Morph01/FotoSharing
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FEAT : mise en place d'une securite globale via ACL

Browse Source
This commit is contained in:
Subivas
2025-12-03 13:03:40 +01:00
parent ff088361a0
commit bafd5dff1a
4 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/java/local/epul4a/fotosharing/controller/AlbumController.java
View File

@@ -6,6 +6,7 @@ import local.epul4a.fotosharing.service.AlbumService;
import local.epul4a.fotosharing.service.PartageService; import local.epul4a.fotosharing.service.PartageService;
import local.epul4a.fotosharing.service.PhotoService; import local.epul4a.fotosharing.service.PhotoService;
import org.springframework.data.domain.Page; import org.springframework.data.domain.Page;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.ui.Model; import org.springframework.ui.Model;
@@ -59,6 +60,7 @@ public class AlbumController {
/* ============================ DETAIL ALBUM ============================ */ /* ============================ DETAIL ALBUM ============================ */
@GetMapping("/album/{id}") @GetMapping("/album/{id}")
@PreAuthorize("@securityService.canViewAlbum(authentication, #id)")
public String viewAlbum( public String viewAlbum(
@PathVariable Long id, @PathVariable Long id,
Authentication auth, Authentication auth,
@@ -79,6 +81,8 @@ public class AlbumController {
/* ============================ AJOUT PHOTO ============================ */ /* ============================ AJOUT PHOTO ============================ */
@PostMapping("/album/{id}/add") @PostMapping("/album/{id}/add")
@PreAuthorize("@securityService.canViewAlbum(authentication, #id)")
public String addPhoto( public String addPhoto(
@PathVariable Long id, @PathVariable Long id,
@RequestParam Long photoId, @RequestParam Long photoId,
@@ -95,6 +99,7 @@ public class AlbumController {
/* ============================ RETIRER PHOTO ============================ */ /* ============================ RETIRER PHOTO ============================ */
@GetMapping("/album/{id}/remove/{photoId}") @GetMapping("/album/{id}/remove/{photoId}")
@PreAuthorize("@securityService.canViewAlbum(authentication, #id)")
public String removePhoto( public String removePhoto(
@PathVariable Long id, @PathVariable Long id,
@PathVariable Long photoId, @PathVariable Long photoId,
@@ -106,6 +111,7 @@ public class AlbumController {
/* ============================ SUPPRESSION ALBUM ============================ */ /* ============================ SUPPRESSION ALBUM ============================ */
@GetMapping("/album/{id}/delete") @GetMapping("/album/{id}/delete")
@PreAuthorize("@securityService.canViewAlbum(authentication, #id)")
public String deleteAlbum( public String deleteAlbum(
@PathVariable Long id, @PathVariable Long id,
Authentication auth Authentication auth
@@ -116,6 +122,7 @@ public class AlbumController {
/* ============================ PARTAGE ALBUM ============================ */ /* ============================ PARTAGE ALBUM ============================ */
@PostMapping("/album/{id}/share") @PostMapping("/album/{id}/share")
@PreAuthorize("@securityService.canViewAlbum(authentication, #id)")
public String shareAlbum( public String shareAlbum(
@PathVariable Long id, @PathVariable Long id,
@RequestParam String email, @RequestParam String email,
@@ -144,6 +151,7 @@ public class AlbumController {
/* ============================ MAJ PARTAGE ALBUM ============================ */ /* ============================ MAJ PARTAGE ALBUM ============================ */
@PostMapping("/album/{id}/share/update") @PostMapping("/album/{id}/share/update")
@PreAuthorize("@securityService.canViewAlbum(authentication, #id)")
public String updateAlbumShare( public String updateAlbumShare(
@PathVariable Long id, @PathVariable Long id,
@RequestParam String email, @RequestParam String email,

37
src/main/java/local/epul4a/fotosharing/security/SecurityService.java
View File

@@ -20,4 +20,41 @@ public class SecurityService {
// Vérification basée sur les ACL (READ / COMMENT / ADMIN) // Vérification basée sur les ACL (READ / COMMENT / ADMIN)
return partageService.canView(photoId, email); return partageService.canView(photoId, email);
} }
public boolean canCommentPhoto(Authentication authentication, Long photoId) {
if (authentication == null || !authentication.isAuthenticated()) {
return false;
}
return partageService.canComment(photoId, authentication.getName());
}
public boolean canAdminPhoto(Authentication authentication, Long photoId) {
if (authentication == null || !authentication.isAuthenticated()) {
return false;
}
return partageService.canAdmin(photoId, authentication.getName());
}
/* =============================== ALBUMS =============================== */
public boolean canViewAlbum(Authentication authentication, Long albumId) {
if (authentication == null || !authentication.isAuthenticated()) {
return false;
}
return partageService.canViewAlbum(albumId, authentication.getName());
}
public boolean canCommentAlbum(Authentication authentication, Long albumId) {
if (authentication == null || !authentication.isAuthenticated()) {
return false;
}
return partageService.canCommentAlbum(albumId, authentication.getName());
}
public boolean canAdminAlbum(Authentication authentication, Long albumId) {
if (authentication == null || !authentication.isAuthenticated()) {
return false;
}
return partageService.canAdminAlbum(albumId, authentication.getName());
}
} }

BIN
target/classes/local/epul4a/fotosharing/controller/AlbumController.class
View File

Binary file not shown.

BIN
target/classes/local/epul4a/fotosharing/security/SecurityService.class
View File

Binary file not shown.