fix permissions

2025-01-05 20:03:23 -05:00 · 2025-01-05 20:03:23 -05:00 · 9f87f9be38
commit 9f87f9be38
parent 1a6a4f69e8
15 changed files with 80 additions and 81 deletions
--- a/src/main/bundles/prod.bundle
+++ b/src/main/bundles/prod.bundle
--- a/src/main/java/com/primefactorsolutions/model/Submission.java
+++ b/src/main/java/com/primefactorsolutions/model/Submission.java
@ -1,7 +1,5 @@
 package com.primefactorsolutions.model;
 import io.hypersistence.utils.hibernate.type.json.JsonType;
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
 import jakarta.persistence.Lob;
 import jakarta.persistence.ManyToOne;
@ -9,9 +7,6 @@ import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import lombok.NoArgsConstructor;
 import org.hibernate.annotations.Type;
 import java.util.Map;
@Entity
@Data
@ -25,9 +20,7 @@ public class Submission extends BaseEntity {
    @Lob
    private String text;
-    @Type(JsonType.class)
+    private String output;
    @Column(columnDefinition = "json")
    private Map<String, Object> results;
    private SubmissionStatus submissionStatus;
--- a/src/main/java/com/primefactorsolutions/service/ExamService.java
+++ b/src/main/java/com/primefactorsolutions/service/ExamService.java
@ -12,7 +12,6 @@ import org.springframework.stereotype.Service;
 import java.time.Instant;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.UUID;
 import java.util.stream.Collectors;
@ -32,7 +31,7 @@ public class ExamService {
    public void sendEmail(final Exam exam) {
        try {
-            final String evaluationLink = String.format("https://careers.primefactorsolutions.com/evaluation/%s",
+            final String evaluationLink = String.format("https://careers.primefactorsolutions.com/candidate-exam/%s",
                    exam.getId());
            final SimpleMailMessage message = new SimpleMailMessage();
            message.setFrom("no-reply@primefactorsolutions.com");
@ -95,7 +94,7 @@ public class ExamService {
                    .findFirst();
            if (submissionToReturn.isEmpty()) {
-                final Submission result = new Submission(firstQuestion, firstQuestion.getContent(), Map.of(),
+                final Submission result = new Submission(firstQuestion, firstQuestion.getContent(), null,
                        SubmissionStatus.FAIL, exam);
                exam.getSubmissions().add(result);
            }
@ -125,7 +124,7 @@ public class ExamService {
                .findFirst();
        if (submissionToReturn.isEmpty()) {
-            final Submission result = new Submission(nextQuestion, nextQuestion.getContent(), Map.of(),
+            final Submission result = new Submission(nextQuestion, nextQuestion.getContent(), null,
                    SubmissionStatus.FAIL, exam);
            exam.getSubmissions().add(result);
        }
--- a/src/main/java/com/primefactorsolutions/views/CandidateExamView.java
+++ b/src/main/java/com/primefactorsolutions/views/CandidateExamView.java
@ -54,10 +54,10 @@ import java.util.stream.Collectors;
@PageTitle("Evaluacion")
@SpringComponent
@Scope("prototype")
-@Route(value = "/evaluation", layout = MainLayout.class)
+@Route(value = "/candidate-exam", layout = MainLayout.class)
@AnonymousAllowed
@Slf4j
-public class EvaluationView extends Main implements HasUrlParameter<String> {
+public class CandidateExamView extends Main implements HasUrlParameter<String> {
    private final CompilerService compilerService;
    private final ExamService examService;
@ -83,7 +83,7 @@ public class EvaluationView extends Main implements HasUrlParameter<String> {
    private H3 questionTitle = null;
    private Text questionDescription = null;
-    public EvaluationView(final CompilerService compilerService, final ExamService examService) {
+    public CandidateExamView(final CompilerService compilerService, final ExamService examService) {
        this.compilerService = compilerService;
        this.examService = examService;
--- a/src/main/java/com/primefactorsolutions/views/MainLayout.java
+++ b/src/main/java/com/primefactorsolutions/views/MainLayout.java
@ -11,6 +11,7 @@ import com.primefactorsolutions.views.timeoff.TimeOffRequestsListView;
 import com.primefactorsolutions.views.timeoff.TimeOffSummaryListView;
 import com.primefactorsolutions.views.timesheet.TimesheetListView;
 import com.primefactorsolutions.views.timesheet.TimesheetReportView;
 import com.primefactorsolutions.views.util.AuthUtils;
 import com.vaadin.flow.component.Component;
 import com.vaadin.flow.component.Text;
 import com.vaadin.flow.component.applayout.AppLayout;
@ -39,8 +40,6 @@ import org.vaadin.lineawesome.LineAwesomeIcon;
 import java.util.UUID;
 import static com.primefactorsolutions.views.util.AuthUtils.isAdmin;
 /**
 * The main view is a top-level placeholder for other views.
