feat: 権限チェック等を追加

This commit is contained in:
usbharu 2024-08-11 01:22:43 +09:00
parent 1a3fc05dad
commit 540fe0eaa5
Signed by: usbharu
GPG Key ID: 6556747BF94EEBC8
6 changed files with 34 additions and 21 deletions

View File

@ -16,9 +16,9 @@
package dev.usbharu.hideout.mastodon.application.accounts package dev.usbharu.hideout.mastodon.application.accounts
import dev.usbharu.hideout.core.application.shared.AbstractApplicationService import dev.usbharu.hideout.core.application.shared.LocalUserAbstractApplicationService
import dev.usbharu.hideout.core.application.shared.Transaction import dev.usbharu.hideout.core.application.shared.Transaction
import dev.usbharu.hideout.core.domain.model.support.principal.Principal import dev.usbharu.hideout.core.domain.model.support.principal.FromApi
import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.Account import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.Account
import dev.usbharu.hideout.mastodon.query.AccountQueryService import dev.usbharu.hideout.mastodon.query.AccountQueryService
import org.slf4j.LoggerFactory import org.slf4j.LoggerFactory
@ -26,11 +26,11 @@ import org.springframework.stereotype.Service
@Service @Service
class GetAccountApplicationService(private val accountQueryService: AccountQueryService, transaction: Transaction) : class GetAccountApplicationService(private val accountQueryService: AccountQueryService, transaction: Transaction) :
AbstractApplicationService<GetAccount, Account>( LocalUserAbstractApplicationService<GetAccount, Account>(
transaction, transaction,
logger logger
) { ) {
override suspend fun internalExecute(command: GetAccount, principal: Principal): Account { override suspend fun internalExecute(command: GetAccount, principal: FromApi): Account {
return accountQueryService.findById(command.accountId.toLong()) ?: throw Exception("Account not found") return accountQueryService.findById(command.accountId.toLong()) ?: throw Exception("Account not found")
} }

View File

@ -16,26 +16,30 @@
package dev.usbharu.hideout.mastodon.application.filter package dev.usbharu.hideout.mastodon.application.filter
import dev.usbharu.hideout.core.application.shared.AbstractApplicationService import dev.usbharu.hideout.core.application.exception.PermissionDeniedException
import dev.usbharu.hideout.core.application.shared.LocalUserAbstractApplicationService
import dev.usbharu.hideout.core.application.shared.Transaction import dev.usbharu.hideout.core.application.shared.Transaction
import dev.usbharu.hideout.core.domain.model.filter.FilterKeywordId import dev.usbharu.hideout.core.domain.model.filter.FilterKeywordId
import dev.usbharu.hideout.core.domain.model.filter.FilterRepository import dev.usbharu.hideout.core.domain.model.filter.FilterRepository
import dev.usbharu.hideout.core.domain.model.support.principal.Principal import dev.usbharu.hideout.core.domain.model.support.principal.FromApi
import org.slf4j.LoggerFactory import org.slf4j.LoggerFactory
import org.springframework.stereotype.Service import org.springframework.stereotype.Service
@Service @Service
class DeleteFilterV1ApplicationService(private val filterRepository: FilterRepository, transaction: Transaction) : class DeleteFilterV1ApplicationService(private val filterRepository: FilterRepository, transaction: Transaction) :
AbstractApplicationService<DeleteFilterV1, Unit>( LocalUserAbstractApplicationService<DeleteFilterV1, Unit>(
transaction, logger transaction, logger
) { ) {
override suspend fun internalExecute(command: DeleteFilterV1, principal: FromApi) {
val filter = filterRepository.findByFilterKeywordId(FilterKeywordId(command.filterKeywordId))
?: throw IllegalArgumentException("Filter ${command.filterKeywordId} not found")
if (principal.userDetailId != filter.userDetailId) {
throw PermissionDeniedException()
}
filterRepository.delete(filter)
}
companion object { companion object {
private val logger = LoggerFactory.getLogger(DeleteFilterV1ApplicationService::class.java) private val logger = LoggerFactory.getLogger(DeleteFilterV1ApplicationService::class.java)
} }
override suspend fun internalExecute(command: DeleteFilterV1, principal: Principal) {
val filter = filterRepository.findByFilterKeywordId(FilterKeywordId(command.filterKeywordId))
?: throw Exception("Not Found")
filterRepository.delete(filter)
}
} }

