mirror of
https://github.com/AJMicke/KickerELO.git
synced 2026-03-11 13:31:02 +01:00
util: Add AccessControlService::getCurrentUser
In production mode, this returns the currently logged in user. In test mode, it returns a test user.
This commit is contained in:
Sebastian Beckmann
@@ -1,5 +1,13 @@
|
||||
package org.kickerelo.kickerelo.util;
|
||||
|
||||
import org.kickerelo.kickerelo.data.AuthentikUser;
|
||||
|
||||
import javax.annotation.Nonnull;
|
||||
import java.util.Optional;
|
||||
|
||||
public interface AccessControlService {
|
||||
boolean userAllowedForRole(String role);
|
||||
|
||||
@Nonnull
|
||||
Optional<AuthentikUser> getCurrentUser();
|
||||
}
|
||||
|
||||
@@ -1,5 +1,8 @@
|
||||
package org.kickerelo.kickerelo.util;
|
||||
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.kickerelo.kickerelo.data.AuthentikUser;
|
||||
import org.kickerelo.kickerelo.repository.AuthentikUserRepository;
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
@@ -7,10 +10,17 @@ import org.springframework.security.oauth2.core.oidc.user.OidcUser;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
@Component
|
||||
@Profile("prod")
|
||||
public class AccessControlServiceProdImpl implements AccessControlService {
|
||||
private final AuthentikUserRepository userRepository;
|
||||
|
||||
public AccessControlServiceProdImpl(AuthentikUserRepository userRepository) {
|
||||
this.userRepository = userRepository;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean userAllowedForRole(String role) {
|
||||
// Check if authentication is present
|
||||
@@ -22,7 +32,7 @@ public class AccessControlServiceProdImpl implements AccessControlService {
|
||||
|
||||
// Get the list of groups the user is part of
|
||||
Object groupsObj = oidcUser.getClaims().getOrDefault("groups", List.of());
|
||||
if (!(groupsObj instanceof List<?>)) return false;
|
||||
if (!(groupsObj instanceof List<?>)) return false;
|
||||
|
||||
// Keep only Strings in the list
|
||||
List<String> listOfGroups = ((List<?>) groupsObj).stream()
|
||||
@@ -33,4 +43,22 @@ public class AccessControlServiceProdImpl implements AccessControlService {
|
||||
// Check if the user is part of the required group
|
||||
return listOfGroups.contains(role);
|
||||
}
|
||||
|
||||
@NotNull
|
||||
@Override
|
||||
public Optional<AuthentikUser> getCurrentUser() {
|
||||
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
||||
if (auth == null || !(auth.getPrincipal() instanceof OidcUser oidcUser)) {
|
||||
return Optional.empty();
|
||||
}
|
||||
String id = oidcUser.getAttribute("sub");
|
||||
if (id == null) {
|
||||
throw new RuntimeException("Couldn't find sub attribute on current user.");
|
||||
}
|
||||
Optional<AuthentikUser> authentikUser = userRepository.findById(id);
|
||||
if (authentikUser.isEmpty()) {
|
||||
throw new RuntimeException("User is authenticated but doesn't exist in database.");
|
||||
}
|
||||
return authentikUser;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,13 +1,32 @@
|
||||
package org.kickerelo.kickerelo.util;
|
||||
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.kickerelo.kickerelo.data.AuthentikUser;
|
||||
import org.kickerelo.kickerelo.repository.AuthentikUserRepository;
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
@Component
|
||||
@Profile("test")
|
||||
public class AccessControlServiceTestImpl implements AccessControlService {
|
||||
private final AuthentikUserRepository userRepository;
|
||||
|
||||
public AccessControlServiceTestImpl(AuthentikUserRepository userRepository) {
|
||||
this.userRepository = userRepository;
|
||||
userRepository.save(getCurrentUser().orElseThrow()); // Ensure test user exists in DB;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean userAllowedForRole(String role) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@NotNull
|
||||
@Override
|
||||
public Optional<AuthentikUser> getCurrentUser() {
|
||||
Optional<AuthentikUser> user = userRepository.findById("test_profile_user");
|
||||
return Optional.of(user.orElseGet(() -> new AuthentikUser("test_profile_user", "Test Profile User")));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24,6 +24,7 @@ public class PlayerListView extends VerticalLayout {
|
||||
playerGrid.setItems(players);
|
||||
playerGrid.removeColumnByKey("id");
|
||||
playerGrid.removeColumnByKey("elo_alt");
|
||||
playerGrid.removeColumnByKey("authentikUser");
|
||||
Grid.Column<Spieler> nameColumn = playerGrid.getColumnByKey("name");
|
||||
Grid.Column<Spieler> elo1vs1Column = playerGrid.getColumnByKey("elo1vs1");
|
||||
Grid.Column<Spieler> elo2vs2Column = playerGrid.getColumnByKey("elo2vs2");
|
||||
|
||||
Reference in New Issue
Block a user