security, deployment

kit-sdq · Nov 25, 2024 · 8ea30cf · 8ea30cf
1 parent c5fc384
commit 8ea30cf
Show file tree

Hide file tree

Showing 7 changed files with 30 additions and 11 deletions.
diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml
@@ -14,7 +14,7 @@ services:
       - tutor-assistant-keycloak
 
   tutor-assistant:
-    image: zaeunepyrite01/tutor-assistant:latest
+    image: ghcr.io/kit-sdq/tutor-assistant:latest
     container_name: tutor-assistant
     restart: always
     env_file:
@@ -25,14 +25,14 @@ services:
       - tutor-assistant
 
   tutor-assistant-web:
-    image: zaeunepyrite01/tutor-assistant-web:latest
+    image: ghcr.io/kit-sdq/tutor-assistant-web:latest
     container_name: tutor-assistant-web
     restart: always
     networks:
       - tutor-assistant
 
   tutor-assistant-app-service:
-    image: zaeunepyrite01/tutor-assistant-app-service:latest
+    image: ghcr.io/kit-sdq/tutor-assistant-app-service:latest
     container_name: tutor-assistant-app-service
     restart: always
     depends_on:

diff --git a/.../src/main/kotlin/de/niklaskerkhoff/tutorassistantappservice/lib/security/SecurityUtils.kt b/.../src/main/kotlin/de/niklaskerkhoff/tutorassistantappservice/lib/security/SecurityUtils.kt
@@ -0,0 +1,6 @@
+package de.niklaskerkhoff.tutorassistantappservice.lib.security
+
+import org.springframework.security.core.authority.SimpleGrantedAuthority
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
+
+fun JwtAuthenticationToken.hasAuthority(authority: String) = authorities.contains(SimpleGrantedAuthority(authority))
diff --git a/...tlin/de/niklaskerkhoff/tutorassistantappservice/modules/chat/controller/ChatController.kt b/...tlin/de/niklaskerkhoff/tutorassistantappservice/modules/chat/controller/ChatController.kt
@@ -1,6 +1,7 @@
 package de.niklaskerkhoff.tutorassistantappservice.modules.chat.controller
 
 import de.niklaskerkhoff.tutorassistantappservice.lib.app_components.AppController
+import de.niklaskerkhoff.tutorassistantappservice.lib.security.hasAuthority
 import de.niklaskerkhoff.tutorassistantappservice.modules.chat.model.ChatBaseData
 import de.niklaskerkhoff.tutorassistantappservice.modules.chat.model.ChatMainData
 import de.niklaskerkhoff.tutorassistantappservice.modules.chat.model.ChatService
@@ -20,10 +21,12 @@ class ChatController(
 ) : AppController() {
     @GetMapping("{chatId}")
     fun getChatById(@PathVariable chatId: UUID, jwt: JwtAuthenticationToken): ChatMainData =
-        chatService.getChatById(chatId, jwt.name)
+        chatService.getChatById(chatId, jwt.name, !jwt.hasAuthority("ROLE_evaluator"))
 
     @GetMapping
-    fun getChats(jwt: JwtAuthenticationToken): List<ChatBaseData> = chatService.getChats(jwt.name)
+    fun getChats(jwt: JwtAuthenticationToken): List<ChatBaseData> =
+        if (jwt.hasAuthority("ROLE_evaluator")) chatService.getAllChats()
+        else chatService.getUsersChats(jwt.name)
 
     @PostMapping
     fun createChat(jwt: JwtAuthenticationToken): ChatBaseData = chatService.createChat(jwt.name)

diff --git a/...src/main/kotlin/de/niklaskerkhoff/tutorassistantappservice/modules/chat/model/ChatRepo.kt b/...src/main/kotlin/de/niklaskerkhoff/tutorassistantappservice/modules/chat/model/ChatRepo.kt
@@ -6,7 +6,7 @@ import org.springframework.data.jpa.repository.Query
 interface ChatRepo : AppEntityRepo<Chat> {
     fun findByUserIdOrderByCreatedDateDesc(userId: String): List<Chat>
 
-    fun findBySummaryIsNull(): List<Chat>
+    fun findAllByOrderByCreatedDateDesc(): List<Chat>
 
     @Query("select c from Chat c where size(c._messages) <= 1")
     fun findEmptyChats(): List<Chat>

diff --git a/.../main/kotlin/de/niklaskerkhoff/tutorassistantappservice/modules/chat/model/ChatService.kt b/.../main/kotlin/de/niklaskerkhoff/tutorassistantappservice/modules/chat/model/ChatService.kt
@@ -41,10 +41,12 @@ class ChatService(
     @Value("\${app.tutor-assistant.base-url}")
     private lateinit var baseUrl: String
 
-    fun getChats(userId: String) = chatRepo.findByUserIdOrderByCreatedDateDesc(userId).map { ChatBaseData(it) }
+    fun getUsersChats(userId: String) = chatRepo.findByUserIdOrderByCreatedDateDesc(userId).map { ChatBaseData(it) }
 
-    fun getChatById(chatId: UUID, userId: String): ChatMainData {
-        val chat = chatRepo.findByIdOrThrow(chatId).requireUser(userId)
+    fun getAllChats() = chatRepo.findAllByOrderByCreatedDateDesc().map { ChatBaseData(it) }
+
+    fun getChatById(chatId: UUID, userId: String, requiresMatchingUser: Boolean = true): ChatMainData {
+        val chat = chatRepo.findByIdOrThrow(chatId).requireUser(userId, requiresMatchingUser)
         return ChatMainData(chat)
     }
 
@@ -186,8 +188,8 @@ class ChatService(
         return if (this?.has(key) == true) this[key] else null
     }
 
-    private fun Chat.requireUser(userId: String): Chat {
-        if (this.userId != userId) throw ResponseStatusException(HttpStatus.NOT_FOUND)
+    private fun Chat.requireUser(userId: String, requiresMatchingUser: Boolean = true): Chat {
+        if (requiresMatchingUser && this.userId != userId) throw ResponseStatusException(HttpStatus.NOT_FOUND)
         return this
     }
 }
diff --git a/...kerkhoff/tutorassistantappservice/modules/documents/applications/ApplicationController.kt b/...kerkhoff/tutorassistantappservice/modules/documents/applications/ApplicationController.kt
@@ -1,6 +1,7 @@
 package de.niklaskerkhoff.tutorassistantappservice.modules.documents.applications
 
 import de.niklaskerkhoff.tutorassistantappservice.modules.documents.applications.entities.toDto
+import org.springframework.security.access.prepost.PreAuthorize
 import org.springframework.web.bind.annotation.*
 import java.util.*
 
@@ -16,17 +17,22 @@ class ApplicationController(
     fun getWebsiteDocuments() = applicationService.getWebsiteDocuments().map { it.toDto() }
 
     @PostMapping("index")
+    @PreAuthorize("hasRole('document-manager')")
     fun index(): Unit = applicationService.index()
 
     @PostMapping("files/{id}/reindex")
+    @PreAuthorize("hasRole('document-manager')")
     fun reindexFile(@PathVariable id: UUID): Unit = applicationService.reindexFileDocument(id)
 
     @PostMapping("websites/{id}/reindex")
+    @PreAuthorize("hasRole('document-manager')")
     fun reindexWebsite(@PathVariable id: UUID): Unit = applicationService.reindexWebsiteDocument(id)
 
     @DeleteMapping("files/{id}")
+    @PreAuthorize("hasRole('document-manager')")
     fun deleteFile(@PathVariable id: UUID): Unit = applicationService.deleteFileDocument(id)
 
     @DeleteMapping("websites/{id}")
+    @PreAuthorize("hasRole('document-manager')")
     fun deleteWebsite(@PathVariable id: UUID): Unit = applicationService.deleteWebsiteDocument(id)
 }
diff --git a/...e/niklaskerkhoff/tutorassistantappservice/modules/documents/settings/SettingController.kt b/...e/niklaskerkhoff/tutorassistantappservice/modules/documents/settings/SettingController.kt
@@ -2,12 +2,14 @@ package de.niklaskerkhoff.tutorassistantappservice.modules.documents.settings
 
 import de.niklaskerkhoff.tutorassistantappservice.modules.documents.settings.entities.SettingDto
 import de.niklaskerkhoff.tutorassistantappservice.modules.documents.settings.entities.toDto
+import org.springframework.security.access.prepost.PreAuthorize
 import org.springframework.web.bind.annotation.*
 import org.springframework.web.multipart.MultipartFile
 import java.util.*
 
 @RestController
 @RequestMapping("documents/settings")
+@PreAuthorize("hasRole('document-manager')")
 class SettingController(
     private val settingService: SettingService
 ) {