updated code

2024-10-19 13:10:13 +05:30
parent f2a206991f 863e2db68d
commit 1ef693fd4b
174 changed files with 7882 additions and 1012 deletions
--- a/src/main/java/net/gepafin/tendermanagement/util/Validator.java
+++ b/src/main/java/net/gepafin/tendermanagement/util/Validator.java
@@ -1,11 +1,25 @@
 package net.gepafin.tendermanagement.util;

 import jakarta.servlet.http.HttpServletRequest;
+import net.gepafin.tendermanagement.config.Translator;
 import net.gepafin.tendermanagement.config.jwt.TokenProvider;
+import net.gepafin.tendermanagement.constants.GepafinConstant;
+import net.gepafin.tendermanagement.dao.CallDao;
+import net.gepafin.tendermanagement.entities.CallEntity;
+import net.gepafin.tendermanagement.entities.CompanyEntity;
 import net.gepafin.tendermanagement.entities.UserEntity;
+import net.gepafin.tendermanagement.enums.RoleStatusEnum;
+import net.gepafin.tendermanagement.service.CallService;
+import net.gepafin.tendermanagement.service.CompanyService;
 import net.gepafin.tendermanagement.service.UserService;
+import net.gepafin.tendermanagement.web.rest.api.errors.ForbiddenAccessException;
+import net.gepafin.tendermanagement.web.rest.api.errors.Status;
+import net.gepafin.tendermanagement.web.rest.api.errors.UnauthorizedAccessException;

 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;

 import java.util.Map;
@@ -18,14 +32,88 @@ public class Validator {
    
    @Autowired
    private UserService userService;
+    
+    @Autowired
+    private CompanyService companyService;
+    
+    @Autowired
+    private CallService callService;

    public Map<String, Object> getUserInfoFromToken(HttpServletRequest request) {
        return tokenProvider.getUserInfoAndUserIdFromToken(request);
    }

 	public UserEntity validateUser(HttpServletRequest request) {
-		Map<String, Object> userInfo= tokenProvider.getUserInfoAndUserIdFromToken(request);
-		return userService.validateUser(Long.parseLong(userInfo.get("userId").toString()));
+		return userService.validateUser(getUserIdFromToken(request));
 	}

+	public Boolean checkIsSuperAdmin() {
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+		if (authentication != null && authentication.isAuthenticated()) {
+			// Check if the user has the ROLE_SUPER_ADMIN authority
+			for (GrantedAuthority authority : authentication.getAuthorities()) {
+				if (RoleStatusEnum.ROLE_SUPER_ADMIN.getValue().equals(authority.getAuthority())) {
+					return true;
+				}
+			}
+		}
+		return false;
+	}
+
+	public void validateRequest(HttpServletRequest request,RoleStatusEnum role) {
+		if (RoleStatusEnum.ROLE_SUPER_ADMIN.equals(role) && Boolean.FALSE.equals(checkIsSuperAdmin())) {
+			throw new UnauthorizedAccessException(Status.UNAUTHORIZED, Translator.toLocale(GepafinConstant.INVALID_REQUEST));
+		}
+	}
+
+	public CompanyEntity validateUserWithCompany(HttpServletRequest request, Long companyId) {
+		if (checkIsSuperAdmin()) {
+			return companyService.validateCompany(companyId);
+		}
+		Map<String, Object> userInfo = tokenProvider.getUserInfoAndUserIdFromToken(request);
+		companyService.validateUserWithCompny(getUserId(userInfo), companyId);
+		return companyService.validateCompany(companyId);
+	}
+
+	private Long getUserId(Map<String, Object> userInfo) {
+		return Long.parseLong(userInfo.get("userId").toString());
+	}
+
+	public Boolean checkIsBeneficiary() {
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+		if (authentication != null && authentication.isAuthenticated()) {
+			// Check if the user has the ROLE_SUPER_ADMIN authority
+			for (GrantedAuthority authority : authentication.getAuthorities()) {
+				if (RoleStatusEnum.ROLE_BENEFICIARY.getValue().equals(authority.getAuthority())) {
+					return true;
+				}
+			}
+		}
+		return false;
+	}
+
+	public UserEntity validateUserId(HttpServletRequest request, Long userId) {
+		UserEntity user = validateUser(request);
+		if(user.getRoleEntity().getRoleType().equals(RoleStatusEnum.ROLE_BENEFICIARY.getValue()) && Boolean.FALSE.equals(user.getId().equals(userId))) {
+			throw new ForbiddenAccessException(Status.FORBIDDEN, Translator.toLocale(GepafinConstant.PERMISSION_DENIED));
+		}
+		return userService.validateUser(userId);
+	}
+	
+	private Long getUserIdFromToken(HttpServletRequest request) {
+		Map<String, Object> userInfo= tokenProvider.getUserInfoAndUserIdFromToken(request);
+		return Long.parseLong(userInfo.get("userId").toString());
+	}
+	
+	public CallEntity validateUserWithCall(UserEntity user, Long callId) {
+		CallEntity callEntity = callService.validateCall(callId);
+		if(user.getHub().getId().equals(callEntity.getHub().getId())) {
+			throw new ForbiddenAccessException(Status.FORBIDDEN, Translator.toLocale(GepafinConstant.PERMISSION_DENIED));
+		}
+		return callEntity;
+	}
+	
+	
+	
 }