Fixed hub validation issue
This commit is contained in:
harish
@@ -72,12 +72,8 @@ public class Validator {
|
||||
}
|
||||
|
||||
public CompanyEntity validateUserWithCompany(HttpServletRequest request, Long companyId) {
|
||||
UserEntity user = validateUser(request);
|
||||
CompanyEntity companyEntity = companyService.validateCompany(companyId);
|
||||
if (Boolean.FALSE.equals(user.getHub().getId().equals(companyEntity.getHub().getId()))) {
|
||||
throw new ForbiddenAccessException(Status.FORBIDDEN,
|
||||
Translator.toLocale(GepafinConstant.PERMISSION_DENIED));
|
||||
}
|
||||
validateHubId(request, companyEntity.getHub().getId());
|
||||
if (checkIsSuperAdmin()) {
|
||||
return companyEntity;
|
||||
}
|
||||
@@ -85,6 +81,15 @@ public class Validator {
|
||||
companyService.validateUserWithCompny(getUserId(userInfo), companyId);
|
||||
return companyService.validateCompany(companyId);
|
||||
}
|
||||
|
||||
public void validateHubId(HttpServletRequest request, Long hubId) {
|
||||
UserEntity user = validateUser(request);
|
||||
Long hubIdFromHttpRequest = user.getHub().getId();
|
||||
if (Boolean.FALSE.equals(hubIdFromHttpRequest.equals(hubId))) {
|
||||
throw new ForbiddenAccessException(Status.FORBIDDEN,
|
||||
Translator.toLocale(GepafinConstant.PERMISSION_DENIED));
|
||||
}
|
||||
}
|
||||
|
||||
private Long getUserId(Map<String, Object> userInfo) {
|
||||
return Long.parseLong(userInfo.get("userId").toString());
|
||||
@@ -107,11 +112,11 @@ public class Validator {
|
||||
UserEntity user = validateUser(request);
|
||||
UserEntity requestedUser = userService.validateUser(userId);
|
||||
|
||||
if(Boolean.FALSE.equals(requestedUser.getHub().getId().equals(user.getHub().getId()))) {
|
||||
throw new ForbiddenAccessException(Status.FORBIDDEN, Translator.toLocale(GepafinConstant.PERMISSION_DENIED));
|
||||
}
|
||||
if(user.getRoleEntity().getRoleType().equals(RoleStatusEnum.ROLE_BENEFICIARY.getValue()) && Boolean.FALSE.equals(user.getId().equals(userId))) {
|
||||
throw new ForbiddenAccessException(Status.FORBIDDEN, Translator.toLocale(GepafinConstant.PERMISSION_DENIED));
|
||||
validateHubId(request, requestedUser.getHub().getId());
|
||||
if (Boolean.FALSE.equals(user.getRoleEntity().getRoleType().equals(RoleStatusEnum.ROLE_SUPER_ADMIN.getValue()))
|
||||
&& Boolean.FALSE.equals(user.getId().equals(userId))) {
|
||||
throw new ForbiddenAccessException(Status.FORBIDDEN,
|
||||
Translator.toLocale(GepafinConstant.PERMISSION_DENIED));
|
||||
}
|
||||
return requestedUser;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user