Fix Admin access

4750e22d · Michael Breu · 3ae08dec · 4750e22d · 4750e22d
Commit 4750e22d authored 3 years ago by Michael Breu
--- a/src/main/java/at/ac/uibk/gitsearch/security/AuthoritiesConstants.java
+++ b/src/main/java/at/ac/uibk/gitsearch/security/AuthoritiesConstants.java
 package at.ac.uibk.gitsearch.security;

+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+
 /**
 * Constants for Spring Security authorities.
 */
@@ -10,7 +13,37 @@ public final class AuthoritiesConstants {
    public static final String USER = "ROLE_USER";

    public static final String ANONYMOUS = "ROLE_ANONYMOUS";
+    
+    /** just a convenience enum to access authorities in all their variants */
+    public enum AuthoritiesConstantEnum {
+    	ADMIN(AuthoritiesConstants.ADMIN), USER(AuthoritiesConstants.USER), ANONYMOUS(AuthoritiesConstants.ANONYMOUS);
+    	
+    	private String name;
+    	private GrantedAuthority grantedAuthority;
+    	AuthoritiesConstantEnum(String name) {
+    		this.name = name;
+    		grantedAuthority = new SimpleGrantedAuthority(name);
+    	}
+
+    	/**
+    	 * @return the name
+    	 */
+    	public String getName() {
+    		return name;
+    	}
+
+    	/**
+    	 * @return the grantedAuthority
+    	 */
+    	public GrantedAuthority getGrantedAuthority() {
+    		return grantedAuthority;
+    	}
+
+    }
+    
+    public static final GrantedAuthority ADMIN_AUTHORITY = new SimpleGrantedAuthority(ADMIN);

    private AuthoritiesConstants() {
    }
+
 }
--- a/src/main/java/at/ac/uibk/gitsearch/service/UserWatchListService.java
+++ b/src/main/java/at/ac/uibk/gitsearch/service/UserWatchListService.java
@@ -16,6 +16,7 @@ import org.springframework.transaction.annotation.Transactional;

 import at.ac.uibk.gitsearch.domain.UserWatchList;
 import at.ac.uibk.gitsearch.repository.UserWatchListRepository;
+import at.ac.uibk.gitsearch.security.AuthoritiesConstants.AuthoritiesConstantEnum;
 import at.ac.uibk.gitsearch.security.jwt.TokenProvider;
 import at.ac.uibk.gitsearch.service.dto.UserWatchListDTO;
 import at.ac.uibk.gitsearch.service.mapper.UserWatchListMapper;
@@ -54,6 +55,9 @@ public class UserWatchListService {
    		log.warn("Cannot find a principal for watchlist {} for exercise {}", watchlistId, description);
            throw new IllegalAccessError("Cannot find a principal");
    	}
+		if(currentPrincipal.get().getAuthorities().contains(AuthoritiesConstantEnum.ADMIN.getGrantedAuthority())) {
+			return; // ADMIN is always allowed
+		}
    	final Optional<UserWatchListDTO> watchListO = findOne(watchlistId);
    	if(watchListO.isEmpty()) {
    		log.warn("Cannot find watchlist for : {} for exercise {}", watchlistId, description);