mirror of
https://github.com/HangarMC/Hangar.git
synced 2025-01-06 13:56:14 +08:00
permission handling done for all frontend routes
This commit is contained in:
Jake Potrebic
parent
2ea173189c
commit
62c72d3e94
@ -2,7 +2,9 @@ package io.papermc.hangar.controller;
|
||||
|
||||
import io.papermc.hangar.db.model.ProjectsTable;
|
||||
import io.papermc.hangar.model.Color;
|
||||
import io.papermc.hangar.model.NamedPermission;
|
||||
import io.papermc.hangar.model.viewhelpers.ProjectData;
|
||||
import io.papermc.hangar.security.annotations.ProjectPermission;
|
||||
import io.papermc.hangar.security.annotations.UserLock;
|
||||
import io.papermc.hangar.service.project.ChannelService;
|
||||
import io.papermc.hangar.util.Routes;
|
||||
@ -32,6 +34,7 @@ public class ChannelsController extends HangarController {
|
||||
this.projectData = projectData;
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.EDIT_TAGS)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@GetMapping("/{author}/{slug}/channels")
|
||||
@ -42,6 +45,7 @@ public class ChannelsController extends HangarController {
|
||||
return fillModel(mv);
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.EDIT_TAGS)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping("/{author}/{slug}/channels")
|
||||
@ -50,6 +54,7 @@ public class ChannelsController extends HangarController {
|
||||
return Routes.CHANNELS_SHOW_LIST.getRedirect(author, slug);
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.EDIT_TAGS)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping("/{author}/{slug}/channels/{channel}")
|
||||
@ -59,6 +64,7 @@ public class ChannelsController extends HangarController {
|
||||
return Routes.CHANNELS_SHOW_LIST.getRedirect(author, slug);
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.EDIT_TAGS)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping("/{author}/{slug}/channels/{channel}/delete")
|
||||
|
||||
@ -5,9 +5,11 @@ import io.papermc.hangar.config.hangar.HangarConfig;
|
||||
import io.papermc.hangar.db.model.OrganizationsTable;
|
||||
import io.papermc.hangar.db.model.UserOrganizationRolesTable;
|
||||
import io.papermc.hangar.db.model.UsersTable;
|
||||
import io.papermc.hangar.model.NamedPermission;
|
||||
import io.papermc.hangar.model.NotificationType;
|
||||
import io.papermc.hangar.model.Role;
|
||||
import io.papermc.hangar.model.viewhelpers.UserData;
|
||||
import io.papermc.hangar.security.annotations.OrganizationPermission;
|
||||
import io.papermc.hangar.security.annotations.UserLock;
|
||||
import io.papermc.hangar.service.AuthenticationService;
|
||||
import io.papermc.hangar.service.NotificationService;
|
||||
@ -127,6 +129,7 @@ public class OrgController extends HangarController {
|
||||
}
|
||||
}
|
||||
|
||||
@OrganizationPermission(NamedPermission.EDIT_SUBJECT_SETTINGS)
|
||||
@Secured("ROLE_USER")
|
||||
@GetMapping("/organizations/{organization}/settings/avatar")
|
||||
@PreAuthorize("@authenticationService.authOrgRequest(T(io.papermc.hangar.model.Permission).EditOrganizationSettings, #organization, true)")
|
||||
@ -141,6 +144,7 @@ public class OrgController extends HangarController {
|
||||
}
|
||||
}
|
||||
|
||||
@OrganizationPermission(NamedPermission.MANAGE_SUBJECT_MEMBERS)
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping("/organizations/{organization}/settings/members")
|
||||
@PreAuthorize("@authenticationService.authOrgRequest(T(io.papermc.hangar.model.Permission).ManageOrganizationMembers, #organization, true)")
|
||||
@ -164,6 +168,7 @@ public class OrgController extends HangarController {
|
||||
return Routes.USERS_SHOW_PROJECTS.getRedirect(organization);
|
||||
}
|
||||
|
||||
@OrganizationPermission(NamedPermission.MANAGE_SUBJECT_MEMBERS)
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping("/organizations/{organization}/settings/members/remove")
|
||||
@PreAuthorize("@authenticationService.authOrgRequest(T(io.papermc.hangar.model.Permission).ManageOrganizationMembers, #organization, true)")
|
||||
|
||||
@ -6,9 +6,11 @@ import io.papermc.hangar.db.dao.HangarDao;
|
||||
import io.papermc.hangar.db.dao.ProjectPageDao;
|
||||
import io.papermc.hangar.db.model.ProjectPagesTable;
|
||||
import io.papermc.hangar.db.model.ProjectsTable;
|
||||
import io.papermc.hangar.model.NamedPermission;
|
||||
import io.papermc.hangar.model.viewhelpers.ProjectData;
|
||||
import io.papermc.hangar.model.viewhelpers.ProjectPage;
|
||||
import io.papermc.hangar.model.viewhelpers.ScopedProjectData;
|
||||
import io.papermc.hangar.security.annotations.ProjectPermission;
|
||||
import io.papermc.hangar.security.annotations.UserLock;
|
||||
import io.papermc.hangar.service.MarkdownService;
|
||||
import io.papermc.hangar.service.StatsService;
|
||||
@ -93,6 +95,7 @@ public class PagesController extends HangarController {
