From ab35efb06b926e8a3aee5cfc8d1fa908aa4a4707 Mon Sep 17 00:00:00 2001
From: sowgro <tpoke.ferrari@gmail.com>
Date: Wed, 26 Mar 2025 18:14:47 -0400
Subject: Fix cupboard access checking and logging

---
 .../com/ufund/api/ufundapi/controller/UserController.java    | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java')

diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java
index c2d9e06..33d2e4f 100644
--- a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java
+++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java
@@ -22,8 +22,6 @@ import com.ufund.api.ufundapi.model.User;
 import com.ufund.api.ufundapi.service.AuthService;
 import com.ufund.api.ufundapi.service.UserService;
 
-import static java.util.List.of;
-
 @RestController
 @RequestMapping("users")
 public class UserController {
@@ -79,7 +77,7 @@ public class UserController {
         LOG.log(Level.INFO, "GET /user/{0} key={1}", of(username, key));
 
         try {
-            authService.authenticate(username, key);
+            authService.keyHasAccessToUser(username, key);
             User user = userService.getUser(username);
             if (user != null) {
                 return new ResponseEntity<>(user.withoutPasswordHash(), HttpStatus.OK);
@@ -109,7 +107,7 @@ public class UserController {
     public ResponseEntity<User> updateUser(@RequestBody User user, @PathVariable String username, @RequestHeader("jelly-api-key") String key) {
         LOG.log(Level.INFO,"PUT /users/{0} body={1} key={2}", of(username, user, key));
         try {
-            authService.authenticate(username, key);
+            authService.keyHasAccessToUser(username, key);
             user = userService.updateUser(user, username);
             if (user != null) {
                 return new ResponseEntity<>(user, HttpStatus.OK);
@@ -141,7 +139,7 @@ public class UserController {
         LOG.log(Level.INFO, "DELETE /users/{0} id={1}", of(username, key));
 
         try {
-            authService.authenticate(username, key);
+            authService.keyHasAccessToUser(username, key);
             if (userService.deleteUser(username)) {
                 return new ResponseEntity<>(HttpStatus.OK);
             } else {
@@ -156,4 +154,8 @@ public class UserController {
         }
     }
 
+    private Object[] of(Object ...params) {
+        return params;
+    }
+
 }
-- 
cgit v1.2.3