 */
@ -137,9 +136,11 @@ public class MainLayout extends AppLayout {
    private SideNav createNavigation() {
        final SideNav nav = new SideNav();
        if (AuthUtils.isUser(authContext)) {
            nav.addItem(new SideNavItem("Home", MainView.class, LineAwesomeIcon.HOME_SOLID.create()));
-        if (isAdmin(authContext)) {
+            if (AuthUtils.isAdmin(authContext)) {
                SideNavItem admin = new SideNavItem("Admin");
                admin.setPrefixComponent(LineAwesomeIcon.BUILDING.create());
                admin.addItem(new SideNavItem("Calendario", TimeOffListView.class,
@ -169,7 +170,7 @@ public class MainLayout extends AppLayout {
            timesheet.addItem(new SideNavItem("Registro de Horas Trabajadas", TimesheetListView.class,
                    LineAwesomeIcon.ID_CARD_SOLID.create()));
-        if (isAdmin(authContext)) {
+            if (AuthUtils.isAdmin(authContext)) {
                timesheet.addItem(new SideNavItem("Reporte Horas Trabajadas", TimesheetReportView.class,
                        LineAwesomeIcon.ID_CARD_SOLID.create()));
            }
@ -177,7 +178,7 @@ public class MainLayout extends AppLayout {
            final SideNavItem profile = new SideNavItem("Employee");
            profile.setPrefixComponent(LineAwesomeIcon.USER_TIE_SOLID.create());
-        if (isAdmin(authContext)) {
+            if (AuthUtils.isAdmin(authContext)) {
                profile.addItem(new SideNavItem("Profiles", EmployeesListView.class,
                        LineAwesomeIcon.USER_FRIENDS_SOLID.create()));
            }
@ -190,6 +191,7 @@ public class MainLayout extends AppLayout {
            nav.addItem(profile);
            nav.addItem(timesheet);
            nav.addItem(timeOff);
        }
        return nav;
    }
--- a/src/main/java/com/primefactorsolutions/views/SubmissionView.java
+++ b/src/main/java/com/primefactorsolutions/views/SubmissionView.java
@ -20,9 +20,9 @@ import com.vaadin.flow.component.menubar.MenuBarVariant;
 import com.vaadin.flow.component.orderedlayout.FlexComponent;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.router.*;
 import com.vaadin.flow.server.auth.AnonymousAllowed;
 import com.vaadin.flow.spring.annotation.SpringComponent;
 import com.vaadin.flow.theme.lumo.LumoUtility.*;
 import jakarta.annotation.security.RolesAllowed;
 import lombok.extern.slf4j.Slf4j;
 import org.jetbrains.annotations.NotNull;
 import org.springframework.context.annotation.Scope;
@ -37,8 +37,8 @@ import java.util.stream.Collectors;
@PageTitle("Evaluacion")
@SpringComponent
@Scope("prototype")
-@Route(value = "/submission", layout = MainLayout.class)
+@RolesAllowed("ROLE_ADMIN")
-@AnonymousAllowed
+@Route(value = "/submissions", layout = MainLayout.class)
@Slf4j
 public class SubmissionView extends Main implements HasUrlParameter<String> {
--- a/src/main/java/com/primefactorsolutions/views/assessment/CandidateView.java
+++ b/src/main/java/com/primefactorsolutions/views/assessment/CandidateView.java
@ -12,7 +12,7 @@ import com.vaadin.flow.router.PageTitle;
 import com.vaadin.flow.router.Route;
 import com.vaadin.flow.spring.annotation.SpringComponent;
 import com.vaadin.flow.spring.security.AuthenticationContext;
-import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.context.annotation.Scope;
@ -23,7 +23,7 @@ import java.util.UUID;
@Scope("prototype")
@PageTitle("Candidates")
@Route(value = "/candidates", layout = MainLayout.class)
-@PermitAll
+@RolesAllowed("ROLE_ADMIN")
