Fix for fine-grained access control with resource authorizations

computate · computate · commit 3c5c2d618a07 · 2025-06-25T00:00:25.000Z
diff --git a/src/main/java/org/computate/frFR/java/EcrireApiClasse.java b/src/main/java/org/computate/frFR/java/EcrireApiClasse.java
@@ -1993,7 +1993,6 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
 								tl(5, "HttpResponse<Buffer> authorizationDecision = authorizationDecisionResponse.result();");
 								tl(5, "JsonArray scopes = authorizationDecisionResponse.failed() ? new JsonArray() : authorizationDecision.bodyAsJsonArray().stream().findFirst().map(decision -> ((JsonObject)decision).getJsonArray(\"scopes\")).orElse(new JsonArray());");
 								if(StringUtils.equals(classeApiMethodeMethode, "GET")) {
-									tl(5, "{");
 								} else {
 									if(classeRoleUtilisateur) {
 										tl(5, "scopes.add(\"GET\");");
@@ -2011,39 +2010,41 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
 									tl(9, "), MultiMap.caseInsensitiveMultiMap()");
 									tl(7, ")");
 									tl(6, "));");
-									tl(5, "} else {");
+									tl(5, "}");
 								}
 								if(classeRessourcesAutorisation.size() > 0) {
-									l();
-									tl(6, "if(!scopes.contains(\"", classeApiMethodeMethode, "\")) {");
-									tl(7, "//");
-									tl(7, "List<String> fqs = new ArrayList<>();");
-									tl(7, "List<String> groups = Optional.ofNullable(", i18nGlobale.getString(I18n.var_requeteSite), ".getGroups()).orElse(new ArrayList<>());");
+									tl(5, "if(!scopes.contains(\"", classeApiMethodeMethode, "\")) {");
+									tl(6, "//");
+									tl(6, "List<String> fqs = new ArrayList<>();");
+									tl(6, "List<String> groups = Optional.ofNullable(", i18nGlobale.getString(I18n.var_requeteSite), ".getGroups()).orElse(new ArrayList<>());");
 									for(String classeRessourceAutorisation : classeRessourcesAutorisation) {
 
-										tl(7, "groups.stream().map(group -> {");
-										tl(10, "Matcher mPermission = Pattern.compile(\"^/", StringUtils.substringBefore(classeRessourceAutorisation, "-"), "-(.*)-", classeApiMethodeMethode, "$\").matcher(group);");
-										tl(10, "return mPermission.find() ? mPermission.group(1) : null;");
-										tl(9, "}).filter(v -> v != null).forEach(", i18nGlobale.getString(I18n.var_valeur), " -> {");
-										tl(10, "fqs.add(String.format(\"%s:%s\", \"", StringUtils.substringAfter(classeRessourceAutorisation, "-"), "\", ", i18nGlobale.getString(I18n.var_valeur), "));");
-										tl(9, "});");
+										tl(6, "groups.stream().map(group -> {");
+										tl(9, "Matcher mPermission = Pattern.compile(\"^/", StringUtils.substringBefore(classeRessourceAutorisation, "-"), "-(.*)-", classeApiMethodeMethode, "$\").matcher(group);");
+										tl(9, "return mPermission.find() ? mPermission.group(1) : null;");
+										tl(8, "}).filter(v -> v != null).forEach(", i18nGlobale.getString(I18n.var_valeur), " -> {");
+										tl(9, "fqs.add(String.format(\"%s:%s\", \"", StringUtils.substringAfter(classeRessourceAutorisation, "-"), "\", ", i18nGlobale.getString(I18n.var_valeur), "));");
+										tl(8, "});");
 									}
-									tl(7, "JsonObject authParams = ", i18nGlobale.getString(I18n.var_requeteSite), ".get", i18nGlobale.getString(I18n.var_RequeteService), "().getParams();");
-									tl(7, "JsonObject authQuery = authParams.getJsonObject(\"query\");");
-									tl(7, "if(authQuery == null) {");
-									tl(8, "authQuery = new JsonObject();");
-									tl(8, "authParams.put(\"query\", authQuery);");
-									tl(7, "}");
-									tl(7, "JsonArray fq = authQuery.getJsonArray(\"fq\");");
-									tl(7, "if(fq == null) {");
-									tl(8, "fq = new JsonArray();");
-									tl(8, "authQuery.put(\"fq\", fq);");
-									tl(7, "}");
