diff --git a/server/data/src/main/kotlin/hu/bsstudio/bssweb/member/repository/MemberRepository.kt b/server/data/src/main/kotlin/hu/bsstudio/bssweb/member/repository/MemberRepository.kt index 7612b726..3e306142 100644 --- a/server/data/src/main/kotlin/hu/bsstudio/bssweb/member/repository/MemberRepository.kt +++ b/server/data/src/main/kotlin/hu/bsstudio/bssweb/member/repository/MemberRepository.kt @@ -2,6 +2,9 @@ package hu.bsstudio.bssweb.member.repository import hu.bsstudio.bssweb.member.entity.MemberEntity import org.springframework.data.repository.CrudRepository +import java.util.Optional import java.util.UUID -interface MemberRepository : CrudRepository +interface MemberRepository : CrudRepository { + fun findByNickname(nickName: String): Optional +} diff --git a/server/service/src/main/kotlin/hu/bsstudio/bssweb/member/service/DefaultMemberService.kt b/server/service/src/main/kotlin/hu/bsstudio/bssweb/member/service/DefaultMemberService.kt index 441eaf9e..74cfefa1 100644 --- a/server/service/src/main/kotlin/hu/bsstudio/bssweb/member/service/DefaultMemberService.kt +++ b/server/service/src/main/kotlin/hu/bsstudio/bssweb/member/service/DefaultMemberService.kt @@ -42,7 +42,12 @@ class DefaultMemberService( override fun findMemberById(memberIds: UUID): Optional { return repository.findById(memberIds) - .map(mapper::entityToModel) + .map(mapper::entityToModel) + } + + override fun findMemberByNickname(nickName: String): Optional { + return repository.findByNickname(nickName) + .map(mapper::entityToModel) } override fun removeMember(memberId: UUID) = repository.deleteById(memberId) diff --git a/server/service/src/main/kotlin/hu/bsstudio/bssweb/member/service/FileUpdatingMemberService.kt b/server/service/src/main/kotlin/hu/bsstudio/bssweb/member/service/FileUpdatingMemberService.kt index d4f63a77..b45d68f6 100644 --- a/server/service/src/main/kotlin/hu/bsstudio/bssweb/member/service/FileUpdatingMemberService.kt +++ b/server/service/src/main/kotlin/hu/bsstudio/bssweb/member/service/FileUpdatingMemberService.kt @@ -27,6 +27,10 @@ class FileUpdatingMemberService(private val server: MemberService, private val f return this.server.findMemberById(memberIds) } + override fun findMemberByNickname(nickName: String): Optional { + return this.server.findMemberByNickname(nickName) + } + override fun updateMember(memberId: UUID, updateMember: UpdateMember): Optional { return this.server.updateMember(memberId, updateMember) .map { fileClient.updateMemberFolder(FileUpdate(it.id, it.url)); it } diff --git a/server/service/src/main/kotlin/hu/bsstudio/bssweb/member/service/MemberService.kt b/server/service/src/main/kotlin/hu/bsstudio/bssweb/member/service/MemberService.kt index 3c7e140e..8036dc00 100644 --- a/server/service/src/main/kotlin/hu/bsstudio/bssweb/member/service/MemberService.kt +++ b/server/service/src/main/kotlin/hu/bsstudio/bssweb/member/service/MemberService.kt @@ -11,6 +11,7 @@ interface MemberService { fun insertMember(createMember: CreateMember): Member fun archiveMembers(memberIds: List, archive: Boolean = true): List fun findMemberById(memberIds: UUID): Optional + fun findMemberByNickname(nickName: String): Optional fun updateMember(memberId: UUID, updateMember: UpdateMember): Optional fun removeMember(memberId: UUID) } diff --git a/server/web/src/main/kotlin/hu/bsstudio/bssweb/event/controller/EventController.kt b/server/web/src/main/kotlin/hu/bsstudio/bssweb/event/controller/EventController.kt index 82304354..cc8e2d9d 100644 --- a/server/web/src/main/kotlin/hu/bsstudio/bssweb/event/controller/EventController.kt +++ b/server/web/src/main/kotlin/hu/bsstudio/bssweb/event/controller/EventController.kt @@ -7,6 +7,8 @@ import hu.bsstudio.bssweb.event.model.UpdateEvent import hu.bsstudio.bssweb.event.operation.EventOperation import hu.bsstudio.bssweb.event.service.EventService import org.springframework.http.ResponseEntity +import org.springframework.security.access.prepost.PreAuthorize +import org.springframework.security.core.context.SecurityContextHolder import org.springframework.web.bind.annotation.RestController import org.springframework.web.servlet.support.ServletUriComponentsBuilder import java.util.UUID @@ -19,7 +21,9 @@ class EventController(private val service: EventService) : EventOperation { .let { ResponseEntity.ok(it) } } + @PreAuthorize("!hasAnyRole('STATUS_MEMBER_CANDIDATE_CANDIDATE')") override fun createEvent(createEvent: CreateEvent): ResponseEntity { + println(SecurityContextHolder.getContext().authentication) return service.insertEvent(createEvent) .let { ResponseEntity.created(locationUri(it.id)).body(it) } } diff --git a/server/web/src/main/kotlin/hu/bsstudio/bssweb/security/config/SecurityConfig.kt b/server/web/src/main/kotlin/hu/bsstudio/bssweb/security/config/SecurityConfig.kt index 86666c82..62af72c6 100644 --- a/server/web/src/main/kotlin/hu/bsstudio/bssweb/security/config/SecurityConfig.kt +++ b/server/web/src/main/kotlin/hu/bsstudio/bssweb/security/config/SecurityConfig.kt @@ -1,16 +1,36 @@ package hu.bsstudio.bssweb.security.config +import hu.bsstudio.bssweb.member.service.MemberService +import org.springframework.beans.factory.annotation.Autowired import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration +import org.springframework.security.authentication.AuthenticationManager import org.springframework.security.config.Customizer +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity +import org.springframework.security.provisioning.JdbcUserDetailsManager import org.springframework.security.web.SecurityFilterChain + @Configuration @EnableWebSecurity class SecurityConfig { + @Bean + fun bssAuthenticationProvider() : BssAuthenticationProvider { + return BssAuthenticationProvider() + } + + @Bean + fun authManager(http: HttpSecurity, bssAuthenticationProvider: BssAuthenticationProvider): AuthenticationManager? { + return http + .getSharedObject(AuthenticationManagerBuilder::class.java) + .authenticationProvider(bssAuthenticationProvider) + .build() + } + + @Bean fun securityFilterChain(http: HttpSecurity): SecurityFilterChain { return http diff --git a/server/web/src/main/kotlin/hu/bsstudio/bssweb/video/controller/VideoController.kt b/server/web/src/main/kotlin/hu/bsstudio/bssweb/video/controller/VideoController.kt index e1bdfc39..f550ec81 100644 --- a/server/web/src/main/kotlin/hu/bsstudio/bssweb/video/controller/VideoController.kt +++ b/server/web/src/main/kotlin/hu/bsstudio/bssweb/video/controller/VideoController.kt @@ -9,6 +9,7 @@ import hu.bsstudio.bssweb.video.service.VideoService import org.springframework.data.domain.Page import org.springframework.data.domain.Pageable import org.springframework.http.ResponseEntity +import org.springframework.security.access.prepost.PreAuthorize import org.springframework.web.bind.annotation.RestController import org.springframework.web.servlet.support.ServletUriComponentsBuilder import java.util.UUID @@ -26,6 +27,7 @@ class VideoController(private val service: VideoService) : VideoOperation { .let { ResponseEntity.ok(it) } } + @PreAuthorize("hasAnyRole('asd', 'asd')") override fun createVideo(createVideo: CreateVideo): ResponseEntity