 public class CandidateView extends BaseEntityForm<Candidate> implements HasUrlParameter<String> {
    private final CandidateService candidateService;
--- a/src/main/java/com/primefactorsolutions/views/assessment/CandidatesListView.java
+++ b/src/main/java/com/primefactorsolutions/views/assessment/CandidatesListView.java
@ -16,7 +16,7 @@ import com.vaadin.flow.router.PageTitle;
 import com.vaadin.flow.router.Route;
 import com.vaadin.flow.spring.annotation.SpringComponent;
 import com.vaadin.flow.spring.security.AuthenticationContext;
-import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
 import org.apache.commons.lang3.tuple.Pair;
 import org.springframework.context.annotation.Scope;
 import org.vaadin.firitin.components.grid.VGrid;
@ -27,7 +27,7 @@ import java.util.Map;
@Scope("prototype")
@PageTitle("Candidates")
@Route(value = "/candidates", layout = MainLayout.class)
-@PermitAll
+@RolesAllowed("ROLE_ADMIN")
 public class CandidatesListView extends BaseView {
    public CandidatesListView(final AuthenticationContext authenticationContext,
--- a/src/main/java/com/primefactorsolutions/views/assessment/ExamView.java
+++ b/src/main/java/com/primefactorsolutions/views/assessment/ExamView.java
@ -16,7 +16,7 @@ import com.vaadin.flow.router.HasUrlParameter;
 import com.vaadin.flow.router.PageTitle;
 import com.vaadin.flow.router.Route;
 import com.vaadin.flow.spring.annotation.SpringComponent;
-import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.context.annotation.Scope;
 import org.vaadin.firitin.fields.SubListSelector;
@ -26,7 +26,7 @@ import java.util.List;
 import java.util.UUID;
@SpringComponent
-@PermitAll
+@RolesAllowed("ROLE_ADMIN")
@Scope("prototype")
@PageTitle("Exams")
@Route(value = "/exams", layout = MainLayout.class)
--- a/src/main/java/com/primefactorsolutions/views/assessment/ExamsListView.java
+++ b/src/main/java/com/primefactorsolutions/views/assessment/ExamsListView.java
@ -17,7 +17,7 @@ import com.vaadin.flow.router.PageTitle;
 import com.vaadin.flow.router.Route;
 import com.vaadin.flow.spring.annotation.SpringComponent;
 import com.vaadin.flow.spring.security.AuthenticationContext;
-import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
 import org.apache.commons.lang3.tuple.Pair;
 import org.springframework.context.annotation.Scope;
 import org.vaadin.addon.stefan.clipboard.ClientsideClipboard;
@ -27,7 +27,7 @@ import org.vaadin.firitin.components.grid.VGrid;
@Scope("prototype")
@PageTitle("Exams")
@Route(value = "/exams", layout = MainLayout.class)
-@PermitAll
+@RolesAllowed("ROLE_ADMIN")
 public class ExamsListView extends BaseView {
    public ExamsListView(final AuthenticationContext authenticationContext,
@ -53,7 +53,8 @@ public class ExamsListView extends BaseView {
                        getUI().flatMap(ui -> ui.navigate(SubmissionView.class, exam.getId().toString()))),
                Pair.of("Copy", __ ->
                        ClientsideClipboard.writeToClipboard(
-                                String.format("email: %s link: https://intra.primefactorsolutions.com/evaluation/%s",
+                                String.format("email: %s link: "
                                                + "https://intra.primefactorsolutions.com/candidate-exam/%s",
                                        exam.getCandidate().getEmail(),
                                        exam.getId()))),
                Pair.of("Email", __ -> {
--- a/src/main/java/com/primefactorsolutions/views/assessment/QuestionView.java
