Merge branch 'search_authorization_quickFix' into 'dev'

Search authorization quick fix See merge request c22001956/group-6-client-project-2023!37

Merge branch 'search_authorization_quickFix' into 'dev'
dee62b1a · Joshua Grey · 99ff6f8c · 56adeb98 · dee62b1a · dee62b1a
Commit dee62b1a authored 1 year ago by Joshua Grey
--- a/cms/src/main/java/com/project/cms/complaint/ComplaintRepositoryImpl.java
+++ b/cms/src/main/java/com/project/cms/complaint/ComplaintRepositoryImpl.java
@@ -139,7 +139,7 @@ public class ComplaintRepositoryImpl implements ComplaintRepository{
    public List<Complaint> getComplaint(Authentication userAuth, String policyNumber, String title) {
        Collection<? extends GrantedAuthority> userRoles = userAuth.getAuthorities();
-        if (userRoles.contains(new SimpleGrantedAuthority("CUSTOMER")) ||
+        if (userRoles.contains(new SimpleGrantedAuthority("ADMIN")) ||
                (userRoles.contains(new SimpleGrantedAuthority("STAFF")))) {
            String params = "";

--- a/cms/src/main/java/com/project/cms/search/SearchController.java
+++ b/cms/src/main/java/com/project/cms/search/SearchController.java
@@ -14,13 +14,11 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.servlet.ModelAndView;
-import java.util.ArrayList;
+import java.util.*;
-import java.util.List;
-import java.util.Map;
 @Controller
-@RequestMapping("/search")
+@RequestMapping(value = {"/staff/search","/admin/search"})
 public class SearchController {
    ComplaintService complaintService;
@@ -30,11 +28,15 @@ public class SearchController {
    @GetMapping("/")
-    public ModelAndView getSearchPage(Model model){
+    public ModelAndView getSearchPage(Model model, Authentication authentication){
        List<Complaint> complaintList = new ArrayList<>();
+        Optional userAuth = authentication.getAuthorities().stream().findFirst();
        ModelAndView modelAndView = new ModelAndView("search/searchPage", (Map<String, ?>) model);
        model.addAttribute("complaintList", complaintList);
+        model.addAttribute("userAuth", userAuth.get().toString().toLowerCase());
@@ -43,8 +45,10 @@ public class SearchController {
    @PostMapping ("/processQuery")
    public ModelAndView queryBuilder(@RequestParam("policyNumber") String policyNumber, @RequestParam("policyId") String policyId, @RequestParam("title") String title, Model model, Authentication authentication){
+    System.out.println("test");
        List<Complaint> complaintList = new ArrayList<>();
+        Optional userAuth = authentication.getAuthorities().stream().findFirst();
        if(!policyId.trim().isEmpty()){
@@ -57,6 +61,8 @@ public class SearchController {
            }
            model.addAttribute("complaintList", complaintList);
+            model.addAttribute("userAuth", userAuth.get().toString().toLowerCase());
            return new ModelAndView("search/searchPage", (Map<String, ?>) model);
        }
@@ -71,6 +77,7 @@ public class SearchController {
            }
            model.addAttribute("complaintList", complaintList);
+            model.addAttribute("userAuth", userAuth.get().toString().toLowerCase());
            return new ModelAndView("search/searchPage", (Map<String, ?>) model);

--- a/cms/src/main/java/com/project/cms/security/SecurityConfig.java
+++ b/cms/src/main/java/com/project/cms/security/SecurityConfig.java
@@ -29,7 +29,7 @@ public class SecurityConfig {
    public static final String[] ENDPOINTS_AUTHORISED = {
            "/complaint/**",
-            "/search/**"
    };
    public static final String[] ENDPOINTS_CUSTOMER = {

--- a/cms/src/main/resources/templates/fragments/header.html
+++ b/cms/src/main/resources/templates/fragments/header.html
@@ -39,14 +39,14 @@
          <a class="nav-link" th:href="@{/staff/home}">Home</a>
          <a class="nav-link" th:href="@{/staff/complaint}">All Complaints</a>
          <a class="nav-link" th:href="@{/complaint/form}">New Complaint</a>
-          <a class="nav-link" th:href="@{/search/}">Search</a>
+          <a class="nav-link" th:href="@{/staff/search/}">Search</a>
        </div>
        <div sec:authorize="hasAuthority('ADMIN')" class="navbar-nav">
          <a class="nav-link" th:href="@{/admin/home}">Home</a>
          <a class="nav-link" th:href="@{/admin/complaint}">All Complaints</a>
          <a class="nav-link" th:href="@{/complaint/form}">New Complaint</a>
-          <a class="nav-link" th:href="@{/search/}">Search</a>
+          <a class="nav-link" th:href="@{/admin/search/}">Search</a>
        </div>

