Role stuff

2024-09-29 16:10:11 +02:00 · 2023-12-25 12:58:49 +00:00 · 2023-12-25 12:58:49 +00:00 · dd9dd72f35
commit dd9dd72f35
parent 690720f4e3
5 changed files with 41 additions and 3 deletions
--- a/src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java
+++ b/src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java
@ -38,7 +38,7 @@ public class InitialSecuritySetup {
 				userService.saveUser(initialUsername, initialPassword, Role.ADMIN.getRoleId(), true);
 			}
-			userService.saveUser(Role.INTERNAL_API_USER.getRoleId(), UUID.randomUUID().toString(), Role.USER.getRoleId());
+			userService.saveUser(Role.INTERNAL_API_USER.getRoleId(), UUID.randomUUID().toString(), Role.INTERNAL_API_USER.getRoleId());
 			userService.addApiKeyToUser(Role.INTERNAL_API_USER.getRoleId());
 		}
 	}
--- a/src/main/java/stirling/software/SPDF/config/security/UserService.java
+++ b/src/main/java/stirling/software/SPDF/config/security/UserService.java
@ -18,6 +18,7 @@ import org.springframework.stereotype.Service;
 import stirling.software.SPDF.controller.api.pipeline.UserServiceInterface;
 import stirling.software.SPDF.model.Authority;
 import stirling.software.SPDF.model.Role;
 import stirling.software.SPDF.model.User;
 import stirling.software.SPDF.repository.UserRepository;
@Service
@ -137,6 +138,11 @@ public class UserService  implements UserServiceInterface{
    public void deleteUser(String username) {
    	 Optional<User> userOpt = userRepository.findByUsername(username);
         if (userOpt.isPresent()) {
        	 for (Authority authority : userOpt.get().getAuthorities()) {
 	             if (authority.getAuthority().equals(Role.INTERNAL_API_USER.getRoleId())) {
 	                 return;
 	             }
 	         }
        	 userRepository.delete(userOpt.get());
         }
    }
--- a/src/main/java/stirling/software/SPDF/controller/api/UserController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/UserController.java
@ -23,6 +23,7 @@ import org.springframework.web.servlet.view.RedirectView;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import stirling.software.SPDF.config.security.UserService;
 import stirling.software.SPDF.model.Role;
 import stirling.software.SPDF.model.User;
@Controller
@ -182,6 +183,18 @@ public class UserController {
    	if(userService.usernameExists(username)) {
    		return new RedirectView("/addUsers?messageType=usernameExists");
    	}
    	try {
            // Validate the role
            Role roleEnum = Role.fromString(role);
            if (roleEnum == Role.INTERNAL_API_USER) {
                // If the role is INTERNAL_API_USER, reject the request
                return new RedirectView("/addUsers?messageType=invalidRole");
            }
        } catch (IllegalArgumentException e) {
            // If the role ID is not valid, redirect with an error message
            return new RedirectView("/addUsers?messageType=invalidRole");
        }
        userService.saveUser(username, password, role, forceChange);
        return new RedirectView("/addUsers");  // Redirect to account page after adding the user
    }
--- a/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineController.java
@ -100,10 +100,12 @@ public class PipelineController {
 	@Autowired
 	ApplicationProperties applicationProperties;
-	@Autowired
+	@Autowired(required=false)
 	private UserServiceInterface userService;
 	private String getApiKeyForUser() {
 		if(userService == null)
 			return "";
 		return userService.getApiKeyForUser(Role.INTERNAL_API_USER.getRoleId());
 	}
--- a/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java
+++ b/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java
@ -1,4 +1,5 @@
 package stirling.software.SPDF.controller.web;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Optional;
@ -15,6 +16,8 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.servlet.http.HttpServletRequest;
 import stirling.software.SPDF.model.Authority;
 import stirling.software.SPDF.model.Role;
 import stirling.software.SPDF.model.User;
 import stirling.software.SPDF.repository.UserRepository;
@Controller
@ -46,7 +49,21 @@ public class AccountWebController {
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping("/addUsers")
 	public String showAddUserForm(Model model,  Authentication authentication) {
-	    List<User> allUsers = userRepository.findAll();
+		List<User> allUsers = userRepository.findAll();
 		Iterator<User> iterator = allUsers.iterator();
 		while(iterator.hasNext()) {
 		    User user = iterator.next();
 		    if(user != null) {
 		    	 for (Authority authority : user.getAuthorities()) {
 		             if (authority.getAuthority().equals(Role.INTERNAL_API_USER.getRoleId())) {
 		                 iterator.remove();
 		                 break; // Break out of the inner loop once the user is removed
 		             }
 		         }
 		    }
 		}
 	    model.addAttribute("users", allUsers);
 	    model.addAttribute("currentUsername", authentication.getName());
 	    return "addUsers";