From b52f39047d31c989702e05f8cef8e3e0a0241d97 Mon Sep 17 00:00:00 2001
From: Bogdan Kostov <kostobog@fel.cvut.cz>
Date: Sat, 6 Jul 2024 12:31:01 +0200
Subject: [PATCH] [Fix #135] Add method level security

---
 .../cvut/kbss/analysis/controller/AnnotatorController.java  | 6 +++---
 .../cvut/kbss/analysis/controller/ComponentController.java  | 3 +++
 .../kbss/analysis/controller/FailureModeController.java     | 3 +++
 .../kbss/analysis/controller/FailureModesRowController.java | 3 +++
 .../analysis/controller/FailureModesTableController.java    | 3 +++
 .../cvut/kbss/analysis/controller/FaultEventController.java | 3 +++
 .../cvut/kbss/analysis/controller/FaultTreeController.java  | 5 ++++-
 .../cvut/kbss/analysis/controller/FunctionController.java   | 3 +++
 .../cvut/kbss/analysis/controller/MitigationController.java | 3 +++
 .../controller/OperationalDataFilterController.java         | 3 +++
 .../cz/cvut/kbss/analysis/controller/SystemController.java  | 3 +++
 11 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/src/main/java/cz/cvut/kbss/analysis/controller/AnnotatorController.java b/src/main/java/cz/cvut/kbss/analysis/controller/AnnotatorController.java
index fcf3222f..690a3b83 100644
--- a/src/main/java/cz/cvut/kbss/analysis/controller/AnnotatorController.java
+++ b/src/main/java/cz/cvut/kbss/analysis/controller/AnnotatorController.java
@@ -1,19 +1,19 @@
 package cz.cvut.kbss.analysis.controller;
 
 
-import cz.cvut.kbss.analysis.model.Document;
+import cz.cvut.kbss.analysis.security.SecurityConstants;
 import cz.cvut.kbss.analysis.service.external.AnnotatorService;
 import cz.cvut.kbss.jsonld.JsonLd;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.util.List;
-
 @RequestMapping("/documents")
 @RestController
+@PreAuthorize("hasRole('" + SecurityConstants.ROLE_USER + "')")
 public class AnnotatorController {
 
     private final AnnotatorService annotatorService;
diff --git a/src/main/java/cz/cvut/kbss/analysis/controller/ComponentController.java b/src/main/java/cz/cvut/kbss/analysis/controller/ComponentController.java
index dc46eced..15156b6a 100755
--- a/src/main/java/cz/cvut/kbss/analysis/controller/ComponentController.java
+++ b/src/main/java/cz/cvut/kbss/analysis/controller/ComponentController.java
@@ -4,6 +4,7 @@
 import cz.cvut.kbss.analysis.model.Component;
 import cz.cvut.kbss.analysis.model.FailureMode;
 import cz.cvut.kbss.analysis.model.Function;
+import cz.cvut.kbss.analysis.security.SecurityConstants;
 import cz.cvut.kbss.analysis.service.ComponentRepositoryService;
 import cz.cvut.kbss.analysis.service.IdentifierService;
 import cz.cvut.kbss.analysis.util.Vocabulary;
@@ -13,6 +14,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.net.URI;
@@ -21,6 +23,7 @@
 
 @RestController
 @RequestMapping("/components")
+@PreAuthorize("hasRole('" + SecurityConstants.ROLE_USER + "')")
 @RequiredArgsConstructor(onConstructor = @__(@Autowired))
 @Slf4j
 public class ComponentController {
diff --git a/src/main/java/cz/cvut/kbss/analysis/controller/FailureModeController.java b/src/main/java/cz/cvut/kbss/analysis/controller/FailureModeController.java
index c85c5574..24c898b5 100755
--- a/src/main/java/cz/cvut/kbss/analysis/controller/FailureModeController.java
+++ b/src/main/java/cz/cvut/kbss/analysis/controller/FailureModeController.java
@@ -1,6 +1,7 @@
 package cz.cvut.kbss.analysis.controller;
 
 import cz.cvut.kbss.analysis.model.FailureMode;
+import cz.cvut.kbss.analysis.security.SecurityConstants;
 import cz.cvut.kbss.analysis.service.FailureModeRepositoryService;
 import cz.cvut.kbss.analysis.service.IdentifierService;
 import cz.cvut.kbss.analysis.util.Vocabulary;
@@ -10,6 +11,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.net.URI;
@@ -18,6 +20,7 @@
 
