Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
T
templateService
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Bazarbay Tulenov
templateService
Commits
32abbb6b
Commit
32abbb6b
authored
Jan 26, 2024
by
Denis
Committed by
Denis Ligin
Jan 26, 2024
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Security issue fix
parent
9506b3c3
Pipeline
#374
canceled with stage
Changes
4
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
67 additions
and
23 deletions
+67
-23
src/main/java/kz/project/printedFormsService/config/SecurityContextUtils.java
...ject/printedFormsService/config/SecurityContextUtils.java
+9
-1
src/main/java/kz/project/printedFormsService/controller/RestErrorController.java
...t/printedFormsService/controller/RestErrorController.java
+14
-4
src/main/java/kz/project/printedFormsService/controller/TemplateController.java
...ct/printedFormsService/controller/TemplateController.java
+33
-18
src/main/java/kz/project/printedFormsService/exception/AccessDeniedException.java
.../printedFormsService/exception/AccessDeniedException.java
+11
-0
No files found.
src/main/java/kz/project/printedFormsService/config/SecurityContextUtils.java
View file @
32abbb6b
package
kz.project.printedFormsService.config
;
import
kz.project.printedFormsService.exception.AccessDeniedException
;
import
kz.project.printedFormsService.exception.ValidationException
;
import
lombok.experimental.UtilityClass
;
import
org.springframework.security.core.GrantedAuthority
;
...
...
@@ -26,6 +27,13 @@ public class SecurityContextUtils {
}
public
static
String
getUsername
()
{
return
SecurityContextHolder
.
getContext
()
.
getAuthentication
()
.
getName
();
}
public
static
Map
<
String
,
List
<
String
>>
getProjectRoleMap
()
{
return
SecurityContextHolder
...
...
@@ -59,6 +67,6 @@ public class SecurityContextUtils {
.
filter
(
role
->
role
.
contains
(
"gitlab"
))
.
map
(
role
->
role
.
replace
(
"ROLE_gitlab_"
,
""
))
.
findFirst
()
.
orElseThrow
(()
->
new
Validation
Exception
(
"Не указана роль для доступа к gitlab"
));
.
orElseThrow
(()
->
new
AccessDenied
Exception
(
"Не указана роль для доступа к gitlab"
));
}
}
src/main/java/kz/project/printedFormsService/controller/RestErrorController.java
View file @
32abbb6b
package
kz.project.printedFormsService.controller
;
;
import
kz.project.printedFormsService.exception.ValidationException
;
import
kz.project.printedFormsService.data.dto.ResponseErrorDto
;
import
kz.project.printedFormsService.exception.AccessDeniedException
;
import
kz.project.printedFormsService.exception.ValidationException
;
import
lombok.extern.slf4j.Slf4j
;
import
org.springframework.http.HttpStatus
;
import
org.springframework.http.ResponseEntity
;
import
org.springframework.web.bind.annotation.ControllerAdvice
;
import
org.springframework.web.bind.annotation.ExceptionHandler
;
import
org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler
;
;
@ControllerAdvice
@Slf4j
public
class
RestErrorController
extends
ResponseEntityExceptionHandler
{
@ExceptionHandler
(
ValidationException
.
class
)
//@ResponseStatus(code = HttpStatus.BAD_REQUEST, reason = "Remote service response")
protected
ResponseEntity
<
ResponseErrorDto
>
handleThereIsNoSuchUserException
(
ValidationException
err
)
{
protected
ResponseEntity
<
ResponseErrorDto
>
handleThereIsNoSuchUserException
(
ValidationException
err
)
{
err
.
printStackTrace
();
return
new
ResponseEntity
<>(
new
ResponseErrorDto
(
err
.
getMessage
(),
err
.
getCode
()),
HttpStatus
.
BAD_REQUEST
);
return
new
ResponseEntity
<>(
new
ResponseErrorDto
(
err
.
getMessage
(),
err
.
getCode
()),
HttpStatus
.
