some more permission related things

2024-05-27 20:04:04 +05:30
parent c8d8458f8c
commit 915094e49f
2 changed files with 19 additions and 2 deletions
--- a/src/main/kotlin/com/restapi/controllers/Entities.kt
+++ b/src/main/kotlin/com/restapi/controllers/Entities.kt
@@ -6,6 +6,8 @@ import com.fasterxml.jackson.databind.JsonDeserializer
 import com.fasterxml.jackson.databind.JsonNode
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize
 import com.restapi.domain.*
+import com.restapi.domain.Session.currentRoles
+import com.restapi.domain.Session.currentUser
 import com.restapi.domain.Session.database
 import com.restapi.domain.Session.findDataModelByEntityAndUniqId
 import com.restapi.domain.Session.objectMapper
@@ -136,6 +138,8 @@ object Entities {
        verifyKeys(sql.params)

        val entity = ctx.pathParam("entity").lowercase()
+        val noCreatedFilter = currentRoles().contains("ROLE_ADMIN") || sql.createdBy.isNullOrEmpty()
+        val createdFilter = if (noCreatedFilter) "" else "and created_by = :cBy"
        val searchJsonMap = sql.params.map { e -> Pair(e.key, e.value.getValue()) }.toMap()
        val fl = database.find(DataModel::class.java)
            .setRawSql(
@@ -163,6 +167,7 @@ object Entities {
                where entity_name = :e
                  and created_at between :from and :to
                  and data @> cast(:search as jsonb)
+                  $createdFilter
                  order by sysPk
            """.trimIndent()
                ).create()
@@ -171,6 +176,12 @@ object Entities {
            .setParameter("to", sql.dateRange.last().plusDays(1))
            .setParameter("e", entity)
            .setParameter("search", objectMapper.writeValueAsString(searchJsonMap))
+            .apply {
+                if (!noCreatedFilter) {
+                    logger.warn("Set Created By Filter to ${currentUser()}")
+                    setParameter("cBy", currentUser())
+                }
+            }
            .findList()

        logger.warn("Search jsonMap [$searchJsonMap] => ${fl.size} entries")
@@ -358,6 +369,7 @@ object Entities {

 data class SearchParams(
    val params: Map<String, QueryParam> = mapOf(),
+    val createdBy: String?,
    val dateRange: List<LocalDate> = listOf(LocalDate.now().minusDays(7), LocalDate.now())
 )