mirror of
https://github.com/HangarMC/Hangar.git
synced 2025-03-13 15:39:18 +08:00
permissions on api routes
This commit is contained in:
parent
69442928d7
commit
ed32fdace2
@ -1,6 +1,7 @@
|
||||
package io.papermc.hangar.controller.api.v1;
|
||||
|
||||
import io.papermc.hangar.controller.api.v1.interfaces.IApiKeysController;
|
||||
import io.papermc.hangar.model.common.NamedPermission;
|
||||
import io.papermc.hangar.model.internal.api.requests.CreateAPIKeyForm;
|
||||
import io.papermc.hangar.security.annotations.permission.PermissionRequired;
|
||||
import org.springframework.http.HttpStatus;
|
||||
@ -9,12 +10,12 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
import org.springframework.web.bind.annotation.ResponseStatus;
|
||||
|
||||
@Controller
|
||||
@PermissionRequired(NamedPermission.EDIT_API_KEYS)
|
||||
public class ApiKeysController implements IApiKeysController {
|
||||
|
||||
@Override
|
||||
@ResponseBody
|
||||
@ResponseStatus(HttpStatus.CREATED)
|
||||
@PermissionRequired()
|
||||
public String createKey(CreateAPIKeyForm apiKeyForm) {
|
||||
// TODO implement
|
||||
System.out.println(apiKeyForm);
|
||||
|
@ -8,6 +8,7 @@ import io.papermc.hangar.model.api.permissions.UserPermissions;
|
||||
import io.papermc.hangar.model.common.NamedPermission;
|
||||
import io.papermc.hangar.model.common.Permission;
|
||||
import io.papermc.hangar.model.common.PermissionType;
|
||||
import io.papermc.hangar.security.annotations.Anyone;
|
||||
import io.papermc.hangar.service.PermissionService;
|
||||
import org.apache.commons.lang3.tuple.ImmutablePair;
|
||||
import org.apache.commons.lang3.tuple.Pair;
|
||||
@ -19,6 +20,7 @@ import org.springframework.stereotype.Controller;
|
||||
import java.util.List;
|
||||
import java.util.function.BiPredicate;
|
||||
|
||||
@Anyone
|
||||
@Controller
|
||||
public class PermissionsController extends HangarController implements IPermissionsController {
|
||||
|
||||
|
@ -14,6 +14,10 @@ import io.papermc.hangar.model.api.project.Project;
|
||||
import io.papermc.hangar.model.api.project.ProjectMember;
|
||||
import io.papermc.hangar.model.api.project.ProjectSortingStrategy;
|
||||
import io.papermc.hangar.model.api.requests.RequestPagination;
|
||||
import io.papermc.hangar.model.common.NamedPermission;
|
||||
import io.papermc.hangar.model.common.PermissionType;
|
||||
import io.papermc.hangar.security.annotations.Anyone;
|
||||
import io.papermc.hangar.security.annotations.permission.PermissionRequired;
|
||||
import io.papermc.hangar.security.annotations.visibility.VisibilityRequired;
|
||||
import io.papermc.hangar.security.annotations.visibility.VisibilityRequired.Type;
|
||||
import io.papermc.hangar.service.api.ProjectsApiService;
|
||||
@ -25,6 +29,7 @@ import org.springframework.stereotype.Controller;
|
||||
import java.time.OffsetDateTime;
|
||||
import java.util.Map;
|
||||
|
||||
@Anyone
|
||||
@Controller
|
||||
public class ProjectsController extends HangarController implements IProjectsController {
|
||||
|
||||
@ -54,16 +59,19 @@ public class ProjectsController extends HangarController implements IProjectsCon
|
||||
}
|
||||
|
||||
@Override
|
||||
@PermissionRequired(type = PermissionType.PROJECT, perms = NamedPermission.IS_SUBJECT_MEMBER, args = "{#author, #slug}")
|
||||
public ResponseEntity<Map<String, DayProjectStats>> getProjectStats(String author, String slug, @NotNull OffsetDateTime fromDate, @NotNull OffsetDateTime toDate) {
|
||||
return ResponseEntity.ok(projectsApiService.getProjectStats(author, slug, fromDate, toDate));
|
||||
}
|
||||
|
||||
@Override
|
||||
@VisibilityRequired(type = Type.PROJECT, args = "{#author, #slug}")
|
||||
public ResponseEntity<PaginatedResult<User>> getProjectStargazers(String author, String slug, @NotNull RequestPagination pagination) {
|
||||
return ResponseEntity.ok(projectsApiService.getProjectStargazers(author, slug, pagination));
|
||||
}
|
||||
