From b60141de47c413545e77647d58798120ff3674cf Mon Sep 17 00:00:00 2001 From: john-wiens Date: Tue, 16 Jul 2024 09:23:07 -0600 Subject: [PATCH] Updated Config and Decoder Controllers to use new authorization tags --- .../ode/api/controllers/ConfigController.java | 18 +++++++---- .../api/controllers/DecoderController.java | 32 ++----------------- 2 files changed, 14 insertions(+), 36 deletions(-) diff --git a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/ConfigController.java b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/ConfigController.java index 3111e5c8d..c5ef91d1a 100644 --- a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/ConfigController.java +++ b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/ConfigController.java @@ -70,9 +70,15 @@ public class ConfigController { // General Setter for Default Configs @CrossOrigin(origins = "http://localhost:3000") @PostMapping(value = "/config/default") - @PreAuthorize("hasRole('ADMIN')") + @PreAuthorize("@PermissionService.hasRole('ADMIN')") public @ResponseBody ResponseEntity default_config(@RequestBody DefaultConfig config) { try { + + // If Organization Intersection Checking is Enabled. Don't allow any parameter edits. + if(!props.getEnableOrganizationIntersectionChecking()){ + return ResponseEntity.status(HttpStatus.METHOD_NOT_ALLOWED).contentType(MediaType.TEXT_PLAIN) + .body("This API is configured for multi-organization use. While multi-organization use is enabled users are not allowed to change default parameters for all intersections. If available consider using an intersection override parameter instead. Otherwise, please contact server administrator for options on updating default parameters"); + } String resourceURL = String.format(defaultConfigTemplate, props.getCmServerURL(), config.getKey()); ResponseEntity response = restTemplate.getForEntity(resourceURL, DefaultConfig.class); @@ -105,7 +111,7 @@ public class ConfigController { // General Setter for Intersection Configs @CrossOrigin(origins = "http://localhost:3000") @PostMapping(value = "/config/intersection") - @PreAuthorize("hasRole('ADMIN')") + @PreAuthorize("@PermissionService.hasIntersection(#config.intersectionID) and @PermissionService.hasRole('ADMIN')") public @ResponseBody ResponseEntity intersection_config(@RequestBody IntersectionConfig config) { try { String resourceURL = String.format(intersectionConfigTemplate, props.getCmServerURL(),config.getRoadRegulatorID(),config.getIntersectionID(), config.getKey()); @@ -140,7 +146,7 @@ public class ConfigController { @CrossOrigin(origins = "http://localhost:3000") @DeleteMapping(value = "/config/intersection") - @PreAuthorize("hasRole('ADMIN')") + @PreAuthorize("@PermissionService.hasIntersection(#config.intersectionID) and @PermissionService.hasRole('ADMIN')") public @ResponseBody ResponseEntity intersection_config_delete(@RequestBody IntersectionConfig config) { Query query = intersectionConfigRepository.getQuery(config.getKey(), config.getRoadRegulatorID(), config.getIntersectionID()); @@ -158,7 +164,7 @@ public class ConfigController { // Retrieve All Config Params for Intersection Configs @CrossOrigin(origins = "http://localhost:3000") @RequestMapping(value = "/config/default/all", method = RequestMethod.GET, produces = "application/json") - @PreAuthorize("hasRole('USER') || hasRole('ADMIN')") + @PreAuthorize("@PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')") public @ResponseBody ResponseEntity> default_config_all() { String resourceURL = String.format(defaultConfigAllTemplate, props.getCmServerURL()); @@ -177,7 +183,7 @@ public class ConfigController { // Retrieve All Parameters for Unique Intersections @CrossOrigin(origins = "http://localhost:3000") @RequestMapping(value = "/config/intersection/all", method = RequestMethod.GET, produces = "application/json") - @PreAuthorize("hasRole('USER') || hasRole('ADMIN')") + @PreAuthorize("@PermissionService.hasIntersection(#intersectionID) and (@PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN'))") public @ResponseBody ResponseEntity> intersection_config_all() { @@ -195,7 +201,7 @@ public class ConfigController { @CrossOrigin(origins = "http://localhost:3000") @RequestMapping(value = "/config/intersection/unique", method = RequestMethod.GET, produces = "application/json") - @PreAuthorize("hasRole('USER') || hasRole('ADMIN')") + @PreAuthorize("@PermissionService.hasIntersection(#intersectionID) and (@PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN'))") public @ResponseBody ResponseEntity> intersection_config_unique( @RequestParam(name = "road_regulator_id", required = true) int roadRegulatorID, @RequestParam(name = "intersection_id", required = true) int intersectionID) { diff --git a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/DecoderController.java b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/DecoderController.java index 0c3a551c0..0fec29116 100644 --- a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/DecoderController.java +++ b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/DecoderController.java @@ -22,6 +22,7 @@ import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.ResponseBody; import us.dot.its.jpo.ode.api.ConflictMonitorApiProperties; @@ -78,6 +79,7 @@ public String getCurrentTime() { @CrossOrigin(origins = "http://localhost:3000") @RequestMapping(value = "/decoder/upload", method = RequestMethod.POST, produces = "application/json") + @PreAuthorize("@PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')") public @ResponseBody ResponseEntity decode_request( @RequestBody EncodedMessage encodedMessage, @RequestParam(name = "test", required = false, defaultValue = "false") boolean testData) { @@ -132,34 +134,4 @@ public String getCurrentTime() { .body(ExceptionUtils.getStackTrace(e)); } } - - // public void publishBSM(String asn1Bsm){ - // String payloadHexString = HexUtils.toHexString(payload); - // logger.debug("Packet: {}", payloadHexString); - - // // Add header data for the decoding process - // ZonedDateTime utc = ZonedDateTime.now(ZoneOffset.UTC); - // String timestamp = utc.format(DateTimeFormatter.ISO_INSTANT); - - // JSONObject metadataObject = new JSONObject(); - // metadataObject.put("utctimestamp", timestamp); - // metadataObject.put("originRsu", senderIp); - - // JSONObject messageObject = new JSONObject(); - // messageObject.put("metadata", metadataObject); - // messageObject.put("payload", payloadHexString); - - // JSONArray messageList = new JSONArray(); - // messageList.put(messageObject); - - // JSONObject jsonObject = new JSONObject(); - // jsonObject.put("BsmMessageContent", messageList); - - // logger.debug("BSM JSON Object: {}", jsonObject.toString()); - - // // Submit JSON to the OdeRawEncodedMessageJson Kafka Topic - // this.bsmPublisher.publish(jsonObject.toString(), - // this.bsmPublisher.getOdeProperties().getKafkaTopicOdeRawEncodedBSMJson()); - - // } } \ No newline at end of file