 @RestController
 @RequestMapping("/failureModes")
+@PreAuthorize("hasRole('" + SecurityConstants.ROLE_USER + "')")
 @RequiredArgsConstructor(onConstructor = @__(@Autowired))
 @Slf4j
 public class FailureModeController {
diff --git a/src/main/java/cz/cvut/kbss/analysis/controller/FailureModesRowController.java b/src/main/java/cz/cvut/kbss/analysis/controller/FailureModesRowController.java
index 8f6b66a3..1e977a69 100755
--- a/src/main/java/cz/cvut/kbss/analysis/controller/FailureModesRowController.java
+++ b/src/main/java/cz/cvut/kbss/analysis/controller/FailureModesRowController.java
@@ -1,12 +1,14 @@
 package cz.cvut.kbss.analysis.controller;
 
 import cz.cvut.kbss.analysis.dto.update.FailureModesRowRpnUpdateDTO;
+import cz.cvut.kbss.analysis.security.SecurityConstants;
 import cz.cvut.kbss.analysis.service.FailureModesRowRepositoryService;
 import cz.cvut.kbss.jsonld.JsonLd;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -14,6 +16,7 @@
 
 @RestController
 @RequestMapping("/failureModesRow")
+@PreAuthorize("hasRole('" + SecurityConstants.ROLE_USER + "')")
 @RequiredArgsConstructor(onConstructor = @__(@Autowired))
 @Slf4j
 public class FailureModesRowController {
diff --git a/src/main/java/cz/cvut/kbss/analysis/controller/FailureModesTableController.java b/src/main/java/cz/cvut/kbss/analysis/controller/FailureModesTableController.java
index 8af15f04..4482f4ff 100755
--- a/src/main/java/cz/cvut/kbss/analysis/controller/FailureModesTableController.java
+++ b/src/main/java/cz/cvut/kbss/analysis/controller/FailureModesTableController.java
@@ -3,6 +3,7 @@
 import cz.cvut.kbss.analysis.dto.table.FailureModesTableDataDTO;
 import cz.cvut.kbss.analysis.dto.update.FailureModesTableUpdateDTO;
 import cz.cvut.kbss.analysis.model.FailureModesTable;
+import cz.cvut.kbss.analysis.security.SecurityConstants;
 import cz.cvut.kbss.analysis.service.FailureModesTableRepositoryService;
 import cz.cvut.kbss.analysis.service.IdentifierService;
 import cz.cvut.kbss.analysis.util.Vocabulary;
@@ -12,6 +13,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import jakarta.servlet.http.HttpServletResponse;
@@ -20,6 +22,7 @@
 
 @RestController
 @RequestMapping("/failureModesTable")
+@PreAuthorize("hasRole('" + SecurityConstants.ROLE_USER + "')")
 @RequiredArgsConstructor(onConstructor = @__(@Autowired))
 @Slf4j
 public class FailureModesTableController {
diff --git a/src/main/java/cz/cvut/kbss/analysis/controller/FaultEventController.java b/src/main/java/cz/cvut/kbss/analysis/controller/FaultEventController.java
index 498e6276..0f0b1dcb 100755
--- a/src/main/java/cz/cvut/kbss/analysis/controller/FaultEventController.java
+++ b/src/main/java/cz/cvut/kbss/analysis/controller/FaultEventController.java
@@ -4,6 +4,7 @@
 import cz.cvut.kbss.analysis.model.FaultEvent;
 import cz.cvut.kbss.analysis.model.FaultEventType;
 import cz.cvut.kbss.analysis.model.diagram.Rectangle;
+import cz.cvut.kbss.analysis.security.SecurityConstants;
 import cz.cvut.kbss.analysis.service.FaultEventRepositoryService;
 import cz.cvut.kbss.analysis.service.IdentifierService;
 import cz.cvut.kbss.analysis.util.Vocabulary;
@@ -13,6 +14,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.net.URI;
@@ -20,6 +22,7 @@
 
 @RestController
 @RequestMapping("/faultEvents")
+@PreAuthorize("hasRole('" + SecurityConstants.ROLE_USER + "')")
 @RequiredArgsConstructor(onConstructor = @__(@Autowired))
 @Slf4j
 public class FaultEventController {
diff --git a/src/main/java/cz/cvut/kbss/analysis/controller/FaultTreeController.java b/src/main/java/cz/cvut/kbss/analysis/controller/FaultTreeController.java
index 470976fe..598c9ea7 100755
--- a/src/main/java/cz/cvut/kbss/analysis/controller/FaultTreeController.java
+++ b/src/main/java/cz/cvut/kbss/analysis/controller/FaultTreeController.java
@@ -2,7 +2,8 @@
 
 import cz.cvut.kbss.analysis.model.*;
 import cz.cvut.kbss.analysis.model.opdata.OperationalDataFilter;
- import cz.cvut.kbss.analysis.service.FaultTreeEvaluationService;
+import cz.cvut.kbss.analysis.security.SecurityConstants;
+import cz.cvut.kbss.analysis.service.FaultTreeEvaluationService;
 import cz.cvut.kbss.analysis.service.FaultTreeRepositoryService;
 import cz.cvut.kbss.analysis.service.FaultTreeService;
 import cz.cvut.kbss.analysis.service.IdentifierService;
@@ -13,6 +14,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.net.URI;
@@ -21,6 +23,7 @@
 
