Fix reflection related issues

simonyiszk · Aug 23, 2024 · 8bcf241 · 8bcf241
1 parent 2ad5b4b
commit 8bcf241
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 9 deletions.
diff --git a/backend/src/main/kotlin/hu/bme/sch/paybasz/account/AccountTerminalController.kt b/backend/src/main/kotlin/hu/bme/sch/paybasz/account/AccountTerminalController.kt
@@ -1,10 +1,11 @@
 package hu.bme.sch.paybasz.account
 
 import hu.bme.sch.paybasz.common.TERMINAL_API
+import hu.bme.sch.paybasz.principal.PermissionName
 import jakarta.validation.Valid
 import jakarta.validation.constraints.Min
 import jakarta.validation.constraints.NotBlank
-import org.springframework.security.access.prepost.PreAuthorize
+import org.springframework.security.access.annotation.Secured
 import org.springframework.web.bind.annotation.*
 
 
@@ -26,15 +27,15 @@ class AccountTerminalController(
   data class BalanceAmountDto(@field:Min(0) val amount: Long)
 
   @PostMapping("/account-by-card/{card}/pay")
-  @PreAuthorize("hasRole(T(hu.bme.sch.paybasz.principal.Permission).SELL_ITEMS.name())")
+  @Secured(PermissionName.SELL_ITEMS)
   fun pay(
     @PathVariable card: String,
     @Valid @RequestBody dto: BalanceAmountDto
   ) = balanceService.pay(card, dto.amount, logEvent = true)
 
 
   @PostMapping("/account-by-card/{card}/upload")
-  @PreAuthorize("hasRole(T(hu.bme.sch.paybasz.principal.Permission).UPLOAD_FUNDS.name())")
+  @Secured(PermissionName.UPLOAD_FUNDS)
   fun upload(
     @PathVariable card: String,
     @Valid @RequestBody dto: BalanceAmountDto
@@ -44,7 +45,7 @@ class AccountTerminalController(
   data class BalanceTransferDto(@field:NotBlank val recipientCard: String, @field:Min(0) val amount: Long)
 
   @PostMapping("/account-by-card/{card}/transfer")
-  @PreAuthorize("hasRole(T(hu.bme.sch.paybasz.principal.Permission).TRANSFER_FUNDS.name())")
+  @Secured(PermissionName.TRANSFER_FUNDS)
   fun transfer(
     @PathVariable card: String,
     @Valid @RequestBody dto: BalanceTransferDto
@@ -54,7 +55,7 @@ class AccountTerminalController(
   data class CardAssignDto(@field:NotBlank val card: String)
 
   @PostMapping("/accounts/{accountId}/card")
-  @PreAuthorize("hasRole(T(hu.bme.sch.paybasz.principal.Permission).ASSIGN_CARDS.name())")
+  @Secured(PermissionName.ASSIGN_CARDS)
   fun assignCard(
     @Valid @RequestBody dto: CardAssignDto,
     @PathVariable accountId: Int

diff --git a/backend/src/main/kotlin/hu/bme/sch/paybasz/order/ItemService.kt b/backend/src/main/kotlin/hu/bme/sch/paybasz/order/ItemService.kt
@@ -2,9 +2,10 @@ package hu.bme.sch.paybasz.order
 
 import hu.bme.sch.paybasz.account.AccountBalanceService
 import hu.bme.sch.paybasz.common.BadRequestException
+import hu.bme.sch.paybasz.principal.PermissionName
 import hu.bme.sch.paybasz.principal.getLoggedInPrincipal
 import org.springframework.context.ApplicationEventPublisher
-import org.springframework.security.access.prepost.PreAuthorize
+import org.springframework.security.access.annotation.Secured
 import org.springframework.stereotype.Service
 import org.springframework.transaction.annotation.Transactional
 import java.time.Clock
@@ -63,7 +64,7 @@ class ItemService(
     .forEach { events.publishEvent(ItemCreatedEvent(it, getLoggedInPrincipal(), clock.millis())) }
 
 
-  @PreAuthorize("hasRole(T(hu.bme.sch.paybasz.principal.Permission).SELL_ITEMS.name())")
+  @Secured(PermissionName.SELL_ITEMS)
   fun processSaleAuthorized(order: Order, line: OrderTerminalController.OrderLineDto) {
     validateOrderLine(line)
     val item = line.itemId?.let { findActiveItem(itemId = it) }

diff --git a/backend/src/main/kotlin/hu/bme/sch/paybasz/order/VoucherService.kt b/backend/src/main/kotlin/hu/bme/sch/paybasz/order/VoucherService.kt
@@ -1,9 +1,10 @@
 package hu.bme.sch.paybasz.order
 
 import hu.bme.sch.paybasz.common.BadRequestException
+import hu.bme.sch.paybasz.principal.PermissionName
 import hu.bme.sch.paybasz.principal.getLoggedInPrincipal
 import org.springframework.context.ApplicationEventPublisher
-import org.springframework.security.access.prepost.PreAuthorize
+import org.springframework.security.access.annotation.Secured
 import org.springframework.stereotype.Service
 import org.springframework.transaction.annotation.Transactional
 import java.time.Clock
@@ -69,7 +70,7 @@ class VoucherService(
   }
 
 
-  @PreAuthorize("hasRole(T(hu.bme.sch.paybasz.principal.Permission).REDEEM_VOUCHERS.name())")
+  @Secured(PermissionName.REDEEM_VOUCHERS)
   fun processVoucherRedemptionAuthorized(order: Order, dto: OrderTerminalController.OrderLineDto) {
     validateOrderLine(dto)
     val voucher = voucherRepository.findByAccountAndItem(order.accountId, dto.itemId!!)

diff --git a/backend/src/main/kotlin/hu/bme/sch/paybasz/principal/Principal.kt b/backend/src/main/kotlin/hu/bme/sch/paybasz/principal/Principal.kt
@@ -15,6 +15,15 @@ enum class Role {
 }
 
 
+object PermissionName {
+  const val UPLOAD_FUNDS = "UPLOAD_FUNDS"
+  const val TRANSFER_FUNDS = "TRANSFER_FUNDS"
+  const val SELL_ITEMS = "SELL_ITEMS"
+  const val REDEEM_VOUCHERS = "REDEEM_VOUCHERS"
+  const val ASSIGN_CARDS = "ASSIGN_CARDS"
+}
+
+
 enum class Permission {
   UPLOAD_FUNDS,
   TRANSFER_FUNDS,