|
||||
@Override
|
||||
@VisibilityRequired(type = Type.PROJECT, args = "{#author, #slug}")
|
||||
public ResponseEntity<PaginatedResult<User>> getProjectWatchers(String author, String slug, @NotNull RequestPagination pagination) {
|
||||
return ResponseEntity.ok(projectsApiService.getProjectWatchers(author, slug, pagination));
|
||||
}
|
||||
|
@ -9,12 +9,14 @@ import io.papermc.hangar.model.api.User;
|
||||
import io.papermc.hangar.model.api.project.ProjectCompact;
|
||||
import io.papermc.hangar.model.api.project.ProjectSortingStrategy;
|
||||
import io.papermc.hangar.model.api.requests.RequestPagination;
|
||||
import io.papermc.hangar.security.annotations.Anyone;
|
||||
import io.papermc.hangar.service.api.UsersApiService;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.stereotype.Controller;
|
||||
|
||||
@Anyone
|
||||
@Controller
|
||||
public class UsersController extends HangarController implements IUsersController {
|
||||
|
||||
|
@ -9,7 +9,13 @@ import io.papermc.hangar.model.api.PaginatedResult;
|
||||
import io.papermc.hangar.model.api.project.version.Version;
|
||||
import io.papermc.hangar.model.api.project.version.VersionStats;
|
||||
import io.papermc.hangar.model.api.requests.RequestPagination;
|
||||
import io.papermc.hangar.model.common.NamedPermission;
|
||||
import io.papermc.hangar.model.common.PermissionType;
|
||||
import io.papermc.hangar.model.common.Platform;
|
||||
import io.papermc.hangar.security.annotations.Anyone;
|
||||
import io.papermc.hangar.security.annotations.permission.PermissionRequired;
|
||||
import io.papermc.hangar.security.annotations.visibility.VisibilityRequired;
|
||||
import io.papermc.hangar.security.annotations.visibility.VisibilityRequired.Type;
|
||||
import io.papermc.hangar.service.api.VersionsApiService;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@ -20,6 +26,7 @@ import java.time.OffsetDateTime;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
@Anyone
|
||||
@Controller
|
||||
public class VersionsController implements IVersionsController {
|
||||
|
||||
@ -31,22 +38,26 @@ public class VersionsController implements IVersionsController {
|
||||
}
|
||||
|
||||
@Override
|
||||
@VisibilityRequired(type = Type.VERSION, args = "{#author, #slug, #versionString, #platform}")
|
||||
public ResponseEntity<Version> getVersion(String author, String slug, String versionString, Platform platform) {
|
||||
return ResponseEntity.ok(versionsApiService.getVersion(author, slug, versionString, platform));
|
||||
}
|
||||
|
||||
@Override
|
||||
@VisibilityRequired(type = Type.PROJECT, args = "{#author, #slug}")
|
||||
public ResponseEntity<List<Version>> getVersions(String author, String slug, String name) {
|
||||
return ResponseEntity.ok(versionsApiService.getVersions(author, slug, name));
|
||||
}
|
||||
|
||||
@Override
|
||||
@VisibilityRequired(type = Type.PROJECT, args = "{#author, #slug}")
|
||||
@ApplicableFilters({VersionChannelFilter.class, VersionPlatformFilter.class, VersionTagFilter.class})
|
||||
public ResponseEntity<PaginatedResult<Version>> getVersions(String author, String slug, @NotNull RequestPagination pagination) {
|
||||
return ResponseEntity.ok(versionsApiService.getVersions(author, slug, pagination));
|
||||
}
|
||||
|
||||
@Override
|
||||
@PermissionRequired(type = PermissionType.PROJECT, perms = NamedPermission.IS_SUBJECT_MEMBER, args = "{#author, #slug}")
|
||||
public ResponseEntity<Map<String, VersionStats>> getVersionStats(String author, String slug, String versionString, Platform platform, @NotNull OffsetDateTime fromDate, @NotNull OffsetDateTime toDate) {
|
||||
return ResponseEntity.ok(versionsApiService.getVersionStats(author, slug, versionString, platform, fromDate, toDate));
|
||||
}
|
||||
|
@ -11,7 +11,6 @@ import io.swagger.annotations.ApiResponses;
|
||||
import io.swagger.annotations.Authorization;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
