From 6cfe16b3bf3e5c576956f4cb9d9b5d8a30cc1e87 Mon Sep 17 00:00:00 2001 From: Matthias Andreas Benkard Date: Sat, 18 Apr 2020 15:36:04 +0200 Subject: KB51 Promote LazychatResource#getMessage => PostResource#getPost, handle null login. Change-Id: I31601b00f1d72ec2282b6f6deedf971644b93a15 --- .../mulkcms2/benki/lazychat/LazychatResource.java | 21 ------------------- .../java/eu/mulk/mulkcms2/benki/posts/Post.java | 6 ++++++ .../eu/mulk/mulkcms2/benki/posts/PostResource.java | 23 +++++++++++++++++++++ .../java/eu/mulk/mulkcms2/benki/users/User.java | 24 ++++++++++++++++++---- 4 files changed, 49 insertions(+), 25 deletions(-) (limited to 'src/main/java') diff --git a/src/main/java/eu/mulk/mulkcms2/benki/lazychat/LazychatResource.java b/src/main/java/eu/mulk/mulkcms2/benki/lazychat/LazychatResource.java index fd672f8..3cb1204 100644 --- a/src/main/java/eu/mulk/mulkcms2/benki/lazychat/LazychatResource.java +++ b/src/main/java/eu/mulk/mulkcms2/benki/lazychat/LazychatResource.java @@ -1,7 +1,5 @@ package eu.mulk.mulkcms2.benki.lazychat; -import static javax.ws.rs.core.MediaType.APPLICATION_JSON; - import eu.mulk.mulkcms2.benki.posts.Post; import eu.mulk.mulkcms2.benki.posts.PostFilter; import eu.mulk.mulkcms2.benki.posts.PostResource; @@ -13,12 +11,10 @@ import java.util.Objects; import javax.transaction.Transactional; import javax.ws.rs.ForbiddenException; import javax.ws.rs.FormParam; -import javax.ws.rs.GET; import javax.ws.rs.NotFoundException; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; import javax.ws.rs.core.Response; @Path("/lazychat") @@ -79,21 +75,4 @@ public class LazychatResource extends PostResource { return Response.seeOther(new URI("/lazychat")).build(); } - - @GET - @Transactional - @Produces(APPLICATION_JSON) - @Path("/p/{id}") - public LazychatMessage getMessage(@PathParam("id") int id) { - - var user = getCurrentUser(); - - var message = getSession().byId(LazychatMessage.class).load(id); - - if (!user.canSee(message)) { - throw new ForbiddenException(); - } - - return message; - } } diff --git a/src/main/java/eu/mulk/mulkcms2/benki/posts/Post.java b/src/main/java/eu/mulk/mulkcms2/benki/posts/Post.java index 654db5f..5ecccc7 100644 --- a/src/main/java/eu/mulk/mulkcms2/benki/posts/Post.java +++ b/src/main/java/eu/mulk/mulkcms2/benki/posts/Post.java @@ -13,6 +13,7 @@ import java.util.List; import java.util.Objects; import java.util.Set; import javax.annotation.CheckForNull; +import javax.annotation.Nullable; import javax.json.bind.annotation.JsonbTransient; import javax.persistence.Column; import javax.persistence.Entity; @@ -163,6 +164,11 @@ public abstract class Post extends PanacheEntityBase { return query; } + public final boolean isVisibleTo(@Nullable User user) { + // FIXME: Make this more efficient. + return getVisibility() == Visibility.PUBLIC || (user != null && visibleTo.contains(user)); + } + public static class PostPage { public @CheckForNull Integer prevCursor; public @CheckForNull Integer cursor; diff --git a/src/main/java/eu/mulk/mulkcms2/benki/posts/PostResource.java b/src/main/java/eu/mulk/mulkcms2/benki/posts/PostResource.java index e7b6e9a..03447ad 100644 --- a/src/main/java/eu/mulk/mulkcms2/benki/posts/PostResource.java +++ b/src/main/java/eu/mulk/mulkcms2/benki/posts/PostResource.java @@ -1,6 +1,7 @@ package eu.mulk.mulkcms2.benki.posts; import static javax.ws.rs.core.MediaType.APPLICATION_ATOM_XML; +import static javax.ws.rs.core.MediaType.APPLICATION_JSON; import static javax.ws.rs.core.MediaType.TEXT_HTML; import com.rometools.rome.feed.atom.Content; @@ -36,6 +37,7 @@ import javax.json.spi.JsonProvider; import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; import javax.ws.rs.BadRequestException; +import javax.ws.rs.ForbiddenException; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.PathParam; @@ -280,8 +282,29 @@ public abstract class PostResource { } } + @CheckForNull protected User getCurrentUser() { + if (identity.isAnonymous()) { + return null; + } + var userName = identity.getPrincipal().getName(); return User.findByNickname(userName); } + + @GET + @Produces(APPLICATION_JSON) + @Path("/p/{id}") + public Post getPost(@PathParam("id") int id) { + + var user = getCurrentUser(); + + var message = getSession().byId(Post.class).load(id); + + if (!message.isVisibleTo(user)) { + throw new ForbiddenException(); + } + + return message; + } } diff --git a/src/main/java/eu/mulk/mulkcms2/benki/users/User.java b/src/main/java/eu/mulk/mulkcms2/benki/users/User.java index ab89baa..c5d491e 100644 --- a/src/main/java/eu/mulk/mulkcms2/benki/users/User.java +++ b/src/main/java/eu/mulk/mulkcms2/benki/users/User.java @@ -5,10 +5,10 @@ import eu.mulk.mulkcms2.benki.accesscontrol.Role; import eu.mulk.mulkcms2.benki.bookmarks.Bookmark; import eu.mulk.mulkcms2.benki.lazychat.LazychatMessage; import eu.mulk.mulkcms2.benki.posts.Post; -import eu.mulk.mulkcms2.benki.posts.Post.Visibility; import eu.mulk.mulkcms2.benki.wiki.WikiPageRevision; import io.quarkus.hibernate.orm.panache.PanacheEntityBase; import java.util.Collection; +import java.util.Objects; import java.util.Set; import javax.persistence.CollectionTable; import javax.persistence.Column; @@ -143,8 +143,24 @@ public class User extends PanacheEntityBase { return User.find("from BenkiUser u join u.nicknames n where ?1 = n", nickname).singleResult(); } - public boolean canSee(Post message) { - // FIXME: Make this more efficient. - return message.getVisibility() == Visibility.PUBLIC || visiblePosts.contains(message); + public final boolean canSee(Post message) { + return message.isVisibleTo(this); + } + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (!(o instanceof User)) { + return false; + } + User user = (User) o; + return Objects.equals(id, user.id); + } + + @Override + public int hashCode() { + return Objects.hash(id); } } -- cgit v1.2.3