View File

@ -16,6 +16,7 @@
package dev.usbharu.hideout.mastodon.application.filter package dev.usbharu.hideout.mastodon.application.filter
import dev.usbharu.hideout.core.application.exception.PermissionDeniedException
import dev.usbharu.hideout.core.application.shared.AbstractApplicationService import dev.usbharu.hideout.core.application.shared.AbstractApplicationService
import dev.usbharu.hideout.core.application.shared.Transaction import dev.usbharu.hideout.core.application.shared.Transaction
import dev.usbharu.hideout.core.domain.model.filter.FilterContext.* import dev.usbharu.hideout.core.domain.model.filter.FilterContext.*
@ -34,7 +35,11 @@ class GetFilterV1ApplicationService(private val filterRepository: FilterReposito
) { ) {
override suspend fun internalExecute(command: GetFilterV1, principal: Principal): V1Filter { override suspend fun internalExecute(command: GetFilterV1, principal: Principal): V1Filter {
val filter = filterRepository.findByFilterKeywordId(FilterKeywordId(command.filterKeywordId)) val filter = filterRepository.findByFilterKeywordId(FilterKeywordId(command.filterKeywordId))
?: throw Exception("Not Found") ?: throw IllegalArgumentException("Filter ${command.filterKeywordId} not found")
if (filter.userDetailId != principal.userDetailId) {
throw PermissionDeniedException()
}
val filterKeyword = filter.filterKeywords.find { it.id.id == command.filterKeywordId } val filterKeyword = filter.filterKeywords.find { it.id.id == command.filterKeywordId }
return V1Filter( return V1Filter(

View File

@ -16,9 +16,9 @@
package dev.usbharu.hideout.mastodon.application.status package dev.usbharu.hideout.mastodon.application.status
import dev.usbharu.hideout.core.application.shared.AbstractApplicationService import dev.usbharu.hideout.core.application.shared.LocalUserAbstractApplicationService
import dev.usbharu.hideout.core.application.shared.Transaction import dev.usbharu.hideout.core.application.shared.Transaction
import dev.usbharu.hideout.core.domain.model.support.principal.Principal import dev.usbharu.hideout.core.domain.model.support.principal.FromApi
import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.Status import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.Status
import dev.usbharu.hideout.mastodon.query.StatusQueryService import dev.usbharu.hideout.mastodon.query.StatusQueryService
import org.slf4j.LoggerFactory import org.slf4j.LoggerFactory
@ -28,7 +28,7 @@ import org.springframework.stereotype.Service
class GetStatusApplicationService( class GetStatusApplicationService(
private val statusQueryService: StatusQueryService, private val statusQueryService: StatusQueryService,
transaction: Transaction, transaction: Transaction,
) : AbstractApplicationService<GetStatus, Status>( ) : LocalUserAbstractApplicationService<GetStatus, Status>(
transaction, transaction,
logger logger
) { ) {
@ -36,7 +36,9 @@ class GetStatusApplicationService(
val logger = LoggerFactory.getLogger(GetStatusApplicationService::class.java)!! val logger = LoggerFactory.getLogger(GetStatusApplicationService::class.java)!!
} }
override suspend fun internalExecute(command: GetStatus, principal: Principal): Status { override suspend fun internalExecute(command: GetStatus, principal: FromApi): Status {
return statusQueryService.findByPostId(command.id.toLong()) ?: throw Exception("Not fount") return statusQueryService.findByPostId(command.id.toLong())
?: throw IllegalArgumentException("Post ${command.id} not found.")
} }
} }

View File

@ -19,6 +19,7 @@ package dev.usbharu.hideout.mastodon.infrastructure.exposedquery
import dev.usbharu.hideout.core.domain.model.emoji.CustomEmoji import dev.usbharu.hideout.core.domain.model.emoji.CustomEmoji
import dev.usbharu.hideout.core.domain.model.media.* import dev.usbharu.hideout.core.domain.model.media.*
import dev.usbharu.hideout.core.domain.model.post.Visibility import dev.usbharu.hideout.core.domain.model.post.Visibility
import dev.usbharu.hideout.core.domain.model.support.principal.Principal
import dev.usbharu.hideout.core.infrastructure.exposedrepository.* import dev.usbharu.hideout.core.infrastructure.exposedrepository.*
import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.Account import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.Account
import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.MediaAttachment import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.MediaAttachment
@ -117,7 +118,7 @@ class StatusQueryServiceImpl : StatusQueryService {
return statuses return statuses
} }
override suspend fun findByPostId(id: Long): Status? { override suspend fun findByPostId(id: Long, principal: Principal?): Status? {
val map = Posts val map = Posts
.leftJoin(PostsMedia) .leftJoin(PostsMedia)
.leftJoin(Actors) .leftJoin(Actors)

View File

@ -16,6 +16,7 @@
package dev.usbharu.hideout.mastodon.query package dev.usbharu.hideout.mastodon.query
import dev.usbharu.hideout.core.domain.model.support.principal.Principal
import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.Status import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.Status
interface StatusQueryService { interface StatusQueryService {
@ -33,7 +34,7 @@ interface StatusQueryService {
includeFollowers: Boolean = false, includeFollowers: Boolean = false,
): List<Status> ): List<Status>
suspend fun findByPostId(id: Long): Status? suspend fun findByPostId(id: Long, principal: Principal? = null): Status?
} }
data class StatusQuery( data class StatusQuery(