BAD_REQUEST
);
}
@ExceptionHandler
(
AccessDeniedException
.
class
)
protected
ResponseEntity
<
ResponseErrorDto
>
handleAccessDeniedException
(
AccessDeniedException
err
)
{
log
.
warn
(
"Access denied"
,
err
);
return
new
ResponseEntity
<>(
new
ResponseErrorDto
(
err
.
getMessage
(),
HttpStatus
.
FORBIDDEN
.
value
()),
HttpStatus
.
FORBIDDEN
);
}
}
src/main/java/kz/project/printedFormsService/controller/TemplateController.java
View file @
32abbb6b
...
...
@@ -9,14 +9,13 @@ import io.swagger.v3.oas.annotations.media.Schema;
import
io.swagger.v3.oas.annotations.responses.ApiResponse
;
import
io.swagger.v3.oas.annotations.responses.ApiResponses
;
import
io.swagger.v3.oas.annotations.tags.Tag
;
import
jakarta.servlet.http.HttpServletRequest
;
import
kz.project.printedFormsService.config.SecurityContextUtils
;
import
kz.project.printedFormsService.data.dto.TemplateDto
;
import
kz.project.printedFormsService.data.dto.TemplateResponseDto
;
import
kz.project.printedFormsService.data.dto.TemplateShortDto
;
import
kz.project.printedFormsService.exception.AccessDeniedException
;
import
kz.project.printedFormsService.exception.ValidationException
;
import
kz.project.printedFormsService.logging.ProcessLogger
;
import
kz.project.printedFormsService.service.TemplateService
;
import
lombok.RequiredArgsConstructor
;
import
lombok.extern.slf4j.Slf4j
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
...
...
@@ -30,6 +29,7 @@ import org.springframework.web.multipart.MultipartFile;
import
java.io.IOException
;
import
java.util.List
;
import
java.util.Map
;
import
java.util.Set
;
@RestController
@RequestMapping
(
TemplateController
.
BASE_PATH
)
...
...
@@ -85,7 +85,7 @@ public class TemplateController {
processLogger
.
start
(
this
.
getClass
(),
new
Throwable
().
getStackTrace
()[
0
].
getMethodName
(),
"Получение шаблона по идентификатору"
);
Map
<
String
,
byte
[]>
templateMap
=
service
.
getTemplate
(
id
);
return
ResponseEntity
.
ok
(
templateMap
);
}
catch
(
Exception
e
){
}
catch
(
Exception
e
)
{
processLogger
.
error
(
this
.
getClass
(),
new
Throwable
().
getStackTrace
()[
0
].
getMethodName
(),
"Получение шаблона по идентификатору"
);
LOGGER
.
error
(
e
.
getMessage
(),
e
);
return
ResponseEntity
.
status
(
HttpStatus
.
INTERNAL_SERVER_ERROR
).
body
(
e
.
getMessage
());
...
...
@@ -123,7 +123,7 @@ public class TemplateController {
TemplateDto
templateData
=
service
.
getTemplateData
(
id
);
processLogger
.
finish
(
this
.
getClass
(),
new
Throwable
().
getStackTrace
()[
0
].
getMethodName
(),
"Получение данных шаблона по идентификатору"
);
return
ResponseEntity
.
ok
(
templateData
);
}
catch
(
Exception
e
){
}
catch
(
Exception
e
)
{
LOGGER
.
error
(
e
.
getMessage
(),
e
);
processLogger
.
finish
(
this
.
getClass
(),
new
Throwable
().
getStackTrace
()[
0
].
getMethodName
(),
"Получение данных шаблона по идентификатору"
);
return
ResponseEntity
.
status
(
HttpStatus
.
INTERNAL_SERVER_ERROR
).
body
(
e
.
getMessage
());
...
...
@@ -153,8 +153,8 @@ public class TemplateController {
})
})
public
ResponseEntity
saveTemplate
(
@Parameter
(
name
=
"data"
)
@RequestParam
(
name
=
"data"
,
required
=
false
)
MultipartFile
data
,
@Parameter
(
name
=
"header"
)
@RequestParam
(
name
=
"header"
,
required
=
false
)
MultipartFile
header
,
@RequestParam
TemplateDto
dto
@Parameter
(
name
=
"header"
)
@RequestParam
(
name
=
"header"
,
required
=
false
)
MultipartFile
header
,
@RequestParam
TemplateDto
dto
)
throws
IOException
,
ValidationException
{
...
