From bafd5dff1ade0071324c660658ec0ee80ab5cd75 Mon Sep 17 00:00:00 2001
From: Subivas <gwendal1998@live.fr>
Date: Wed, 3 Dec 2025 13:03:40 +0100
Subject: [PATCH] FEAT : mise en place d'une securite globale via ACL

---
 .../controller/AlbumController.java           |   8 ++++
 .../fotosharing/security/SecurityService.java |  37 ++++++++++++++++++
 .../controller/AlbumController.class          | Bin 7730 -> 7898 bytes
 .../security/SecurityService.class            | Bin 1281 -> 2153 bytes
 4 files changed, 45 insertions(+)

diff --git a/src/main/java/local/epul4a/fotosharing/controller/AlbumController.java b/src/main/java/local/epul4a/fotosharing/controller/AlbumController.java
index ad47d31..7470874 100644
--- a/src/main/java/local/epul4a/fotosharing/controller/AlbumController.java
+++ b/src/main/java/local/epul4a/fotosharing/controller/AlbumController.java
@@ -6,6 +6,7 @@ import local.epul4a.fotosharing.service.AlbumService;
 import local.epul4a.fotosharing.service.PartageService;
 import local.epul4a.fotosharing.service.PhotoService;
 import org.springframework.data.domain.Page;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
@@ -59,6 +60,7 @@ public class AlbumController {
 
     /* ============================ DETAIL ALBUM ============================ */
     @GetMapping("/album/{id}")
+    @PreAuthorize("@securityService.canViewAlbum(authentication, #id)")
     public String viewAlbum(
             @PathVariable Long id,
             Authentication auth,
@@ -79,6 +81,8 @@ public class AlbumController {
 
     /* ============================ AJOUT PHOTO ============================ */
     @PostMapping("/album/{id}/add")
+    @PreAuthorize("@securityService.canViewAlbum(authentication, #id)")
+
     public String addPhoto(
             @PathVariable Long id,
             @RequestParam Long photoId,
@@ -95,6 +99,7 @@ public class AlbumController {
 
     /* ============================ RETIRER PHOTO ============================ */
     @GetMapping("/album/{id}/remove/{photoId}")
+    @PreAuthorize("@securityService.canViewAlbum(authentication, #id)")
     public String removePhoto(
             @PathVariable Long id,
             @PathVariable Long photoId,
@@ -106,6 +111,7 @@ public class AlbumController {
 
     /* ============================ SUPPRESSION ALBUM ============================ */
     @GetMapping("/album/{id}/delete")
+    @PreAuthorize("@securityService.canViewAlbum(authentication, #id)")
     public String deleteAlbum(
             @PathVariable Long id,
             Authentication auth
@@ -116,6 +122,7 @@ public class AlbumController {
 
     /* ============================ PARTAGE ALBUM ============================ */
     @PostMapping("/album/{id}/share")
+    @PreAuthorize("@securityService.canViewAlbum(authentication, #id)")
     public String shareAlbum(
             @PathVariable Long id,
             @RequestParam String email,
@@ -144,6 +151,7 @@ public class AlbumController {
 
     /* ============================ MAJ PARTAGE ALBUM ============================ */
     @PostMapping("/album/{id}/share/update")
+    @PreAuthorize("@securityService.canViewAlbum(authentication, #id)")
     public String updateAlbumShare(
             @PathVariable Long id,
             @RequestParam String email,
diff --git a/src/main/java/local/epul4a/fotosharing/security/SecurityService.java b/src/main/java/local/epul4a/fotosharing/security/SecurityService.java
index 79d7681..cff71d3 100644
--- a/src/main/java/local/epul4a/fotosharing/security/SecurityService.java
+++ b/src/main/java/local/epul4a/fotosharing/security/SecurityService.java
@@ -20,4 +20,41 @@ public class SecurityService {
         // Vérification basée sur les ACL (READ / COMMENT / ADMIN)
         return partageService.canView(photoId, email);
     }
+    public boolean canCommentPhoto(Authentication authentication, Long photoId) {
+        if (authentication == null || !authentication.isAuthenticated()) {
+            return false;
+        }
+        return partageService.canComment(photoId, authentication.getName());
+    }
+
+    public boolean canAdminPhoto(Authentication authentication, Long photoId) {
+        if (authentication == null || !authentication.isAuthenticated()) {
+            return false;
+        }
+        return partageService.canAdmin(photoId, authentication.getName());
+    }
+
+
+    /* =============================== ALBUMS =============================== */
+
+    public boolean canViewAlbum(Authentication authentication, Long albumId) {
+        if (authentication == null || !authentication.isAuthenticated()) {
+            return false;
+        }
+        return partageService.canViewAlbum(albumId, authentication.getName());
+    }
+
+    public boolean canCommentAlbum(Authentication authentication, Long albumId) {
+        if (authentication == null || !authentication.isAuthenticated()) {
+            return false;
+        }
+        return partageService.canCommentAlbum(albumId, authentication.getName());
+    }
+
+    public boolean canAdminAlbum(Authentication authentication, Long albumId) {
+        if (authentication == null || !authentication.isAuthenticated()) {
+            return false;
+        }
+        return partageService.canAdminAlbum(albumId, authentication.getName());
+    }
 }
diff --git a/target/classes/local/epul4a/fotosharing/controller/AlbumController.class b/target/classes/local/epul4a/fotosharing/controller/AlbumController.class
index 7b09bf6bb3de4432f7914cc4f951f7f5e64f12ed..0f498500439acad9c0ced964e683aa2518946a6e 100644
GIT binary patch
delta 1012
zcma)5NlX)A6#jnNveX7BrPAqws422(4G|R(fkfOz5{wsdDZ{8^*fK4PTre?;SMzIP
z!Uc>Tj3q7{G#<RFAh>`ixQi=_xGNXqn_;s-5+`{t@8y5<zU7~}xMCp3*zx<yRRB2{
zy<l7w#j?0JI(~~+6eXX}Q>{qVRX)F`NRjeu{Cleuxk1WiNYC?0VvQpE_ZLe_tt?85
zL~rF*S*pt~FRiIa^3teO>6b;XU#_Z5OPDX0B{M9g#a2FSifylt+NEPJd4J3t_L`5z
z#M|C7m=&o^RwU7%<?*UZJS-eT++#^#A9#^vUgSq3M(`;NpH0|<FZ_U|NB^C{%>x#<
zE(||;V{DUIfF5>4z=23OVS$UsS=)s~gku40NP-*5Sd0{snu@hZ<Ac^g!*awTv%Pb+
zler6Ma5c4SAkeWB>*%%h$i@Z~Vk1hh3HwmUO}08u96}HPL)$hmAFkoLTKjMV=g7!e
zI_f&8P#*>no&1cg*i`~EwiAsVL~$oh(Ag3gsE)x+ba6p&ux_3qB<6P0NejhU3Ki$l
zB+jj1oTv#LhVwM5Vl@)hQDK>(oUkf*moS%hjtKT?JEyqco^j`x0)~UQ!*lKFhB`!}
zp4Zy576z-o8@wSRWKumt6MA^BeY5KjUB+S3+C;7%(X_8bDAgwP;vUa)xLF_H?MNx;
zBNZ(a)3x6ZMzQM0QO2}SIq(4e<Ul+hatMZF<ic^)1>Wq+a1Lmf^OtE80v{5|24|+B
zl}MiCmz}9)eK-vr(XbPlR{ExzsW$7O{w1d<W@h>5KUqE=XIbJB3;|-<Ho>y=$-i0Z
u@sxl=@JzENl*B)${slz>eMH054{G_9mfvXkotEF@D@_?`;v0V87lc1F-RTkl

delta 862
zcmaJ<Nla5w6g{u)XQ<d(f2sZL?-vap6-+Qr2vRqqq8N=a#-S!gkf22uR*gH*xFDM7
z=4}Kwkig0q(Jo9}pm8H&9jTx=i}MUl8)H2E*qEr;<ldb3-+lKC=|K2&xwGfT*)9NK
zd^_c=aL3QP581^NS*1=CPi4Jo_@4`SVzpbg#cFGImlbc`UcF~WvB<(p*{0@+*Ybio
z+4a_mcX*$P4>_pAM>(waIz9=Q((s!0Oni|;-X@P94rs_m04@ZfLYD_~<C=*q6u^%u
zFfkP~FpWA2QHdhC#y6;xz>9hD@C03$3prT9<039u3>{1Oq!RP76f3X{8&QQQmdghJ
zUfJ(+`7h!mEse25pqn7|6R5!@nXj!bT?Y@=lXC;LL~xXMv!M`=M-MJjB`_V$Xh}UH
z>cTm`O`(MB)C%S%h+A35SuWn3VV#IT?7|g`)SV_3=;TO>xRJ#5x*=x;G^LK@Tji?2
zBt5~!Hs1TWt_^k^BOYrfAIP-H(DbW+?i;ZpZ~)h2A}~|giE)TYd$3GK4VUk_HJ)uF
zVS2C$H)J%pGStAl8|iQ#gWGR8UVseZ9Na{&><gMADZd8`%ai18W&Q2#mbE<B@oV{r
zx8Dx?&`*aY%3-=Yl5!`z^*Q?O(G1+7E-h55G*efLTpKEiB+<bLK#i#|999?}hZROU
zKaVbK;QzwzTEg<B(@>Rmit9*=tG@SdaSq%kpA8SJ5HjfZA<vIkdHj>S;rX%E2d)0h
T>MyMR3PYT7a$*>t@fF%n<JGdF

diff --git a/target/classes/local/epul4a/fotosharing/security/SecurityService.class b/target/classes/local/epul4a/fotosharing/security/SecurityService.class
index 7cd567e0e428137aee6c23a568617a6ec9166d58..617604b3232aac879cc809f757bb6e0c85e8a6f5 100644
GIT binary patch
literal 2153
zcmbu9OH&g;6opUc;Yb(=A|m*VD4GX4AoxVlh)`u!M9WxNxNC-%3?wtD$pp)tzr)|)
z#wslf7cO1+qbyHP#t?~OrC200eY^XdukXD*KYo7w2H-wcQivgLAYmejBLX8^az|P<
z>26xj*0+=$2pqZRxK6Mn5YOf+12~ES11S@OFa_pno-J#ZYP4z#(t7O$Ub8BFhr64~
zZuw5|)+$FYW##WUwh|a_NI#I9suP$i9iS3!vY!93WpNP0NE;Y2aSWpZvz|}GhW35!
z%es2w`P+K{w&yFW*b1u34IEnrj^_%bon}`^ZG@+LrFF+loWQt%v8jSJiV2KmbEUns
zlmqQUgb7R<IA!8A&Ink29)bF{bSsW}BQTxqk}r7_?;1yTIkHXQoQd<=EycadUcJr}
z>F@;;Q#yQ<;o?T!adq&LiD?})BcEbzy;au}S4?E}M0!u8GnY3}&~rn-mBJZ;g>2t7
z%2fms%iabPm@YZ4T5HwUmH$$%*BBWs>AtD3RrELtCW5Nd6qrBA>hDdp$i{uDf~vQ{
zMq$kY<x^-_AHud(v-!Nr&J<Y5miq0K?ox!M$-Sbm+}BOl``2XyG&I!{w%$lry+ad$
zq^e7&rW4iEd8|%3koNXd*@zO?Rmte2o%%&%L+a{luT<G<`L<ehbQ#9>UCwLTOknaw
zi&v$tDo)d3d5W&<1>wD6QvZ=cW?Xr}+lJzO53ejslH8HCmM;JAZ$UJL3;c-0`1#@S
z^k;-`2H%sIVe~3Tt9<JDRQ?M@zVI2wM~-5+#{Xf&`9FvR_YGhO7Dwal)tJQ`N8A^x
z3S8%VQgEQH=CQzKTK*j+5`0b-zQZi+Vo2aUlJO6GJua}8{{&;^>Ml;k@qw%2q3vk6
zV}ypskj8OZo(Qe;ZKaO&6mH-q-KdURxJ}1#g5JSh>MSyvK#X=8Y#_#^;35rouLIZM
zLVd!_KDdyoO}LA*-DvHMOb~67Xs1K0Ok1OamFZw*BCG>o?)L|i>4iB@m<(a24i7Wk
zAI!yGm>gm9gqis-%u-mezh-7BEK{~Wn9IE|vxJ!=%>3bD3jM+4dSPx6<~CvO9u_8s
V2h2|l4^iZEkPZEazvU(#{{lX>wp#!I

delta 223
zcmXwyxedZV6hz;y?Eo7iA`>9)+km-ZGCH9IDxd~SBqXGSh>U;&=!6y=AjU=n`;XZ-
z^WW8@@4r5eC$MF6^RMQf*o#Rs=M-2B9t|wb^z7DmEkP9=)c}_=B|_TTA`#%zp{t%x
zfqo4=&7RSMmOg_bD04Tal_p+o-<BRL2-*JDE<;A5b8XB-j!024Q=Oejb+O?uxMYPQ
S2to6rCM?tg*_V2&1M4rzcNJ&=