feat: 権限チェック等を追加

This commit is contained in:
usbharu 2024-08-11 01:22:43 +09:00
parent 1a3fc05dad
commit 540fe0eaa5
Signed by: usbharu
GPG Key ID: 6556747BF94EEBC8
6 changed files with 34 additions and 21 deletions

View File

@ -16,9 +16,9 @@
package dev.usbharu.hideout.mastodon.application.accounts
import dev.usbharu.hideout.core.application.shared.AbstractApplicationService
import dev.usbharu.hideout.core.application.shared.LocalUserAbstractApplicationService
import dev.usbharu.hideout.core.application.shared.Transaction
import dev.usbharu.hideout.core.domain.model.support.principal.Principal
import dev.usbharu.hideout.core.domain.model.support.principal.FromApi
import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.Account
import dev.usbharu.hideout.mastodon.query.AccountQueryService
import org.slf4j.LoggerFactory
@ -26,11 +26,11 @@ import org.springframework.stereotype.Service
@Service
class GetAccountApplicationService(private val accountQueryService: AccountQueryService, transaction: Transaction) :
AbstractApplicationService<GetAccount, Account>(
LocalUserAbstractApplicationService<GetAccount, Account>(
transaction,
logger
) {
override suspend fun internalExecute(command: GetAccount, principal: Principal): Account {
override suspend fun internalExecute(command: GetAccount, principal: FromApi): Account {
return accountQueryService.findById(command.accountId.toLong()) ?: throw Exception("Account not found")
}

View File

@ -16,26 +16,30 @@
package dev.usbharu.hideout.mastodon.application.filter
import dev.usbharu.hideout.core.application.shared.AbstractApplicationService
import dev.usbharu.hideout.core.application.exception.PermissionDeniedException
import dev.usbharu.hideout.core.application.shared.LocalUserAbstractApplicationService
import dev.usbharu.hideout.core.application.shared.Transaction
import dev.usbharu.hideout.core.domain.model.filter.FilterKeywordId
import dev.usbharu.hideout.core.domain.model.filter.FilterRepository
import dev.usbharu.hideout.core.domain.model.support.principal.Principal
import dev.usbharu.hideout.core.domain.model.support.principal.FromApi
import org.slf4j.LoggerFactory
import org.springframework.stereotype.Service
@Service
class DeleteFilterV1ApplicationService(private val filterRepository: FilterRepository, transaction: Transaction) :
AbstractApplicationService<DeleteFilterV1, Unit>(
LocalUserAbstractApplicationService<DeleteFilterV1, Unit>(
transaction, logger
) {
override suspend fun internalExecute(command: DeleteFilterV1, principal: FromApi) {
val filter = filterRepository.findByFilterKeywordId(FilterKeywordId(command.filterKeywordId))
?: throw IllegalArgumentException("Filter ${command.filterKeywordId} not found")
if (principal.userDetailId != filter.userDetailId) {
throw PermissionDeniedException()
}
filterRepository.delete(filter)
}
companion object {
private val logger = LoggerFactory.getLogger(DeleteFilterV1ApplicationService::class.java)
}
override suspend fun internalExecute(command: DeleteFilterV1, principal: Principal) {
val filter = filterRepository.findByFilterKeywordId(FilterKeywordId(command.filterKeywordId))
?: throw Exception("Not Found")
filterRepository.delete(filter)
}
}

View File

@ -16,6 +16,7 @@
package dev.usbharu.hideout.mastodon.application.filter
import dev.usbharu.hideout.core.application.exception.PermissionDeniedException
import dev.usbharu.hideout.core.application.shared.AbstractApplicationService
import dev.usbharu.hideout.core.application.shared.Transaction
import dev.usbharu.hideout.core.domain.model.filter.FilterContext.*
@ -34,7 +35,11 @@ class GetFilterV1ApplicationService(private val filterRepository: FilterReposito
) {
override suspend fun internalExecute(command: GetFilterV1, principal: Principal): V1Filter {
val filter = filterRepository.findByFilterKeywordId(FilterKeywordId(command.filterKeywordId))
?: throw Exception("Not Found")
?: throw IllegalArgumentException("Filter ${command.filterKeywordId} not found")
if (filter.userDetailId != principal.userDetailId) {
throw PermissionDeniedException()
}
val filterKeyword = filter.filterKeywords.find { it.id.id == command.filterKeywordId }
return V1Filter(

View File

@ -16,9 +16,9 @@
package dev.usbharu.hideout.mastodon.application.status
import dev.usbharu.hideout.core.application.shared.AbstractApplicationService
import dev.usbharu.hideout.core.application.shared.LocalUserAbstractApplicationService
import dev.usbharu.hideout.core.application.shared.Transaction
import dev.usbharu.hideout.core.domain.model.support.principal.Principal
import dev.usbharu.hideout.core.domain.model.support.principal.FromApi
import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.Status
import dev.usbharu.hideout.mastodon.query.StatusQueryService
import org.slf4j.LoggerFactory
@ -28,7 +28,7 @@ import org.springframework.stereotype.Service
class GetStatusApplicationService(
private val statusQueryService: StatusQueryService,
transaction: Transaction,
) : AbstractApplicationService<GetStatus, Status>(
) : LocalUserAbstractApplicationService<GetStatus, Status>(
transaction,
logger
) {
@ -36,7 +36,9 @@ class GetStatusApplicationService(
val logger = LoggerFactory.getLogger(GetStatusApplicationService::class.java)!!
}
override suspend fun internalExecute(command: GetStatus, principal: Principal): Status {
return statusQueryService.findByPostId(command.id.toLong()) ?: throw Exception("Not fount")
override suspend fun internalExecute(command: GetStatus, principal: FromApi): Status {
return statusQueryService.findByPostId(command.id.toLong())
?: throw IllegalArgumentException("Post ${command.id} not found.")
}
}

View File

@ -19,6 +19,7 @@ package dev.usbharu.hideout.mastodon.infrastructure.exposedquery
import dev.usbharu.hideout.core.domain.model.emoji.CustomEmoji
import dev.usbharu.hideout.core.domain.model.media.*
import dev.usbharu.hideout.core.domain.model.post.Visibility
import dev.usbharu.hideout.core.domain.model.support.principal.Principal
import dev.usbharu.hideout.core.infrastructure.exposedrepository.*
import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.Account
import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.MediaAttachment
@ -117,7 +118,7 @@ class StatusQueryServiceImpl : StatusQueryService {
return statuses
}
override suspend fun findByPostId(id: Long): Status? {
override suspend fun findByPostId(id: Long, principal: Principal?): Status? {
val map = Posts
.leftJoin(PostsMedia)
.leftJoin(Actors)

View File

@ -16,6 +16,7 @@
package dev.usbharu.hideout.mastodon.query
import dev.usbharu.hideout.core.domain.model.support.principal.Principal
import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.Status
interface StatusQueryService {
@ -33,7 +34,7 @@ interface StatusQueryService {
includeFollowers: Boolean = false,
): List<Status>
suspend fun findByPostId(id: Long): Status?
suspend fun findByPostId(id: Long, principal: Principal? = null): Status?
}
data class StatusQuery(