...
@@ -162,12 +162,15 @@ public class TemplateController {
if
(
data
==
null
)
{
throw
new
ValidationException
(
"Не переданы обязательные поля: data"
,
13
);
}
checkUserRights
(
dto
);
if
(
header
!=
null
)
{
return
ResponseEntity
.
ok
(
service
.
save
(
dto
,
List
.
of
(
data
,
header
)));
}
else
{
return
ResponseEntity
.
ok
(
service
.
save
(
dto
,
List
.
of
(
data
)));
}
}
catch
(
Exception
e
){
}
catch
(
AccessDeniedException
e
)
{
throw
e
;
}
catch
(
Exception
e
)
{
LOGGER
.
error
(
e
.
getMessage
(),
e
);
processLogger
.
start
(
this
.
getClass
(),
new
Throwable
().
getStackTrace
()[
0
].
getMethodName
(),
"Сохранение шаблона"
);
return
ResponseEntity
.
status
(
HttpStatus
.
INTERNAL_SERVER_ERROR
).
body
(
e
.
getMessage
());
...
...
@@ -201,12 +204,15 @@ public class TemplateController {
})
public
ResponseEntity
editTemplate
(
@Parameter
(
name
=
"data"
)
@RequestParam
(
name
=
"data"
,
required
=
false
)
MultipartFile
data
,
@Parameter
(
name
=
"header"
)
@RequestParam
(
name
=
"header"
,
required
=
false
)
MultipartFile
header
,
@RequestParam
TemplateDto
dto
)
throws
IOException
,
ValidationException
{
@Parameter
(
name
=
"header"
)
@RequestParam
(
name
=
"header"
,
required
=
false
)
MultipartFile
header
,
@RequestParam
TemplateDto
dto
)
throws
IOException
,
ValidationException
{
try
{
// if (data == null) {
// throw new ValidationException("Не переданы обязательные поля: data", 13);
// }
if
(
data
!=
null
)
{
checkUserRights
(
dto
);
}
if
(
header
!=
null
)
{
return
ResponseEntity
.
ok
(
service
.
edit
(
dto
,
List
.
of
(
data
,
header
)));
}
else
if
(
data
!=
null
)
{
...
...
@@ -214,7 +220,9 @@ public class TemplateController {
}
else
{
return
ResponseEntity
.
ok
(
service
.
edit
(
dto
,
null
));
}
}
catch
(
Exception
e
){
}
catch
(
AccessDeniedException
e
)
{
throw
e
;
}
catch
(
Exception
e
)
{
LOGGER
.
error
(
e
.
getMessage
(),
e
);
processLogger
.
start
(
this
.
getClass
(),
new
Throwable
().
getStackTrace
()[
0
].
getMethodName
(),
"Редактирование шаблона"
);
return
ResponseEntity
.
status
(
HttpStatus
.
INTERNAL_SERVER_ERROR
).
body
(
e
.
getMessage
());
...
...
@@ -228,7 +236,7 @@ public class TemplateController {
processLogger
.
start
(
this
.
getClass
(),
new
Throwable
().
getStackTrace
()[
0
].
getMethodName
(),
"Удаление шаблона"
);
service
.
delete
(
code
);
return
ResponseEntity
.
ok
(
"delete is success"
);
}
catch
(
Exception
e
){
}
catch
(
Exception
e
)
{
LOGGER
.
error
(
e
.
getMessage
(),
e
);
processLogger
.
start
(
this
.
getClass
(),
new
Throwable
().
getStackTrace
()[
0
].
getMethodName
(),
"Удаление шаблона"
);
return
ResponseEntity
.
status
(
HttpStatus
.
INTERNAL_SERVER_ERROR
).
body
(
e
.
getMessage
());
...
...
