refactor

src/main/java/alfio/controller/api/admin/AdditionalServiceApiController.java

@@ -78,7 +78,7 @@ public ResponseEntity<String> handleError(Exception e) {
 
     @GetMapping("/event/{eventId}/additional-services")
     public List<EventModification.AdditionalService> loadAll(@PathVariable("eventId") int eventId, Principal principal) {
-        accessService.checkEventAccess(principal, eventId);
+        accessService.checkEventOwnership(principal, eventId);
         return eventRepository.findOptionalById(eventId)
             .map(event -> additionalServiceManager.loadAllForEvent(eventId)
                             .stream()
@@ -92,7 +92,7 @@ public List<EventModification.AdditionalService> loadAll(@PathVariable("eventId"
 
     @GetMapping("/event/{eventId}/additional-services/count")
     public Map<Integer, Map<AdditionalServiceItem.AdditionalServiceItemStatus, Integer>> countUse(@PathVariable("eventId") int eventId, Principal principal) {
-        accessService.checkOrganizationAccess(principal, eventId);
+        accessService.checkOrganizationOwnership(principal, eventId);
         return additionalServiceManager.countUsageForEvent(eventId);
     }
 
@@ -153,7 +153,7 @@ public void exportAdditionalServices(@PathVariable("eventName") String eventName
                                          @PathVariable("type") AdditionalService.AdditionalServiceType additionalServiceType,
                                          HttpServletResponse response,
                                          Principal principal) throws IOException {
-        accessService.checkEventAccess(principal, eventName);
+        accessService.checkEventOwnership(principal, eventName);
         var event = eventManager.getOptionalByName(eventName, principal.getName()).orElseThrow();
         var formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm");
         var header = List.of(

src/main/java/alfio/controller/api/admin/AdminWaitingQueueApiController.java

@@ -59,7 +59,7 @@ public class AdminWaitingQueueApiController {
 
     @GetMapping("/status")
     public Map<String, Boolean> getStatusForEvent(@PathVariable("eventName") String eventName, Principal principal) {
-        accessService.checkEventAccess(principal, eventName);
+        accessService.checkEventOwnership(principal, eventName);
         return eventManager.getOptionalByName(eventName, principal.getName())
             .map(this::loadStatus)
             .orElse(Collections.emptyMap());
@@ -93,7 +93,7 @@ public Map<String, Boolean> setStatusForEvent(@PathVariable("eventName") String
 
     @GetMapping("/count")
     public Integer countWaitingPeople(@PathVariable("eventName") String eventName, Principal principal, HttpServletResponse response) {
-        accessService.checkEventAccess(principal, eventName);
+        accessService.checkEventOwnership(principal, eventName);
         Optional<Integer> count = eventManager.getOptionalEventAndOrganizationIdByName(eventName, principal.getName())
             .map(e -> waitingQueueManager.countSubscribers(e.getId()));
         if(count.isPresent()) {
@@ -105,7 +105,7 @@ public Integer countWaitingPeople(@PathVariable("eventName") String eventName, P
 
     @GetMapping("/load")
     public List<WaitingQueueSubscription> loadAllSubscriptions(@PathVariable("eventName") String eventName, Principal principal, HttpServletResponse response) {
-        accessService.checkEventAccess(principal, eventName);
+        accessService.checkEventOwnership(principal, eventName);
         Optional<List<WaitingQueueSubscription>> count = eventManager.getOptionalEventAndOrganizationIdByName(eventName, principal.getName())
             .map(e -> waitingQueueManager.loadAllSubscriptionsForEvent(e.getId()));
         if(count.isPresent()) {
@@ -119,7 +119,7 @@ public List<WaitingQueueSubscription> loadAllSubscriptions(@PathVariable("eventN
     public void downloadAllSubscriptions(@PathVariable("eventName") String eventName,
                                          @RequestParam(name = "format", defaultValue = "excel") String format,
                                          Principal principal, HttpServletResponse response) throws IOException {
-        accessService.checkEventAccess(principal, eventName);
+        accessService.checkEventOwnership(principal, eventName);
         var event = eventManager.getSingleEvent(eventName, principal.getName());
         var found = waitingQueueManager.loadAllSubscriptionsForEvent(event.getId());
 

src/main/java/alfio/controller/api/admin/CheckInApiController.java

@@ -164,7 +164,7 @@ public TicketAndCheckInResult confirmOnSitePayment(@PathVariable("eventName") St
 
     @GetMapping("/check-in/event/{eventName}/statistics")
     public CheckInStatistics getStatistics(@PathVariable("eventName") String eventName, Principal principal) {
-        accessService.checkEventAccess(principal, eventName);
+        accessService.checkEventOwnership(principal, eventName);
         return checkInManager.getStatistics(eventName, principal.getName());
     }
 
@@ -180,7 +180,7 @@ public List<Integer> findAllIdentifiersForAdminCheckIn(@PathVariable("eventId")
                                                @RequestParam(value = "changedSince", required = false) Long changedSince,
                                                HttpServletResponse response,
                                                Principal principal) {
-        accessService.checkEventAccess(principal, eventId);
+        accessService.checkEventOwnership(principal, eventId);
         response.setHeader(ALFIO_TIMESTAMP_HEADER, Long.toString(new Date().getTime()));
         return checkInManager.getAttendeesIdentifiers(eventId, changedSince == null ? new Date(0) : new Date(changedSince), principal.getName());
     }
@@ -209,7 +209,7 @@ public List<FullTicketInfo> findAllTicketsForAdminCheckIn(@PathVariable("eventId
 
     @GetMapping("/check-in/{eventName}/label-layout")
     public ResponseEntity<LabelLayout> getLabelLayoutForEvent(@PathVariable("eventName") String eventName, Principal principal) {
-        accessService.checkEventAccess(principal, eventName);
+        accessService.checkEventOwnership(principal, eventName);
         return eventManager.getOptionalEventAndOrganizationIdByName(eventName, principal.getName())
             .filter(checkInManager.isOfflineCheckInAndLabelPrintingEnabled())
             .map(this::parseLabelLayout)
@@ -221,7 +221,7 @@ public List<Integer> getOfflineIdentifiers(@PathVariable("eventName") String eve
                                               @RequestParam(value = "changedSince", required = false) Long changedSince,
                                               HttpServletResponse resp,
                                               Principal principal) {
-        accessService.checkEventAccess(principal, eventName);
+        accessService.checkEventOwnership(principal, eventName);
         Date since = changedSince == null ? new Date(0) : DateUtils.addSeconds(new Date(changedSince), -1);
         Optional<List<Integer>> ids = eventManager.getOptionalEventAndOrganizationIdByName(eventName, principal.getName())
             .filter(checkInManager.isOfflineCheckInEnabled())

src/main/java/alfio/controller/api/admin/ConfigurationApiController.java

@@ -89,7 +89,7 @@ public boolean updateConfiguration(@RequestBody Map<ConfigurationKeys.SettingCat
 
     @GetMapping(value = "/organizations/{organizationId}/load")
     public Map<ConfigurationKeys.SettingCategory, List<Configuration>> loadOrganizationConfiguration(@PathVariable("organizationId") int organizationId, Principal principal) {
-        accessService.checkOrganizationAccess(principal, organizationId);
+        accessService.checkOrganizationOwnership(principal, organizationId);
         return configurationManager.loadOrganizationConfig(organizationId, principal.getName());
     }
 
@@ -103,15 +103,15 @@ public boolean updateOrganizationConfiguration(@PathVariable("organizationId") i
     @GetMapping(value = "/events/{eventId}/load")
     public Map<ConfigurationKeys.SettingCategory, List<Configuration>> loadEventConfiguration(@PathVariable("eventId") int eventId,
                                                                                               Principal principal) {
-        accessService.checkEventAccess(principal, eventId);
+        accessService.checkEventOwnership(principal, eventId);
         return configurationManager.loadEventConfig(eventId, principal.getName());
     }
 
     @GetMapping("/events/{eventName}/single/{key}")
     public ResponseEntity<String> getSingleConfigForEvent(@PathVariable("eventName") String eventShortName,
                                                          @PathVariable("key") String key,
                                                          Principal principal) {
-        accessService.checkEventAccess(principal, eventShortName);
+        accessService.checkEventOwnership(principal, eventShortName);
 
         var optionalEvent = eventManager.getOptionalByName(eventShortName, principal.getName());
 
