🔒 Add security expression for guild

2022-06-10 16:54:52 +02:00 · 2022-06-10 16:54:52 +02:00 · cb0c916196
commit cb0c916196
parent 9a8a7693ae
3 changed files with 98 additions and 0 deletions
--- a/src/main/java/net/Broken/Api/Security/Expression/CustomMethodSecurityExpressionHandler.java
+++ b/src/main/java/net/Broken/Api/Security/Expression/CustomMethodSecurityExpressionHandler.java
@ -0,0 +1,26 @@
+package net.Broken.Api.Security.Expression;
+
+import net.Broken.Api.Security.Expression.CustomMethodSecurityExpressionRoot;
+import org.aopalliance.intercept.MethodInvocation;
+import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
+import org.springframework.security.access.expression.method.MethodSecurityExpressionOperations;
+import org.springframework.security.authentication.AuthenticationTrustResolver;
+import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
+import org.springframework.security.core.Authentication;
+
+public class CustomMethodSecurityExpressionHandler
+        extends DefaultMethodSecurityExpressionHandler {
+    private AuthenticationTrustResolver trustResolver =
+            new AuthenticationTrustResolverImpl();
+
+    @Override
+    protected MethodSecurityExpressionOperations createSecurityExpressionRoot(
+            Authentication authentication, MethodInvocation invocation) {
+        CustomMethodSecurityExpressionRoot root =
+                new CustomMethodSecurityExpressionRoot(authentication);
+        root.setPermissionEvaluator(getPermissionEvaluator());
+        root.setTrustResolver(this.trustResolver);
+        root.setRoleHierarchy(getRoleHierarchy());
+        return root;
+    }
+}
--- a/src/main/java/net/Broken/Api/Security/Expression/CustomMethodSecurityExpressionRoot.java
+++ b/src/main/java/net/Broken/Api/Security/Expression/CustomMethodSecurityExpressionRoot.java
@ -0,0 +1,56 @@
+package net.Broken.Api.Security.Expression;
+
+import net.Broken.Api.Security.Data.JwtPrincipal;
+import net.Broken.MainBot;
+import net.Broken.Tools.CacheTools;
+import net.dv8tion.jda.api.entities.Guild;
+import okhttp3.Cache;
+import org.springframework.security.access.expression.SecurityExpressionRoot;
+import org.springframework.security.access.expression.method.MethodSecurityExpressionOperations;
+import org.springframework.security.core.Authentication;
+
+public class CustomMethodSecurityExpressionRoot
+        extends SecurityExpressionRoot
+        implements MethodSecurityExpressionOperations {
+    private Object filterObject;
+    private Object returnObject;
+    /**
+     * Creates a new instance
+     *
+     * @param authentication the {@link Authentication} to use. Cannot be null.
+     */
+    public CustomMethodSecurityExpressionRoot(Authentication authentication) {
+        super(authentication);
+    }
+
+    public boolean isInGuild(String guildId){
+        JwtPrincipal jwtPrincipal = (JwtPrincipal) authentication.getPrincipal();
+        Guild guild = MainBot.jda.getGuildById(guildId);
+        return CacheTools.getJdaUser(jwtPrincipal.user()).getMutualGuilds().contains(guild);
+    }
+
+    @Override
+    public void setFilterObject(Object filterObject) {
+        this.filterObject = filterObject;
+    }
+
+    @Override
+    public Object getFilterObject() {
+        return this.filterObject;
+    }
+
+    @Override
+    public void setReturnObject(Object returnObject) {
+        this.returnObject = returnObject;
+    }
+
+    @Override
+    public Object getReturnObject() {
+        return this.returnObject;
+    }
+
+    @Override
+    public Object getThis() {
+        return this;
+    }
+}
--- a/src/main/java/net/Broken/Api/Security/MethodSecurityConfig.java
+++ b/src/main/java/net/Broken/Api/Security/MethodSecurityConfig.java
@ -0,0 +1,16 @@
+package net.Broken.Api.Security;
+
+import net.Broken.Api.Security.Expression.CustomMethodSecurityExpressionHandler;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
+
+@Configuration
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
+    @Override
+    protected MethodSecurityExpressionHandler createExpressionHandler() {
+        return new CustomMethodSecurityExpressionHandler();
+    }
+}