fix: Ensure user/usergroup not deleted before updates

informatici · Oct 28, 2024 · b0505ae · b0505ae
1 parent 8aecc64
commit b0505ae
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 6 deletions.
diff --git a/src/main/java/org/isf/menu/manager/UserBrowsingManager.java b/src/main/java/org/isf/menu/manager/UserBrowsingManager.java
@@ -146,7 +146,7 @@ public void deleteUser(User user) throws OHServiceException {
 	 * Increase the number of failed login attempts for {@link User}.
 	 * @param user the {@link User}
 	 */
-	public void increaseFailedAttempts(User user) {
+	public void increaseFailedAttempts(User user) throws OHServiceException {
 		int newFailAttempts = user.getFailedAttempts() + 1;
 		ioOperations.updateFailedAttempts(user.getUserName(), newFailAttempts);
 	}
@@ -155,7 +155,7 @@ public void increaseFailedAttempts(User user) {
 	 * Reset the number of failed login attempts to zero for {@link User}.
 	 * @param user the {@link User}
 	 */
-	public void resetFailedAttempts(User user) {
+	public void resetFailedAttempts(User user) throws OHServiceException {
 		ioOperations.updateFailedAttempts(user.getUserName(), 0);
 	}
 

diff --git a/src/main/java/org/isf/menu/model/User.java b/src/main/java/org/isf/menu/model/User.java
@@ -72,8 +72,8 @@ public class User extends Auditable<String> {
 	@Column(name = "US_LAST_LOGIN")
 	private LocalDateTime lastLogin;
 
-	@Column(name = "US_DELETED", columnDefinition = "BOOLEAN DEFAULT false")
-	private boolean deleted = false;
+	@Column(name = "US_DELETED")
+	private boolean deleted;
 
 	@Transient
 	private volatile int hashCode;

diff --git a/src/main/java/org/isf/menu/model/UserGroup.java b/src/main/java/org/isf/menu/model/UserGroup.java
@@ -46,8 +46,8 @@ public class UserGroup extends Auditable<String> {
 	@Column(name = "UG_DESC")
 	private String desc;
 
-	@Column(name = "UG_DELETED", columnDefinition = "BOOLEAN DEFAULT false")
-	private boolean deleted = false;
+	@Column(name = "UG_DELETED")
+	private boolean deleted;
 
 	@Transient
 	private volatile int hashCode;

diff --git a/src/main/java/org/isf/menu/service/MenuIoOperations.java b/src/main/java/org/isf/menu/service/MenuIoOperations.java
@@ -182,6 +182,7 @@ public User newUser(User user) throws OHServiceException {
 	 * @throws OHServiceException When failed to update user
 	 */
 	public boolean updateUser(User user) throws OHServiceException {
+		ensureUserNotDeleted(user.getUserName());
 		return repository.updateUser(user.getDesc(), user.getUserGroupName(), user.getUserName()) > 0;
 	}
 
@@ -192,6 +193,7 @@ public boolean updateUser(User user) throws OHServiceException {
 	 * @throws OHServiceException When failed to update the password
 	 */
 	public boolean updatePassword(User user) throws OHServiceException {
+		ensureUserNotDeleted(user.getUserName());
 		return repository.updatePassword(user.getPasswd(), user.getUserName()) > 0;
 	}
 
@@ -201,6 +203,7 @@ public boolean updatePassword(User user) throws OHServiceException {
 	 * @throws OHServiceException When failed to delete user
 	 */
 	public void deleteUser(User user) throws OHServiceException {
+		ensureUserNotDeleted(user.getUserName());
 		user.setDeleted(true);
 		repository.save(user);
 	}
@@ -286,10 +289,12 @@ public boolean setGroupMenu(UserGroup aGroup, List<UserMenuItem> menu) throws OH
 	}
 
 	private void deleteGroupMenu(UserGroup aGroup) throws OHServiceException {
+		ensureUserGroupNotDeleted(aGroup.getCode());
 		groupMenuRepository.deleteWhereUserGroup(aGroup.getCode());
 	}
 
 	private GroupMenu insertGroupMenu(UserGroup aGroup, UserMenuItem item) throws OHServiceException {
+		ensureUserGroupNotDeleted(aGroup.getCode());
 		GroupMenu groupMenu = new GroupMenu();
 		groupMenu.setUserGroup(aGroup.getCode());
 		groupMenu.setMenuItem(item.getCode());
@@ -303,6 +308,7 @@ private GroupMenu insertGroupMenu(UserGroup aGroup, UserMenuItem item) throws OH
 	 * @throws OHServiceException When failed to delete group
 	 */
 	public void deleteGroup(UserGroup aGroup) throws OHServiceException {
+		ensureUserGroupNotDeleted(aGroup.getCode());
 		aGroup.setDeleted(true);
 		groupRepository.save(aGroup);
 	}
@@ -314,6 +320,7 @@ public void deleteGroup(UserGroup aGroup) throws OHServiceException {
 	 * @throws OHServiceException When failed to create group
 	 */
 	public UserGroup newUserGroup(UserGroup aGroup) throws OHServiceException {
+		aGroup.setDeleted(false);
 		return groupRepository.save(aGroup);
 	}
 
@@ -349,6 +356,7 @@ public UserGroup newUserGroup(UserGroup userGroup, List<Permission> permissions)
 	 * @throws OHServiceException When failed to update the user group
 	 */
 	public boolean updateUserGroup(UserGroup aGroup) throws OHServiceException {
+		ensureUserGroupNotDeleted(aGroup.getCode());
 		return groupRepository.updateDescription(aGroup.getDesc(), aGroup.getCode()) > 0;
 	}
 
@@ -360,6 +368,7 @@ public boolean updateUserGroup(UserGroup aGroup) throws OHServiceException {
 	 * @throws OHServiceException When failed to update user group
 	 */
 	public boolean updateUserGroup(UserGroup userGroup, List<Permission> permissions) throws OHServiceException {
+		ensureUserGroupNotDeleted(userGroup.getCode());
 		boolean updated = groupRepository.updateDescription(userGroup.getDesc(), userGroup.getCode()) > 0;
 
 		if (updated && permissions != null && !permissions.isEmpty()) {
@@ -379,4 +388,18 @@ public boolean updateUserGroup(UserGroup userGroup, List<Permission> permissions
 
 		return updated;
 	}
+
+	public void ensureUserNotDeleted(String username) throws OHServiceException {
+		User entity = repository.findByUserName(username);
+		if (entity == null) {
+			throw new OHServiceException(new OHExceptionMessage("This operation is not allowed"));
+		}
+	}
+
+	public void ensureUserGroupNotDeleted(String code) throws OHServiceException {
+		UserGroup entity = findByCode(code);
+		if (entity == null) {
+			throw new OHServiceException(new OHExceptionMessage("This operation is not allowed"));
+		}
+	}
 }