New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unify access resource check in a service #1310
Conversation
# Conflicts: # src/main/java/alfio/controller/api/v1/admin/ConfigurationApiV1Controller.java
# Conflicts: # src/main/java/alfio/controller/api/v1/admin/ConfigurationApiV1Controller.java
…tUser which is equal to isOwner)
# Conflicts: # src/main/java/alfio/controller/api/v1/admin/OrganizationsApiV1Controller.java # src/main/java/alfio/controller/api/v1/admin/ReservationApiV1Controller.java # src/main/java/alfio/manager/AdditionalServiceManager.java # src/main/java/alfio/repository/AdditionalServiceRepository.java # src/test/java/alfio/controller/api/v2/user/reservation/BaseReservationFlowTest.java
WaitingQueueSubscription.Status currentStatus) { | ||
Principal principal, WaitingQueueSubscription.Status newStatus, | ||
WaitingQueueSubscription.Status currentStatus) { | ||
accessService.checkWaitingQueueSubscriberInEvent(subscriberId, eventName); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should probably embed "checkEventOwnership" inside "checkWaitingQueueSubscriberInEvent", to avoid unnecessary calls
@@ -145,6 +155,7 @@ public boolean revertCheckIn(@PathVariable("eventId") int eventId, | |||
public ResponseEntity<Boolean> revertCheckIn(@PathVariable("eventName") String eventName, | |||
@PathVariable("ticketIdentifier") String ticketIdentifier, | |||
Principal principal) { | |||
accessService.checkEventTicketIdentifierMembership(principal, eventName, ticketIdentifier, AccessService.CHECKIN_ROLES); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
checkEventTicketIdentifierMembership could return an EventAndOrganizationId, so that we can reduce the number of queries
validateIdList(ids); | ||
return checkInManager.getAttendeesInformation(eventId, ids, principal.getName()); | ||
} | ||
|
||
@GetMapping("/check-in/{eventName}/label-layout") | ||
public ResponseEntity<LabelLayout> getLabelLayoutForEvent(@PathVariable("eventName") String eventName, Principal principal) { | ||
accessService.canAccessEvent(principal, eventName); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
canAccessEvent returns a result of type "EventAndOrganizationId". We can use that
Quality Gate failedFailed conditions 33.0% Coverage on New Code (required ≥ 50%) |
This will be even more simplified in a future release.