feat(#1): Add permission and role model
This commit is contained in:
@@ -9,6 +9,7 @@ import org.springframework.core.io.Resource
|
||||
import org.springframework.http.HttpHeaders
|
||||
import org.springframework.http.MediaType
|
||||
import org.springframework.http.ResponseEntity
|
||||
import org.springframework.security.access.prepost.PreAuthorize
|
||||
import org.springframework.web.bind.annotation.RestController
|
||||
import java.util.UUID
|
||||
|
||||
@@ -20,6 +21,7 @@ class ApplicationFormController(
|
||||
val applicationFormFormatService: ApplicationFormFormatService
|
||||
) : ApplicationFormApi {
|
||||
|
||||
@PreAuthorize("hasAnyRole('CHIEF_EXECUTIVE_OFFICER', 'BUSINESS_DEPARTMENT', 'IT_DEPARTMENT', 'HUMAN_RESOURCES', 'HEAD_OF_WORKS_COUNCIL', 'WORKS_COUNCIL')")
|
||||
override fun createApplicationForm(createApplicationFormDto: CreateApplicationFormDto): ResponseEntity<ApplicationFormDto> {
|
||||
val updatedCreateApplicationFormDto = createApplicationFormDto.copy(isTemplate = false)
|
||||
return ResponseEntity.ok(
|
||||
@@ -29,6 +31,7 @@ class ApplicationFormController(
|
||||
)
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAnyRole('CHIEF_EXECUTIVE_OFFICER', 'BUSINESS_DEPARTMENT', 'IT_DEPARTMENT', 'HUMAN_RESOURCES', 'HEAD_OF_WORKS_COUNCIL', 'WORKS_COUNCIL', 'EMPLOYEE')")
|
||||
override fun getAllApplicationForms(organizationId: String?): ResponseEntity<PagedApplicationFormDto> {
|
||||
return ResponseEntity.ok(
|
||||
pagedApplicationFormMapper.toPagedApplicationFormDto(
|
||||
@@ -37,6 +40,7 @@ class ApplicationFormController(
|
||||
)
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAnyRole('CHIEF_EXECUTIVE_OFFICER', 'BUSINESS_DEPARTMENT', 'IT_DEPARTMENT', 'HUMAN_RESOURCES', 'HEAD_OF_WORKS_COUNCIL', 'WORKS_COUNCIL', 'EMPLOYEE')")
|
||||
override fun getApplicationFormById(id: UUID): ResponseEntity<ApplicationFormDto> {
|
||||
return ResponseEntity.ok(
|
||||
applicationFormMapper.toApplicationFormDto(
|
||||
@@ -45,6 +49,7 @@ class ApplicationFormController(
|
||||
)
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAnyRole('CHIEF_EXECUTIVE_OFFICER', 'BUSINESS_DEPARTMENT', 'IT_DEPARTMENT', 'HUMAN_RESOURCES', 'HEAD_OF_WORKS_COUNCIL', 'WORKS_COUNCIL', 'EMPLOYEE')")
|
||||
override fun getApplicationFormHtml(id: UUID): ResponseEntity<String> {
|
||||
val applicationForm = applicationFormService.getApplicationFormById(id)
|
||||
return ResponseEntity.ok(
|
||||
@@ -52,6 +57,7 @@ class ApplicationFormController(
|
||||
)
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAnyRole('CHIEF_EXECUTIVE_OFFICER', 'BUSINESS_DEPARTMENT', 'IT_DEPARTMENT', 'HUMAN_RESOURCES', 'HEAD_OF_WORKS_COUNCIL', 'WORKS_COUNCIL', 'EMPLOYEE')")
|
||||
override fun getApplicationFormPdf(id: UUID): ResponseEntity<Resource> {
|
||||
val applicationForm = applicationFormService.getApplicationFormById(id)
|
||||
val pdfBytes = applicationFormFormatService.generatePdf(applicationForm)
|
||||
@@ -62,6 +68,7 @@ class ApplicationFormController(
|
||||
.body(resource)
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAnyRole('CHIEF_EXECUTIVE_OFFICER', 'BUSINESS_DEPARTMENT', 'IT_DEPARTMENT', 'HUMAN_RESOURCES', 'HEAD_OF_WORKS_COUNCIL', 'WORKS_COUNCIL')")
|
||||
override fun updateApplicationForm(
|
||||
id: UUID,
|
||||
applicationFormDto: ApplicationFormDto
|
||||
@@ -73,11 +80,13 @@ class ApplicationFormController(
|
||||
)
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAnyRole('CHIEF_EXECUTIVE_OFFICER', 'BUSINESS_DEPARTMENT', 'IT_DEPARTMENT', 'HUMAN_RESOURCES', 'HEAD_OF_WORKS_COUNCIL', 'WORKS_COUNCIL')")
|
||||
override fun deleteApplicationForm(id: UUID): ResponseEntity<Unit> {
|
||||
applicationFormService.deleteApplicationFormByID(id)
|
||||
return ResponseEntity.noContent().build()
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAnyRole('CHIEF_EXECUTIVE_OFFICER', 'BUSINESS_DEPARTMENT', 'IT_DEPARTMENT', 'HUMAN_RESOURCES', 'HEAD_OF_WORKS_COUNCIL', 'WORKS_COUNCIL')")