-									tl(7, "if(fqs.size() > 0) {");
-									tl(8, "fq.add(fqs.stream().collect(Collectors.joining(\" OR \")));");
-									tl(8, "scopes.add(\"", classeApiMethodeMethode, "\");");
-									tl(7, "}");
+									tl(6, "JsonObject authParams = ", i18nGlobale.getString(I18n.var_requeteSite), ".get", i18nGlobale.getString(I18n.var_RequeteService), "().getParams();");
+									tl(6, "JsonObject authQuery = authParams.getJsonObject(\"query\");");
+									tl(6, "if(authQuery == null) {");
+									tl(7, "authQuery = new JsonObject();");
+									tl(7, "authParams.put(\"query\", authQuery);");
+									tl(6, "}");
+									tl(6, "JsonArray fq = authQuery.getJsonArray(\"fq\");");
+									tl(6, "if(fq == null) {");
+									tl(7, "fq = new JsonArray();");
+									tl(7, "authQuery.put(\"fq\", fq);");
 									tl(6, "}");
+									tl(6, "if(fqs.size() > 0) {");
+									tl(7, "fq.add(fqs.stream().collect(Collectors.joining(\" OR \")));");
+									tl(7, "scopes.add(\"", classeApiMethodeMethode, "\");");
+									tl(6, "}");
+									tl(5, "}");
+									tl(5, "{");
+								} else {
+									tl(5, "} else {");
 								}
 								tl(6, i18nGlobale.getString(I18n.var_requeteSite), ".setScopes(scopes.stream().map(o -> o.toString()).collect(Collectors.toList()));");
 								tl(6, "List<String> scopes2 = ", i18nGlobale.getString(I18n.var_requeteSite), ".getScopes();");
@@ -2212,7 +2213,6 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
 								tl(5, "HttpResponse<Buffer> authorizationDecision = authorizationDecisionResponse.result();");
 								tl(5, "JsonArray scopes = authorizationDecisionResponse.failed() ? new JsonArray() : authorizationDecision.bodyAsJsonArray().stream().findFirst().map(decision -> ((JsonObject)decision).getJsonArray(\"scopes\")).orElse(new JsonArray());");
 								if(StringUtils.equals(classeApiMethodeMethode, "GET")) {
-									tl(5, "{");
 								} else {
 									if(classeRoleUtilisateur) {
 										tl(5, "scopes.add(\"GET\");");
@@ -2230,10 +2230,10 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
 									tl(9, "), MultiMap.caseInsensitiveMultiMap()");
 									tl(7, ")");
 									tl(6, "));");
-									tl(5, "} else {");
+									tl(5, "}");
 								}
 								if(classeRessourcesAutorisation.size() > 0) {
-									l();
+									tl(5, "if(!scopes.contains(\"", classeApiMethodeMethode, "\")) {");
 									tl(6, "//");
 									tl(6, "List<String> fqs = new ArrayList<>();");
 									tl(6, "List<String> groups = Optional.ofNullable(", i18nGlobale.getString(I18n.var_requeteSite), ".getGroups()).orElse(new ArrayList<>());");
@@ -2261,16 +2261,13 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
 									tl(7, "fq.add(fqs.stream().collect(Collectors.joining(\" OR \")));");
 									tl(7, "scopes.add(\"", classeApiMethodeMethode, "\");");
 									tl(6, "}");
-									l();
+									tl(5, "}");
+									tl(5, "{");
+								} else {
+									tl(5, "} else {");
 								}
 								tl(6, i18nGlobale.getString(I18n.var_requeteSite), ".setScopes(scopes.stream().map(o -> o.toString()).collect(Collectors.toList()));");
 								tl(6, "List<String> scopes2 = ", i18nGlobale.getString(I18n.var_requeteSite), ".getScopes();");
-								// if(classeRoleSession || classeRoleUtilisateur || classeRoleChacun) {
-								// 	tl(6, "if(!scopes2.contains(\"POST\"))");
-								// 	tl(7, "scopes2.add(\"POST\");");
-								// 	tl(6, "if(!scopes2.contains(\"PATCH\"))");
-								// 	tl(7, "scopes2.add(\"PATCH\");");
-								// }
 							} else {
 								tl(3, "authorizationProvider.getAuthorizations(", i18nGlobale.getString(I18n.var_requeteSite), ".get", i18nGlobale.getString(I18n.var_Utilisateur), "()).onFailure(ex -> {");
 								tl(4, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
