From ecf3b0e4652dff88b3f411516e06824e7b547002 Mon Sep 17 00:00:00 2001
From: "MSI\\derek" <abc@gmail.com>
Date: Wed, 29 May 2024 18:24:38 +0800
Subject: [PATCH] filter access right

---
 .../jwt/web/JwtAuthenticationController.java     | 16 +++++++++++++++-
 .../java/com/ffii/tsms/model/JwtResponse.java    | 12 ++++++++++--
 .../modules/data/entity/StaffRepository.java     |  2 ++
 .../tsms/modules/data/web/SkillController.kt     | 15 +++++++++------
 .../tsms/modules/user/entity/UserRepository.java |  5 +++--
 .../tsms/modules/user/service/GroupService.java  | 12 ++++++++++++
 6 files changed, 51 insertions(+), 11 deletions(-)

diff --git a/src/main/java/com/ffii/tsms/config/security/jwt/web/JwtAuthenticationController.java b/src/main/java/com/ffii/tsms/config/security/jwt/web/JwtAuthenticationController.java
index 93dfe66..ef8b2cb 100644
--- a/src/main/java/com/ffii/tsms/config/security/jwt/web/JwtAuthenticationController.java
+++ b/src/main/java/com/ffii/tsms/config/security/jwt/web/JwtAuthenticationController.java
@@ -2,8 +2,12 @@ package com.ffii.tsms.config.security.jwt.web;
 
 import java.time.Instant;
 import java.util.HashSet;
+import java.util.Map;
 import java.util.Set;
 
+import com.ffii.tsms.modules.data.entity.Staff;
+import com.ffii.tsms.modules.data.entity.StaffRepository;
+import com.ffii.tsms.modules.user.service.GroupService;
 import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
@@ -51,6 +55,12 @@ public class JwtAuthenticationController {
   @Autowired
   private JwtUserDetailsService userDetailsService;
 
+  @Autowired
+  private GroupService groupService;
+
+  @Autowired
+  private StaffRepository staffRepository;
+
   @Autowired
   private UserRepository userRepository;
 
@@ -90,10 +100,14 @@ public class JwtAuthenticationController {
     final String accessToken = jwtTokenUtil.generateToken(user);
     final String refreshToken = jwtTokenUtil.createRefreshToken(user.getUsername()).getToken();
 
+    final Map<String, Object> args = Map.of("userId", user.getId());
+    final String role = groupService.getGroupName(args);
+    final Staff staff = staffRepository.findIdAndNameByUserIdAndDeletedFalse(user.getId()).orElse(null);
+
     Set<AbilityModel> abilities = new HashSet<>();
     userAuthorityService.getUserAuthority(user).forEach(auth -> abilities.add(new AbilityModel(auth.getAuthority())));
 
-    return ResponseEntity.ok(new JwtResponse(accessToken, refreshToken, null, user, abilities));
+    return ResponseEntity.ok(new JwtResponse(accessToken, refreshToken, role, user, abilities, staff));
   }
 
   @PostMapping("/refresh-token")
diff --git a/src/main/java/com/ffii/tsms/model/JwtResponse.java b/src/main/java/com/ffii/tsms/model/JwtResponse.java
index 9b0d4e7..beaad81 100644
--- a/src/main/java/com/ffii/tsms/model/JwtResponse.java
+++ b/src/main/java/com/ffii/tsms/model/JwtResponse.java
@@ -3,6 +3,7 @@ package com.ffii.tsms.model;
 import java.io.Serializable;
 import java.util.Set;
 
+import com.ffii.tsms.modules.data.entity.Staff;
 import com.ffii.tsms.modules.user.entity.User;
 
 public class JwtResponse implements Serializable {
@@ -15,8 +16,11 @@ public class JwtResponse implements Serializable {
 	private final String refreshToken;
 	private final String role;
 	private final Set<AbilityModel> abilities;
+	private final Staff staff;
 
-	public JwtResponse(String accessToken, String refreshToken, String role, User user, Set<AbilityModel> abilities) {
+
+
+	public JwtResponse(String accessToken, String refreshToken, String role, User user, Set<AbilityModel> abilities, Staff staff) {
 		this.accessToken = accessToken;
 		this.refreshToken = refreshToken;
 		this.role = role;
@@ -24,7 +28,8 @@ public class JwtResponse implements Serializable {
 		this.name = user.getName();
 		this.email = user.getEmail();
 		this.abilities = abilities;
-	}
+		this.staff = staff;
+    }
 
 	public String getAccessToken() {
 		return this.accessToken;
@@ -50,6 +55,9 @@ public class JwtResponse implements Serializable {
 		return email;
 	}
 
+	public Staff getStaff() { return staff; }
+
+
 	public Set<AbilityModel> getAbilities() {
 		return abilities;
 	}
diff --git a/src/main/java/com/ffii/tsms/modules/data/entity/StaffRepository.java b/src/main/java/com/ffii/tsms/modules/data/entity/StaffRepository.java
index 3b0b4d1..d650327 100644
--- a/src/main/java/com/ffii/tsms/modules/data/entity/StaffRepository.java
+++ b/src/main/java/com/ffii/tsms/modules/data/entity/StaffRepository.java
@@ -21,4 +21,6 @@ public interface StaffRepository extends AbstractRepository<Staff, Long> {
 
     Optional<Staff> findByUserId(@Param("userId") Long userId);
     Optional<List<Staff>> findAllByTeamIdAndDeletedFalse(Long id);
+
+    Optional<Staff> findIdAndNameByUserIdAndDeletedFalse(Long id);
 }
\ No newline at end of file
diff --git a/src/main/java/com/ffii/tsms/modules/data/web/SkillController.kt b/src/main/java/com/ffii/tsms/modules/data/web/SkillController.kt
index a6d9bd0..0b70d12 100644
--- a/src/main/java/com/ffii/tsms/modules/data/web/SkillController.kt
+++ b/src/main/java/com/ffii/tsms/modules/data/web/SkillController.kt
@@ -2,44 +2,47 @@ package com.ffii.tsms.modules.data.web
 
 import com.ffii.core.response.RecordsRes
 import com.ffii.core.utils.CriteriaArgsBuilder
+import com.ffii.tsms.modules.common.SecurityUtils
 import com.ffii.tsms.modules.data.entity.Skill
 import com.ffii.tsms.modules.data.service.SkillService
 import com.ffii.tsms.modules.data.web.models.NewSkillRequest
 import jakarta.servlet.http.HttpServletRequest
 import jakarta.validation.Valid
 import org.springframework.http.HttpStatus
+import org.springframework.security.access.prepost.PreAuthorize
 import org.springframework.web.bind.ServletRequestBindingException
 import org.springframework.web.bind.annotation.*
 
 
 @RestController
 @RequestMapping("/skill")
-class SkillController(private val skillService: SkillService)    {
+open class SkillController(private val skillService: SkillService)    {
 
     @PostMapping("/save")
-    fun saveSkill(@Valid @RequestBody newSkill: NewSkillRequest): Skill {
+    @PreAuthorize("hasAuthority('MAINTAIN_MASTERDATA')")
+    open fun saveSkill(@Valid @RequestBody newSkill: NewSkillRequest): Skill {
         return skillService.saveOrUpdate(newSkill)
     }
     @GetMapping("/{id}")
-    fun list(@Valid @PathVariable id: Long): List<Map<String, Any>> {
+    open fun list(@Valid @PathVariable id: Long): List<Map<String, Any>> {
         val args: MutableMap<String, Any> = HashMap()
             args["id"] = id
         return skillService.list(args);
     }
     @DeleteMapping("/delete/{id}")
     @ResponseStatus(HttpStatus.NO_CONTENT)
-    fun delete(@PathVariable id: Long?) {
+    open fun delete(@PathVariable id: Long?) {
         skillService.markDelete(id)
     }
 
     @GetMapping
-    fun list(): List<Map<String, Any>> {
+    open fun list(): List<Map<String, Any>> {
         val args: MutableMap<String, Any> = HashMap()
         return skillService.list(args);
     }
     @GetMapping("/combo")
     @Throws(ServletRequestBindingException::class)
-    fun combo(request: HttpServletRequest?): RecordsRes<Map<String, Any>> {
+    open fun combo(request: HttpServletRequest?): RecordsRes<Map<String, Any>> {
         println(request)
         return RecordsRes<Map<String, Any>>(
             skillService.combo(
diff --git a/src/main/java/com/ffii/tsms/modules/user/entity/UserRepository.java b/src/main/java/com/ffii/tsms/modules/user/entity/UserRepository.java
index 40214d3..7107cb2 100644
--- a/src/main/java/com/ffii/tsms/modules/user/entity/UserRepository.java
+++ b/src/main/java/com/ffii/tsms/modules/user/entity/UserRepository.java
@@ -4,7 +4,7 @@ import java.util.List;
 import java.util.Optional;
 
 import org.springframework.data.repository.query.Param;
-
+import org.springframework.data.jpa.repository.Query;
 import com.ffii.core.support.AbstractRepository;
 
 public interface UserRepository extends AbstractRepository<User, Long> {
@@ -12,5 +12,6 @@ public interface UserRepository extends AbstractRepository<User, Long> {
   List<User> findByName(@Param("name") String name);
   List<User> findAllByAndDeletedFalse();
 
-  Optional<User> 	findByUsernameAndDeletedFalse(String username);
+  Optional<User> findByUsernameAndDeletedFalse(String username);
+
 }
diff --git a/src/main/java/com/ffii/tsms/modules/user/service/GroupService.java b/src/main/java/com/ffii/tsms/modules/user/service/GroupService.java
index 7b128bd..d0fb138 100644
--- a/src/main/java/com/ffii/tsms/modules/user/service/GroupService.java
+++ b/src/main/java/com/ffii/tsms/modules/user/service/GroupService.java
@@ -172,6 +172,18 @@ public class GroupService extends AbstractBaseEntityService<Group, Long, GroupRe
 						+ " WHERE gu.groupId = :id",
 				Map.of(Params.ID, id));
 	}
+	@Transactional(rollbackFor = Exception.class)
+	public String getGroupName(Map<String, Object> args) {
+		StringBuilder sql = new StringBuilder("select"
+				+ " g.name "
+				+ " from user u "
+				+ " left join user_group ug on u.id = ug.userId "
+				+ " left join `group`g on ug.groupId = g.id "
+				+ " where g.deleted = false "
+				+ " and u.id = :userId"
+		);
+		return jdbcDao.queryForString(sql.toString(), args);
+	}
 
 
 	@Transactional(rollbackFor = Exception.class)