Merge branch 'csrf' into invite-link-update
# Conflicts: # src/main/java/mops/gruppen2/service/ControllerService.java # src/main/resources/schema.sql
This commit is contained in:
Christoph
@ -54,6 +54,7 @@ public class WebController {
|
||||
* @param model tolles model
|
||||
* @return index.html
|
||||
*/
|
||||
|
||||
@RolesAllowed({"ROLE_orga", "ROLE_studentin", "ROLE_actuator"})
|
||||
@GetMapping("")
|
||||
public String index(KeycloakAuthenticationToken token, Model model) throws EventException {
|
||||
@ -67,7 +68,7 @@ public class WebController {
|
||||
|
||||
@RolesAllowed({"ROLE_orga", "ROLE_actuator)"})
|
||||
@GetMapping("/createOrga")
|
||||
public String createOrga(KeycloakAuthenticationToken token, Model model) {
|
||||
public String createGroupAsOrga(KeycloakAuthenticationToken token, Model model) {
|
||||
Account account = keyCloakService.createAccountFromPrincipal(token);
|
||||
model.addAttribute("account", account);
|
||||
model.addAttribute("lectures", groupService.getAllLecturesWithVisibilityPublic());
|
||||
@ -76,29 +77,28 @@ public class WebController {
|
||||
|
||||
@RolesAllowed({"ROLE_orga", "ROLE_actuator)"})
|
||||
@PostMapping("/createOrga")
|
||||
public String pCreateOrga(KeycloakAuthenticationToken token,
|
||||
@RequestParam("title") String title,
|
||||
@RequestParam("description") String description,
|
||||
@RequestParam(value = "visibility", required = false) Boolean visibility,
|
||||
@RequestParam(value = "lecture", required = false) Boolean lecture,
|
||||
@RequestParam("userMaximum") Long userMaximum,
|
||||
@RequestParam(value = "maxInfiniteUsers", required = false) Boolean maxInfiniteUsers,
|
||||
@RequestParam(value = "parent", required = false) String parent,
|
||||
@RequestParam(value = "file", required = false) MultipartFile file) throws IOException, EventException {
|
||||
public String postCrateGroupAsOrga(KeycloakAuthenticationToken token,
|
||||
@RequestParam("title") String title,
|
||||
@RequestParam("description") String description,
|
||||
@RequestParam(value = "visibility", required = false) Boolean visibility,
|
||||
@RequestParam(value = "lecture", required = false) Boolean lecture,
|
||||
@RequestParam("userMaximum") Long userMaximum,
|
||||
@RequestParam(value = "maxInfiniteUsers", required = false) Boolean maxInfiniteUsers,
|
||||
@RequestParam(value = "parent", required = false) String parent,
|
||||
@RequestParam(value = "file", required = false) MultipartFile file) throws IOException, EventException {
|
||||
|
||||
Account account = keyCloakService.createAccountFromPrincipal(token);
|
||||
UUID parentUUID = controllerService.getUUID(parent);
|
||||
List<User> userList = new ArrayList<>();
|
||||
|
||||
validationService.checkFields(description, title, userMaximum, maxInfiniteUsers);
|
||||
Group group = userService.getGroupById(controllerService.createOrga(account, title, description, visibility, lecture, maxInfiniteUsers, userMaximum, parentUUID));
|
||||
userList = validationService.checkFile(file, userList, group.getId().toString(), group, account);
|
||||
controllerService.addUserList(userList, group.getId());
|
||||
controllerService.createGroupAsOrga(account, title, description, visibility, lecture, maxInfiniteUsers, userMaximum, parentUUID, file);
|
||||
|
||||
return "redirect:/gruppen2/";
|
||||
}
|
||||
|
||||
@RolesAllowed({"ROLE_studentin"})
|
||||
@GetMapping("/createStudent")
|
||||
public String createStudent(KeycloakAuthenticationToken token, Model model) {
