Updated Config and Decoder Controllers to use new authorization tags

CDOT-CV · Jul 16, 2024 · 04a632d · 04a632d
1 parent a89b2dd
commit 04a632d
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 36 deletions.
diff --git a/...lictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/ConfigController.java b/...lictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/ConfigController.java
@@ -70,9 +70,15 @@ public class ConfigController {
     // General Setter for Default Configs
     @CrossOrigin(origins = "http://localhost:3000")
     @PostMapping(value = "/config/default")
-    @PreAuthorize("hasRole('ADMIN')")
+    @PreAuthorize("@PermissionService.hasRole('ADMIN')")
     public @ResponseBody ResponseEntity<String> default_config(@RequestBody DefaultConfig config) {
         try {
+
+            // If Organization Intersection Checking is Enabled. Don't allow any parameter edits.
+            if(!props.getEnableOrganizationIntersectionChecking()){
+                return ResponseEntity.status(HttpStatus.METHOD_NOT_ALLOWED).contentType(MediaType.TEXT_PLAIN)
+                    .body("This API is configured for multi-organization use. While multi-organization use is enabled users are not allowed to change default parameters for all intersections. If available consider using an intersection override parameter instead. Otherwise, please contact server administrator for options on updating default parameters");
+            }
 
             String resourceURL = String.format(defaultConfigTemplate, props.getCmServerURL(), config.getKey());
             ResponseEntity<DefaultConfig> response = restTemplate.getForEntity(resourceURL, DefaultConfig.class);
@@ -105,7 +111,7 @@ public class ConfigController {
     // General Setter for Intersection Configs
     @CrossOrigin(origins = "http://localhost:3000")
     @PostMapping(value = "/config/intersection")
-    @PreAuthorize("hasRole('ADMIN')")
+    @PreAuthorize("@PermissionService.hasIntersection(#config.intersectionID) and @PermissionService.hasRole('ADMIN')")
     public @ResponseBody ResponseEntity<String> intersection_config(@RequestBody IntersectionConfig config) {
         try {
             String resourceURL = String.format(intersectionConfigTemplate, props.getCmServerURL(),config.getRoadRegulatorID(),config.getIntersectionID(), config.getKey());
@@ -140,7 +146,7 @@ public class ConfigController {
 
     @CrossOrigin(origins = "http://localhost:3000")
     @DeleteMapping(value = "/config/intersection")
-    @PreAuthorize("hasRole('ADMIN')")
+    @PreAuthorize("@PermissionService.hasIntersection(#config.intersectionID) and  @PermissionService.hasRole('ADMIN')")
     public @ResponseBody ResponseEntity<String> intersection_config_delete(@RequestBody IntersectionConfig config) {
         Query query = intersectionConfigRepository.getQuery(config.getKey(), config.getRoadRegulatorID(),
                 config.getIntersectionID());
@@ -158,7 +164,7 @@ public class ConfigController {
     // Retrieve All Config Params for Intersection Configs
     @CrossOrigin(origins = "http://localhost:3000")
     @RequestMapping(value = "/config/default/all", method = RequestMethod.GET, produces = "application/json")
-    @PreAuthorize("hasRole('USER') || hasRole('ADMIN')")
+    @PreAuthorize("@PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')")
     public @ResponseBody ResponseEntity<List<DefaultConfig>> default_config_all() {
 
         String resourceURL = String.format(defaultConfigAllTemplate, props.getCmServerURL());
@@ -177,7 +183,7 @@ public class ConfigController {
     // Retrieve All Parameters for Unique Intersections
     @CrossOrigin(origins = "http://localhost:3000")
     @RequestMapping(value = "/config/intersection/all", method = RequestMethod.GET, produces = "application/json")
-    @PreAuthorize("hasRole('USER') || hasRole('ADMIN')")
+    @PreAuthorize("@PermissionService.hasIntersection(#intersectionID) and (@PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN'))")
     public @ResponseBody ResponseEntity<List<IntersectionConfig>> intersection_config_all() {
 
 
@@ -195,7 +201,7 @@ public class ConfigController {
 
     @CrossOrigin(origins = "http://localhost:3000")
     @RequestMapping(value = "/config/intersection/unique", method = RequestMethod.GET, produces = "application/json")
-    @PreAuthorize("hasRole('USER') || hasRole('ADMIN')")
+    @PreAuthorize("@PermissionService.hasIntersection(#intersectionID) and (@PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN'))")
     public @ResponseBody ResponseEntity<List<Config>> intersection_config_unique(
             @RequestParam(name = "road_regulator_id", required = true) int roadRegulatorID,
             @RequestParam(name = "intersection_id", required = true) int intersectionID) {

diff --git a/...ictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/DecoderController.java b/...ictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/DecoderController.java
@@ -22,6 +22,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.ResponseBody;
 import us.dot.its.jpo.ode.api.ConflictMonitorApiProperties;
@@ -78,6 +79,7 @@ public String getCurrentTime() {
 
     @CrossOrigin(origins = "http://localhost:3000")
     @RequestMapping(value = "/decoder/upload", method = RequestMethod.POST, produces = "application/json")
+    @PreAuthorize("@PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')")
     public @ResponseBody ResponseEntity<String> decode_request(
             @RequestBody EncodedMessage encodedMessage,
             @RequestParam(name = "test", required = false, defaultValue = "false") boolean testData) {
@@ -132,34 +134,4 @@ public String getCurrentTime() {
                     .body(ExceptionUtils.getStackTrace(e));
         }
     }
-
-    // public void publishBSM(String asn1Bsm){
-    // String payloadHexString = HexUtils.toHexString(payload);
-    // logger.debug("Packet: {}", payloadHexString);
-
-    // // Add header data for the decoding process
-    // ZonedDateTime utc = ZonedDateTime.now(ZoneOffset.UTC);
-    // String timestamp = utc.format(DateTimeFormatter.ISO_INSTANT);
-
-    // JSONObject metadataObject = new JSONObject();
-    // metadataObject.put("utctimestamp", timestamp);
-    // metadataObject.put("originRsu", senderIp);
-
-    // JSONObject messageObject = new JSONObject();
-    // messageObject.put("metadata", metadataObject);
-    // messageObject.put("payload", payloadHexString);
-
-    // JSONArray messageList = new JSONArray();
-    // messageList.put(messageObject);
-
-    // JSONObject jsonObject = new JSONObject();
-    // jsonObject.put("BsmMessageContent", messageList);
-
-    // logger.debug("BSM JSON Object: {}", jsonObject.toString());
-
-    // // Submit JSON to the OdeRawEncodedMessageJson Kafka Topic
-    // this.bsmPublisher.publish(jsonObject.toString(),
-    // this.bsmPublisher.getOdeProperties().getKafkaTopicOdeRawEncodedBSMJson());
-
-    // }
 }