|
||||
override fun submitApplicationForm(id: UUID): ResponseEntity<ApplicationFormDto> {
|
||||
return ResponseEntity.ok(
|
||||
applicationFormMapper.toApplicationFormDto(
|
||||
|
||||
@@ -7,6 +7,7 @@ import com.betriebsratkanzlei.legalconsenthub_api.model.ApplicationFormDto
|
||||
import com.betriebsratkanzlei.legalconsenthub_api.model.CreateApplicationFormDto
|
||||
import com.betriebsratkanzlei.legalconsenthub_api.model.PagedApplicationFormDto
|
||||
import org.springframework.http.ResponseEntity
|
||||
import org.springframework.security.access.prepost.PreAuthorize
|
||||
import org.springframework.web.bind.annotation.RestController
|
||||
import java.util.UUID
|
||||
|
||||
@@ -17,6 +18,7 @@ class ApplicationFormTemplateController(
|
||||
val applicationFormMapper: ApplicationFormMapper,
|
||||
) : ApplicationFormTemplateApi {
|
||||
|
||||
@PreAuthorize("hasAnyRole('CHIEF_EXECUTIVE_OFFICER', 'BUSINESS_DEPARTMENT', 'IT_DEPARTMENT', 'HUMAN_RESOURCES', 'HEAD_OF_WORKS_COUNCIL', 'WORKS_COUNCIL')")
|
||||
override fun createApplicationFormTemplate(createApplicationFormDto: CreateApplicationFormDto): ResponseEntity<ApplicationFormDto> {
|
||||
return ResponseEntity.ok(
|
||||
applicationFormMapper.toApplicationFormDto(
|
||||
@@ -25,6 +27,7 @@ class ApplicationFormTemplateController(
|
||||
)
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAnyRole('CHIEF_EXECUTIVE_OFFICER', 'BUSINESS_DEPARTMENT', 'IT_DEPARTMENT', 'HUMAN_RESOURCES', 'HEAD_OF_WORKS_COUNCIL', 'WORKS_COUNCIL')")
|
||||
override fun getAllApplicationFormTemplates(): ResponseEntity<PagedApplicationFormDto> {
|
||||
return ResponseEntity.ok(
|
||||
pagedApplicationFormMapper.toPagedApplicationFormDto(
|
||||
@@ -33,6 +36,7 @@ class ApplicationFormTemplateController(
|
||||
)
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAnyRole('CHIEF_EXECUTIVE_OFFICER', 'BUSINESS_DEPARTMENT', 'IT_DEPARTMENT', 'HUMAN_RESOURCES', 'HEAD_OF_WORKS_COUNCIL', 'WORKS_COUNCIL')")
|
||||
override fun getApplicationFormTemplateById(id: UUID): ResponseEntity<ApplicationFormDto> {
|
||||
return ResponseEntity.ok(
|
||||
applicationFormMapper.toApplicationFormDto(
|
||||
@@ -41,6 +45,7 @@ class ApplicationFormTemplateController(
|
||||
)
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAnyRole('CHIEF_EXECUTIVE_OFFICER', 'BUSINESS_DEPARTMENT', 'IT_DEPARTMENT', 'HUMAN_RESOURCES', 'HEAD_OF_WORKS_COUNCIL', 'WORKS_COUNCIL')")
|
||||
override fun updateApplicationFormTemplate(
|
||||
id: UUID,
|
||||
applicationFormDto: ApplicationFormDto
|
||||
@@ -52,6 +57,7 @@ class ApplicationFormTemplateController(
|
||||
)
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAnyRole('CHIEF_EXECUTIVE_OFFICER', 'BUSINESS_DEPARTMENT', 'IT_DEPARTMENT', 'HUMAN_RESOURCES', 'HEAD_OF_WORKS_COUNCIL', 'WORKS_COUNCIL')")
|
||||
override fun deleteApplicationFormTemplate(id: UUID): ResponseEntity<Unit> {
|
||||
applicationFormTemplateService.deleteApplicationFormTemplateByID(id)
|
||||
return ResponseEntity.noContent().build()
|
||||
|
||||
@@ -5,6 +5,7 @@ import com.betriebsratkanzlei.legalconsenthub_api.model.CommentDto
|
||||
import com.betriebsratkanzlei.legalconsenthub_api.model.CreateCommentDto
|
||||
import com.betriebsratkanzlei.legalconsenthub_api.model.PagedCommentDto
|
||||
import org.springframework.http.ResponseEntity
|
||||
import org.springframework.security.access.prepost.PreAuthorize
|
||||
import org.springframework.web.bind.annotation.RestController
|
||||
import java.util.UUID
|
||||
|
||||
@@ -12,6 +13,7 @@ import java.util.UUID
|
||||
class CommentController(
|
||||
val commentService: CommentService, val commentMapper: CommentMapper, val pagedCommentMapper: PagedCommentMapper
|
||||
) : CommentApi {
|
||||
@PreAuthorize("hasAnyRole('CHIEF_EXECUTIVE_OFFICER', 'BUSINESS_DEPARTMENT', 'IT_DEPARTMENT', 'HUMAN_RESOURCES', 'HEAD_OF_WORKS_COUNCIL', 'WORKS_COUNCIL', 'EMPLOYEE')")
|
||||
override fun createComment(
|
||||
applicationFormId: UUID,
|
||||
formElementId: UUID,
|
||||
@@ -24,6 +26,7 @@ class CommentController(
|
||||
)
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAnyRole('CHIEF_EXECUTIVE_OFFICER', 'BUSINESS_DEPARTMENT', 'IT_DEPARTMENT', 'HUMAN_RESOURCES', 'HEAD_OF_WORKS_COUNCIL', 'WORKS_COUNCIL', 'EMPLOYEE')")
|
||||
override fun getCommentsByApplicationFormId(applicationFormId: UUID): ResponseEntity<PagedCommentDto> {
|
||||
return ResponseEntity.ok(
|
||||
pagedCommentMapper.toPagedCommentDto(
|
||||
@@ -32,6 +35,7 @@ class CommentController(
|
||||
)
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAnyRole('CHIEF_EXECUTIVE_OFFICER', 'BUSINESS_DEPARTMENT', 'IT_DEPARTMENT', 'HUMAN_RESOURCES', 'HEAD_OF_WORKS_COUNCIL', 'WORKS_COUNCIL', 'EMPLOYEE')")
|
||||
override fun updateComment(id: UUID, commentDto: CommentDto): ResponseEntity<CommentDto> {
|
||||
return ResponseEntity.ok(
|
||||
commentMapper.toCommentDto(
|
||||
@@ -40,6 +44,7 @@ class CommentController(
|
||||
)
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAnyRole('CHIEF_EXECUTIVE_OFFICER', 'BUSINESS_DEPARTMENT', 'IT_DEPARTMENT', 'HUMAN_RESOURCES', 'HEAD_OF_WORKS_COUNCIL', 'WORKS_COUNCIL')")
|
||||
override fun deleteComment(id: UUID): ResponseEntity<Unit> {
|
||||
commentService.deleteCommentByID(id)
|
||||
return ResponseEntity.noContent().build()
|
||||
|
||||
@@ -3,18 +3,15 @@ package com.betriebsratkanzlei.legalconsenthub.config
|
||||
import com.betriebsratkanzlei.legalconsenthub.security.CustomJwtAuthenticationConverter
|
||||
import org.springframework.context.annotation.Bean
|
||||
import org.springframework.context.annotation.Configuration
|
||||
import org.springframework.core.annotation.Order
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||
import org.springframework.security.config.annotation.web.invoke
|
||||
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
|
||||
import org.springframework.security.oauth2.jwt.JwtDecoder
|
||||
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder
|
||||
import org.springframework.security.web.SecurityFilterChain
|
||||
import org.springframework.http.HttpMethod
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@EnableMethodSecurity
|
||||
class SecurityConfig {
|
||||
|
||||
@Bean
|
||||
|
||||
@@ -3,18 +3,23 @@ package com.betriebsratkanzlei.legalconsenthub.security
|
||||
import org.springframework.core.convert.converter.Converter
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken
|
||||
import org.springframework.security.core.GrantedAuthority
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority
|
||||
import org.springframework.security.oauth2.jwt.Jwt
|
||||
import org.springframework.stereotype.Component
|
||||
|
||||
@Component
|
||||
class CustomJwtAuthenticationConverter : Converter<Jwt, AbstractAuthenticationToken> {
|
||||
override fun convert(jwt: Jwt): AbstractAuthenticationToken {
|
||||
val authorities: Collection<GrantedAuthority> = emptyList()
|
||||
|
||||
val userId = jwt.subject
|
||||
val username = jwt.getClaimAsString("name")
|
||||
val realmAccess = jwt.getClaimAsMap("realm_access")
|
||||
val roles = (realmAccess?.get("roles") as? List<*>)?.mapNotNull { it as? String } ?: emptyList()
|
||||
|
||||
val resourceAccess = jwt.getClaimAsMap("resource_access") as? Map<*, *>
|
||||
val legalconsenthubResource = resourceAccess?.get("legalconsenthub") as? Map<*, *>
|
||||
val roles = (legalconsenthubResource?.get("roles") as? List<*>)?.mapNotNull { it as? String } ?: emptyList()
|
||||
|
||||
val authorities: Collection<GrantedAuthority> = roles.map { role ->
|
||||
SimpleGrantedAuthority("ROLE_$role")
|
||||
}
|
||||
|
||||
val principal = CustomJwtTokenPrincipal(userId, username, roles)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user