From b144a44a0a540116a5b91f8efb0ccae6020c4492 Mon Sep 17 00:00:00 2001 From: Subivas Date: Wed, 3 Dec 2025 09:13:37 +0100 Subject: [PATCH] CORRECTION BUG & AMELIORATION : Gestion de la visibilite et des partages de photos (ACL) --- .../controller/PhotoController.java | 26 +++++++++++- .../fotosharing/mapper/PartageMapper.java | 4 +- .../fotosharing/service/PartageService.java | 2 +- .../service/impl/PartageServiceImpl.java | 38 +++++++++++++---- .../resources/templates/photo-detail.html | 39 ++++++++++++------ .../controller/PhotoController.class | Bin 9064 -> 9709 bytes .../fotosharing/mapper/PartageMapper.class | Bin 1749 -> 1749 bytes .../fotosharing/service/PartageService.class | Bin 728 -> 794 bytes .../service/impl/PartageServiceImpl.class | Bin 6785 -> 7594 bytes target/classes/templates/photo-detail.html | 39 ++++++++++++------ 10 files changed, 108 insertions(+), 40 deletions(-) diff --git a/src/main/java/local/epul4a/fotosharing/controller/PhotoController.java b/src/main/java/local/epul4a/fotosharing/controller/PhotoController.java index 8e3b2c5..a0dfabd 100644 --- a/src/main/java/local/epul4a/fotosharing/controller/PhotoController.java +++ b/src/main/java/local/epul4a/fotosharing/controller/PhotoController.java @@ -18,6 +18,9 @@ import org.springframework.ui.Model; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; +import java.net.URLEncoder; +import java.nio.charset.StandardCharsets; + @Controller public class PhotoController { @@ -181,8 +184,13 @@ public class PhotoController { @RequestParam String permission, Authentication auth) { - partageService.share(id, email, permission, auth.getName()); - return "redirect:/photo/" + id + "?shared=ok"; + try { + partageService.share(id, email, permission, auth.getName()); + return "redirect:/photo/" + id + "?shared=ok"; + } catch (RuntimeException ex) { + return "redirect:/photo/" + id + "?error=" + URLEncoder.encode(ex.getMessage(), StandardCharsets.UTF_8); + } + } @@ -193,4 +201,18 @@ public class PhotoController { partageService.unshare(id, email); return "redirect:/photo/" + id; } + + /* ========================== MAJ MODE PARTAGE ========================== */ + @PostMapping("/photo/{id}/share/update") + @PreAuthorize("@securityService.canAccessPhoto(authentication, #id)") + public String updateShare( + @PathVariable Long id, + @RequestParam String email, + @RequestParam String permission, + Authentication auth + ) { + partageService.updatePermission(id, email, permission, auth.getName()); + return "redirect:/photo/" + id; + } + } \ No newline at end of file diff --git a/src/main/java/local/epul4a/fotosharing/mapper/PartageMapper.java b/src/main/java/local/epul4a/fotosharing/mapper/PartageMapper.java index d7b59c8..57cdfb2 100644 --- a/src/main/java/local/epul4a/fotosharing/mapper/PartageMapper.java +++ b/src/main/java/local/epul4a/fotosharing/mapper/PartageMapper.java @@ -4,17 +4,17 @@ import local.epul4a.fotosharing.dto.PartageDTO; import local.epul4a.fotosharing.model.Partage; public class PartageMapper { - public static PartageDTO toDTO(Partage p) { if (p == null) return null; PartageDTO dto = new PartageDTO(); dto.setId(p.getId()); + dto.setPermission(p.getPermission().name()); dto.setUtilisateur(UtilisateurMapper.toDTO(p.getUtilisateur())); dto.setPhoto(PhotoMapper.toDTO(p.getPhoto())); - dto.setPermission(p.getPermission().name()); return dto; } } + diff --git a/src/main/java/local/epul4a/fotosharing/service/PartageService.java b/src/main/java/local/epul4a/fotosharing/service/PartageService.java