diff --git a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/BsmController.java b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/BsmController.java index 9eb92ae69..5bc83d505 100644 --- a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/BsmController.java +++ b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/BsmController.java @@ -39,7 +39,7 @@ public String getCurrentTime() { @CrossOrigin(origins = "http://localhost:3000") @RequestMapping(value = "/bsm/json", method = RequestMethod.GET, produces = "application/json") - @PreAuthorize("@PermissionService.isSuperUser() || (@PermissionService.hasIntersection(#intersectionID) and (@PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')))") + @PreAuthorize("@PermissionService.isSuperUser() || @PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')") public ResponseEntity> findBSMs( @RequestParam(name = "origin_ip", required = false) String originIp, @RequestParam(name = "vehicle_id", required = false) String vehicleId, @@ -61,7 +61,7 @@ public ResponseEntity> findBSMs( @CrossOrigin(origins = "http://localhost:3000") @RequestMapping(value = "/bsm/count", method = RequestMethod.GET, produces = "application/json") - @PreAuthorize("@PermissionService.isSuperUser() || (@PermissionService.hasIntersection(#intersectionID) and (@PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')))") + @PreAuthorize("@PermissionService.isSuperUser() || @PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')") public ResponseEntity countBSMs( @RequestParam(name = "origin_ip", required = false) String originIp, @RequestParam(name = "vehicle_id", required = false) String vehicleId, diff --git a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/UserController.java b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/UserController.java index 8d41486ca..d3368c4a1 100644 --- a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/UserController.java +++ b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/UserController.java @@ -138,7 +138,7 @@ public ResponseEntity> findUserCreationRequests( @CrossOrigin(origins = "http://localhost:3000") @RequestMapping(value = "/users/accept_user_creation_request", method = RequestMethod.POST, produces = "application/json") - @PreAuthorize("@PermissionService.isSuperUser() || @PermissionService.hasRole('ADMIN') || @PermissionService.isSuperUser()") + @PreAuthorize("@PermissionService.isSuperUser() || @PermissionService.hasRole('ADMIN')") public @ResponseBody ResponseEntity accept_user_creation_request( @RequestBody UserCreationRequest newUserCreationRequest) { try { @@ -199,7 +199,7 @@ public ResponseEntity> findUserCreationRequests( @CrossOrigin(origins = "http://localhost:3000") @RequestMapping(value = "/users/update_user_email_preference", method = RequestMethod.POST, produces = "application/json") - @PreAuthorize("@PermissionService.isSuperUser() || hasRole('USER') || hasRole('ADMIN')") + @PreAuthorize("@PermissionService.isSuperUser() || @PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')") public @ResponseBody ResponseEntity update_user_email_preference( @RequestBody EmailSettings newEmailSettings) { try { @@ -227,7 +227,7 @@ public ResponseEntity> findUserCreationRequests( @CrossOrigin(origins = "http://localhost:3000") @RequestMapping(value = "/users/get_user_email_preference", method = RequestMethod.POST, produces = "application/json") - @PreAuthorize("@PermissionService.isSuperUser() || hasRole('USER') || hasRole('ADMIN')") + @PreAuthorize("@PermissionService.isSuperUser() || @PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')") public @ResponseBody ResponseEntity get_user_email_preference() { try { EmailSettings settings = new EmailSettings(); @@ -255,7 +255,7 @@ public ResponseEntity> findUserCreationRequests( @CrossOrigin(origins = "http://localhost:3000") @DeleteMapping(value = "/users/delete_user_creation_request") - @PreAuthorize("@PermissionService.isSuperUser() || hasRole('ADMIN')") + @PreAuthorize("@PermissionService.isSuperUser() || @PermissionService.hasRole('ADMIN')") public @ResponseBody ResponseEntity intersection_config_delete(@RequestBody UserCreationRequest request) { Query query = userRepo.getQuery(request.getId(), request.getFirstName(), request.getLastName(), request.getEmail(),null, null, null); try { diff --git a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/services/PermissionService.java b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/services/PermissionService.java index 2a3222c9c..4ba12d9f4 100644 --- a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/services/PermissionService.java +++ b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/services/PermissionService.java @@ -38,6 +38,7 @@ public boolean isSuperUser(){ List users = postgresService.findUser(username); for(Users user: users){ + if(user.isSuper_user()){ return true; } @@ -55,6 +56,7 @@ public boolean hasRole(String role){ } String username = getUsername(auth); + List roles = postgresService.findUserOrgRoles(username); @@ -79,7 +81,13 @@ public boolean hasIntersection(Integer intersectionID){ return true; } - // Other logic here + String username = getUsername(auth); + List allowedIntersectionIds = postgresService.getAllowedIntersectionIdByEmail(username); + allowedIntersectionIds.add(-1); // all users all allowed to access the empty intersection ID. + + if(allowedIntersectionIds.contains(intersectionID)){ + return true; + } return false; @@ -98,7 +106,11 @@ public boolean hasRSU(String rsuIP){ return true; } - // Other logic here + String username = getUsername(auth); + List allowedIntersectionIds = postgresService.getAllowedRSUIPByEmail(username); + if(allowedIntersectionIds.contains(rsuIP)){ + return true; + } return false; diff --git a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/services/PostgresService.java b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/services/PostgresService.java index 43c68c716..2f832a09a 100644 --- a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/services/PostgresService.java +++ b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/services/PostgresService.java @@ -37,7 +37,7 @@ public class PostgresService { private final String findUserIntersectionQuery = - "select i.intersection_id " + + "select io.intersection_id " + "FROM Users u JOIN UserOrganization uo on u.user_id = uo.user_id " + "JOIN IntersectionOrganization io on io.organization_id = uo.organization_id " + "JOIN Intersections i on i.intersection_id = io.intersection_id " + @@ -66,15 +66,16 @@ public List getAllowedRSUIPByEmail(String email){ String queryString = String.format(findUserRsuIPQuery, email); TypedQuery query - = entityManager.createQuery(queryString, String.class).setMaxResults(1); + = entityManager.createQuery(queryString, String.class); return query.getResultList(); } public List getAllowedIntersectionIdByEmail(String email){ String queryString = String.format(findUserIntersectionQuery, email); + TypedQuery query - = entityManager.createQuery(queryString, Integer.class).setMaxResults(1); + = entityManager.createQuery(queryString, Integer.class); return query.getResultList(); } } diff --git a/jpo-conflictvisualizer-api/src/test/java/us/dot/its/jpo/ode/api/decoderTests/SpatDecoderTests.java b/jpo-conflictvisualizer-api/src/test/java/us/dot/its/jpo/ode/api/decoderTests/SpatDecoderTests.java index f439c859c..5179a5d02 100644 --- a/jpo-conflictvisualizer-api/src/test/java/us/dot/its/jpo/ode/api/decoderTests/SpatDecoderTests.java +++ b/jpo-conflictvisualizer-api/src/test/java/us/dot/its/jpo/ode/api/decoderTests/SpatDecoderTests.java @@ -54,7 +54,6 @@ public void testSpatGetAsOdeData() { @Test public void testSpatGetAsOdeJson() throws XmlUtilsException{ OdeSpatData spat = spatDecoder.getAsOdeJson(odeSpatDecodedXmlReference); - System.out.println("testSpatGetAsOdeJson" + spat); assertEquals(spat.toJson(), odeSpatDecodedDataReference); } diff --git a/jpo-conflictvisualizer-api/src/test/java/us/dot/its/jpo/ode/api/decoderTests/SsmDecoderTests.java b/jpo-conflictvisualizer-api/src/test/java/us/dot/its/jpo/ode/api/decoderTests/SsmDecoderTests.java index 6488fd5c5..05df112ae 100644 --- a/jpo-conflictvisualizer-api/src/test/java/us/dot/its/jpo/ode/api/decoderTests/SsmDecoderTests.java +++ b/jpo-conflictvisualizer-api/src/test/java/us/dot/its/jpo/ode/api/decoderTests/SsmDecoderTests.java @@ -39,7 +39,6 @@ public void testSsmGetAsOdeData() { OdeMsgMetadata metadata = data.getMetadata(); - System.out.println(data); // Copy over fields that might be different metadata.setOdeReceivedAt("2024-05-14T23:01:21.516531700Z"); metadata.setSerialId(metadata.getSerialId().setStreamId("fc430f29-b761-4a2c-90fb-dc4c9f5d4e9c")); @@ -52,7 +51,6 @@ public void testSsmGetAsOdeData() { public void testSsmGetAsOdeJson() throws XmlUtilsException{ OdeSsmData ssm = ssmDecoder.getAsOdeJson(odeSsmDecodedXmlReference); assertEquals(ssm.toJson(), odeSsmDecodedDataReference); - System.out.println(ssm); } } diff --git a/jpo-conflictvisualizer-api/src/test/java/us/dot/its/jpo/ode/api/decoderTests/TimDecoderTests.java b/jpo-conflictvisualizer-api/src/test/java/us/dot/its/jpo/ode/api/decoderTests/TimDecoderTests.java index 1be98e6d1..7d155d029 100644 --- a/jpo-conflictvisualizer-api/src/test/java/us/dot/its/jpo/ode/api/decoderTests/TimDecoderTests.java +++ b/jpo-conflictvisualizer-api/src/test/java/us/dot/its/jpo/ode/api/decoderTests/TimDecoderTests.java @@ -32,8 +32,7 @@ public void testTimGetAsOdeData() { OdeData data = timDecoder.getAsOdeData(tim.getAsn1Text()); OdeMsgMetadata metadata = data.getMetadata(); - - System.out.println(data); + // Copy over fields that might be different metadata.setOdeReceivedAt("2024-05-14T23:01:21.516531700Z"); metadata.setSerialId(metadata.getSerialId().setStreamId("fc430f29-b761-4a2c-90fb-dc4c9f5d4e9c"));