NAMESPACEINVADERS_SERVICE_HOUR3

Dockerfile

@@ -0,0 +1,5 @@
+FROM openjdk:8-jdk-alpine
+VOLUME /tmp
+ARG JAR_FILE
+ADD ${JAR_FILE} app.jar
+ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]

authorization/src/main/java/com/ship/authorization/ActionDto.java

@@ -2,6 +2,7 @@
 
 public class ActionDto {
     private String recipient;
+    private boolean authorization;
 
     public ActionDto() {
     }
@@ -17,5 +18,9 @@ public String getRecipient() {
     public void setRecipient(String recipient) {
         this.recipient = recipient;
     }
+
+    public boolean getAuthorization() {
+        return authorization;
+    }
 }
 

authorization/src/main/java/com/ship/authorization/controller/AuthorizationController.java

@@ -9,20 +9,17 @@
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.method.P;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 import org.springframework.web.client.RestTemplate;
 
-import static com.ship.authorization.service.UsersService.ROLE_ADMIRAL;
-import static com.ship.authorization.service.UsersService.ROLE_CREWMAN;
+import static com.ship.authorization.service.UsersService.*;
 
 @RestController
 public class AuthorizationController {
@@ -36,14 +33,65 @@ public void checkAccess(Authentication authentication, @RequestBody ActionDto ac
         System.out.println("User has authorities: " + userDetails.getAuthorities());
         System.out.println("Recipient: " + actionDto.getRecipient());
         String recipientRole = usersService.loadUserRole(actionDto.getRecipient());
+        String recipientDepartment = usersService.getUserDepartment(actionDto.getRecipient());
         System.out.println("Role: " + recipientRole);
+        System.out.println("Department: " + recipientDepartment);
 
         for (GrantedAuthority grantedAuthority : userDetails.getAuthorities()){
-            if (grantedAuthority.getAuthority().equals(ROLE_CREWMAN)) {
-                if (recipientRole.contains(ROLE_ADMIRAL)) {
+            switch (grantedAuthority.getAuthority()) {
+                case ROLE_CREWMAN:
+                    if (recipientRole.contains(ROLE_ADMIRAL) || recipientRole.contains(ROLE_VICE_ADMIRAL) || recipientRole.contains(ROLE_CAPTAIN)
+                            || recipientRole.contains(ROLE_COMMANDER) || recipientRole.contains(ROLE_LIEUTENANT)) {
+                        throw new ForbiddenAccessException();
+                    }
+                    break;
+                case ROLE_ENSIGN:
+                    if (recipientRole.contains(ROLE_ADMIRAL) || recipientRole.contains(ROLE_VICE_ADMIRAL) || recipientRole.contains(ROLE_CAPTAIN)
+                            || recipientRole.contains(ROLE_COMMANDER)) {
+                        throw new ForbiddenAccessException();
+                    }
+                    break;
+                case ROLE_LIEUTENANT:
+                    if (recipientRole.contains(ROLE_ADMIRAL) || recipientRole.contains(ROLE_VICE_ADMIRAL) || recipientRole.contains(ROLE_CAPTAIN)) {
+                        throw new ForbiddenAccessException();
+                    }
+                    break;
+                case ROLE_COMMANDER:
+                    if (recipientRole.contains(ROLE_ADMIRAL) || recipientRole.contains(ROLE_VICE_ADMIRAL)) {
+                        throw new ForbiddenAccessException();
+                    }
+                    break;
+                case ROLE_CAPTAIN:
+                    if (recipientRole.contains(ROLE_ADMIRAL)) {
+                        throw new ForbiddenAccessException();
+                    }
+                    break;
+            }
+        }
+    }
+
+    @RequestMapping(value = "/sendAndRequestAuth", method = RequestMethod.POST)
+    public void sendAndRequestAuth(Authentication authentication, @RequestBody ActionDto actionDto) {
+        UserDetails userDetails = (UserDetails) authentication.getPrincipal();
+        System.out.println("User: " + authentication.getName());
+        System.out.println("User has authorities: " + userDetails.getAuthorities());
+        System.out.println("Recipient: " + actionDto.getRecipient());
+        String recipientRole = usersService.loadUserRole(actionDto.getRecipient());
+        System.out.println("Role: " + recipientRole);
+
+        for (GrantedAuthority grantedAuthority : userDetails.getAuthorities()){
+            String role = grantedAuthority.getAuthority();
+
+            if (usersService.getUserRank(recipientRole) - usersService.getUserRank(role) == 2) {
+                if (!requestAuth(authentication, actionDto)) {
                     throw new ForbiddenAccessException();
                 }
             }
         }
     }
+
+    @RequestMapping(value = "/requestAuth", method = RequestMethod.POST)
+    public boolean requestAuth(Authentication authentication, @RequestBody ActionDto actionDto) {
+        return actionDto.getAuthorization();
+    }
 }

authorization/src/main/java/com/ship/authorization/service/UsersService.java

@@ -15,9 +15,17 @@ public class UsersService {
     public static final String ROLE_LIEUTENANT = "ROLE_LIEUTENANT";
     public static final String ROLE_ENSIGN = "ROLE_ENSIGN";
     public static final String ROLE_CREWMAN = "ROLE_CREWMAN";
+    public static final String DEPARTMENT_OPERATIONS = "DEPARTMENT_OPERATIONS";
+    public static final String DEPARTMENT_MEDICAL = "DEPARTMENT_MEDICAL";
+    public static final String DEPARTMENT_SCIENCE = "DEPARTMENT_SCIENCE";
+    public static final String DEPARTMENT_COMMAND = "DEPARTMENT_COMMAND";
 
     private Map<String, String> users = new HashMap<>();
 
+    private Map<String, Integer> userRanks = new HashMap<>();
+
+    private Map<String, String> userDepartment = new HashMap<>();
+
     public UsersService() {
         users.put("admiral", ROLE_ADMIRAL);
         users.put("viceAdmiral", ROLE_VICE_ADMIRAL);
@@ -26,9 +34,29 @@ public UsersService() {
         users.put("lieutenant", ROLE_LIEUTENANT);
         users.put("ensign", ROLE_ENSIGN);
         users.put("crewman", ROLE_CREWMAN);
+
+        userRanks.put(ROLE_ADMIRAL, 1);
+        userRanks.put(ROLE_VICE_ADMIRAL, 2);
+        userRanks.put(ROLE_CAPTAIN, 3);
+        userRanks.put(ROLE_COMMANDER, 4);
+        userRanks.put(ROLE_LIEUTENANT, 5);
+        userRanks.put(ROLE_ENSIGN, 6);
+        userRanks.put(ROLE_CREWMAN, 7);
+
+        userDepartment.put("operations", DEPARTMENT_OPERATIONS);
+        userDepartment.put("medical", DEPARTMENT_MEDICAL);
+        userDepartment.put("science", DEPARTMENT_SCIENCE);
+        userDepartment.put("command", DEPARTMENT_COMMAND);
+
     }
 
     public String loadUserRole(String username) {
         return users.get(username);
     }
+
+    public String getUserDepartment(String username) { return userDepartment.get(username); }
+
+    public int getUserRank(String userRole) {
+        return userRanks.get(userRole);
+    }
 }

config-server/src/main/resources/application.yml

@@ -18,7 +18,7 @@ security.user:
 ---
 spring:
   profiles: native
-  cloud.config.server.native.search-locations: file:///${user.home}/Documents/wilau2/cs-games-2018-relay-cloud/config-server/config
+  cloud.config.server.native.search-locations: file:///${user.home}/cs-games-2018-relay-cloud/config-server/config
 
 eureka:
   client: