName());
 	    return "addUsers";