 @RestController
 @RequestMapping("/faultTrees")
+@PreAuthorize("hasRole('" + SecurityConstants.ROLE_USER + "')")
 @RequiredArgsConstructor(onConstructor = @__(@Autowired))
 @Slf4j
 public class FaultTreeController {
diff --git a/src/main/java/cz/cvut/kbss/analysis/controller/FunctionController.java b/src/main/java/cz/cvut/kbss/analysis/controller/FunctionController.java
index c4106af7..0dc68570 100755
--- a/src/main/java/cz/cvut/kbss/analysis/controller/FunctionController.java
+++ b/src/main/java/cz/cvut/kbss/analysis/controller/FunctionController.java
@@ -3,6 +3,7 @@
 import cz.cvut.kbss.analysis.model.Behavior;
 import cz.cvut.kbss.analysis.model.Component;
 import cz.cvut.kbss.analysis.model.Function;
+import cz.cvut.kbss.analysis.security.SecurityConstants;
 import cz.cvut.kbss.analysis.service.FunctionRepositoryService;
 import cz.cvut.kbss.analysis.service.IdentifierService;
 import cz.cvut.kbss.analysis.util.Vocabulary;
@@ -12,6 +13,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.net.URI;
@@ -20,6 +22,7 @@
 
 @RestController
 @RequestMapping("/functions")
+@PreAuthorize("hasRole('" + SecurityConstants.ROLE_USER + "')")
 @RequiredArgsConstructor(onConstructor = @__(@Autowired))
 @Slf4j
 public class FunctionController {
diff --git a/src/main/java/cz/cvut/kbss/analysis/controller/MitigationController.java b/src/main/java/cz/cvut/kbss/analysis/controller/MitigationController.java
index 7b69a28b..6d7b7295 100644
--- a/src/main/java/cz/cvut/kbss/analysis/controller/MitigationController.java
+++ b/src/main/java/cz/cvut/kbss/analysis/controller/MitigationController.java
@@ -2,6 +2,7 @@
 
 import cz.cvut.kbss.analysis.dto.update.MitigationUpdateDTO;
 import cz.cvut.kbss.analysis.model.Mitigation;
+import cz.cvut.kbss.analysis.security.SecurityConstants;
 import cz.cvut.kbss.analysis.service.MitigationRepositoryService;
 import cz.cvut.kbss.jsonld.JsonLd;
 import lombok.RequiredArgsConstructor;
@@ -9,10 +10,12 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 @RestController
 @RequestMapping("/mitigations")
+@PreAuthorize("hasRole('" + SecurityConstants.ROLE_USER + "')")
 @RequiredArgsConstructor(onConstructor = @__(@Autowired))
 @Slf4j
 public class MitigationController {
diff --git a/src/main/java/cz/cvut/kbss/analysis/controller/OperationalDataFilterController.java b/src/main/java/cz/cvut/kbss/analysis/controller/OperationalDataFilterController.java
index 216e3b9c..7eb256e6 100644
--- a/src/main/java/cz/cvut/kbss/analysis/controller/OperationalDataFilterController.java
+++ b/src/main/java/cz/cvut/kbss/analysis/controller/OperationalDataFilterController.java
@@ -1,6 +1,7 @@
 package cz.cvut.kbss.analysis.controller;
 
 import cz.cvut.kbss.analysis.model.opdata.OperationalDataFilter;
+import cz.cvut.kbss.analysis.security.SecurityConstants;
 import cz.cvut.kbss.analysis.service.FaultTreeService;
 import cz.cvut.kbss.analysis.service.IdentifierService;
 import cz.cvut.kbss.analysis.service.OperationalDataFilterService;
@@ -10,6 +11,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.*;
 
@@ -17,6 +19,7 @@
 
 @Controller
 @RequestMapping("/operational-data-filter")
+@PreAuthorize("hasRole('" + SecurityConstants.ROLE_USER + "')")
 @Slf4j
 public class OperationalDataFilterController {
 
diff --git a/src/main/java/cz/cvut/kbss/analysis/controller/SystemController.java b/src/main/java/cz/cvut/kbss/analysis/controller/SystemController.java
index dbb2e6ec..7472159c 100755
--- a/src/main/java/cz/cvut/kbss/analysis/controller/SystemController.java
+++ b/src/main/java/cz/cvut/kbss/analysis/controller/SystemController.java
@@ -2,6 +2,7 @@
 
 import cz.cvut.kbss.analysis.model.FailureMode;
 import cz.cvut.kbss.analysis.model.System;
+import cz.cvut.kbss.analysis.security.SecurityConstants;
 import cz.cvut.kbss.analysis.service.IdentifierService;
 import cz.cvut.kbss.analysis.service.SystemRepositoryService;
 import cz.cvut.kbss.analysis.service.external.AnnotatorService;
@@ -12,6 +13,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.io.UnsupportedEncodingException;
@@ -21,6 +23,7 @@
 
 @RestController
 @RequestMapping("/systems")
+@PreAuthorize("hasRole('" + SecurityConstants.ROLE_USER + "')")
 @RequiredArgsConstructor(onConstructor = @__(@Autowired))
 @Slf4j
 public class SystemController {