1 files changed, 28 insertions, 2 deletions

diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
index 4e5ebce..cdce80d 100644
--- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
+++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
@@ -25,8 +25,9 @@ public class AuthService {
      * @param targetUsername The targetUsername of the user trying to be accessed.
      * @param key The api key obtained by the client from logging in.
      * @throws IllegalAccessException Thrown if access was denied to the user.
+     * @throws IOException Thrown on a file writing issue
      */
-    public void authenticate(String targetUsername, String key) throws IllegalAccessException, IOException {
+    public void keyHasAccessToUser(String targetUsername, String key) throws IllegalAccessException, IOException {
         var userAuth = userAuthDAO.getUserAuth(key);
         if (userAuth == null) {
             throw new IllegalAccessException("Invalid authentication key");
@@ -39,11 +40,36 @@ public class AuthService {
        }
     }
 
-    public void authenticate(String key) throws IOException, IllegalAccessException {
+    /**
+     * Check if the provided key is valid
+     * @param key The api key obtained by the client from logging in.
+     * @throws IllegalAccessException Thrown if access was denied to the user.
+     * @throws IOException Thrown on a file writing issue
+     */
+    public void keyIsValid(String key) throws IOException, IllegalAccessException {
+        var userAuth = userAuthDAO.getUserAuth(key);
+        if (userAuth == null) {
+            throw new IllegalAccessException("Invalid authentication key");
+        }
+    }
+
+    /**
+     * Check if the provided key has access to edit the cupboard
+     * @param key The api key obtained by the client from logging in.
+     * @throws IllegalAccessException Thrown if access was denied to the user.
+     * @throws IOException Thrown on a file writing issue
+     */
+    public void keyHasAccessToCupboard(String key) throws IOException, IllegalAccessException {
         var userAuth = userAuthDAO.getUserAuth(key);
         if (userAuth == null) {
             throw new IllegalAccessException("Invalid authentication key");
         }
+
+        var username = userAuth.getUsername();
+        var userType = userService.getUser(username).getType();
+        if (userType != User.UserType.MANAGER) {
+            throw new IllegalAccessException("Provided key does not grant access to perform the requested operation");
+        }
     }
 
     /**