|
||||
return fillModel(mav);
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.EDIT_PAGE)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping({"/{author}/{slug}/pages/{page}/delete", "/{author}/{slug}/pages/{page}/{subPage}/delete"})
|
||||
@ -109,6 +112,7 @@ public class PagesController extends HangarController {
|
||||
return Routes.PROJECTS_SHOW.getRedirect(author, slug);
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.EDIT_PAGE)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping(value = {"/{author}/{slug}/pages/{page}/edit", "/{author}/{slug}/pages/{page}/{subPage}/edit"}, consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
|
||||
@ -143,6 +147,7 @@ public class PagesController extends HangarController {
|
||||
return toReturn;
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.EDIT_PAGE)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@GetMapping({"/{author}/{slug}/pages/{page}/edit", "/{author}/{slug}/pages/{page}/{subPage}/edit"})
|
||||
|
||||
@ -224,6 +224,7 @@ public class ProjectsController extends HangarController {
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping("/invite/{id}/{status}/{behalf}")
|
||||
public Object setInviteStatusOnBehalf(@PathVariable Object id, @PathVariable Object status, @PathVariable Object behalf) {
|
||||
// TODO perms Permission.ManageProjectMembers
|
||||
return null; // TODO implement setInviteStatusOnBehalf request controller
|
||||
}
|
||||
|
||||
@ -282,6 +283,7 @@ public class ProjectsController extends HangarController {
|
||||
return Routes.PROJECTS_SHOW.getRedirect(author, slug); // TODO flashing
|
||||
}
|
||||
|
||||
@GlobalPermission(NamedPermission.MOD_NOTES_AND_FLAGS)
|
||||
@Secured("ROLE_USER")
|
||||
@GetMapping("/{author}/{slug}/flags")
|
||||
public ModelAndView showFlags(@PathVariable String author, @PathVariable String slug) {
|
||||
@ -347,6 +349,7 @@ public class ProjectsController extends HangarController {
|
||||
}
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.EDIT_SUBJECT_SETTINGS)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping("/{author}/{slug}/icon/reset")
|
||||
@ -377,6 +380,7 @@ public class ProjectsController extends HangarController {
|
||||
return fillModel(mav);
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.DELETE_PROJECT)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping(value = "/{author}/{slug}/manage/delete", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
|
||||
@ -390,6 +394,7 @@ public class ProjectsController extends HangarController {
|
||||
return new RedirectView(Routes.getRouteUrlOf("showHome"));
|
||||
}
|
||||
|
||||
@GlobalPermission(NamedPermission.HARD_DELETE_PROJECT)
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping("/{author}/{slug}/manage/hardDelete")
|
||||
public RedirectView delete(@PathVariable String author, @PathVariable String slug, RedirectAttributes ra) {
|
||||
@ -418,6 +423,7 @@ public class ProjectsController extends HangarController {
|
||||
return Routes.PROJECTS_SHOW_SETTINGS.getRedirect(author, slug);
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.EDIT_SUBJECT_SETTINGS)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping(value = "/{author}/{slug}/manage/rename", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
|
||||
@ -442,6 +448,7 @@ public class ProjectsController extends HangarController {
|
||||
return new RedirectView(Routes.getRouteUrlOf("projects.show", author, newName));
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.EDIT_SUBJECT_SETTINGS)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping(value = "/{author}/{slug}/manage/save", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
|
||||
@ -518,6 +525,7 @@ public class ProjectsController extends HangarController {
|
||||
return Routes.PROJECTS_SHOW.getRedirect(author, slug);
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.EDIT_SUBJECT_SETTINGS)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@GetMapping("/{author}/{slug}/manage/sendforapproval")
|
||||
@ -587,6 +595,7 @@ public class ProjectsController extends HangarController {
|
||||
}
|
||||
}
|
||||
|
||||
@GlobalPermission(NamedPermission.REVIEWER)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping(value = "/{author}/{slug}/visible/{visibility}", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
|
||||
|
||||
@ -198,6 +198,7 @@ public class UsersController extends HangarController {
|
||||
}
|
||||
}
|
||||
|
||||
@GlobalPermission(NamedPermission.IS_STAFF)
|
||||
@GetMapping("/staff")
|
||||
public Object showStaff(@RequestParam(required = false, defaultValue = "roles") String sort, @RequestParam(required = false, defaultValue = "1") int page) {
|
||||
ModelAndView mav = new ModelAndView("users/staff");
|
||||
