Skip to content

Commit 93999e8

Browse files
hirokiterashimahirokiterashima
committed
Fixed issue creating accounts
1 parent cfde842 commit 93999e8

File tree

4 files changed

+24
-6
lines changed

4 files changed

+24
-6
lines changed

src/main/java/org/wise/portal/presentation/web/controllers/student/StudentAPIController.java

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,6 @@
8484
*/
8585
@RestController
8686
@RequestMapping("/api/student")
87-
@Secured({ "ROLE_STUDENT" })
8887
public class StudentAPIController extends UserAPIController {
8988

9089
@Autowired
@@ -112,6 +111,7 @@ List<HashMap<String, Object>> getRuns(Authentication authentication) {
112111
return runList;
113112
}
114113

114+
@Secured({ "ROLE_STUDENT" })
115115
@PostMapping("/run/launch")
116116
HashMap<String, Object> launchRun(Authentication auth, @RequestParam Long runId,
117117
@RequestParam(required = false) Long workgroupId, @RequestParam String presentUserIds,
@@ -220,6 +220,7 @@ private Set<User> getUsers(String[] userIds) throws ObjectNotFoundException {
220220
* information about the run. If the student is not successfully added to the run, we will
221221
* return a map containing an error field with an error string.
222222
*/
223+
@Secured({ "ROLE_STUDENT" })
223224
@PostMapping("/run/register")
224225
HashMap<String, Object> addStudentToRun(Authentication auth, @RequestParam String runCode,
225226
@RequestParam String period) {
@@ -361,6 +362,7 @@ List<HashMap<String, String>> getSecurityQuestions() {
361362
return questions;
362363
}
363364

365+
@Secured({ "ROLE_STUDENT" })
364366
@PostMapping("/profile/update")
365367
SimpleResponse updateProfile(Authentication auth, @RequestParam String language) {
366368
User user = userService.retrieveUserByUsername(auth.getName());
@@ -370,6 +372,7 @@ SimpleResponse updateProfile(Authentication auth, @RequestParam String language)
370372
return new SimpleResponse("success", "profileUpdated");
371373
}
372374

375+
@Secured({ "ROLE_STUDENT" })
373376
@GetMapping("/teacher-list")
374377
Set<HashMap<String, String>> getAssociatedTeachers(Authentication auth) {
375378
User user = userService.retrieveUserByUsername(auth.getName());
@@ -385,6 +388,7 @@ Set<HashMap<String, String>> getAssociatedTeachers(Authentication auth) {
385388
return teachers;
386389
}
387390

391+
@Secured({ "ROLE_STUDENT" })
388392
@GetMapping("/can-be-added-to-workgroup")
389393
HashMap<String, Object> canBeAddedToWorkgroup(Authentication auth, @RequestParam Long runId,
390394
@RequestParam(required = false) Long workgroupId, @RequestParam Long userId)

src/main/java/org/wise/portal/presentation/web/controllers/teacher/TeacherAPIController.java

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@
1515
import org.springframework.beans.factory.annotation.Autowired;
1616
import org.springframework.beans.factory.annotation.Value;
1717
import org.springframework.http.ResponseEntity;
18-
import org.springframework.security.access.annotation.Secured;
18+
import org.springframework.security.access.prepost.PreAuthorize;
1919
import org.springframework.security.acls.model.Permission;
2020
import org.springframework.security.core.Authentication;
2121
import org.springframework.web.bind.annotation.GetMapping;
@@ -50,7 +50,6 @@
5050
*/
5151
@RestController
5252
@RequestMapping("/api/teacher")
53-
@Secured({ "ROLE_TEACHER" })
5453
public class TeacherAPIController extends UserAPIController {
5554

5655
@Autowired
@@ -66,6 +65,7 @@ public class TeacherAPIController extends UserAPIController {
6665
private String googleClientSecret;
6766

6867
@GetMapping("/runs")
68+
@PreAuthorize("hasRole('ROLE_TEACHER')")
6969
List<HashMap<String, Object>> getRuns(Authentication auth,
7070
@RequestParam(required = false) Integer max) {
7171
User user = userService.retrieveUserByUsername(auth.getName());
@@ -90,6 +90,7 @@ private List<HashMap<String, Object>> getRunsList(User user, List<Run> runs) {
9090
}
9191

9292
@GetMapping("/run/{runId}")
93+
@PreAuthorize("hasRole('ROLE_TEACHER')")
9394
HashMap<String, Object> getRun(Authentication auth, @PathVariable Long runId)
9495
throws ObjectNotFoundException {
9596
User user = userService.retrieveUserByUsername(auth.getName());
@@ -111,6 +112,7 @@ protected HashMap<String, Object> getRunMap(User user, Run run) {
111112
}
112113

113114
@GetMapping("/projectlastrun/{projectId}")
115+
@PreAuthorize("hasRole('ROLE_TEACHER')")
114116
HashMap<String, Object> getProjectLastRun(Authentication auth, @PathVariable Long projectId) {
115117
User user = userService.retrieveUserByUsername(auth.getName());
116118
List<Run> runsOfProject = runService.getProjectRuns(projectId);
@@ -124,12 +126,13 @@ HashMap<String, Object> getProjectLastRun(Authentication auth, @PathVariable Lon
124126
}
125127

126128
@GetMapping("/usernames")
129+
@PreAuthorize("hasRole('ROLE_TEACHER')")
127130
List<String> getAllTeacherUsernames() {
128131
return userDetailsService.retrieveAllTeacherUsernames();
129132
}
130133

131134
@PostMapping("/register")
132-
@Secured({ "ROLE_ANONYMOUS" })
135+
@PreAuthorize("permitAll()")
133136
ResponseEntity<Map<String, Object>> createTeacherAccount(
134137
@RequestBody Map<String, String> teacherFields, HttpServletRequest request)
135138
throws DuplicateUsernameException, InvalidNameException {
@@ -252,6 +255,7 @@ private List<Integer> getSharedOwnerPermissionsList(Run run, User user) {
252255
}
253256

254257
@PostMapping("/run/create")
258+
@PreAuthorize("hasRole('ROLE_TEACHER')")
255259
HashMap<String, Object> createRun(Authentication auth, HttpServletRequest request,
256260
@RequestParam Long projectId, @RequestParam String periods, @RequestParam boolean isSurvey,
257261
@RequestParam Integer maxStudentsPerTeam, @RequestParam Long startDate,
@@ -275,6 +279,7 @@ private Set<String> createPeriodNamesSet(String periodsString) {
275279
}
276280

277281
@PostMapping("/profile/update")
282+
@PreAuthorize("hasRole('ROLE_TEACHER')")
278283
SimpleResponse updateProfile(Authentication auth, @RequestParam String displayName,
279284
@RequestParam String email, @RequestParam String city, @RequestParam String state,
280285
@RequestParam String country, @RequestParam String schoolName,
@@ -294,6 +299,7 @@ SimpleResponse updateProfile(Authentication auth, @RequestParam String displayNa
294299
}
295300

296301
@PostMapping("/run/add/period")
302+
@PreAuthorize("hasRole('ROLE_TEACHER')")
297303
HashMap<String, Object> addPeriodToRun(Authentication auth, @RequestParam Long runId,
298304
@RequestParam String periodName) throws ObjectNotFoundException {
299305
User user = userService.retrieveUserByUsername(auth.getName());
@@ -318,6 +324,7 @@ HashMap<String, Object> addPeriodToRun(Authentication auth, @RequestParam Long r
318324
}
319325

320326
@PostMapping("/run/delete/period")
327+
@PreAuthorize("hasRole('ROLE_TEACHER')")
321328
HashMap<String, Object> deletePeriodFromRun(Authentication auth, @RequestParam Long runId,
322329
@RequestParam String periodName) throws ObjectNotFoundException, PeriodNotFoundException {
323330
User user = userService.retrieveUserByUsername(auth.getName());
@@ -341,6 +348,7 @@ HashMap<String, Object> deletePeriodFromRun(Authentication auth, @RequestParam L
341348
}
342349

343350
@PostMapping("/run/update/studentsperteam")
351+
@PreAuthorize("hasRole('ROLE_TEACHER')")
344352
HashMap<String, Object> editRunStudentsPerTeam(Authentication auth, @RequestParam Long runId,
345353
@RequestParam("maxStudentsPerTeam") Integer newMax) throws ObjectNotFoundException {
346354
User user = userService.retrieveUserByUsername(auth.getName());
@@ -363,6 +371,7 @@ HashMap<String, Object> editRunStudentsPerTeam(Authentication auth, @RequestPara
363371
}
364372

365373
@PostMapping("/run/update/starttime")
374+
@PreAuthorize("hasRole('ROLE_TEACHER')")
366375
HashMap<String, Object> editRunStartTime(Authentication authentication, @RequestParam Long runId,
367376
@RequestParam Long startTime) throws ObjectNotFoundException {
368377
User user = userService.retrieveUserByUsername(authentication.getName());
@@ -386,6 +395,7 @@ HashMap<String, Object> editRunStartTime(Authentication authentication, @Request
386395
}
387396

388397
@PostMapping("/run/update/endtime")
398+
@PreAuthorize("hasRole('ROLE_TEACHER')")
389399
HashMap<String, Object> editRunEndTime(Authentication authentication, @RequestParam Long runId,
390400
@RequestParam(required = false) Long endTime) throws ObjectNotFoundException {
391401
User user = userService.retrieveUserByUsername(authentication.getName());
@@ -408,6 +418,7 @@ HashMap<String, Object> editRunEndTime(Authentication authentication, @RequestPa
408418
}
409419

410420
@PostMapping("/run/update/islockedafterenddate")
421+
@PreAuthorize("hasRole('ROLE_TEACHER')")
411422
HashMap<String, Object> editRunIsLockedAfterEndDate(Authentication authentication,
412423
@RequestParam Long runId, @RequestParam Boolean isLockedAfterEndDate)
413424
throws ObjectNotFoundException {

src/main/java/org/wise/portal/presentation/web/controllers/user/UserAPIController.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
import org.springframework.security.access.annotation.Secured;
2020
import org.springframework.security.core.Authentication;
2121
import org.springframework.security.core.GrantedAuthority;
22+
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
2223
import org.springframework.security.web.authentication.switchuser.SwitchUserFilter;
2324
import org.springframework.web.bind.annotation.GetMapping;
2425
import org.springframework.web.bind.annotation.PathVariable;
@@ -97,7 +98,7 @@ public class UserAPIController {
9798
HashMap<String, Object> getUserInfo(Authentication auth,
9899
@RequestParam(required = false) String username) {
99100
HashMap<String, Object> info = new HashMap<String, Object>();
100-
if (auth != null) {
101+
if (auth != null && !(auth instanceof OAuth2AuthenticationToken)) {
101102
User user = userService.retrieveUserByUsername(auth.getName());
102103
info.put("id", user.getId());
103104
MutableUserDetails ud = user.getUserDetails();

src/main/java/org/wise/portal/spring/impl/WebSecurityConfig.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,9 @@ public SecurityFilterChain filterChain(HttpSecurity http,
109109
.requestMatchers(new AntPathRequestMatcher("/oauth2/**")).permitAll()
110110
.requestMatchers(new AntPathRequestMatcher("/login/oauth2/**")).permitAll()
111111
.requestMatchers(new AntPathRequestMatcher("/api/google-login")).permitAll()
112-
.requestMatchers(new AntPathRequestMatcher("/api/*/register")).permitAll()
112+
.requestMatchers(new AntPathRequestMatcher("/api/teacher/register")).permitAll()
113+
.requestMatchers(new AntPathRequestMatcher("/api/student/register")).permitAll()
114+
.requestMatchers(new AntPathRequestMatcher("/api/*/register/**")).permitAll()
113115
.requestMatchers(new AntPathRequestMatcher("/api/teacher/**")).hasAnyRole("TEACHER")
114116
.requestMatchers(new AntPathRequestMatcher("/sso/discourse"))
115117
.hasAnyRole("TEACHER", "STUDENT")

0 commit comments

Comments
 (0)