@@ -131,7 +131,7 @@ public ResponseEntity<String> getSingleConfigForEvent(@PathVariable("eventName")
     public ResponseEntity<String> getSingleConfigForOrganization(@PathVariable("organizationId") int organizationId,
                                                                  @PathVariable("key") String key,
                                                                  Principal principal) {
-        accessService.checkOrganizationAccess(principal, organizationId);
+        accessService.checkOrganizationOwnership(principal, organizationId);
 
         String config = configurationManager.getSingleConfigForOrganization(organizationId, key, principal.getName());
         if(config == null) {
@@ -161,14 +161,14 @@ public Map<ConfigurationKeys.SettingCategory, List<Configuration>> loadCategoryC
 
     @DeleteMapping(value = "/organization/{organizationId}/key/{key}")
     public boolean deleteOrganizationLevelKey(@PathVariable("organizationId") int organizationId, @PathVariable("key") ConfigurationKeys key, Principal principal) {
-        accessService.checkOrganizationAccess(principal, organizationId);
+        accessService.checkOrganizationOwnership(principal, organizationId);
         configurationManager.deleteOrganizationLevelByKey(key.getValue(), organizationId, principal.getName());
         return true;
     }
 
     @DeleteMapping(value = "/event/{eventId}/key/{key}")
     public boolean deleteEventLevelKey(@PathVariable("eventId") int eventId, @PathVariable("key") ConfigurationKeys key, Principal principal) {
-        accessService.checkEventAccess(principal, eventId);
+        accessService.checkEventOwnership(principal, eventId);
         configurationManager.deleteEventLevelByKey(key.getValue(), eventId, principal.getName());
         return true;
     }
@@ -198,7 +198,7 @@ public InstanceSettings loadInstanceSettings() {
 
     @GetMapping(value = "/platform-mode/status/{organizationId}")
     public Map<String, Boolean> loadPlatformModeStatus(@PathVariable("organizationId") int organizationId, Principal principal) {
-        accessService.checkOrganizationAccess(principal, organizationId);
+        accessService.checkOrganizationOwnership(principal, organizationId);
         Map<String, Boolean> result = new HashMap<>();
         boolean platformModeEnabled = configurationManager.getForSystem(PLATFORM_MODE_ENABLED).getValueAsBooleanOrDefault();
         result.put("enabled", platformModeEnabled);
@@ -217,7 +217,7 @@ public Collection<ConfigurationKeys.SettingCategory> getSettingCategories() {
 
     @GetMapping(value = "/event/{eventId}/invoice-first-date")
     public ResponseEntity<ZonedDateTime> getFirstInvoiceDate(@PathVariable("eventId") Integer eventId, Principal principal) {
-        accessService.checkEventAccess(principal, eventId);
+        accessService.checkEventOwnership(principal, eventId);
         return ResponseEntity.of(optionally(() -> eventManager.getSingleEventById(eventId, principal.getName()))
             .map(event -> billingDocumentManager.findFirstInvoiceDate(event.getId()).orElseGet(() -> ZonedDateTime.now(clockProvider.getClock().withZone(event.getZoneId())))));
     }
@@ -227,7 +227,7 @@ public ResponseEntity<List<Integer>> getMatchingInvoicesForEvent(@PathVariable("
                                                                      @RequestParam("from") long fromInstant,
                                                                      @RequestParam("to") long toInstant,
                                                                      Principal principal) {
-        accessService.checkEventAccess(principal, eventId);
+        accessService.checkEventOwnership(principal, eventId);
         var eventOptional = optionally(() -> eventManager.getSingleEventById(eventId, principal.getName()));
         if(eventOptional.isEmpty()) {
             return ResponseEntity.badRequest().build();

src/main/java/alfio/controller/api/admin/EventApiController.java

@@ -114,6 +114,7 @@ public class EventApiController {
     private final ConfigurationManager configurationManager;
     private final ExtensionManager extensionManager;
     private final ClockProvider clockProvider;
+    private final AccessService accessService;
 
 
     @ExceptionHandler(DataAccessException.class)
@@ -133,6 +134,7 @@ public String unhandledException(Exception e) {
     @GetMapping("/paymentProxies/{organizationId}")
     @ResponseStatus(HttpStatus.OK)
     public List<PaymentManager.PaymentMethodDTO> getPaymentProxies( @PathVariable("organizationId") int organizationId, Principal principal) {
+        accessService.checkOrganizationOwnership(principal, organizationId);
         return userManager.findUserOrganizations(principal.getName())
             .stream()
             .filter(o -> o.getId() == organizationId)
@@ -188,6 +190,7 @@ public static class EventAndOrganization {
 
