diff --git a/authorization/src/main/java/com/ship/authorization/controller/AuthorizationController.java b/authorization/src/main/java/com/ship/authorization/controller/AuthorizationController.java index dbfa0d8..29ba319 100644 --- a/authorization/src/main/java/com/ship/authorization/controller/AuthorizationController.java +++ b/authorization/src/main/java/com/ship/authorization/controller/AuthorizationController.java @@ -26,6 +26,16 @@ @RestController public class AuthorizationController { + + const String admiral = "ADMIRAL"; + const String vice_admiral = "VICE_ADMIRAL"; + const String captain = "CAPTAIN"; + const String commander = "COMMANDER"; + const String lieutenant ="LIEUTENANT"; + const String ensign = "ENSIGN"; + const String crewman = "CREWMAN"; + const String[] ranks = {admiral, vice_admiral, captain, commander, lieutenant, ensign, crewman}; + @Autowired private UsersService usersService; @@ -38,7 +48,12 @@ public void checkAccess(Authentication authentication, @RequestBody ActionDto ac String recipientRole = usersService.loadUserRole(actionDto.getRecipient()); System.out.println("Role: " + recipientRole); + for (GrantedAuthority grantedAuthority : userDetails.getAuthorities()){ + + if (RankDifference(grantedAuthority.getAuthority(), recipientRole) + 1 < 0) { + throw new ForbiddenAccessException(); + } if (grantedAuthority.getAuthority().equals(ROLE_CREWMAN)) { if (recipientRole.contains(ROLE_ADMIRAL)) { throw new ForbiddenAccessException(); @@ -46,4 +61,23 @@ public void checkAccess(Authentication authentication, @RequestBody ActionDto ac } } } + + + private int RankDifference(String rank1, String rank2) + { + int rank1Level = 0; + int rank2Level = 0; + for (int i = 0; i < ranks.length; ++i) + { + if (ranks[i] == rank1) + { + rank1Level = i; + } + if (ranks[i] == rank2) + { + rank2Level = i; + } + } + return rank1Level - rank2Level; + } } \ No newline at end of file diff --git a/communication/src/main/java/com/ship/communication/controller/MessageController.java b/communication/src/main/java/com/ship/communication/controller/MessageController.java index 1d3d87a..c2e4e4a 100644 --- a/communication/src/main/java/com/ship/communication/controller/MessageController.java +++ b/communication/src/main/java/com/ship/communication/controller/MessageController.java @@ -22,7 +22,6 @@ @RestController public class MessageController { - @Autowired private DiscoveryClient discoveryClient; @@ -54,13 +53,14 @@ private void checkAccess(ActionDto actionDto, String session) { ServiceInstance service = discoveryClient.getInstances("authorization").get(0); String url = "http://" + service.getHost() + ":" + service.getPort() + "/" + "checkAccess"; + String sender = actionDto.getSender(); String requestJson = "{\"recipient\":\"" + actionDto.getRecipient() + "\"}"; HttpHeaders headers = new HttpHeaders(); headers.setContentType(MediaType.APPLICATION_JSON); headers.add("Cookie", "SESSION=" + session); - HttpEntity entity = new HttpEntity(requestJson,headers); + HttpEntity entity = new HttpEntity(requestJson, headers); restTemplate.postForObject(url, entity, String.class); + // TODO envoyer notif au recipient } - }