Fixed bad syntax on auth endpoints

CDOT-CV · Sep 19, 2024 · fe6d8cd · fe6d8cd
1 parent 4b4aa56
commit fe6d8cd
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 16 deletions.
diff --git a/...onflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/BsmController.java b/...onflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/BsmController.java
@@ -39,7 +39,7 @@ public String getCurrentTime() {
 
     @CrossOrigin(origins = "http://localhost:3000")
     @RequestMapping(value = "/bsm/json", method = RequestMethod.GET, produces = "application/json")
-    @PreAuthorize("@PermissionService.isSuperUser() || (@PermissionService.hasIntersection(#intersectionID) and (@PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')))")
+    @PreAuthorize("@PermissionService.isSuperUser() || @PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')")
     public ResponseEntity<List<OdeBsmData>> findBSMs(
             @RequestParam(name = "origin_ip", required = false) String originIp,
             @RequestParam(name = "vehicle_id", required = false) String vehicleId,
@@ -61,7 +61,7 @@ public ResponseEntity<List<OdeBsmData>> findBSMs(
 
     @CrossOrigin(origins = "http://localhost:3000")
     @RequestMapping(value = "/bsm/count", method = RequestMethod.GET, produces = "application/json")
-    @PreAuthorize("@PermissionService.isSuperUser() || (@PermissionService.hasIntersection(#intersectionID) and (@PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')))")
+    @PreAuthorize("@PermissionService.isSuperUser() || @PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')")
     public ResponseEntity<Long> countBSMs(
             @RequestParam(name = "origin_ip", required = false) String originIp,
             @RequestParam(name = "vehicle_id", required = false) String vehicleId,

diff --git a/...nflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/UserController.java b/...nflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/UserController.java
@@ -138,7 +138,7 @@ public ResponseEntity<List<UserCreationRequest>> findUserCreationRequests(
 
     @CrossOrigin(origins = "http://localhost:3000")
     @RequestMapping(value = "/users/accept_user_creation_request", method = RequestMethod.POST, produces = "application/json")
-    @PreAuthorize("@PermissionService.isSuperUser() || @PermissionService.hasRole('ADMIN') || @PermissionService.isSuperUser()")
+    @PreAuthorize("@PermissionService.isSuperUser() || @PermissionService.hasRole('ADMIN')")
     public @ResponseBody ResponseEntity<String> accept_user_creation_request(
             @RequestBody UserCreationRequest newUserCreationRequest) {
         try {
@@ -199,7 +199,7 @@ public ResponseEntity<List<UserCreationRequest>> findUserCreationRequests(
 
     @CrossOrigin(origins = "http://localhost:3000")
     @RequestMapping(value = "/users/update_user_email_preference", method = RequestMethod.POST, produces = "application/json")
-    @PreAuthorize("@PermissionService.isSuperUser() || hasRole('USER') || hasRole('ADMIN')")
+    @PreAuthorize("@PermissionService.isSuperUser() || @PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')")
     public @ResponseBody ResponseEntity<String> update_user_email_preference(
             @RequestBody EmailSettings newEmailSettings) {
         try {
@@ -227,7 +227,7 @@ public ResponseEntity<List<UserCreationRequest>> findUserCreationRequests(
 
     @CrossOrigin(origins = "http://localhost:3000")
     @RequestMapping(value = "/users/get_user_email_preference", method = RequestMethod.POST, produces = "application/json")
-    @PreAuthorize("@PermissionService.isSuperUser() || hasRole('USER') || hasRole('ADMIN')")
+    @PreAuthorize("@PermissionService.isSuperUser() || @PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')")
     public @ResponseBody ResponseEntity<EmailSettings> get_user_email_preference() {
         try {
             EmailSettings settings = new EmailSettings();
@@ -255,7 +255,7 @@ public ResponseEntity<List<UserCreationRequest>> findUserCreationRequests(
 
     @CrossOrigin(origins = "http://localhost:3000")
     @DeleteMapping(value = "/users/delete_user_creation_request")
-    @PreAuthorize("@PermissionService.isSuperUser() || hasRole('ADMIN')")
+    @PreAuthorize("@PermissionService.isSuperUser() || @PermissionService.hasRole('ADMIN')")
     public @ResponseBody ResponseEntity<String> intersection_config_delete(@RequestBody UserCreationRequest request) {
         Query query = userRepo.getQuery(request.getId(), request.getFirstName(), request.getLastName(), request.getEmail(),null, null, null);
         try {

diff --git a/...nflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/services/PermissionService.java b/...nflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/services/PermissionService.java
@@ -38,6 +38,7 @@ public boolean isSuperUser(){
         List<Users> users = postgresService.findUser(username);
 
         for(Users user: users){
+
             if(user.isSuper_user()){
                 return true;
             }
@@ -55,6 +56,7 @@ public boolean hasRole(String role){
         }
 
         String username = getUsername(auth);
+
 
         List<UserOrgRole> roles = postgresService.findUserOrgRoles(username);
 
@@ -79,7 +81,13 @@ public boolean hasIntersection(Integer intersectionID){
             return true;
         }
 
-        // Other logic here
+        String username = getUsername(auth);
+        List<Integer> allowedIntersectionIds = postgresService.getAllowedIntersectionIdByEmail(username);
+        allowedIntersectionIds.add(-1); // all users all allowed to access the empty intersection ID.
+
+        if(allowedIntersectionIds.contains(intersectionID)){
+            return true;
+        }
 
         return false;
 
@@ -98,7 +106,11 @@ public boolean hasRSU(String rsuIP){
             return true;
         }
 
-        // Other logic here
+        String username = getUsername(auth);
+        List<String> allowedIntersectionIds = postgresService.getAllowedRSUIPByEmail(username);
+        if(allowedIntersectionIds.contains(rsuIP)){
+            return true;
+        }
 
         return false;
 

diff --git a/...conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/services/PostgresService.java b/...conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/services/PostgresService.java
@@ -37,7 +37,7 @@ public class PostgresService {
 
 
     private final String findUserIntersectionQuery = 
-        "select i.intersection_id " + 
+        "select io.intersection_id " + 
         "FROM Users u JOIN UserOrganization uo on u.user_id = uo.user_id " + 
         "JOIN IntersectionOrganization io on io.organization_id = uo.organization_id " + 
         "JOIN Intersections i on i.intersection_id = io.intersection_id " +
@@ -66,15 +66,16 @@ public List<String> getAllowedRSUIPByEmail(String email){
         String queryString = String.format(findUserRsuIPQuery, email);
 
         TypedQuery<String> query 
-            = entityManager.createQuery(queryString, String.class).setMaxResults(1);
+            = entityManager.createQuery(queryString, String.class);
         return query.getResultList();
     }
 
     public List<Integer> getAllowedIntersectionIdByEmail(String email){
         String queryString = String.format(findUserIntersectionQuery, email);
 
+
         TypedQuery<Integer> query 
-            = entityManager.createQuery(queryString, Integer.class).setMaxResults(1);
+            = entityManager.createQuery(queryString, Integer.class);
         return query.getResultList();
     }
 }
diff --git a/...ictvisualizer-api/src/test/java/us/dot/its/jpo/ode/api/decoderTests/SpatDecoderTests.java b/...ictvisualizer-api/src/test/java/us/dot/its/jpo/ode/api/decoderTests/SpatDecoderTests.java
@@ -54,7 +54,6 @@ public void testSpatGetAsOdeData() {
     @Test
     public void testSpatGetAsOdeJson() throws XmlUtilsException{
         OdeSpatData spat = spatDecoder.getAsOdeJson(odeSpatDecodedXmlReference);
-        System.out.println("testSpatGetAsOdeJson" + spat);
         assertEquals(spat.toJson(), odeSpatDecodedDataReference);
     }
 

diff --git a/...lictvisualizer-api/src/test/java/us/dot/its/jpo/ode/api/decoderTests/SsmDecoderTests.java b/...lictvisualizer-api/src/test/java/us/dot/its/jpo/ode/api/decoderTests/SsmDecoderTests.java
@@ -39,7 +39,6 @@ public void testSsmGetAsOdeData() {
 
         OdeMsgMetadata metadata = data.getMetadata();
 
-        System.out.println(data);
         // Copy over fields that might be different
         metadata.setOdeReceivedAt("2024-05-14T23:01:21.516531700Z");
         metadata.setSerialId(metadata.getSerialId().setStreamId("fc430f29-b761-4a2c-90fb-dc4c9f5d4e9c"));
@@ -52,7 +51,6 @@ public void testSsmGetAsOdeData() {
     public void testSsmGetAsOdeJson() throws XmlUtilsException{
         OdeSsmData ssm = ssmDecoder.getAsOdeJson(odeSsmDecodedXmlReference);
         assertEquals(ssm.toJson(), odeSsmDecodedDataReference);
-        System.out.println(ssm);
     }
 
 }
diff --git a/...lictvisualizer-api/src/test/java/us/dot/its/jpo/ode/api/decoderTests/TimDecoderTests.java b/...lictvisualizer-api/src/test/java/us/dot/its/jpo/ode/api/decoderTests/TimDecoderTests.java
@@ -32,8 +32,7 @@ public void testTimGetAsOdeData() {
         OdeData data = timDecoder.getAsOdeData(tim.getAsn1Text());
 
         OdeMsgMetadata metadata = data.getMetadata();
-
-        System.out.println(data);
+
         // Copy over fields that might be different
         metadata.setOdeReceivedAt("2024-05-14T23:01:21.516531700Z");
         metadata.setSerialId(metadata.getSerialId().setStreamId("fc430f29-b761-4a2c-90fb-dc4c9f5d4e9c"));