From a675638de5a08dafe5d09f3a883a9021886ab461 Mon Sep 17 00:00:00 2001
From: Moritz Kowalski <Moritz-Kowalski@gmx.de>
Date: Tue, 24 Jun 2025 15:27:21 +0200
Subject: [PATCH 1/2] Add access control for entering data

---
 .../kickerelo/views/Enter1vs1View.java        | 11 +++++++++-
 .../kickerelo/views/Enter2vs2View.java        | 10 ++++++++-
 .../resources/application-prod.properties     | 22 ++++++++++++-------
 3 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/src/main/java/org/kickerelo/kickerelo/views/Enter1vs1View.java b/src/main/java/org/kickerelo/kickerelo/views/Enter1vs1View.java
index 3123aac..9d58e53 100644
--- a/src/main/java/org/kickerelo/kickerelo/views/Enter1vs1View.java
+++ b/src/main/java/org/kickerelo/kickerelo/views/Enter1vs1View.java
@@ -6,10 +6,12 @@ import org.kickerelo.kickerelo.exception.InvalidDataException;
 import org.kickerelo.kickerelo.exception.NoSuchPlayerException;
 import org.kickerelo.kickerelo.exception.PlayerNameNotSetException;
 import org.kickerelo.kickerelo.service.KickerEloService;
+import org.kickerelo.kickerelo.util.AccessControlService;
 
 import com.vaadin.flow.component.button.Button;
 import com.vaadin.flow.component.combobox.ComboBox;
 import com.vaadin.flow.component.html.H2;
+import com.vaadin.flow.component.html.Paragraph;
 import com.vaadin.flow.component.notification.Notification;
 import com.vaadin.flow.component.notification.NotificationVariant;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
@@ -19,7 +21,14 @@ import com.vaadin.flow.router.Route;
 @Route("enter1vs1")
 public class Enter1vs1View extends VerticalLayout {
 
-    public Enter1vs1View(KickerEloService eloService) {
+    public Enter1vs1View(KickerEloService eloService, AccessControlService accessControlService) {
+        // Deny access if user isn't part of the Kicker User group
+        if (!accessControlService.userAllowedForRole("Kicker User") && !accessControlService.userAllowedForRole("Kicker Admin")) {
+            add(new Paragraph("Du bist nicht berechtigt, diese Seite zu sehen."));
+            getUI().ifPresent(ui -> ui.navigate(""));
+            return;
+        }
+
         H2 subheading = new H2("1 vs 1 Ergebnis");
 
         ComboBox<Spieler> winnerSelect = new ComboBox<>("Gewinner");
diff --git a/src/main/java/org/kickerelo/kickerelo/views/Enter2vs2View.java b/src/main/java/org/kickerelo/kickerelo/views/Enter2vs2View.java
index 3bba582..b5720ff 100644
--- a/src/main/java/org/kickerelo/kickerelo/views/Enter2vs2View.java
+++ b/src/main/java/org/kickerelo/kickerelo/views/Enter2vs2View.java
@@ -6,6 +6,7 @@ import org.kickerelo.kickerelo.exception.InvalidDataException;
 import org.kickerelo.kickerelo.exception.NoSuchPlayerException;
 import org.kickerelo.kickerelo.exception.PlayerNameNotSetException;
 import org.kickerelo.kickerelo.service.KickerEloService;
+import org.kickerelo.kickerelo.util.AccessControlService;
 
 import com.vaadin.flow.component.button.Button;
 import com.vaadin.flow.component.combobox.ComboBox;
@@ -18,7 +19,14 @@ import com.vaadin.flow.router.Route;
 
 @Route("enter2vs2")
 public class Enter2vs2View extends VerticalLayout {
-    public Enter2vs2View(KickerEloService eloService) {
+    public Enter2vs2View(KickerEloService eloService, AccessControlService accessControlService) {
+        // Deny access if user isn't part of the Kicker User group
+        if (!accessControlService.userAllowedForRole("Kicker User") && !accessControlService.userAllowedForRole("Kicker Admin")) {
+            add(new H2("Du bist nicht berechtigt, diese Seite zu sehen."));
+            getUI().ifPresent(ui -> ui.navigate(""));
+            return;
+        }
+
         H2 subheading = new H2("2 vs 2 Ergebnis");
 
