From 915094e49f54b6a116138ef52fd7ce1f26595070 Mon Sep 17 00:00:00 2001 From: gowthaman Date: Mon, 27 May 2024 20:04:04 +0530 Subject: [PATCH] some more permission related things --- src/main/kotlin/com/restapi/Main.kt | 9 +++++++-- src/main/kotlin/com/restapi/controllers/Entities.kt | 12 ++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/main/kotlin/com/restapi/Main.kt b/src/main/kotlin/com/restapi/Main.kt index 2394f5b..bc971f3 100644 --- a/src/main/kotlin/com/restapi/Main.kt +++ b/src/main/kotlin/com/restapi/Main.kt @@ -187,7 +187,12 @@ fun main(args: Array) { ) put("/{id}", FleetCtrl::update, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) post( - "/getAll", FleetCtrl::getAll, Roles(Role.Explicit("ROLE_FLEET_CREATE", "ROLE_FLEET_VIEW")) + "/getAll", FleetCtrl::getAll, Roles(Role.Explicit( + "ROLE_FLEET_CREATE", + "ROLE_FLEET_VIEW", + "ROLE_EXPENSE_CREATE", + "ROLE_EXPENSE_VIEW", + )) ) delete("/{id}", FleetCtrl::delete, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) } @@ -291,7 +296,7 @@ fun main(args: Array) { } } - get("/{entity}", Entities::getAll, Roles(adminRole, viewRole, appAdmin) ) + get("/{entity}", Entities::getAll) post("/{entity}/next", Entities::getNextSeqNo, Roles(adminRole, viewRole, appAdmin)) get("/{entity}/{id}", Entities::view, Roles(adminRole, viewRole, appAdmin)) post("/{entity}/search", Entities::search, Roles(adminRole, viewRole, appAdmin)) diff --git a/src/main/kotlin/com/restapi/controllers/Entities.kt b/src/main/kotlin/com/restapi/controllers/Entities.kt index c3b544e..41e6276 100644 --- a/src/main/kotlin/com/restapi/controllers/Entities.kt +++ b/src/main/kotlin/com/restapi/controllers/Entities.kt @@ -6,6 +6,8 @@ import com.fasterxml.jackson.databind.JsonDeserializer import com.fasterxml.jackson.databind.JsonNode import com.fasterxml.jackson.databind.annotation.JsonDeserialize import com.restapi.domain.* +import com.restapi.domain.Session.currentRoles +import com.restapi.domain.Session.currentUser import com.restapi.domain.Session.database import com.restapi.domain.Session.findDataModelByEntityAndUniqId import com.restapi.domain.Session.objectMapper @@ -136,6 +138,8 @@ object Entities { verifyKeys(sql.params) val entity = ctx.pathParam("entity").lowercase() + val noCreatedFilter = currentRoles().contains("ROLE_ADMIN") || sql.createdBy.isNullOrEmpty() + val createdFilter = if (noCreatedFilter) "" else "and created_by = :cBy" val searchJsonMap = sql.params.map { e -> Pair(e.key, e.value.getValue()) }.toMap() val fl = database.find(DataModel::class.java) .setRawSql( @@ -163,6 +167,7 @@ object Entities { where entity_name = :e and created_at between :from and :to and data @> cast(:search as jsonb) + $createdFilter order by sysPk """.trimIndent() ).create() @@ -171,6 +176,12 @@ object Entities { .setParameter("to", sql.dateRange.last().plusDays(1)) .setParameter("e", entity) .setParameter("search", objectMapper.writeValueAsString(searchJsonMap)) + .apply { + if (!noCreatedFilter) { + logger.warn("Set Created By Filter to ${currentUser()}") + setParameter("cBy", currentUser()) + } + } .findList() logger.warn("Search jsonMap [$searchJsonMap] => ${fl.size} entries") @@ -358,6 +369,7 @@ object Entities { data class SearchParams( val params: Map = mapOf(), + val createdBy: String?, val dateRange: List = listOf(LocalDate.now().minusDays(7), LocalDate.now()) )