     @GetMapping("/events/{name}")
     public ResponseEntity<EventAndOrganization> getSingleEvent(@PathVariable("name") String eventName, Principal principal) {
+        accessService.checkEventOwnership(principal, eventName);
         final String username = principal.getName();
         return optionally(() -> eventStatisticsManager.getEventWithAdditionalInfo(eventName, username))
             .map(event -> {
@@ -198,11 +201,13 @@ public ResponseEntity<EventAndOrganization> getSingleEvent(@PathVariable("name")
 
     @DeleteMapping("/events/{eventId}")
     public void deleteEvent(@PathVariable("eventId") int eventId, Principal principal) {
+        accessService.checkEventOwnership(principal, eventId);
     	eventManager.deleteEvent(eventId, principal.getName());
     }
 
     @GetMapping("/events/id/{eventId}")
     public Event getSingleEventById(@PathVariable("eventId") int eventId, Principal principal) {
+        accessService.checkEventOwnership(principal, eventId);
         return eventManager.getSingleEventById(eventId, principal.getName());
     }
 
@@ -253,6 +258,7 @@ public Map<Integer, String> getEventNamesByIds(@RequestParam("eventIds") List<In
 
     @GetMapping("/events/names-in-organization/{orgId}")
     public Map<Integer, String> getEventsNameInOrganization(@PathVariable("orgId") int orgId, Principal principal) {
+        accessService.checkOrganizationOwnership(principal, orgId);
         return eventManager.getEventsNameInOrganization(orgId, principal);
     }
 
@@ -264,6 +270,7 @@ public String insertEvent(@RequestBody EventModification eventModification, Prin
 
     @PutMapping("/events/{id}/status")
     public String activateEvent(@PathVariable("id") int id, @RequestParam("active") boolean active, Principal principal) {
+        accessService.checkEventOwnership(principal, id);
         eventManager.toggleActiveFlag(id, principal.getName(), active);
         return OK;
     }

src/main/java/alfio/manager/AccessService.java

@@ -68,31 +68,31 @@ public void checkUserAccess(Principal principal, int userId) {
         throw new IllegalStateException("FIXME");
     }
 
-    public void checkOrganizationAccess(Principal principal, int organizationId) {
+    public void checkOrganizationOwnership(Principal principal, int organizationId) {
         if (principal == null) {
             log.trace("No user present, we will allow it");
             return;
         }
         if (isSystemApiUser(principal)) {
-            log.trace("Allowing access to Organization {} to System API Key", organizationId);
+            log.trace("Allowing ownership to Organization {} to System API Key", organizationId);
             return;
         }
         if (isOwnerOfOrganization(principal, organizationId)) {
-            log.trace("Allowing access to Organization {} to user {}", organizationId, principal.getName());
+            log.trace("Allowing ownership to Organization {} to user {}", organizationId, principal.getName());
             return;
         }
-        log.warn("User {} don't have access to organizationId {}", principal.getName(), organizationId);
-        throw new IllegalArgumentException("User " + principal.getName() + " don't have access to organizationId " + organizationId);
+        log.warn("User {} don't have ownership to organizationId {}", principal.getName(), organizationId);
+        throw new IllegalArgumentException("User " + principal.getName() + " don't have ownership to organizationId " + organizationId);
     }
 
-    public void checkEventAccess(Principal principal, int eventId) {
+    public void checkEventOwnership(Principal principal, int eventId) {
         var orgId = eventRepository.findOrganizationIdByEventId(eventId);
-        checkOrganizationAccess(principal, orgId);
+        checkOrganizationOwnership(principal, orgId);
     }
 
-    public void checkEventAccess(Principal principal, String eventShortName) {
+    public void checkEventOwnership(Principal principal, String eventShortName) {
         var orgId = eventRepository.findOrganizationIdByShortName(eventShortName);
-        checkOrganizationAccess(principal, orgId);
+        checkOrganizationOwnership(principal, orgId);
     }
 
     private static boolean isSystemApiUser(Principal principal) {