@ -230,6 +231,7 @@ public class UsersController extends HangarController {
|
||||
return fillModel(mav);
|
||||
}
|
||||
|
||||
@GlobalPermission(NamedPermission.EDIT_API_KEYS)
|
||||
@Secured("ROLE_USER")
|
||||
@GetMapping("/{user}/settings/apiKeys")
|
||||
public ModelAndView editApiKeys(@PathVariable String user) {
|
||||
@ -265,6 +267,7 @@ public class UsersController extends HangarController {
|
||||
return Routes.USERS_SHOW_PROJECTS.getRedirect(user);
|
||||
}
|
||||
|
||||
@GlobalPermission(NamedPermission.EDIT_OWN_USER_SETTINGS)
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping(value = "/{user}/settings/tagline")
|
||||
public ModelAndView saveTagline(@PathVariable String user, @RequestParam("tagline") String tagline) {
|
||||
|
||||
@ -24,6 +24,7 @@ import io.papermc.hangar.model.viewhelpers.ProjectData;
|
||||
import io.papermc.hangar.model.viewhelpers.ScopedProjectData;
|
||||
import io.papermc.hangar.model.viewhelpers.VersionData;
|
||||
import io.papermc.hangar.security.annotations.GlobalPermission;
|
||||
import io.papermc.hangar.security.annotations.ProjectPermission;
|
||||
import io.papermc.hangar.security.annotations.UserLock;
|
||||
import io.papermc.hangar.service.DownloadsService;
|
||||
import io.papermc.hangar.service.StatsService;
|
||||
@ -177,6 +178,7 @@ public class VersionsController extends HangarController {
|
||||
return fillModel(mav);
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.CREATE_VERSION)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@GetMapping("/{author}/{slug}/versions/new")
|
||||
@ -186,6 +188,7 @@ public class VersionsController extends HangarController {
|
||||
return mav;
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.CREATE_VERSION)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping(value = "/{author}/{slug}/versions/new/upload", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
|
||||
@ -213,6 +216,7 @@ public class VersionsController extends HangarController {
|
||||
return _showCreator(author, slug, pendingVersion);
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.CREATE_VERSION)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@GetMapping("/{author}/{slug}/versions/new/{versionName}")
|
||||
@ -265,6 +269,7 @@ public class VersionsController extends HangarController {
|
||||
}
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.CREATE_VERSION)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping(value = "/{author}/{slug}/versions/{version:.+}", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
|
||||
@ -496,6 +501,7 @@ public class VersionsController extends HangarController {
|
||||
}
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.DELETE_VERSION)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping(value = "/{author}/{slug}/versions/{version}/delete", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
|
||||
@ -628,6 +634,7 @@ public class VersionsController extends HangarController {
|
||||
}
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.EDIT_VERSION)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping("/{author}/{slug}/versions/{version}/recommended")
|
||||
@ -648,6 +655,7 @@ public class VersionsController extends HangarController {
|
||||
return Routes.VERSIONS_SHOW.getRedirect(author, slug, version);
|
||||
}
|
||||
|
||||
@ProjectPermission(NamedPermission.EDIT_VERSION)
|
||||
@UserLock(route = Routes.PROJECTS_SHOW, args = "{#author, #slug}")
|
||||
@Secured("ROLE_USER")
|
||||
@PostMapping(value = "/{author}/{slug}/versions/{version}/save", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
|
||||
|
||||
@ -26,7 +26,7 @@ public enum NamedPermission {
|
||||
CREATE_VERSION("create_version", Permission.CreateVersion, "CreateVersion"),
|
||||
EDIT_VERSION("edit_version", Permission.EditVersion, "EditVersion"),
|
||||
DELETE_VERSION("delete_version", Permission.DeleteVersion, "DeleteVersion"),
|
||||
EDIT_TAGS("edit_tags", Permission.EditTags, "EditTags"),
|
||||
EDIT_TAGS("edit_tags", Permission.EditTags, "EditTags"), // EDIT_CHANNELS
|
||||
|
||||
CREATE_ORGANIZATION("create_organization", Permission.CreateOrganization, "CreateOrganization"),
|
||||
POST_AS_ORGANIZATION("post_as_organization", Permission.PostAsOrganization, "PostAsOrganization"),
|
||||
|
||||
@ -36,6 +36,10 @@ public class PermissionService {
|
||||
return addDefaults(permissionsDao.get().getProjectPermission(userId, author, slug));
|
||||
}
|
||||
|
||||
public Permission getProjectPermissions(long userId, String pluginId) {
|
||||
return addDefaults(permissionsDao.get().getProjectPermission(userId, pluginId));
|
||||
}
|
||||
|
||||
public Permission getProjectPermissions(UsersTable usersTable, String pluginId) {
|
||||
if (usersTable == null) {
|
||||
return Permission.None;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user