@ -22,7 +21,6 @@ import java.util.List;
|
||||
|
||||
@Api(tags = "Permissions", produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@RequestMapping(path = "/api/v1", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.GET)
|
||||
@Secured("ROLE_USER")
|
||||
public interface IPermissionsController {
|
||||
|
||||
@ApiOperation(
|
||||
|
@ -7,7 +7,6 @@ import io.papermc.hangar.model.api.project.Project;
|
||||
import io.papermc.hangar.model.api.project.ProjectMember;
|
||||
import io.papermc.hangar.model.api.project.ProjectSortingStrategy;
|
||||
import io.papermc.hangar.model.api.requests.RequestPagination;
|
||||
import io.papermc.hangar.security.annotations.Anyone;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiOperation;
|
||||
import io.swagger.annotations.ApiParam;
|
||||
@ -26,7 +25,6 @@ import org.springframework.web.bind.annotation.RequestParam;
|
||||
import java.time.OffsetDateTime;
|
||||
import java.util.Map;
|
||||
|
||||
@Anyone
|
||||
@Api(tags = "Projects", produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@RequestMapping(path ="/api/v1", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.GET)
|
||||
public interface IProjectsController {
|
||||
|
@ -5,7 +5,6 @@ import io.papermc.hangar.model.api.User;
|
||||
import io.papermc.hangar.model.api.project.ProjectCompact;
|
||||
import io.papermc.hangar.model.api.project.ProjectSortingStrategy;
|
||||
import io.papermc.hangar.model.api.requests.RequestPagination;
|
||||
import io.papermc.hangar.security.annotations.Anyone;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiOperation;
|
||||
import io.swagger.annotations.ApiParam;
|
||||
@ -21,7 +20,6 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
|
||||
@Anyone
|
||||
@Api(tags = "Users", produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@RequestMapping(path = "/api/v1", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.GET)
|
||||
public interface IUsersController {
|
||||
|
@ -7,7 +7,6 @@ import io.papermc.hangar.model.api.requests.RequestPagination;
|
||||
import io.papermc.hangar.model.common.NamedPermission;
|
||||
import io.papermc.hangar.model.common.PermissionType;
|
||||
import io.papermc.hangar.model.common.Platform;
|
||||
import io.papermc.hangar.security.annotations.Anyone;
|
||||
import io.papermc.hangar.security.annotations.permission.PermissionRequired;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiOperation;
|
||||
@ -27,7 +26,6 @@ import java.time.OffsetDateTime;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
@Anyone
|
||||
@Api(tags = "Versions", produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@RequestMapping(path = "/api/v1", produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
public interface IVersionsController {
|
||||
|
@ -68,7 +68,7 @@ public class ChannelController extends HangarController {
|
||||
|
||||
@Unlocked
|
||||
@ResponseStatus(HttpStatus.OK)
|
||||
@PermissionRequired(type = PermissionType.PROJECT,perms = NamedPermission.EDIT_TAGS, args = "{#projectId}")
|
||||
@PermissionRequired(type = PermissionType.PROJECT, perms = NamedPermission.EDIT_TAGS, args = "{#projectId}")
|
||||
@PostMapping("/{projectId}/delete/{channelId}")
|
||||
public void deleteChannel(@PathVariable long projectId, @PathVariable long channelId) {
|
||||
channelService.deleteProjectChannel(projectId, channelId);
|
||||
|
@ -79,7 +79,7 @@ public class HangarUserController extends HangarController {
|
||||
@Unlocked
|
||||
@CurrentUser("#userName")
|
||||
@ResponseStatus(HttpStatus.OK)
|
||||
@PermissionRequired(perms = NamedPermission.EDIT_OWN_USER_SETTINGS)
|
||||
@PermissionRequired(NamedPermission.EDIT_OWN_USER_SETTINGS)
|
||||
@PostMapping(path = "/users/{userName}/settings/tagline", consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
public void saveTagline(@PathVariable String userName, @Valid @RequestBody StringContent content) {
|
||||
