Skip to content

Commit a78ff07

Browse files
computatecomputate
committed
Fixes for fine-grained access control with resource authorizations
1 parent 3c5c2d6 commit a78ff07

File tree

1 file changed

+19
-41
lines changed

1 file changed

+19
-41
lines changed

src/main/java/org/computate/frFR/java/EcrireApiClasse.java

Lines changed: 19 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -1992,26 +1992,6 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
19921992
tl(4, "try {");
19931993
tl(5, "HttpResponse<Buffer> authorizationDecision = authorizationDecisionResponse.result();");
19941994
tl(5, "JsonArray scopes = authorizationDecisionResponse.failed() ? new JsonArray() : authorizationDecision.bodyAsJsonArray().stream().findFirst().map(decision -> ((JsonObject)decision).getJsonArray(\"scopes\")).orElse(new JsonArray());");
1995-
if(StringUtils.equals(classeApiMethodeMethode, "GET")) {
1996-
} else {
1997-
if(classeRoleUtilisateur) {
1998-
tl(5, "scopes.add(\"GET\");");
1999-
tl(5, "scopes.add(\"PATCH\");");
2000-
}
2001-
tl(5, "if(authorizationDecisionResponse.failed() || !scopes.contains(\"", classeApiMethodeMethode, "\")) {");
2002-
tl(6, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
2003-
tl(6, "eventHandler.handle(Future.succeededFuture(");
2004-
tl(7, "new ServiceResponse(403, \"FORBIDDEN\",");
2005-
tl(8, "Buffer.buffer().appendString(");
2006-
tl(9, "new JsonObject()");
2007-
tl(10, ".put(\"errorCode\", \"403\")");
2008-
tl(10, ".put(\"errorMessage\", msg)");
2009-
tl(10, ".encodePrettily()");
2010-
tl(9, "), MultiMap.caseInsensitiveMultiMap()");
2011-
tl(7, ")");
2012-
tl(6, "));");
2013-
tl(5, "}");
2014-
}
20151995
if(classeRessourcesAutorisation.size() > 0) {
20161996
tl(5, "if(!scopes.contains(\"", classeApiMethodeMethode, "\")) {");
20171997
tl(6, "//");
@@ -2044,7 +2024,7 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
20442024
tl(5, "}");
20452025
tl(5, "{");
20462026
} else {
2047-
tl(5, "} else {");
2027+
tl(5, "{");
20482028
}
20492029
tl(6, i18nGlobale.getString(I18n.var_requeteSite), ".setScopes(scopes.stream().map(o -> o.toString()).collect(Collectors.toList()));");
20502030
tl(6, "List<String> scopes2 = ", i18nGlobale.getString(I18n.var_requeteSite), ".getScopes();");
@@ -2212,26 +2192,6 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
22122192
tl(4, "try {");
22132193
tl(5, "HttpResponse<Buffer> authorizationDecision = authorizationDecisionResponse.result();");
22142194
tl(5, "JsonArray scopes = authorizationDecisionResponse.failed() ? new JsonArray() : authorizationDecision.bodyAsJsonArray().stream().findFirst().map(decision -> ((JsonObject)decision).getJsonArray(\"scopes\")).orElse(new JsonArray());");
2215-
if(StringUtils.equals(classeApiMethodeMethode, "GET")) {
2216-
} else {
2217-
if(classeRoleUtilisateur) {
2218-
tl(5, "scopes.add(\"GET\");");
2219-
tl(5, "scopes.add(\"PATCH\");");
2220-
}
2221-
tl(5, "if(authorizationDecisionResponse.failed() ", classeRoleUtilisateur && StringUtils.equals(classeApiMethodeMethode, "PATCH") ? "&&" : "||", " !scopes.contains(\"", classeApiMethodeMethode, "\")) {");
2222-
tl(6, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
2223-
tl(6, "eventHandler.handle(Future.succeededFuture(");
2224-
tl(7, "new ServiceResponse(403, \"FORBIDDEN\",");
2225-
tl(8, "Buffer.buffer().appendString(");
2226-
tl(9, "new JsonObject()");
2227-
tl(10, ".put(\"errorCode\", \"403\")");
2228-
tl(10, ".put(\"errorMessage\", msg)");
2229-
tl(10, ".encodePrettily()");
2230-
tl(9, "), MultiMap.caseInsensitiveMultiMap()");
2231-
tl(7, ")");
2232-
tl(6, "));");
2233-
tl(5, "}");
2234-
}
22352195
if(classeRessourcesAutorisation.size() > 0) {
22362196
tl(5, "if(!scopes.contains(\"", classeApiMethodeMethode, "\")) {");
22372197
tl(6, "//");
@@ -2262,8 +2222,26 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
22622222
tl(7, "scopes.add(\"", classeApiMethodeMethode, "\");");
22632223
tl(6, "}");
22642224
tl(5, "}");
2225+
}
2226+
if(StringUtils.equals(classeApiMethodeMethode, "GET")) {
22652227
tl(5, "{");
22662228
} else {
2229+
if(classeRoleUtilisateur) {
2230+
tl(5, "scopes.add(\"GET\");");
2231+
tl(5, "scopes.add(\"PATCH\");");
2232+
}
2233+
tl(5, "if(authorizationDecisionResponse.failed() && !scopes.contains(\"", classeApiMethodeMethode, "\")) {");
2234+
tl(6, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
2235+
tl(6, "eventHandler.handle(Future.succeededFuture(");
2236+
tl(7, "new ServiceResponse(403, \"FORBIDDEN\",");
2237+
tl(8, "Buffer.buffer().appendString(");
2238+
tl(9, "new JsonObject()");
2239+
tl(10, ".put(\"errorCode\", \"403\")");
2240+
tl(10, ".put(\"errorMessage\", msg)");
2241+
tl(10, ".encodePrettily()");
2242+
tl(9, "), MultiMap.caseInsensitiveMultiMap()");
2243+
tl(7, ")");
2244+
tl(6, "));");
22672245
tl(5, "} else {");
22682246
}
22692247
tl(6, i18nGlobale.getString(I18n.var_requeteSite), ".setScopes(scopes.stream().map(o -> o.toString()).collect(Collectors.toList()));");

0 commit comments

Comments
 (0)