Fix cupboard access checking and logging

2 files changed, 30 insertions, 3 deletions

diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
index 4e5ebce..cdce80d 100644
--- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
+++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
@@ -25,8 +25,9 @@ public class AuthService {
      * @param targetUsername The targetUsername of the user trying to be accessed.
      * @param key The api key obtained by the client from logging in.
      * @throws IllegalAccessException Thrown if access was denied to the user.
+     * @throws IOException Thrown on a file writing issue
      */
-    public void authenticate(String targetUsername, String key) throws IllegalAccessException, IOException {
+    public void keyHasAccessToUser(String targetUsername, String key) throws IllegalAccessException, IOException {
         var userAuth = userAuthDAO.getUserAuth(key);
         if (userAuth == null) {
             throw new IllegalAccessException("Invalid authentication key");
@@ -39,11 +40,36 @@ public class AuthService {
        }
     }
 
-    public void authenticate(String key) throws IOException, IllegalAccessException {
+    /**
+     * Check if the provided key is valid
+     * @param key The api key obtained by the client from logging in.
+     * @throws IllegalAccessException Thrown if access was denied to the user.
+     * @throws IOException Thrown on a file writing issue
+     */
+    public void keyIsValid(String key) throws IOException, IllegalAccessException {
+        var userAuth = userAuthDAO.getUserAuth(key);
+        if (userAuth == null) {
+            throw new IllegalAccessException("Invalid authentication key");
+        }
+    }
+
+    /**
+     * Check if the provided key has access to edit the cupboard
+     * @param key The api key obtained by the client from logging in.
+     * @throws IllegalAccessException Thrown if access was denied to the user.
+     * @throws IOException Thrown on a file writing issue
+     */
+    public void keyHasAccessToCupboard(String key) throws IOException, IllegalAccessException {
         var userAuth = userAuthDAO.getUserAuth(key);
         if (userAuth == null) {
             throw new IllegalAccessException("Invalid authentication key");
         }
+
+        var username = userAuth.getUsername();
+        var userType = userService.getUser(username).getType();
+        if (userType != User.UserType.MANAGER) {
+            throw new IllegalAccessException("Provided key does not grant access to perform the requested operation");
+        }
     }
 
     /**
diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java
index 91e3ba5..aaa8cb8 100644
--- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java
+++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java
@@ -111,7 +111,7 @@ public class CupboardService {
         if (checkoutAmount <= 0) {
             throw new IllegalArgumentException("Amount must be greater than 0");
         }
-        authService.authenticate(key);
+        authService.keyIsValid(key);
         Need need = cupboardDAO.getNeed(id);
         need.incrementCurrent(checkoutAmount);
     }
@@ -124,6 +124,7 @@ public class CupboardService {
      * @throws IOException Thrown on any problem removing the need
      */
     public boolean deleteNeed(int id) throws IOException {
+        
         return cupboardDAO.deleteNeed(id);
     }
 }