         ComboBox<Spieler> winnerFrontSelect = new ComboBox<>("Gewinner vorne");
diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties
index ca0774f..b1de7cc 100644
--- a/src/main/resources/application-prod.properties
+++ b/src/main/resources/application-prod.properties
@@ -2,13 +2,19 @@ server.port=${PORT:8080}
 logging.level.org.atmosphere = warn
 spring.mustache.check-template-location = false
 
-spring.datasource.url=${DATABASE_URI}
-spring.datasource.username=${DATABASE_USER}
-spring.datasource.password=${DATABASE_PASSWORD}
-spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
-spring.jpa.hibernate.ddl-auto=validate
-spring.jpa.show-sql=false
-spring.jpa.open-in-view=false
+# spring.datasource.url=${DATABASE_URI}
+# spring.datasource.username=${DATABASE_USER}
+# spring.datasource.password=${DATABASE_PASSWORD}
+# spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
+# spring.jpa.hibernate.ddl-auto=validate
+# spring.jpa.show-sql=false
+# spring.jpa.open-in-view=false
+
+spring.datasource.driver-class-name=org.h2.Driver
+spring.datasource.username=sa
+spring.datasource.password=
+spring.jpa.hibernate.ddl-auto=update
+spring.jpa.show-sql=true
 
 # == OIDC Configuration ==
 spring.security.oauth2.client.registration.oidc.client-id=${OIDC_CLIENT_ID}
@@ -21,4 +27,4 @@ spring.security.oauth2.client.provider.oidc.issuer-uri=${OIDC_ISSUER_URI}
 vaadin.urlMapping=/app/*
 
 # In prod mode, never add the test data to the database
-spring.sql.init.mode=never
+# spring.sql.init.mode=never

From b9e9aab751ec4af635b572d548184de05d1755a8 Mon Sep 17 00:00:00 2001
From: Moritz Kowalski <Moritz-Kowalski@gmx.de>
Date: Thu, 26 Jun 2025 10:03:45 +0200
Subject: [PATCH 2/2] Revert applicaton-prod.properties

---
 .../resources/application-prod.properties     | 22 +++++++------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties
index b1de7cc..ca0774f 100644
--- a/src/main/resources/application-prod.properties
+++ b/src/main/resources/application-prod.properties
@@ -2,19 +2,13 @@ server.port=${PORT:8080}
 logging.level.org.atmosphere = warn
 spring.mustache.check-template-location = false
 
-# spring.datasource.url=${DATABASE_URI}
-# spring.datasource.username=${DATABASE_USER}
-# spring.datasource.password=${DATABASE_PASSWORD}
-# spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
-# spring.jpa.hibernate.ddl-auto=validate
-# spring.jpa.show-sql=false
-# spring.jpa.open-in-view=false
-
-spring.datasource.driver-class-name=org.h2.Driver
-spring.datasource.username=sa
-spring.datasource.password=
-spring.jpa.hibernate.ddl-auto=update
-spring.jpa.show-sql=true
+spring.datasource.url=${DATABASE_URI}
+spring.datasource.username=${DATABASE_USER}
+spring.datasource.password=${DATABASE_PASSWORD}
+spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
+spring.jpa.hibernate.ddl-auto=validate
+spring.jpa.show-sql=false
+spring.jpa.open-in-view=false
 
 # == OIDC Configuration ==
 spring.security.oauth2.client.registration.oidc.client-id=${OIDC_CLIENT_ID}
@@ -27,4 +21,4 @@ spring.security.oauth2.client.provider.oidc.issuer-uri=${OIDC_ISSUER_URI}
 vaadin.urlMapping=/app/*
 
 # In prod mode, never add the test data to the database
-# spring.sql.init.mode=never
+spring.sql.init.mode=never