Skip to content

Commit

Permalink
initial use of check access for event
Browse files Browse the repository at this point in the history
  • Loading branch information
@syjer
syjer committed May 12, 2023
1 parent f85c12a commit 7e8e51a
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 6 deletions.
9 changes: 7 additions & 2 deletions src/main/java/alfio/controller/api/admin/AdditionalServiceApiController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
*/
package alfio.controller.api.admin;

import alfio.manager.AccessService;
import alfio.manager.AdditionalServiceManager;
import alfio.manager.EventManager;
import alfio.model.AdditionalService;
Expand Down Expand Up @@ -60,6 +61,7 @@ public class AdditionalServiceApiController {
private final EventManager eventManager;
private final EventRepository eventRepository;
private final AdditionalServiceManager additionalServiceManager;
private final AccessService accessService;


@ExceptionHandler({IllegalArgumentException.class})
Expand All @@ -75,7 +77,8 @@ public ResponseEntity<String> handleError(Exception e) {
}

@GetMapping("/event/{eventId}/additional-services")
public List<EventModification.AdditionalService> loadAll(@PathVariable("eventId") int eventId) {
public List<EventModification.AdditionalService> loadAll(@PathVariable("eventId") int eventId, Principal principal) {
accessService.checkEventAccess(principal, eventId);
return eventRepository.findOptionalById(eventId)
.map(event -> additionalServiceManager.loadAllForEvent(eventId)
.stream()
Expand All @@ -88,7 +91,8 @@ public List<EventModification.AdditionalService> loadAll(@PathVariable("eventId"
}

@GetMapping("/event/{eventId}/additional-services/count")
public Map<Integer, Map<AdditionalServiceItem.AdditionalServiceItemStatus, Integer>> countUse(@PathVariable("eventId") int eventId) {
public Map<Integer, Map<AdditionalServiceItem.AdditionalServiceItemStatus, Integer>> countUse(@PathVariable("eventId") int eventId, Principal principal) {
accessService.checkOrganizationAccess(principal, eventId);
return additionalServiceManager.countUsageForEvent(eventId);
}

Expand Down Expand Up @@ -149,6 +153,7 @@ public void exportAdditionalServices(@PathVariable("eventName") String eventName
@PathVariable("type") AdditionalService.AdditionalServiceType additionalServiceType,
HttpServletResponse response,
Principal principal) throws IOException {
accessService.checkEventAccess(principal, eventName);
var event = eventManager.getOptionalByName(eventName, principal.getName()).orElseThrow();
var formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm");
var header = List.of(
Expand Down
10 changes: 6 additions & 4 deletions src/main/java/alfio/controller/api/admin/AdminWaitingQueueApiController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,7 @@
package alfio.controller.api.admin;

import alfio.controller.decorator.SaleableTicketCategory;
import alfio.manager.EventManager;
import alfio.manager.EventStatisticsManager;
import alfio.manager.TicketReservationManager;
import alfio.manager.WaitingQueueManager;
import alfio.manager.*;
import alfio.manager.system.ConfigurationManager;
import alfio.model.Event;
import alfio.model.WaitingQueueSubscription;
Expand Down Expand Up @@ -58,9 +55,11 @@ public class AdminWaitingQueueApiController {
private final ConfigurationManager configurationManager;
private final EventStatisticsManager eventStatisticsManager;
private final ClockProvider clockProvider;
private final AccessService accessService;

@GetMapping("/status")
public Map<String, Boolean> getStatusForEvent(@PathVariable("eventName") String eventName, Principal principal) {
accessService.checkEventAccess(principal, eventName);
return eventManager.getOptionalByName(eventName, principal.getName())
.map(this::loadStatus)
.orElse(Collections.emptyMap());
Expand Down Expand Up @@ -94,6 +93,7 @@ public Map<String, Boolean> setStatusForEvent(@PathVariable("eventName") String

@GetMapping("/count")
public Integer countWaitingPeople(@PathVariable("eventName") String eventName, Principal principal, HttpServletResponse response) {
accessService.checkEventAccess(principal, eventName);
Optional<Integer> count = eventManager.getOptionalEventAndOrganizationIdByName(eventName, principal.getName())
.map(e -> waitingQueueManager.countSubscribers(e.getId()));
if(count.isPresent()) {
Expand All @@ -105,6 +105,7 @@ public Integer countWaitingPeople(@PathVariable("eventName") String eventName, P

@GetMapping("/load")
public List<WaitingQueueSubscription> loadAllSubscriptions(@PathVariable("eventName") String eventName, Principal principal, HttpServletResponse response) {
accessService.checkEventAccess(principal, eventName);
Optional<List<WaitingQueueSubscription>> count = eventManager.getOptionalEventAndOrganizationIdByName(eventName, principal.getName())
.map(e -> waitingQueueManager.loadAllSubscriptionsForEvent(e.getId()));
if(count.isPresent()) {
Expand All @@ -118,6 +119,7 @@ public List<WaitingQueueSubscription> loadAllSubscriptions(@PathVariable("eventN
public void downloadAllSubscriptions(@PathVariable("eventName") String eventName,
@RequestParam(name = "format", defaultValue = "excel") String format,
Principal principal, HttpServletResponse response) throws IOException {
accessService.checkEventAccess(principal, eventName);
var event = eventManager.getSingleEvent(eventName, principal.getName());
var found = waitingQueueManager.loadAllSubscriptionsForEvent(event.getId());

Expand Down

0 comments on commit 7e8e51a

Please sign in to comment.