npm install create package-lock.json

vnobo · Nov 3, 2023 · f6bf36e · f6bf36e
1 parent e096b98
commit f6bf36e
Show file tree

Hide file tree

Showing 6 changed files with 35 additions and 93 deletions.
diff --git a/boot/platform/src/main/java/com/platform/boot/commons/utils/ContextUtils.java b/boot/platform/src/main/java/com/platform/boot/commons/utils/ContextUtils.java
@@ -47,7 +47,7 @@ public final class ContextUtils implements Serializable {
             "HTTP_VIA",
             "REMOTE_ADDR"
     };
-
+    public final static String RULE_ADMINISTRATORS = "ROLE_ADMINISTRATORS";
     public final static String CSRF_TOKEN_CONTEXT = "CSRF_TOKEN_CONTEXT";
     public final static String SECURITY_AUTH_TOKEN_HEADER = "X-Auth-Token";
     public static ObjectMapper OBJECT_MAPPER;

diff --git a/boot/platform/src/main/java/com/platform/boot/config/SecurityConfiguration.java b/boot/platform/src/main/java/com/platform/boot/config/SecurityConfiguration.java
@@ -59,7 +59,6 @@ public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http)
             exchange.anyExchange().authenticated();
         });
         http.securityContextRepository(new WebSessionServerSecurityContextRepository());
-        http.formLogin(Customizer.withDefaults());
         http.httpBasic(httpBasicSpec -> httpBasicSpec
                 .authenticationEntryPoint(new CustomServerAuthenticationEntryPoint()));
         http.formLogin(Customizer.withDefaults());

diff --git a/boot/platform/src/main/java/com/platform/boot/relational/menus/MenuRequest.java b/boot/platform/src/main/java/com/platform/boot/relational/menus/MenuRequest.java
@@ -24,6 +24,8 @@ public class MenuRequest extends Menu {
 
     private String icons;
 
+    private Set<String> rules;
+
     @Valid
     private Set<MenuRequest> menus;
 
@@ -53,7 +55,7 @@ public Menu toMenu() {
     }
 
     public Criteria toCriteria() {
-        Criteria criteria = criteria(Set.of("permissions", "tenantCode", "icons", "menus"));
+        Criteria criteria = criteria(Set.of("permissions", "tenantCode", "icons", "menus", "rules"));
 
         if (StringUtils.hasLength(getTenantCode())) {
             criteria = criteria.and("tenantCode").is(this.getTenantCode());
@@ -63,6 +65,10 @@ public Criteria toCriteria() {
             criteria = criteria.and("authority").is(this.getAuthority());
         }
 
+        if (!ObjectUtils.isEmpty(getRules())) {
+            criteria = criteria.and("authority").in(this.getRules());
+        }
+
         return criteria;
     }
 

diff --git a/boot/platform/src/main/java/com/platform/boot/relational/menus/MenusController.java b/boot/platform/src/main/java/com/platform/boot/relational/menus/MenusController.java
@@ -3,11 +3,17 @@
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.*;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
+import static com.platform.boot.commons.utils.ContextUtils.RULE_ADMINISTRATORS;
+
 /**
  * Controller for the Menus resource that handles all the incoming requests for Menus
  *
@@ -18,57 +24,41 @@
 @RequiredArgsConstructor
 public class MenusController {
 
+
     private final MenusService menusService;
 
-    /**
-     * Endpoint to search Menus
-     *
-     * @param request MenuRequest with relevant details
-     * @return Flux of Menu
-     */
     @GetMapping("search")
-    @PreAuthorize("hasRole('ROLE_ADMINISTRATORS')")
+    @PreAuthorize("hasRole(T(com.platform.boot.commons.utils.ContextUtils).RULE_ADMINISTRATORS)")
     public Flux<Menu> search(MenuRequest request) {
         return this.menusService.search(request);
     }
 
-    /**
-     * Endpoint to add menu
-     *
-     * @param request MenuRequest with relevant details
-     * @return Mono of Menu
-     */
-    @PostMapping("add")
-    @PreAuthorize("hasRole('ROLE_ADMINISTRATORS')")
-    public Mono<Menu> add(@Valid @RequestBody MenuRequest request) {
+    @GetMapping("me")
+    public Flux<Menu> load(MenuRequest request) {
+        return ReactiveSecurityContextHolder.getContext().flatMapMany(securityContext -> {
+            Authentication authentication = securityContext.getAuthentication();
+            var rules = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
+            if (!rules.contains(RULE_ADMINISTRATORS)) {
+                request.setRules(rules);
+            }
+            return this.menusService.search(request);
+        });
+    }
+
+    @PostMapping("save")
+    @PreAuthorize("hasRole(T(com.platform.boot.commons.utils.ContextUtils).RULE_ADMINISTRATORS)")
+    public Mono<Menu> save(@Valid @RequestBody MenuRequest request) {
         Assert.isTrue(request.isNew(), "This is a message for developers indicating that when " +
                 "adding a new menu,the ID field must not have a value," +
                 " and if you need to modify an existing menu, the [/modify] endpoint should be used instead.");
+        if (StringUtils.hasLength(request.getCode())) {
+            return this.menusService.modify(request);
+        }
         return this.menusService.add(request);
     }
 