|
||||
public String createGroupAsStudent(KeycloakAuthenticationToken token, Model model) {
|
||||
Account account = keyCloakService.createAccountFromPrincipal(token);
|
||||
model.addAttribute("account", account);
|
||||
model.addAttribute("lectures", groupService.getAllLecturesWithVisibilityPublic());
|
||||
@ -107,18 +107,18 @@ public class WebController {
|
||||
|
||||
@RolesAllowed({"ROLE_studentin"})
|
||||
@PostMapping("/createStudent")
|
||||
public String pCreateStudent(KeycloakAuthenticationToken token,
|
||||
@RequestParam("title") String title,
|
||||
@RequestParam("description") String description,
|
||||
@RequestParam(value = "visibility", required = false) Boolean visibility,
|
||||
@RequestParam("userMaximum") Long userMaximum,
|
||||
@RequestParam(value = "maxInfiniteUsers", required = false) Boolean maxInfiniteUsers,
|
||||
@RequestParam(value = "parent", required = false) String parent) throws EventException {
|
||||
public String postCreateGroupAsStudent(KeycloakAuthenticationToken token,
|
||||
@RequestParam("title") String title,
|
||||
@RequestParam("description") String description,
|
||||
@RequestParam(value = "visibility", required = false) Boolean visibility,
|
||||
@RequestParam("userMaximum") Long userMaximum,
|
||||
@RequestParam(value = "maxInfiniteUsers", required = false) Boolean maxInfiniteUsers,
|
||||
@RequestParam(value = "parent", required = false) String parent) throws EventException {
|
||||
|
||||
Account account = keyCloakService.createAccountFromPrincipal(token);
|
||||
UUID parentUUID = controllerService.getUUID(parent);
|
||||
validationService.checkFields(description, title, userMaximum, maxInfiniteUsers);
|
||||
controllerService.createGroup(account, title, description, visibility, maxInfiniteUsers, userMaximum, parentUUID);
|
||||
controllerService.createGroup(account, title, description, visibility, null, maxInfiniteUsers, userMaximum, parentUUID);
|
||||
return "redirect:/gruppen2/";
|
||||
}
|
||||
|
||||
@ -326,6 +326,7 @@ public class WebController {
|
||||
@RequestParam("group_id") String groupId,
|
||||
KeycloakAuthenticationToken token) {
|
||||
Account account = keyCloakService.createAccountFromPrincipal(token);
|
||||
validationService.checkIfNewMaximumIsValid(maximum, groupId);
|
||||
controllerService.updateMaxUser(account, UUID.fromString(groupId), maximum);
|
||||
return "redirect:/gruppen2/details/members/" + groupId;
|
||||
}
|
||||
|
||||
@ -20,7 +20,7 @@ public class UpdateGroupDescriptionEvent extends Event {
|
||||
|
||||
public UpdateGroupDescriptionEvent(UUID groupId, String userId, String newGroupDescription) {
|
||||
super(groupId, userId);
|
||||
this.newGroupDescription = newGroupDescription;
|
||||
this.newGroupDescription = newGroupDescription.trim();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -20,7 +20,7 @@ public class UpdateGroupTitleEvent extends Event {
|
||||
|
||||
public UpdateGroupTitleEvent(UUID groupId, String userId, String newGroupTitle) {
|
||||
super(groupId, userId);
|
||||
this.newGroupTitle = newGroupTitle;
|
||||
this.newGroupTitle = newGroupTitle.trim();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -4,6 +4,6 @@ import org.springframework.http.HttpStatus;
|
||||
|
||||
public class WrongFileException extends EventException {
|
||||
public WrongFileException(String info) {
|
||||
super(HttpStatus.INTERNAL_SERVER_ERROR, "Die entsprechende Datei ist keine valide CSV-Datei!", info);
