From ab35efb06b926e8a3aee5cfc8d1fa908aa4a4707 Mon Sep 17 00:00:00 2001 From: sowgro Date: Wed, 26 Mar 2025 18:14:47 -0400 Subject: Fix cupboard access checking and logging --- .../ufund/api/ufundapi/service/AuthService.java | 30 ++++++++++++++++++++-- .../api/ufundapi/service/CupboardService.java | 3 ++- 2 files changed, 30 insertions(+), 3 deletions(-) (limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/service') diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java index 4e5ebce..cdce80d 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java @@ -25,8 +25,9 @@ public class AuthService { * @param targetUsername The targetUsername of the user trying to be accessed. * @param key The api key obtained by the client from logging in. * @throws IllegalAccessException Thrown if access was denied to the user. + * @throws IOException Thrown on a file writing issue */ - public void authenticate(String targetUsername, String key) throws IllegalAccessException, IOException { + public void keyHasAccessToUser(String targetUsername, String key) throws IllegalAccessException, IOException { var userAuth = userAuthDAO.getUserAuth(key); if (userAuth == null) { throw new IllegalAccessException("Invalid authentication key"); @@ -39,11 +40,36 @@ public class AuthService { } } - public void authenticate(String key) throws IOException, IllegalAccessException { + /** + * Check if the provided key is valid + * @param key The api key obtained by the client from logging in. + * @throws IllegalAccessException Thrown if access was denied to the user. + * @throws IOException Thrown on a file writing issue + */ + public void keyIsValid(String key) throws IOException, IllegalAccessException { + var userAuth = userAuthDAO.getUserAuth(key); + if (userAuth == null) { + throw new IllegalAccessException("Invalid authentication key"); + } + } + + /** + * Check if the provided key has access to edit the cupboard + * @param key The api key obtained by the client from logging in. + * @throws IllegalAccessException Thrown if access was denied to the user. + * @throws IOException Thrown on a file writing issue + */ + public void keyHasAccessToCupboard(String key) throws IOException, IllegalAccessException { var userAuth = userAuthDAO.getUserAuth(key); if (userAuth == null) { throw new IllegalAccessException("Invalid authentication key"); } + + var username = userAuth.getUsername(); + var userType = userService.getUser(username).getType(); + if (userType != User.UserType.MANAGER) { + throw new IllegalAccessException("Provided key does not grant access to perform the requested operation"); + } } /** diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java index 91e3ba5..aaa8cb8 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java @@ -111,7 +111,7 @@ public class CupboardService { if (checkoutAmount <= 0) { throw new IllegalArgumentException("Amount must be greater than 0"); } - authService.authenticate(key); + authService.keyIsValid(key); Need need = cupboardDAO.getNeed(id); need.incrementCurrent(checkoutAmount); } @@ -124,6 +124,7 @@ public class CupboardService { * @throws IOException Thrown on any problem removing the need */ public boolean deleteNeed(int id) throws IOException { + return cupboardDAO.deleteNeed(id); } } -- cgit v1.2.3