UserTable userTable = userService.getUserTable(userName);
|
||||
@ -97,7 +97,7 @@ public class HangarUserController extends HangarController {
|
||||
|
||||
@Unlocked
|
||||
@ResponseStatus(HttpStatus.OK)
|
||||
@PermissionRequired(perms = NamedPermission.EDIT_OWN_USER_SETTINGS)
|
||||
@PermissionRequired(NamedPermission.EDIT_OWN_USER_SETTINGS)
|
||||
@PostMapping("/users/{userName}/settings/resetTagline")
|
||||
public void resetTagline(@PathVariable String userName) {
|
||||
UserTable userTable = userService.getUserTable(userName);
|
||||
|
@ -27,7 +27,7 @@ import java.util.List;
|
||||
@Controller
|
||||
@Secured("ROLE_USER")
|
||||
@RequestMapping(path = "/api/internal/reviews")
|
||||
@PermissionRequired(perms = NamedPermission.REVIEWER)
|
||||
@PermissionRequired(NamedPermission.REVIEWER)
|
||||
public class ReviewController {
|
||||
|
||||
private final ReviewService reviewService;
|
||||
|
@ -40,21 +40,21 @@ public class FlagController extends HangarController {
|
||||
|
||||
@ResponseStatus(HttpStatus.NO_CONTENT)
|
||||
@PostMapping("/{id}/resolve/{resolve}")
|
||||
@PermissionRequired(perms = NamedPermission.MOD_NOTES_AND_FLAGS)
|
||||
@PermissionRequired(NamedPermission.MOD_NOTES_AND_FLAGS)
|
||||
public void resolve(@PathVariable long id, @PathVariable boolean resolve) {
|
||||
flagService.markAsResolved(id, resolve);
|
||||
}
|
||||
|
||||
@ResponseBody
|
||||
@GetMapping(path = "/{projectId}", produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@PermissionRequired(perms = NamedPermission.MOD_NOTES_AND_FLAGS)
|
||||
@PermissionRequired(NamedPermission.MOD_NOTES_AND_FLAGS)
|
||||
public List<HangarProjectFlag> getFlags(@PathVariable long projectId) {
|
||||
return flagService.getFlags(projectId);
|
||||
}
|
||||
|
||||
@ResponseBody
|
||||
@GetMapping(path = "/", produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@PermissionRequired(perms = NamedPermission.MOD_NOTES_AND_FLAGS)
|
||||
@PermissionRequired(NamedPermission.MOD_NOTES_AND_FLAGS)
|
||||
public List<HangarProjectFlag> getFlags() {
|
||||
return flagService.getFlags();
|
||||
}
|
||||
|
@ -43,7 +43,7 @@ public class ProjectAdminController extends HangarController {
|
||||
this.projectVisibilityService = projectVisibilityService;
|
||||
}
|
||||
|
||||
@PermissionRequired(perms = NamedPermission.MOD_NOTES_AND_FLAGS)
|
||||
@PermissionRequired(NamedPermission.MOD_NOTES_AND_FLAGS)
|
||||
@GetMapping(path = "/notes/{projectId}", produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
public ResponseEntity<List<HangarProjectNote>> getProjectNotes(@PathVariable long projectId) {
|
||||
return ResponseEntity.ok(projectNoteService.getNotes(projectId));
|
||||
@ -51,7 +51,7 @@ public class ProjectAdminController extends HangarController {
|
||||
|
||||
@Unlocked
|
||||
@ResponseStatus(HttpStatus.CREATED)
|
||||
@PermissionRequired(perms = NamedPermission.MOD_NOTES_AND_FLAGS)
|
||||
@PermissionRequired(NamedPermission.MOD_NOTES_AND_FLAGS)
|
||||
@PostMapping(path = "/notes/{projectId}", consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
public void addProjectNote(@PathVariable long projectId, @RequestBody @Valid StringContent content) {
|
||||
projectNoteService.addNote(projectId, content.getContent());
|
||||
@ -59,7 +59,7 @@ public class ProjectAdminController extends HangarController {
|
||||
|
||||
@Unlocked
|
||||
@ResponseStatus(HttpStatus.OK)
|
||||
@PermissionRequired(perms = NamedPermission.REVIEWER)
|
||||
@PermissionRequired(NamedPermission.REVIEWER)
|
||||
@PostMapping(path = "/visibility/{projectId}", consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
public void changeProjectVisibility(@PathVariable long projectId, @Valid @RequestBody VisibilityChangeForm visibilityChangeForm) {
|
||||
projectVisibilityService.changeVisibility(projectId, visibilityChangeForm.getVisibility(), visibilityChangeForm.getComment());
|
||||
|
Loading…
x
Reference in New Issue
Block a user