|
||||
super(HttpStatus.BAD_REQUEST, "Die entsprechende Datei ist keine valide CSV-Datei!", info);
|
||||
}
|
||||
}
|
||||
|
||||
@ -48,7 +48,7 @@ class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
|
||||
|
||||
@Bean
|
||||
@Scope(scopeName = WebApplicationContext.SCOPE_REQUEST,
|
||||
proxyMode = ScopedProxyMode.TARGET_CLASS)
|
||||
proxyMode = ScopedProxyMode.TARGET_CLASS)
|
||||
public AccessToken getAccessToken() {
|
||||
HttpServletRequest request =
|
||||
((ServletRequestAttributes) RequestContextHolder
|
||||
@ -61,17 +61,10 @@ class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
super.configure(http);
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/actuator/**")
|
||||
.hasRole("monitoring")
|
||||
.and()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/h2-console/**")
|
||||
.permitAll()
|
||||
.anyRequest()
|
||||
.permitAll();
|
||||
|
||||
http.csrf().disable();
|
||||
http.headers().frameOptions().disable();
|
||||
.antMatchers("/actuator/**")
|
||||
.hasRole("monitoring")
|
||||
.anyRequest()
|
||||
.permitAll();
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -1,5 +1,7 @@
|
||||
package mops.gruppen2.service;
|
||||
|
||||
import com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException;
|
||||
import com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException;
|
||||
import mops.gruppen2.domain.Group;
|
||||
import mops.gruppen2.domain.GroupType;
|
||||
import mops.gruppen2.domain.Role;
|
||||
@ -15,14 +17,19 @@ import mops.gruppen2.domain.event.UpdateRoleEvent;
|
||||
import mops.gruppen2.domain.event.UpdateUserMaxEvent;
|
||||
import mops.gruppen2.domain.exception.EventException;
|
||||
import mops.gruppen2.domain.exception.UserNotFoundException;
|
||||
import mops.gruppen2.domain.exception.WrongFileException;
|
||||
import mops.gruppen2.security.Account;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.web.multipart.MultipartFile;
|
||||
|
||||
import java.io.CharConversionException;
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
import java.util.logging.Logger;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import static mops.gruppen2.domain.Role.ADMIN;
|
||||
|
||||
@ -51,26 +58,15 @@ public class ControllerService {
|
||||
* @param title Gruppentitel
|
||||
* @param description Gruppenbeschreibung
|
||||
*/
|
||||
//TODO: better assignments
|
||||
//TODO: createGroup + createOrga auslagern
|
||||
public void createGroup(Account account, String title, String description, Boolean visibility, Boolean maxInfiniteUsers, Long userMaximum, UUID parent) throws EventException {
|
||||
Visibility visibility1;
|
||||
maxInfiniteUsers = maxInfiniteUsers != null;
|
||||
|
||||
if (maxInfiniteUsers) {
|
||||
userMaximum = 100000L;
|
||||
}
|
||||
|
||||
visibility = visibility == null;
|
||||
|
||||
if (visibility) {
|
||||
visibility1 = Visibility.PUBLIC;
|
||||
} else {
|
||||
visibility1 = Visibility.PRIVATE;
|
||||
}
|
||||
public UUID createGroup(Account account, String title, String description, Boolean isVisibilityPrivate, Boolean isLecture, Boolean isMaximumInfinite, Long userMaximum, UUID parent) throws EventException {
|
||||
userMaximum = checkInfiniteUsers(isMaximumInfinite, userMaximum);
|
||||
|
||||
Visibility groupVisibility = setGroupVisibility(isVisibilityPrivate);
|
||||
UUID groupId = UUID.randomUUID();
|
||||
CreateGroupEvent createGroupEvent = new CreateGroupEvent(groupId, account.getName(), parent, GroupType.SIMPLE, visibility1, userMaximum);