+++ b/src/main/java/com/primefactorsolutions/views/assessment/QuestionView.java
@ -11,7 +11,7 @@ import com.vaadin.flow.component.textfield.TextField;
 import com.vaadin.flow.router.*;
 import com.vaadin.flow.spring.annotation.SpringComponent;
 import com.vaadin.flow.spring.security.AuthenticationContext;
-import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.context.annotation.Scope;
@ -22,7 +22,7 @@ import java.util.UUID;
@Scope("prototype")
@PageTitle("Questions")
@Route(value = "/questions", layout = MainLayout.class)
-@PermitAll
+@RolesAllowed("ROLE_ADMIN")
 public class QuestionView extends BaseEntityForm<Question> implements HasUrlParameter<String> {
    private final QuestionService questionService;
--- a/src/main/java/com/primefactorsolutions/views/assessment/QuestionsListView.java
+++ b/src/main/java/com/primefactorsolutions/views/assessment/QuestionsListView.java
@ -15,7 +15,7 @@ import com.vaadin.flow.router.PageTitle;
 import com.vaadin.flow.router.Route;
 import com.vaadin.flow.spring.annotation.SpringComponent;
 import com.vaadin.flow.spring.security.AuthenticationContext;
-import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
 import org.apache.commons.lang3.tuple.Pair;
 import org.springframework.context.annotation.Scope;
 import org.vaadin.firitin.components.grid.VGrid;
@ -24,7 +24,7 @@ import org.vaadin.firitin.components.grid.VGrid;
@Scope("prototype")
@PageTitle("Questions")
@Route(value = "/questions", layout = MainLayout.class)
-@PermitAll
+@RolesAllowed("ROLE_ADMIN")
 public class QuestionsListView extends BaseView {
    public QuestionsListView(final AuthenticationContext authenticationContext, final QuestionService questionService) {
--- a/src/main/java/com/primefactorsolutions/views/util/AuthUtils.java
+++ b/src/main/java/com/primefactorsolutions/views/util/AuthUtils.java
@ -11,6 +11,10 @@ import java.util.UUID;
@UtilityClass
 public class AuthUtils {
    public static boolean isUser(final AuthenticationContext authenticationContext) {
        return authenticationContext.getAuthenticatedUser(UserDetails.class).isPresent();
    }
    public static boolean isAdmin(final AuthenticationContext authenticationContext) {
        return authenticationContext.getAuthenticatedUser(UserDetails.class)
                .map(u ->
--- a/src/test/java/com/primefactorsolutions/views/AbstractAppTests.java
+++ b/src/test/java/com/primefactorsolutions/views/AbstractAppTests.java
@ -35,7 +35,7 @@ public class AbstractAppTests {
    protected void login(String user, String pass, final List<String> roles) {
        final List<SimpleGrantedAuthority> authorities =
-                roles.stream().map(it -> new SimpleGrantedAuthority("ROLE_" + it)).collect(Collectors.toList());
+                roles.stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList());
        UsernamePasswordAuthenticationToken authReq
                = new UsernamePasswordAuthenticationToken(new User(user, pass, authorities), pass, authorities);
        SecurityContext sc = SecurityContextHolder.getContext();
--- a/src/test/java/com/primefactorsolutions/views/CandidateViewTests.java
+++ b/src/test/java/com/primefactorsolutions/views/CandidateViewTests.java
@ -14,7 +14,7 @@ import static com.github.mvysny.kaributesting.v10.LocatorJ.*;
 public class CandidateViewTests extends AbstractAppTests {
    @BeforeEach
    public void login() {
-        login("user", "user", List.of("user"));
+        login("user", "user", List.of("ROLE_ADMIN"));
    }
    @Test