Index: src/main/java/com/db/finki/www/build_board/controller/channel/ChannelController.java =================================================================== --- src/main/java/com/db/finki/www/build_board/controller/channel/ChannelController.java (revision 29a7c0a1bbc694587ffaf85a326065e661b7b7d9) +++ src/main/java/com/db/finki/www/build_board/controller/channel/ChannelController.java (revision 19b635a60e3e3910683672135e9f596124254f90) @@ -29,5 +29,9 @@ private final ProjectAccessManagementService projectAccessManagementService; - public ChannelController(ChannelService channelService, MessageMapper messageMapper, MessageService messageService, ProjectService projectService, ProjectAccessManagementService projectAccessManagementService) { + public ChannelController( + ChannelService channelService, MessageMapper messageMapper, + MessageService messageService, ProjectService projectService, + ProjectAccessManagementService projectAccessManagementService + ) { this.channelService = channelService; this.messageMapper = messageMapper; @@ -37,8 +41,30 @@ } + private void checkIfAuthorized( + Model model, + Channel channel, + int userId, + int projectId, + String permission + ) { + if (!projectAccessManagementService.hasPermissionToAccessResource(userId, + permission, + channel + .getProjectResource() + .getId(), + projectId + )) { + System.out.println("vleze deny access"); + model.addAttribute("error", + "You dont have permission to access this channel"); + throw new RuntimeException("Unauthorized"); + } + } + @GetMapping() public String getChannels(@PathVariable("title") Project project, Model model) { List channels = channelService.getAllChannelsForProject(project); - model.addAttribute("channels", channels); + model.addAttribute("channels", + channels); return "channels/list-channels"; } @@ -46,67 +72,109 @@ @PreAuthorize("@projectService.getAllDevelopersForProject(#project).contains(#user)") @GetMapping("/{channelName}") - public String getChannel(@PathVariable String channelName, - @PathVariable("title") @P("project") Project project, - Model model, - RedirectAttributes redirectAttributes, - @SessionAttribute @P("user") BBUser user - ) { + public String getChannel( + @PathVariable String channelName, + @PathVariable("title") @P("project") Project project, + Model model, + RedirectAttributes redirectAttributes, + @SessionAttribute @P("user") BBUser user + ) { Channel c = (Channel) redirectAttributes.getAttribute("channel"); - if (c == null) { - c = channelService.getByNameAndProject(channelName, project); - model.addAttribute("channel", c); - model.addAttribute("messages", messageMapper.toDTO( - messageService.getAllMessagesForProjectChannel(project.getId(), channelName))); - model.addAttribute("developers", projectService.getAllDevelopersForProject(project)); + c = channelService.getByNameAndProject(channelName, + project); + model.addAttribute("channel", + c); + model.addAttribute("messages", + messageMapper.toDTO( + messageService.getAllMessagesForProjectChannel(project.getId(), + channelName))); + model.addAttribute("developers", + projectService.getAllDevelopersForProject(project)); } else { - model.addAttribute("channel", c); - } - if (!projectAccessManagementService.hasPermissionToAccessResource(user.getId(), - Permission.READ, - c.getProjectResource().getId(), - project.getId() - )){ - System.out.println("vleze deny access"); - model.addAttribute("error","You dont have permission to access this channel"); - return "redirect:/projects/" + project.getId(); + model.addAttribute("channel", + c); } - boolean canWrite = projectAccessManagementService - .hasPermissionToAccessResource(user.getId(),Permission.WRITE,c.getProjectResource().getId(),project.getId()); - model.addAttribute("canWrite", canWrite); + try { + checkIfAuthorized(model, + c, + user.getId(), + project.getId(), + Permission.READ + ); + boolean canWrite = projectAccessManagementService + .hasPermissionToAccessResource(user.getId(), + Permission.WRITE, + c + .getProjectResource() + .getId(), + project.getId()); + model.addAttribute("canWrite", + canWrite); return "channels/show-channel"; + } catch (RuntimeException e) { + if(e.getMessage().contains("Unauthorized")) { + return "redirect:/projects/" + project.getId(); + } + throw e; + } } - @PreAuthorize("@channelService.getByNameAndProject(#channelName,#project).getDeveloper().equals(#user)") + @PreAuthorize("@channelService.getByNameAndProject(#channelName,#project).getDeveloper()" + + ".equals(#user)") @PostMapping("/{channelName}/delete") - public String deleteChannel(@PathVariable @P("channelName") String channelName, @PathVariable("title") @P("project") Project project, - @SessionAttribute @P("user") BBUser user, - RedirectAttributes redirectAttributes, Model model) { - Channel c = channelService.getByNameAndProject(channelName, project); + public String deleteChannel( + @PathVariable @P("channelName") String channelName, @PathVariable("title") @P( + "project") Project project, + @SessionAttribute @P("user") BBUser user, + RedirectAttributes redirectAttributes, Model model + ) { + Channel c = channelService.getByNameAndProject(channelName, + project); - if (!projectAccessManagementService.hasPermissionToAccessResource(user.getId(), - Permission.DELETE, - c.getProjectResource().getId(), - project.getId() - )){ - model.addAttribute("error","You dont have permission to access this channel"); - return "redirect:/projects/" + project.getId(); + try{ + checkIfAuthorized(model,c,user.getId(),project.getId(),Permission.DELETE); + + channelService.deleteChannel(channelName, + project); + return "redirect:/projects/" + project.getTitle(); + }catch (RuntimeException e) { + if(e.getMessage().contains("Unauthorized")) { + return "redirect:/projects/" + project.getId(); + } + throw e; } - - channelService.deleteChannel(channelName, project); - return "redirect:/projects/" + project.getTitle(); } @PreAuthorize("@projectService.getAllDevelopersForProject(#project).contains(#user)") @PostMapping("/add") - public String add(@PathVariable("title") @P("project") Project project, @RequestParam String channelName, @RequestParam String channelDescription, @SessionAttribute @P("user") BBUser user, RedirectAttributes redirectAttributes) { + public String add( + @PathVariable("title") @P("project") Project project, + @RequestParam String channelName, @RequestParam String channelDescription, + @SessionAttribute @P("user") BBUser user, RedirectAttributes redirectAttributes, + Model model + ) { try { - Channel channel = channelService.create(project, channelName, channelDescription, user); - redirectAttributes.addFlashAttribute("channel", channel); + Channel channel = channelService.create(project, + channelName, + channelDescription, + user); + + try{ + checkIfAuthorized(model,channel,user.getId(),project.getId(),Permission.CREATE); + redirectAttributes.addFlashAttribute("channel", + channel); + }catch (RuntimeException e) { + if(e.getMessage().contains("Unauthorized")) { + return "redirect:/projects/" + project.getId(); + } + throw e; + } + } catch (Exception e) { - redirectAttributes.addFlashAttribute("error", e.getMessage()); + redirectAttributes.addFlashAttribute("error", + e.getMessage()); }