Commit 6f0c2016 authored by michael.simon's avatar michael.simon
Browse files

Erste Tests mit User ID auch für Admin Konten

parent 0323e74a
......@@ -14,18 +14,22 @@ import java.io.IOException;
import java.util.List;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import edu.kit.scc.webreg.dto.entity.RegistryEntityDto;
import edu.kit.scc.webreg.dto.service.RegistryDtoService;
import edu.kit.scc.webreg.entity.ServiceEntity;
import edu.kit.scc.webreg.rest.exc.NoItemFoundException;
import edu.kit.scc.webreg.sec.SecurityFilter;
import edu.kit.scc.webreg.service.RegistryService;
import edu.kit.scc.webreg.service.ServiceService;
import edu.kit.scc.webreg.service.UserService;
import edu.kit.scc.webreg.util.SessionManager;
@Path("/service-admin")
public class ServiceAdminController {
......@@ -42,14 +46,18 @@ public class ServiceAdminController {
@Inject
private ServiceService serviceService;
@Inject
private SessionManager sessionManager;
@Path(value = "/depro/list/{ssn}")
@Produces({"application/json"})
@GET
public List<RegistryEntityDto> list(@PathParam("ssn") String ssn)
public List<RegistryEntityDto> list(@PathParam("ssn") String ssn, @Context HttpServletRequest request)
throws IOException, NoItemFoundException {
ServiceEntity serviceEntity = serviceService.findByShortName(ssn);
System.out.println("" + sessionManager.getUserId());
System.out.println("" + request.getAttribute(SecurityFilter.ADMIN_USER));
List<RegistryEntityDto> deproList = registryDtoService.findRegistriesForDepro(serviceEntity.getShortName());
return deproList;
......
......@@ -41,6 +41,8 @@ import edu.kit.scc.webreg.util.SessionManager;
@WebFilter(urlPatterns = {"/*"})
public class SecurityFilter implements Filter {
public static final String ADMIN_USER = "_admin_user";
@Inject
private Logger logger;
......@@ -144,8 +146,10 @@ public class SecurityFilter implements Filter {
session.setRoles(roles);
if (accessChecker.check(path, roles))
if (accessChecker.check(path, roles)) {
request.setAttribute(ADMIN_USER, adminUser.getId());
chain.doFilter(request, response);
}
else
response.sendError(HttpServletResponse.SC_FORBIDDEN, "Not allowed");
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment