Fix Admin access

bbd17ee0 · Michael Breu · 645c056e · bbd17ee0 · bbd17ee0 · bbd17ee0
Commit bbd17ee0 authored 3 years ago by Michael Breu
--- a/src/main/java/at/ac/uibk/gitsearch/web/rest/UserWatchListResource.java
+++ b/src/main/java/at/ac/uibk/gitsearch/web/rest/UserWatchListResource.java
@@ -28,6 +28,8 @@ import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.servlet.support.ServletUriComponentsBuilder;

+import at.ac.uibk.gitsearch.security.AuthoritiesConstants;
+import at.ac.uibk.gitsearch.security.SecurityUtils;
 import at.ac.uibk.gitsearch.security.jwt.TokenProvider;
 import at.ac.uibk.gitsearch.service.SearchService;
 import at.ac.uibk.gitsearch.service.UserService;
@@ -90,9 +92,21 @@ public class UserWatchListResource {
     * @throws URISyntaxException if the Location URI syntax is incorrect.
     */
    @PostMapping("/user-watch-lists")
-    @PreAuthorize("hasAnyRole('ADMIN')")
    public ResponseEntity<UserWatchListDTO> createUserWatchList(@Valid @RequestBody UserWatchListDTO userWatchListDTO) throws URISyntaxException {
        log.debug("REST request to save UserWatchList : {}", userWatchListDTO);
+       if(tokenProvider.getCurrentPrincipal().isEmpty()) {
+           log.debug("unknown user cannot create watchlist {}", userWatchListDTO.getName());
+           return ResponseEntity.badRequest().build();
+       }
+       if(userWatchListDTO.getUserIdId() == null) {
+    	   Optional<at.ac.uibk.gitsearch.domain.User> u =  userService.getUserWithAuthoritiesByLogin(SecurityUtils.getCurrentUserLogin().get());
+    	   if(u.isEmpty()) {
+               log.debug(" user not found, cannot create watchlist {}", userWatchListDTO.getName());
+               return ResponseEntity.badRequest().build();
+    	   }
+    	   userWatchListDTO.setUserIdId(u.get().getId());
+    	   userWatchListDTO.setUserIdLogin(u.get().getLastName());
+       }
        if (userWatchListDTO.getId() != null) {
            throw new BadRequestAlertException("A new userWatchList cannot already have an ID", ENTITY_NAME, "idexists");
        }

--- a/src/main/webapp/app/bookmarks/bookmarks-update.component.html
+++ b/src/main/webapp/app/bookmarks/bookmarks-update.component.html
@@ -35,13 +35,13 @@
                        <option [ngValue]="userOption.id" *ngFor="let userOption of users; trackBy: trackById">{{ userOption.login }}</option>
                    </select>
                </div>
- -->                
                <div *ngIf="editForm.get('userIdId')!.invalid && (editForm.get('userIdId')!.dirty || editForm.get('userIdId')!.touched)">
                    <small class="form-text text-danger"
                           *ngIf="editForm.get('userIdId')?.errors?.required" jhiTranslate="entity.validation.required">
                        This field is required.
                    </small>
                </div>
+ -->                
            </div>

            <div>

--- a/src/main/webapp/app/bookmarks/bookmarks-update.component.ts
+++ b/src/main/webapp/app/bookmarks/bookmarks-update.component.ts
@@ -21,7 +21,7 @@ export class UserWatchListUpdateComponent implements OnInit {
  editForm = this.fb.group({
    id: [],
    name: [null, [Validators.required, Validators.minLength(1)]],
-    userIdId: [null, Validators.required],
+    userIdId: [null],
  });

  constructor(

--- a/src/main/webapp/app/bookmarks/bookmarks.route.ts
+++ b/src/main/webapp/app/bookmarks/bookmarks.route.ts
@@ -32,7 +32,8 @@ export class BookmarksResolve implements Resolve<IUserWatchList> {
        })
      );
    }
-    return of(new UserWatchList());
+    const uwl = new UserWatchList();
+    return of(uwl);
  }
 }