|
||||
|
||||
GroupType groupType = setGroupType(isLecture);
|
||||
|
||||
CreateGroupEvent createGroupEvent = new CreateGroupEvent(groupId, account.getName(), parent, groupType, groupVisibility, userMaximum);
|
||||
eventService.saveEvent(createGroupEvent);
|
||||
|
||||
inviteService.createLink(groupId);
|
||||
@ -79,45 +75,85 @@ public class ControllerService {
|
||||
updateTitle(account, groupId, title);
|
||||
updateDescription(account, groupId, description);
|
||||
updateRole(account.getName(), groupId);
|
||||
}
|
||||
|
||||
public UUID createOrga(Account account, String title, String description, Boolean visibility, Boolean lecture, Boolean maxInfiniteUsers, Long userMaximum, UUID parent) throws EventException, IOException {
|
||||
maxInfiniteUsers = maxInfiniteUsers != null;
|
||||
|
||||
if (maxInfiniteUsers) {
|
||||
userMaximum = 100000L;
|
||||
}
|
||||
|
||||
visibility = visibility == null;
|
||||
lecture = lecture != null;
|
||||
Visibility visibility1;
|
||||
UUID groupId = UUID.randomUUID();
|
||||
if (visibility) {
|
||||
visibility1 = Visibility.PUBLIC;
|
||||
} else {
|
||||
visibility1 = Visibility.PRIVATE;
|
||||
}
|
||||
|
||||
inviteService.createLink(groupId);
|
||||
|
||||
GroupType groupType;
|
||||
if (lecture) {
|
||||
groupType = GroupType.LECTURE;
|
||||
} else {
|
||||
groupType = GroupType.SIMPLE;
|
||||
}
|
||||
|
||||
CreateGroupEvent createGroupEvent = new CreateGroupEvent(groupId, account.getName(), parent, groupType, visibility1, userMaximum);
|
||||
eventService.saveEvent(createGroupEvent);
|
||||
|
||||
addUser(account, groupId);
|
||||
updateTitle(account, groupId, title);
|
||||
updateDescription(account, groupId, description);
|
||||
updateRole(account.getName(), groupId);
|
||||
|
||||
return groupId;
|
||||
}
|
||||
|
||||
public void createGroupAsOrga(Account account, String title, String description, Boolean isVisibilityPrivate, Boolean isLecture, Boolean isMaximumInfinite, Long userMaximum, UUID parent, MultipartFile file) throws EventException, IOException {
|
||||
userMaximum = checkInfiniteUsers(isMaximumInfinite, userMaximum);
|
||||
|
||||
List<User> newUsers = readCsvFile(file);
|
||||
|
||||
List<User> oldUsers = new ArrayList<>();
|
||||
User user = new User(account.getName(), "", "", "");
|
||||
oldUsers.add(user);
|
||||
|
||||
removeOldUsersFromNewUsers(oldUsers, newUsers);
|
||||
|
||||
userMaximum = adjustUserMaximum((long) newUsers.size(), 1L, userMaximum);
|
||||
|
||||
UUID groupId = createGroup(account, title, description, isVisibilityPrivate, isLecture, isMaximumInfinite, userMaximum, parent);
|
||||
|
||||
inviteService.createLink(groupId);
|
||||
|
||||
addUserList(newUsers, groupId);
|
||||
}
|
||||
|
||||
private void removeOldUsersFromNewUsers(List<User> oldUsers, List<User> newUsers) {
|
||||
for (User oldUser : oldUsers) {
|
||||
newUsers.remove(oldUser);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
private Long checkInfiniteUsers(Boolean isMaximumInfinite, Long userMaximum) {
|
||||
isMaximumInfinite = isMaximumInfinite != null;
|
||||
|
||||
if (isMaximumInfinite) {
|
||||
userMaximum = 100000L;
|
||||
}
|
||||
|
||||
return userMaximum;
|
||||
}
|
||||
|
||||
private Visibility setGroupVisibility(Boolean isVisibilityPrivate) {
|
||||
isVisibilityPrivate = isVisibilityPrivate != null;
|
||||
|
||||
if (isVisibilityPrivate) {
|
||||
return Visibility.PRIVATE;
|
||||
} else {
|
||||
return Visibility.PUBLIC;
|
||||
}
|
||||
}
|
||||
|
||||
private GroupType setGroupType(Boolean isLecture) {
|
||||
isLecture = isLecture != null;
|
||||
if (isLecture) {
|
||||
return GroupType.LECTURE;
|
||||
} else {
|
||||
return GroupType.SIMPLE;
|
||||
}
|
||||
}
|
||||
|
||||
private List<User> readCsvFile(MultipartFile file) throws EventException, IOException {
|
||||
if (!file.isEmpty()) {
|
||||
try {
|
||||
List<User> userList = CsvService.read(file.getInputStream());
|
||||
return userList.stream().distinct().collect(Collectors.toList()); //filters duplicates from list
|
||||
} catch (UnrecognizedPropertyException | CharConversionException ex) {
|
||||
logger.warning("File konnte nicht gelesen werden");
|
||||
throw new WrongFileException(file.getOriginalFilename());
|
||||
}
|
||||
}
|
||||
return new ArrayList<>();
|
||||
}
|
||||
|
||||
private Long adjustUserMaximum(Long newUsers, Long oldUsers, Long maxUsers) {
|
||||
if (oldUsers + newUsers > maxUsers) {
|
||||
maxUsers = oldUsers + newUsers;
|
||||
}
|
||||
return maxUsers;
|
||||
}
|
||||
|
||||
public void addUser(Account account, UUID groupId) {
|
||||
AddUserEvent addUserEvent = new AddUserEvent(groupId, account.getName(), account.getGivenname(), account.getFamilyname(), account.getEmail());
|
||||
@ -151,7 +187,6 @@ public class ControllerService {
|
||||
eventService.saveEvent(updateUserMaxEvent);
|
||||
}
|
||||
|
||||
//TODO: updateRole + deleteUser, teilweise auslagern zu userInGroup oder sowas
|
||||
public void updateRole(String userId, UUID groupId) throws EventException {
|
||||
UpdateRoleEvent updateRoleEvent;
|
||||
Group group = userService.getGroupById(groupId);
|
||||
|
||||
@ -130,16 +130,37 @@ public class ValidationService {
|
||||
* @param userMaximum Das user Limit der Gruppe
|
||||
*/
|
||||
public void checkFields(String description, String title, Long userMaximum, Boolean maxInfiniteUsers) {
|
||||
if (description == null) {
|
||||
if (description == null || description.trim().length() == 0) {
|
||||
throw new BadParameterException("Die Beschreibung wurde nicht korrekt angegeben");
|
||||
}
|
||||
|
||||
if (title == null) {
|
||||
if (title == null || title.trim().length() == 0) {
|
||||
throw new BadParameterException("Der Titel wurde nicht korrekt angegeben");
|
||||
}
|
||||
|
||||
if (userMaximum == null && maxInfiniteUsers == null) {
|
||||
throw new BadParameterException("Teilnehmeranzahl wurde nicht korrekt angegeben");
|
||||
}
|
||||
|
||||
if (userMaximum != null) {
|
||||
if (userMaximum < 1 || userMaximum > 10000L) {
|
||||
throw new BadParameterException("Teilnehmeranzahl wurde nicht korrekt angegeben");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public void checkIfNewMaximumIsValid(Long newUserMaximum, String groupId) {
|
||||
Group group = userService.getGroupById(UUID.fromString(groupId));
|
||||
if (newUserMaximum == null) {
|
||||
throw new BadParameterException("Es wurde keine neue maximale Teilnehmeranzahl angegeben!");
|
||||
}
|
||||
|
||||
if (newUserMaximum < 1 || newUserMaximum > 10000L) {
|
||||
throw new BadParameterException("Die neue maximale Teilnehmeranzahl wurde nicht korrekt angegeben!");
|
||||
}
|
||||
|
||||
if (group.getMembers().size() > newUserMaximum) {
|
||||
throw new BadParameterException("Die neue maximale Teilnehmeranzahl ist kleiner als die aktuelle Teilnehmeranzahl!");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user