-    /**
-     * Endpoint to modify existing menu
-     *
-     * @param request MenuRequest with relevant details
-     * @return Mono of Menu
-     */
-    @PutMapping("modify")
-    @PreAuthorize("hasRole('ROLE_ADMINISTRATORS')")
-    public Mono<Menu> modify(@Valid @RequestBody MenuRequest request) {
-        Assert.isTrue(!request.isNew(), "Modify [ID] cannot be empty!");
-        Assert.notNull(request.getCode(), "Modify [CODE] cannot be empty!");
-        return this.menusService.modify(request);
-    }
-
-    /**
-     * Endpoint to delete menu
-     *
-     * @param request MenuRequest with relevant details
-     * @return Mono of void
-     */
     @DeleteMapping("delete")
-    @PreAuthorize("hasRole('ROLE_ADMINISTRATORS')")
+    @PreAuthorize("hasRole(T(com.platform.boot.commons.utils.ContextUtils).RULE_ADMINISTRATORS)")
     public Mono<Void> delete(@Valid @RequestBody MenuRequest request) {
         Assert.isTrue(!request.isNew(), "Delete [ID] cannot be empty!");
         Assert.notNull(request.getCode(), "Delete [CODE] cannot be empty!");

diff --git a/boot/platform/src/main/java/com/platform/boot/relational/menus/MenusService.java b/boot/platform/src/main/java/com/platform/boot/relational/menus/MenusService.java
@@ -35,28 +35,12 @@ public class MenusService extends AbstractDatabase {
     private final GroupAuthoritiesRepository groupAuthoritiesRepository;
     private final UserAuthoritiesRepository userAuthoritiesRepository;
 
-    /**
-     * This method searches for Menu objects based on the MenuRequest.
-     * It creates a query with the given request, sorts the query by 'sort' and finds Menus with the Query.
-     *
-     * @param request the request object with criteria to search
-     * @return a Flux of Menus with the search criteria
-     */
     public Flux<Menu> search(MenuRequest request) {
         var cacheKey = ContextUtils.cacheKey(request);
         Query query = Query.query(request.toCriteria()).sort(Sort.by("sort"));
         return this.queryWithCache(cacheKey, query, Menu.class);
     }
 
-    /**
-     * This method adds a new Menu to the database.
-     * It first checks if any existing Menus have the same tenantCode and authority as the new Menu.
-     * If a Menu already exists with the same tenantCode and authority, this method will throw an error.
-     * Otherwise, it will call the operate method with the new Menu.
-     *
-     * @param request the request object with criteria to add
-     * @return a Mono of Menu with the new request
-     */
     public Mono<Menu> add(MenuRequest request) {
         Criteria criteria = MenuRequest.of(request.getTenantCode(), request.getAuthority()).toCriteria();
         return this.entityTemplate.exists(Query.query(criteria), Menu.class).filter(isExists -> !isExists)
@@ -66,15 +50,6 @@ public Mono<Menu> add(MenuRequest request) {
                 .flatMap((b) -> this.operate(request));
     }
 
-    /**
-     * This method modifies an existing Menu in the database.
-     * It first finds the Menu with the given code.
-     * If the Menu does not exist, this method will throw an error.
-     * Otherwise, it will update the Menu with the request and then call the operate method to save it.
-     *
-     * @param request the request object with criteria to modify
-     * @return a Mono of Menu with the modified request
-     */
     public Mono<Menu> modify(MenuRequest request) {
         var oldMunuMono = this.menusRepository.findByCode(request.getCode())
                 .switchIfEmpty(Mono.error(RestServerException.withMsg(
@@ -88,25 +63,10 @@ public Mono<Menu> modify(MenuRequest request) {
         return oldMunuMono;
     }
 
-    /**
-     * This method saves a Menu to the database.
-     * If the Menu is new, this method will save it to the database.
-     * Otherwise, it will find the existing Menu and update it with the new Menu.
-     *
-     * @param request the request object with criteria to save
-     * @return a Mono of Menu with the saved request
-     */
     public Mono<Menu> operate(MenuRequest request) {
         return this.save(request.toMenu()).doAfterTerminate(() -> this.cache.clear());
     }
 
-    /**
-     * This method saves a Menu to the database.
-     * It checks if the Menu is new, and then saves or updates the Menu accordingly.
-     *
-     * @param menu the Menu object to be saved
-     * @return a Mono of Menu with the saved object
-     */
     public Mono<Menu> save(Menu menu) {
         if (menu.isNew()) {
             return this.menusRepository.save(menu);
@@ -120,13 +80,6 @@ public Mono<Menu> save(Menu menu) {
         }
     }
 
-    /**
-     * This method deletes a Menu from the database.
-     * It uses the MenuRequest to find the Menu to be deleted and then deletes it.
-     *
-     * @param request the request object with criteria to delete
-     * @return a Mono of void
-     */
     @Transactional(rollbackFor = Exception.class)
     public Mono<Void> delete(MenuRequest request) {
         List<String> rules = new ArrayList<>(Collections.singletonList(request.getAuthority()));

diff --git a/boot/platform/src/main/java/com/platform/boot/security/AuthenticationToken.java b/boot/platform/src/main/java/com/platform/boot/security/AuthenticationToken.java
@@ -20,12 +20,6 @@ public static AuthenticationToken of(String token, String expires, Long lastAcce
         return new AuthenticationToken(token, Long.parseLong(expires), lastAccessTime);
     }
 
-    /**
-     * Builds an authentication token from a web session
-     *
-     * @param session The web session
-     * @return The authentication token
-     */
     public static AuthenticationToken build(WebSession session) {
         return new AuthenticationToken(session.getId(), session.getMaxIdleTime().getSeconds(),
                 session.getLastAccessTime().getEpochSecond());