@@ -259,15 +267,15 @@ public class TemplateController {
@Operation
(
description
=
"Метод для получения всех шаблонов"
)
public
ResponseEntity
getAll
(
@Parameter
(
name
=
"isActive"
)
@RequestParam
(
value
=
"isActive"
,
required
=
false
)
Boolean
isActive
,
@Parameter
(
name
=
"page"
)
@RequestParam
(
value
=
"page"
,
defaultValue
=
"0"
)
Integer
page
,
@Parameter
(
name
=
"size"
)
@RequestParam
(
value
=
"size"
,
defaultValue
=
"50"
)
Integer
size
)
{
@Parameter
(
name
=
"page"
)
@RequestParam
(
value
=
"page"
,
defaultValue
=
"0"
)
Integer
page
,
@Parameter
(
name
=
"size"
)
@RequestParam
(
value
=
"size"
,
defaultValue
=
"50"
)
Integer
size
)
{
try
{
processLogger
.
start
(
TemplateController
.
class
,
new
Throwable
().
getStackTrace
()[
0
].
getMethodName
(),
"Получение списка шаблонов"
);
Page
<
TemplateShortDto
>
allTemplates
=
service
.
getAllTemplate
(
isActive
,
PageRequest
.
of
(
page
,
size
));
processLogger
.
finish
(
TemplateController
.
class
,
new
Throwable
().
getStackTrace
()[
0
].
getMethodName
(),
"Получение списка шаблонов"
);
return
ResponseEntity
.
ok
(
allTemplates
);
}
catch
(
Exception
e
){
}
catch
(
Exception
e
)
{
LOGGER
.
error
(
e
.
getMessage
(),
e
);
processLogger
.
error
(
TemplateController
.
class
,
new
Throwable
().
getStackTrace
()[
0
].
getMethodName
(),
"Получение списка шаблонов"
);
return
ResponseEntity
.
status
(
HttpStatus
.
INTERNAL_SERVER_ERROR
).
body
(
e
.
getMessage
());
...
...
@@ -297,16 +305,23 @@ public class TemplateController {
})
})
public
ResponseEntity
getAllByCode
(
@Parameter
(
name
=
"code"
)
@PathVariable
(
value
=
"code"
)
String
code
,
@Parameter
(
name
=
"page"
)
@RequestParam
(
value
=
"page"
,
defaultValue
=
"0"
)
Integer
page
,
@Parameter
(
name
=
"size"
)
@RequestParam
(
value
=
"size"
,
defaultValue
=
"50"
)
Integer
size
)
throws
ValidationException
{
@Parameter
(
name
=
"page"
)
@RequestParam
(
value
=
"page"
,
defaultValue
=
"0"
)
Integer
page
,
@Parameter
(
name
=
"size"
)
@RequestParam
(
value
=
"size"
,
defaultValue
=
"50"
)
Integer
size
)
throws
ValidationException
{
try
{
Page
<
TemplateDto
>
pageDTO
=
service
.
getAllTemplateByCode
(
code
,
PageRequest
.
of
(
page
,
size
));
return
ResponseEntity
.
ok
(
pageDTO
);
}
catch
(
Exception
e
){
}
catch
(
Exception
e
)
{
LOGGER
.
error
(
e
.
getMessage
(),
e
);
processLogger
.
start
(
TemplateController
.
class
,
new
Throwable
().
getStackTrace
()[
0
].
getMethodName
(),
"Получение всех шаблонов по коду"
);
return
ResponseEntity
.
status
(
HttpStatus
.
INTERNAL_SERVER_ERROR
).
body
(
e
.
getMessage
());
}
}
private
static
void
checkUserRights
(
TemplateDto
dto
)
{
Set
<
String
>
projects
=
SecurityContextUtils
.
getProjectRoleMap
().
keySet
();
if
(!
projects
.
contains
(
dto
.
getProject
()))
{
throw
new
AccessDeniedException
(
String
.
format
(
"User %s does not have access to the project %s"
,
SecurityContextUtils
.
getUsername
(),
dto
.
getProject
()));
}
}
}
src/main/java/kz/project/printedFormsService/exception/AccessDeniedException.java
0 → 100644
View file @
32abbb6b
package
kz.project.printedFormsService.exception
;
import
lombok.Data
;
@Data
public
class
AccessDeniedException
extends
RuntimeException
{
public
AccessDeniedException
(
String
message
)
{
super
(
message
);
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment