Issue #24: Extrahiere Service mit Datenbankanfragen

author: Paul-Christian Volkmer 2023-04-10 14:26:35 +0200
committer: Paul-Christian Volkmer 2023-04-10 14:27:40 +0200
commit: 5b9b12afc9ed29d005442b3a18a45b9a3104ad84 (patch)
tree: dc246f38b79d665782eb4740af68fe106633977e /src/main/java/DNPM/security/PersonPoolBasedPermissionEvaluator.java
parent: 44396ff04a24088ac9fb2cab270036a9a983944f (diff)
1 files changed, 7 insertions, 28 deletions
diff --git a/src/main/java/DNPM/security/PersonPoolBasedPermissionEvaluator.java b/src/main/java/DNPM/security/PersonPoolBasedPermissionEvaluator.java
index 21cdca1..e3ba16e 100644
--- a/src/main/java/DNPM/security/PersonPoolBasedPermissionEvaluator.java
+++ b/src/main/java/DNPM/security/PersonPoolBasedPermissionEvaluator.java
@@ -4,12 +4,9 @@ import de.itc.onkostar.api.IOnkostarApi;
 import de.itc.onkostar.api.Patient;
 import de.itc.onkostar.api.Procedure;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Component;
 
-import javax.sql.DataSource;
 import java.io.Serializable;
-import java.util.List;
 
 /**
  * Permission-Evaluator zur Auswertung der Berechtigung auf Objekte aufgrund der Personenstammberechtigung
@@ -17,8 +14,8 @@ import java.util.List;
 @Component
 public class PersonPoolBasedPermissionEvaluator extends AbstractDelegatedPermissionEvaluator {
 
-    public PersonPoolBasedPermissionEvaluator(final IOnkostarApi onkostarApi, final DataSource dataSource) {
-        super(onkostarApi, dataSource);
+    public PersonPoolBasedPermissionEvaluator(final IOnkostarApi onkostarApi, final SecurityService securityService) {
+        super(onkostarApi, securityService);
     }
 
     /**
@@ -32,10 +29,10 @@ public class PersonPoolBasedPermissionEvaluator extends AbstractDelegatedPermiss
     public boolean hasPermission(Authentication authentication, Object targetObject, Object permissionType) {
         if (permissionType instanceof PermissionType) {
             if (targetObject instanceof Patient) {
-                return getPersonPoolIdsForPermission(authentication, (PermissionType)permissionType)
+                return this.securityService.getPersonPoolIdsForPermission(authentication, (PermissionType)permissionType)
                         .contains(((Patient)targetObject).getPersonPoolCode());
             } else if (targetObject instanceof Procedure) {
-                return getPersonPoolIdsForPermission(authentication, (PermissionType)permissionType)
+                return this.securityService.getPersonPoolIdsForPermission(authentication, (PermissionType)permissionType)
                         .contains(((Procedure)targetObject).getPatient().getPersonPoolCode());
             }
         }
@@ -52,10 +49,10 @@ public class PersonPoolBasedPermissionEvaluator extends AbstractDelegatedPermiss
      */
     @Override
     public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permissionType) {
-        if (targetId instanceof Integer) {
+        if (targetId instanceof Integer && permissionType instanceof PermissionType) {
             var personPoolCode = getPersonPoolCode((int)targetId, targetType);
-            if (null != personPoolCode && permissionType instanceof PermissionType) {
-                return getPersonPoolIdsForPermission(authentication, (PermissionType) permissionType).contains(personPoolCode);
+            if (null != personPoolCode) {
+                return this.securityService.getPersonPoolIdsForPermission(authentication, (PermissionType) permissionType).contains(personPoolCode);
             }
         }
         return false;
@@ -80,23 +77,5 @@ public class PersonPoolBasedPermissionEvaluator extends AbstractDelegatedPermiss
         return null;
     }
 
-    List<String> getPersonPoolIdsForPermission(Authentication authentication, PermissionType permissionType) {
-        var sql = "SELECT p.kennung FROM personenstamm_zugriff " +
-                " JOIN usergroup u ON personenstamm_zugriff.benutzergruppe_id = u.id " +
-                " JOIN akteur_usergroup au ON u.id = au.usergroup_id " +
-                " JOIN akteur a ON au.akteur_id = a.id " +
-                " JOIN personenstamm p on personenstamm_zugriff.personenstamm_id = p.id " +
-                " WHERE a.login = ? AND a.aktiv AND a.anmelden_moeglich ";
-
-        if (PermissionType.READ_WRITE == permissionType) {
-            sql += " AND personenstamm_zugriff.bearbeiten ";
-        }
-
-        var userDetails = (UserDetails)authentication.getPrincipal();
-
-        return jdbcTemplate
-                .query(sql, new Object[]{userDetails.getUsername()}, (rs, rowNum) -> rs.getString("kennung"));
-    }
-
 
 }
author	Paul-Christian Volkmer	2023-04-10 14:26:35 +0200
committer	Paul-Christian Volkmer	2023-04-10 14:27:40 +0200
commit	5b9b12afc9ed29d005442b3a18a45b9a3104ad84 (patch)
tree	dc246f38b79d665782eb4740af68fe106633977e /src/main/java/DNPM/security/PersonPoolBasedPermissionEvaluator.java
parent	44396ff04a24088ac9fb2cab270036a9a983944f (diff)