index 6a4a4e4..1e36711 100644 --- a/src/main/java/local/epul4a/fotosharing/service/PartageService.java +++ b/src/main/java/local/epul4a/fotosharing/service/PartageService.java @@ -13,5 +13,5 @@ public interface PartageService { boolean canView(Long photoId, String email); boolean canComment(Long photoId, String email); boolean canAdmin(Long photoId, String email); - + void updatePermission(Long photoId, String targetEmail, String newPermission, String ownerEmail); } diff --git a/src/main/java/local/epul4a/fotosharing/service/impl/PartageServiceImpl.java b/src/main/java/local/epul4a/fotosharing/service/impl/PartageServiceImpl.java index e37e73e..c4bad8d 100644 --- a/src/main/java/local/epul4a/fotosharing/service/impl/PartageServiceImpl.java +++ b/src/main/java/local/epul4a/fotosharing/service/impl/PartageServiceImpl.java @@ -40,29 +40,25 @@ public class PartageServiceImpl implements PartageService { @Override public void share(Long photoId, String targetEmail, String permissionStr, String ownerEmail) { - Photo photo = photoRepository.findById(photoId) .orElseThrow(() -> new RuntimeException("Photo introuvable")); - if (!photo.getProprietaire().getEmail().equals(ownerEmail)) throw new RuntimeException("Vous n'êtes pas propriétaire"); - Utilisateur target = utilisateurRepository.findByEmail(targetEmail) .orElseThrow(() -> new RuntimeException("Utilisateur introuvable")); - - if (partageRepository.existsByPhoto_IdAndUtilisateur_Email(photoId, targetEmail)) - return; - + // Nouveauté ici : renvoyer un message explicite + if (partageRepository.existsByPhoto_IdAndUtilisateur_Email(photoId, targetEmail)) { + throw new RuntimeException("Cet utilisateur a déjà accès à cette photo"); + } Partage.Permission permission = Partage.Permission.valueOf(permissionStr); - Partage partage = new Partage(); partage.setPhoto(photo); partage.setUtilisateur(target); partage.setPermission(permission); - partageRepository.save(partage); } + @Override public void unshare(Long photoId, String targetEmail) { @@ -121,4 +117,28 @@ public class PartageServiceImpl implements PartageService { return partage.getPermission() == Partage.Permission.ADMIN; } + @Override + public void updatePermission(Long photoId, String targetEmail, String newPermission, String requesterEmail) { + Photo photo = photoRepository.findById(photoId) + .orElseThrow(() -> new RuntimeException("Photo introuvable")); + //Vérifier si requester = propriétaire + if (!photo.getProprietaire().getEmail().equals(requesterEmail)) { + // Sinon, vérifier s'il a ADMIN + Partage requesterPartage = partageRepository + .findByPhoto_IdAndUtilisateur_Email(photoId, requesterEmail) + .orElse(null); + if (requesterPartage == null || requesterPartage.getPermission() != Partage.Permission.ADMIN) { + throw new RuntimeException("Vous n’avez pas les droits ADMIN pour modifier les permissions."); + } + } + // OK → modification des droits + Partage partage = partageRepository + .findByPhoto_IdAndUtilisateur_Email(photoId, targetEmail) + .orElseThrow(() -> new RuntimeException("Partage introuvable")); + Partage.Permission permission = Partage.Permission.valueOf(newPermission); + partage.setPermission(permission); + partageRepository.save(partage); + } + + } diff --git a/src/main/resources/templates/photo-detail.html b/src/main/resources/templates/photo-detail.html index 674152a..0683902 100644 --- a/src/main/resources/templates/photo-detail.html +++ b/src/main/resources/templates/photo-detail.html @@ -31,21 +31,34 @@ -

Partagée avec :

- - - +
+

Partagée avec :

+

Partager la photo

+
+ +
+
+ Partage effectué avec succès ! +
diff --git a/target/classes/local/epul4a/fotosharing/controller/PhotoController.class b/target/classes/local/epul4a/fotosharing/controller/PhotoController.class index 4ee2d5a42635d5006eb5fd3edd0cc9511ec32fd7..9485a1ed5150b243667ecc6543e311b7c78212cc 100644 GIT binary patch delta 2630 zcma)7X>3$g6#mX^kC_f#rpqiXrNu&N3o~pAv=peU0xFCAP-1XshfT0M9h zVK?^SJp=E1@c}**laJEWI-{Mw6euv?J3w7n_X5t|;1FKJ06$Z^X#?@>c~ zo4cHTGwIH?8&bZdu<%(aDM^99tT5)zq6)LvUs{=!ayN_AV}d}WeL-7CTjb7`rn@5v zwH8V3o5TIha<#eMUnIlLE`RBu9x_r8jK`W<;<3h#+Vp!eCKivk#p@-`IP5C7N;DJd=5W{;3t$R$Fv9XNjTem!Ofg( zP;p#(X|VR`O>HZm+&RjT&6Q&u$LBy2_?gx(_?4KHyJt8nj8)Yy!!VmeLz2p0k;YXE zAL>wuQ3O#>2BWqA(LC?x&I$acPgSKO(FacAcOAV7r|<`{skPJi6LxK#!C#DamNxOu zHn^AOdy-41I8Jj+I>WyUsQ=DDeU9s84lbNmiwVY3rcIfr1PM{1P%5#Bow&Nqxy5rd zmuh&pKAECkM^UFBfNA7%JtDXPBQTw;W?(#Ka(BAsS51uIxs-mi#34?`%EB0|6&EA+ zLxmX9gRB&nY}n2sU|`Z&^fu^2adL{#i41Ymwu#5$V`V|Ip!gWfrFdzG^ptD{?lu>d zysBYOp~S##ESq^uMgd%|s9S>$GTfA}KkfrPh|yQpxJX3R?E0HdoSAN_6TBsygk2%Akvo)=4h&YiO=P z7t{;OIaYA25iw?NWNC6zI23E$fx1mg`T*F z1(`$z?#)PGrNy*T3erp~H31vn2*H#>*rkY`)rCo|_?c3bKDSK@I9;AXfE0?Ec3UQJ zmBFBdG`^hPZ)Ifg0s4Osd02%4Jj7ePnl0dAMDPf&)*2SwqqrH5p&4tj6zgyw9*2qb z{B6KSJb~vpZ^2WV*L+>bT^6sdbYTKrnxV>ISL(W{gmh`L4u;>P>( zsf&s4BUe$c;|ZzI6;Q;BoGSc_b-;IcZopC@V5tz0 ze(9zYNU5OV^|Whv{nGF*=`2#I0p-{;0BI!B-zQZH3ZFKyqo^(!Husf>lC{p7ptB3_ zyo7hR;-l^O4A@NMU|SFITW!}ZIaQsnv4`*A>Q0nkm&UK!XNhW`Qmxx(*kTg4n1uE9 zQuz!^4LPay8P=Rs`<$oy=Pd?9rTV8Pm`m|$cuwU&kyP?q?NbK)TmHgK`IYMD`G%Sg z;hR@8k*0d;IkHKiRv`^h+XmE0 UgUij&K%HFca?3cGAd?XM2aGf0`Tzg` delta 2004 zcmZ`(X>62L6g_vguQQ$LFwGYHGgeZ&c}Hllr)1cYfb*(1 z=4AYn+?E6fmsAXhleTN*QfE`F&N&h)b>`YBXN%osPZmVhbuC}Lu4~!)S*>eVty#aO zRf;6#gyWMVVV~3nq)zHBnG(bs(%^K)Pf3fjFp-uEoSwv@;s69*?1KxV&f!E$>wCnQ zfRAe}Jg9>o^(esHO6 zB7(+tYXp4<_$#63WBv{rr zLdQ6&Ei5#gyuu)0`Y&8u_%+YxeAR!0^09=8f2Se%1E-AyN2^{ou;;PFKqs4E3FTOd zB)>Jdg`zIQMf}c07YVH(i7s4^Roq>T<^0}?+i(|d#{;+nTX83z!CFJ>1{5)0f1Xx9 zGWe7Cs;`%piq($?X}L4T?4zlb=r;;#*Y!gc^byh%I759c!!_<>CNKvW4fOG+Iu^=! zp7yw*eWCWJ%1GJ%nrK%2*UfZ1^$5*4j!nZEV%(q8eAv5!}FVy97XB|Cq+SZt0BXvY98f4(T$ z^F=(beIA8-9A&1@+b!{5X-V<9_p80G1R9<)qiB6q^-4Zq(P@xYw+xYoD zU<{qF$s|+7jkV3DiUHG^&$EI91?t-QD%kld*b>PN9XneE125#(r^u}=ya|&!`+ky4+O87PP9D>H9;(XtzRfgRj*L5E}(*)ERfVS}t-G;0F(SaxuzrO!q6Nk};@ zx7pRf=qW7W8R9JGmX=X*Y6Wu>FeBYk@$V9r7nV>fcY-1M9g&#ArhOxC(z~MRmk?>0 zI*hm7%3{w%7O!)>?J+D;*@%37qlQIBA4)VwBlkp9bwZvv+{88|4e1NXYOJeA;#^&l uFaewZ!dE1f^l^ep4gXh}wOShKOAtmo+N81v7Pn{#T=Qcz_YfxH$*S)Bz|COg)>zvBkE0s-fvRcG;6|RMz%6u=FQXsRB4VwJ0wYD^Jm_IdU9xBEL~-ET@X% zf1P`~u6!t!N!=7zp1P-*XP)+mbx&tvcSiI)hxsd@83b)&gHB_JsfC;KI9eohLh3Uk N_vXSjLVq)8`~j3sECB!j delta 235 zcmXYqUoHbt9EHDMr|ylqGtv+#X-fU6(dnQRqlAV;M8q1bzy>^d_CkIO5Ic}aZn^?5 zo@W7eAXeZ?yqtW=$vIycm+{k&mU5;;N%geyU=|%qwDqHMX;vJotm$l2B4M&r% zkZFBlL0_s?@1tAObL4F5S5(w$OtJ0gv-A9Yl?>Rk>^lx9gnrm`^iFa!bR2Q4uaX+e ziID%l&AeY%KSi3_F!{xphNqQvJGnloxpGwX}h2v0Z-9+oWA@ z;A6N!?(r_ub{H7KPWh_$V)I4=H(^jfOC+1SZOe~x++yHX+$QG~PuF%EkobhWvbe>6 zJ3gi3(+2LqXXK$`Tf5W1UHF{5*w;?scN^G)d!+Qe&l|%R4D7`|`I2vOI)?iU+>d<% zMT?fMShg|*4;s8UD6nX4qTi16zIg2&(E)2~q%Uemx-C1>nM}k}cEs5n=}XXjJ&DeE zEN&&8pZlz2Pu#ZSiC()dgd%mmT{ald@OvNrfIsT^ zlYv+9nm{cBq*B^J+w)owf03^QE9d^r2QU6^;8%Ddh!=R~b+zy>1HV)Ytz39hE&SWS z&+&_(5CS!FI9Ofxfq*6$WnSSi@H2H#XlkY#_^C51_6eWx>%uTZi6}j4PnaoOA}sfW zsy$@_Q=|x0$d^N=IJP@{p1%ZiI!55aaak3fE=J|@@OgnRGhM0~1i(am1&_*s@CB0} z!XbIfVf4P#3aSqbKlH z-k~lo5}W`h*j)G;7r%~^N+-%#M*+oLAC^ldu1S}SV%7Rk$1$vVto9LDjru6M)*nMp zqu2DBMH%$6(=tf1(=!;Tei*vx9l=%?)*a?0ZYV7;a|mkqorwz6Vg~9k8<(I7v(SP$ zSc|#Xh)+*>QnaxvzC}jQNSYl zYca~Ogx*|=2%2e;_fn}A+F+Rjn+=ABJZwWAwjl>QgVt24U*vXl_d<+ep3XE@?k#rZ zl@|B`+8t#R<)+vrcb1=@9zKFk?n9C1pi;4B<_JFP{;%eZ9@BFYx@SK;?t{E3>%eL% z46Hy1D=`VJ46;?Y2&?J3Hq>Jc8tK9&tRukXj{5aZSgy{izdEn}YCMY;<*X2`pd91o zA-_Z7aX?tV#xRLa2>8b^nLth1h|M8AOFaaBm_zERP)Iu}rl#LYa0*54gQh2g&mY0P zdr_Jj?x)YsA**u|>`JQhA(Cw*S(Ie$4A2gebz%W5x+zBHP23SHpxcnA+khw9oXi3? z5HCx&B1gA?*{J-Kr3*vL(T$;!aAofC@P3rTyJphc{SAX6WiwvZ`F zCYwwtGW8d*wB=da@}6qTqb$bytfv<6y0a{2J(XoC9S`Nl`MR=_u2#W6#Gosw8Nns0 z+#Hat6V3D-Ck{=|TLMutwUhK5iwm8&e=o9?=!>cn6@=|^JOE@cpGnuKWh<1aoh?P$ z_@!tolV=-i!ypqcjdUIV4b)>h4Ralq<9Y`34qU!W*{YPQMQ>m^(||$p zI>o81E+|FMar!(E^r<(93Bkh6Ql<(Y;B!j$gEZ73&V*BeHTJ+x?&k}3?*6oM;Ltb+ zw($TT!`y);rmcEXjG7FNWYAol!TVK>a21GH;ut9V^cao_xB&)UB%|PMd~44YKblrg z%$LRyKZ^(WTK~@hwSPQyXEMuPauj+Qzh{6meF w;tc+o9byb`u!^gVXM`)ac19F&q#j}Q_{PvBf=woF$3iio$rK?mQIx~{4=!zE8~^|S delta 2038 zcma)+d0bRg6vw}BW|$dP_G%YJzEZc0)_PxkDZ)P0%eB_Vd^WMGh%(?gezUQ2KHl!~e>Ns#} z`%Yk_W^Q(rTDv$Xro=|6P8l;*vvrxJLL)(Kibx1^P>$Jn&DNPim2%sL+sm1!Q%#N9 zYRi<5TAe!PE0aCjx=`mD>Q%mdi1k{X>u6BR?HSg^IyZ2mI%*$pU7~X{OV#U^={(LFsg}_GoMZ;6pyL@v+V)oX|)Xy>V(qL`}|#a6Z>?%94u0 zy26yo!Z~Frmljo&%y6g6x-T8r`AX+4j)rqo3?~i4w>obchFmfHU>JVXIl}AV{H!KL zriSsWgWvew#veL=@>fe!WPi=Xzv@_2qD9k)SI48`Rf028+o*;+yM;KAFwl&N&8ooJ zJE=uVAVw_E4GY}~rU#+K6U8}f5o@AY!O2!UYNPX9tyLXyI&IsC!z??Tbf#)8sz-FU zafWY4|YEg84gQYon8#B^u zJ1C#p%B(cI%kB#DP$`4e!(16`9^8pru(|AQEHE*pS=O2{KrSRq-u>mBOjlCqLn;Fq zLoq;w+wbR?iMc(*CSiJGs z<&@v|$g@`-jf1>m1WBEYiEmhhcwBFi*G(FlhsNEM=Opi=ixG?DHf}XZT2Du!mmCF| zIAr^1E|zp<(Ub8KkqIJdqQoM*Lwbh=V21@@hxuXqNHh)Uea&9&cC>be+T;ouSq(Pi zAfATULlk+%Hg|Ptjp|_69u3Pkqt+2*X)+`x^>5=o^J(R27MEooHp_Y}<|bM0OJJf1 zhDk(n8L{M%Kt6pXWrMhaAxxFDT`AGMN?@jWz?&N^{$pQJ3IZT$3tVl+C6JwS| zAzl)T7bKFPc48$7VIl2w7oZGZq56>ydy!uCBW;ZJA;mRxPO_gMbCb*B;i1hux|UG? zbnUvc2nUD=C=^*mLRc(>B|=!r0BO5Jm?;HW&R8nQWfoVQj*eMq+U$&4|USF!2uW$|#cZI3|<#@&XLYya#U|Li-y d=O_Laf1@uKOAWPWxL74^?H?IWNxv}R`VX`ws7L?+ diff --git a/target/classes/templates/photo-detail.html b/target/classes/templates/photo-detail.html index 674152a..0683902 100644 --- a/target/classes/templates/photo-detail.html +++ b/target/classes/templates/photo-detail.html @@ -31,21 +31,34 @@ -

Partagée avec :

- - - +
+

Partagée avec :

+
    +
  • + + + + + + +
    • + + Retirer + +

Partager la photo

+
+ +
+
+ Partage effectué avec succès ! +