From 3e55606ef89ccb9f5791634942c492a4536c6a70 Mon Sep 17 00:00:00 2001 From: Sebastian Beckmann Date: Mon, 8 Sep 2025 22:02:57 +0200 Subject: [PATCH] util: Add AccessControlService::getCurrentUser In production mode, this returns the currently logged in user. In test mode, it returns a test user. --- .../kickerelo/util/AccessControlService.java | 8 +++++ .../util/AccessControlServiceProdImpl.java | 30 ++++++++++++++++++- .../util/AccessControlServiceTestImpl.java | 19 ++++++++++++ .../kickerelo/views/PlayerListView.java | 1 + 4 files changed, 57 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/kickerelo/kickerelo/util/AccessControlService.java b/src/main/java/org/kickerelo/kickerelo/util/AccessControlService.java index 837f9a4..9d55bd6 100644 --- a/src/main/java/org/kickerelo/kickerelo/util/AccessControlService.java +++ b/src/main/java/org/kickerelo/kickerelo/util/AccessControlService.java @@ -1,5 +1,13 @@ package org.kickerelo.kickerelo.util; +import org.kickerelo.kickerelo.data.AuthentikUser; + +import javax.annotation.Nonnull; +import java.util.Optional; + public interface AccessControlService { boolean userAllowedForRole(String role); + + @Nonnull + Optional getCurrentUser(); } diff --git a/src/main/java/org/kickerelo/kickerelo/util/AccessControlServiceProdImpl.java b/src/main/java/org/kickerelo/kickerelo/util/AccessControlServiceProdImpl.java index 21dbf00..e6b6825 100644 --- a/src/main/java/org/kickerelo/kickerelo/util/AccessControlServiceProdImpl.java +++ b/src/main/java/org/kickerelo/kickerelo/util/AccessControlServiceProdImpl.java @@ -1,5 +1,8 @@ package org.kickerelo.kickerelo.util; +import org.jetbrains.annotations.NotNull; +import org.kickerelo.kickerelo.data.AuthentikUser; +import org.kickerelo.kickerelo.repository.AuthentikUserRepository; import org.springframework.context.annotation.Profile; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; @@ -7,10 +10,17 @@ import org.springframework.security.oauth2.core.oidc.user.OidcUser; import org.springframework.stereotype.Component; import java.util.List; +import java.util.Optional; @Component @Profile("prod") public class AccessControlServiceProdImpl implements AccessControlService { + private final AuthentikUserRepository userRepository; + + public AccessControlServiceProdImpl(AuthentikUserRepository userRepository) { + this.userRepository = userRepository; + } + @Override public boolean userAllowedForRole(String role) { // Check if authentication is present @@ -22,7 +32,7 @@ public class AccessControlServiceProdImpl implements AccessControlService { // Get the list of groups the user is part of Object groupsObj = oidcUser.getClaims().getOrDefault("groups", List.of()); - if (!(groupsObj instanceof List)) return false; + if (!(groupsObj instanceof List)) return false; // Keep only Strings in the list List listOfGroups = ((List) groupsObj).stream() @@ -33,4 +43,22 @@ public class AccessControlServiceProdImpl implements AccessControlService { // Check if the user is part of the required group return listOfGroups.contains(role); } + + @NotNull + @Override + public Optional getCurrentUser() { + Authentication auth = SecurityContextHolder.getContext().getAuthentication(); + if (auth == null || !(auth.getPrincipal() instanceof OidcUser oidcUser)) { + return Optional.empty(); + } + String id = oidcUser.getAttribute("sub"); + if (id == null) { + throw new RuntimeException("Couldn't find sub attribute on current user."); + } + Optional authentikUser = userRepository.findById(id); + if (authentikUser.isEmpty()) { + throw new RuntimeException("User is authenticated but doesn't exist in database."); + } + return authentikUser; + } } diff --git a/src/main/java/org/kickerelo/kickerelo/util/AccessControlServiceTestImpl.java b/src/main/java/org/kickerelo/kickerelo/util/AccessControlServiceTestImpl.java index fbcd0f9..6e7da02 100644 --- a/src/main/java/org/kickerelo/kickerelo/util/AccessControlServiceTestImpl.java +++ b/src/main/java/org/kickerelo/kickerelo/util/AccessControlServiceTestImpl.java @@ -1,13 +1,32 @@ package org.kickerelo.kickerelo.util; +import org.jetbrains.annotations.NotNull; +import org.kickerelo.kickerelo.data.AuthentikUser; +import org.kickerelo.kickerelo.repository.AuthentikUserRepository; import org.springframework.context.annotation.Profile; import org.springframework.stereotype.Component; +import java.util.Optional; + @Component @Profile("test") public class AccessControlServiceTestImpl implements AccessControlService { + private final AuthentikUserRepository userRepository; + + public AccessControlServiceTestImpl(AuthentikUserRepository userRepository) { + this.userRepository = userRepository; + userRepository.save(getCurrentUser().orElseThrow()); // Ensure test user exists in DB; + } + @Override public boolean userAllowedForRole(String role) { return true; } + + @NotNull + @Override + public Optional getCurrentUser() { + Optional user = userRepository.findById("test_profile_user"); + return Optional.of(user.orElseGet(() -> new AuthentikUser("test_profile_user", "Test Profile User"))); + } } diff --git a/src/main/java/org/kickerelo/kickerelo/views/PlayerListView.java b/src/main/java/org/kickerelo/kickerelo/views/PlayerListView.java index 7f61a0f..6d0fa8e 100644 --- a/src/main/java/org/kickerelo/kickerelo/views/PlayerListView.java +++ b/src/main/java/org/kickerelo/kickerelo/views/PlayerListView.java @@ -24,6 +24,7 @@ public class PlayerListView extends VerticalLayout { playerGrid.setItems(players); playerGrid.removeColumnByKey("id"); playerGrid.removeColumnByKey("elo_alt"); + playerGrid.removeColumnByKey("authentikUser"); Grid.Column nameColumn = playerGrid.getColumnByKey("name"); Grid.Column elo1vs1Column = playerGrid.getColumnByKey("elo1vs1"); Grid.Column elo2vs2Column = playerGrid.getColumnByKey("elo2vs2");