/ - Diff - Interní podpora mzdové agendy (Oso Oy) - Redmine

     package org.danekja.ymanager.business;
     import org.danekja.ymanager.business.auth.anot.CanModifyVacation;
     import org.danekja.ymanager.business.auth.anot.IsOwner;
     import org.danekja.ymanager.domain.*;
     import org.danekja.ymanager.dto.DefaultSettings;
-...
     import org.springframework.dao.DataAccessException;
     import org.springframework.stereotype.Component;
     import javax.annotation.security.DenyAll;
     import java.time.LocalDate;
     import java.util.List;
     import java.util.Optional;
-...
+        }
         @Override
         @IsOwner
         public void changeVacation(Long userId, VacationDay vacationDay) throws RESTFullException {
         //TODO not called anyway, allow after reimplementation
         @DenyAll
         public void changeVacation(VacationDay vacationDay) throws RESTFullException {
             try {
                 Optional<Vacation> vacation = vacationRepository.getVacationDay(vacationDay.getId());
                 if (vacation.isPresent()) {
-...
+        }
         @Override
         public void deleteVacation(Long userId, Long vacationId) throws RESTFullException {
         @CanModifyVacation
         public void deleteVacation(Long vacationId) throws RESTFullException {
             try {
                 User user = userRepository.getUser(userId);
                 Optional<Vacation> vacation = vacationRepository.getVacationDay(vacationId);
                 if (!vacation.isPresent()) {
-...
+                }
                 Vacation vacationDay = vacation.get();
                 User user = userRepository.getUser(vacationDay.getUserId());
                 if (vacationDay.getDate().isAfter(LocalDate.now())) {
                     if (!vacationDay.getStatus().equals(Status.REJECTED)) {

         void changeSettings(Long userId, UserSettings settings) throws RESTFullException;
         void changeVacation(Long userId, VacationDay vacationDay) throws RESTFullException;
         void changeVacation(VacationDay vacationDay) throws RESTFullException;
         void changeRequest(RequestType type, BasicRequest request) throws RESTFullException;
         void deleteVacation(Long userId, Long vacationId) throws RESTFullException;
         void deleteVacation(Long vacationId) throws RESTFullException;
+    }

     package org.danekja.ymanager.business.auth.anot;
     import org.springframework.security.access.prepost.PreAuthorize;
     import java.lang.annotation.*;
     /**
      * Methods annotated with this interface can be called either by EMPLOYER role
      * or owner of the given vacation instance.
      * <p>
      * This annotation expects method to have {@code Long vacationId} argument.
      */
     @Target({ElementType.METHOD, ElementType.TYPE})
     @Retention(RetentionPolicy.RUNTIME)
     @Inherited
     @Documented
     @PreAuthorize("hasPermission(#vacationId, 'Vacation', null)")
     public @interface CanModifyVacation {
+    }

     package org.danekja.ymanager.business.auth.permissions;
     import org.danekja.ymanager.domain.User;
     import org.danekja.ymanager.domain.UserRole;
     import org.danekja.ymanager.domain.Vacation;
     import org.danekja.ymanager.repository.VacationRepository;
     import org.slf4j.Logger;
     import org.slf4j.LoggerFactory;
     import org.springframework.beans.factory.annotation.Autowired;
     import org.springframework.security.core.Authentication;
     import org.springframework.stereotype.Component;
     import java.io.Serializable;
     import java.util.Objects;
     /**
      * {@link TypedPermissionEvaluator} for checking permissions for {@link Vacation} objects.
      * <p>
      * Invoke via {@code hasPermissions(<id parameter name>, 'Vacation', null)} permission syntax in security annotations.
      */
     @Component
     public class VacationModifyPermisionEvaluator implements TypedPermissionEvaluator {
         private static final Logger LOG = LoggerFactory.getLogger(VacationModifyPermisionEvaluator.class);
         private final VacationRepository vacationRepository;
         @Autowired
         public VacationModifyPermisionEvaluator(VacationRepository vacationRepository) {
             this.vacationRepository = vacationRepository;
+        }
         @Override
         public String getTargetType() {
             return Vacation.class.getSimpleName();
+        }
         @Override
         public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
             if (targetDomainObject != null && Vacation.class.isAssignableFrom(targetDomainObject.getClass())) {
                 Vacation target = (Vacation) targetDomainObject;
                 LOG.debug("Checking permission of {} to vacation: {}", authentication.getName(), target.getId());
                 if (authentication.getAuthorities().parallelStream().anyMatch(o -> Objects.equals(o.getAuthority(), UserRole.EMPLOYER.name()))) {
                     LOG.debug("Permission of {} to vacation: {} granted to employer", authentication.getName(), target.getId());
                     return true;
                 } else {
                     boolean canDo = Objects.equals(target.getUserId(), ((User) authentication.getPrincipal()).getId());
                     LOG.debug("Permission of {} to vacation: {} for employee: {}", authentication.getName(), target.getId(), canDo);
                     return canDo;
+                }
+            }
             LOG.warn("Checking permission of {} to vacation: {} failed - null or invalid type of object", authentication.getName(), targetDomainObject);
             return false;
+        }
         @Override
         public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) {
             if (targetId != null && Long.class.isAssignableFrom(targetId.getClass()) && Objects.equals(Vacation.class.getSimpleName(), targetType)) {
                 return hasPermission(authentication, vacationRepository.getVacationDay((Long) targetId).orElse(null), permission);
+            }
             return false;
+        }
+    }

         @RequestMapping(value = "/user/calendar/edit", method=PUT)
         public ResponseEntity userCalendarEdit(
                 @RequestParam(value = "lang", required = false) String lang,
                 @RequestBody VacationDay vacationDay,
                 Authentication auth)
                 @RequestBody VacationDay vacationDay)
+        {
             //TODO make api endpoint contain userId in path as part of #39, also drop the edit part of path
             //TODO make api endpoint point to vacation endpoint as part of #39, also drop the edit part of path
             //TODO drop the auth parameter afterwards
             return handle(Language.getLanguage(lang), () ->
                     manager.changeVacation(((User) auth.getPrincipal()).getId(), vacationDay)
                     manager.changeVacation(vacationDay)
             );
+        }
-...
         @RequestMapping(value = "/calendar/{id}/delete", method=DELETE)
         public ResponseEntity calendarDelete(
                 @PathVariable("id") String id,
                 @PathVariable("id") Long id,
                 @RequestParam(value = "lang", required = false) String lang)
+        {
             return handle(Language.getLanguage(lang), () ->
                 manager.deleteVacation(getUserId("me"), StringUtils.isNumeric(id) ? Long.parseLong(id) : -1)
                     manager.deleteVacation(id)
             );
+        }

Projekt

Obecné

Profil

ASWI - Pokročilé softwarové inženýrství » ASWI 2019 » Interní podpora mzdové agendy (Oso Oy)

Revize 7779d8bd

Přidáno uživatelem Jakub Danek před více než 5 roky(ů)