--- a/cms/src/main/resources/templates/search/searchPage.html
+++ b/cms/src/main/resources/templates/search/searchPage.html
 <!DOCTYPE html>
-<html lang="en">
+<html lang="en" xmlns:th="http://www.thymeleaf.org"
+      xmlns:sec="https://www.thymeleaf.org/thymeleaf-extras-springsecurity6">
 <head>
    <meta charset="UTF-8">
    <title>Title</title>
@@ -10,23 +11,22 @@
 <div th:replace="~{fragments/header :: header}"/>
 <br>
 <h1 class = "text-center fw-bold text-primary-emphasis">Search Page</h1>
-<div class="container d-flex justify-content-center">
-    <form th:action="@{/search/processQuery}" method="post" class = "form-row">
-        <input type="text" name="policyNumber" id="policyNumber" placeholder="policyNumber">
+<div sec:authorize="hasAnyAuthority('STAFF', 'ADMIN')"  class="container d-flex justify-content-center">
-        <input type="text" name="policyId" id="policyId" placeholder="policyId">
-        <input type="text" name="title" id="title" placeholder="title">
+        <form th:action="@{'/' + ${userAuth} + '/search/processQuery'}" method="post" class = "form-row">
-        <button class="btn btn-primary" type="submit">Submit</button>
+            <input type="text" name="policyNumber" id="policyNumber" placeholder="policyNumber">
+            <input type="text" name="policyId" id="policyId" placeholder="policyId">
-    </form>
+            <input type="text" name="title" id="title" placeholder="title">
+            <button class="btn btn-primary" type="submit">Submit</button>
-</div>
+        </form>
+</div>
-<br>
 <div th:if = "${complaintList != null}">
@@ -34,7 +34,8 @@
        <div th:each="complaint : ${complaintList}" class="card my-1" style="width: 36rem;">
            <a class="d-flex justify-content-around card-body align-items-center" id="complaintItem"
-               th:href="@{/customer/complaint/details/{id} (id=${complaint.id})}">
+               th:href="@{'/' + ${userAuth} + '/complaint/details/' + ${complaint.id}}">
                <span th:text="${complaint.title}"></span>
                <span th:text="${#dates.day(complaint.timeSubmitted)} + ' ' + ${#dates.monthNameShort(complaint.timeSubmitted)}
                        + ' ' + ${#dates.year(complaint.timeSubmitted)}"></span>
@@ -43,13 +44,14 @@
                      class="badge rounded-pill align-middle"></span>
            </a>
        </div>
    </section>
 </div>
-<div th:unless = "${complaintList != null}">
+<!--<div th:unless = "${complaintList != null}">-->
-    <h2 class = "text-center fw-bold text-danger">No search results found please edit your query and try again.</h2>
+<!--    <h2 class = "text-center fw-bold text-danger">No search results found please edit your query and try again.</h2>-->
-</div>
+<!--</div>-->
 </body>
 </html>
\ No newline at end of file
--- a/cms/src/test/java/com/project/cms/search/searchPageTests.java
+++ b/cms/src/test/java/com/project/cms/search/searchPageTests.java
@@ -43,7 +43,7 @@ public class searchPageTests {
    @WithMockUser(username = "staff", authorities = {"STAFF"})
    public void shouldReturnSingleComplaintItem() throws Exception {
        MvcResult result = mvc
-                .perform(post("/search/processQuery").with(csrf()).param("policyId", "2").param("policyNumber","").param("title",""))
+                .perform(post("/staff/search/processQuery").with(csrf()).param("policyId", "2").param("policyNumber","").param("title",""))
                .andExpect(status().isOk())
                .andReturn();
@@ -70,7 +70,7 @@ public class searchPageTests {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        MvcResult result = mvc
-                .perform(post("/search/processQuery").with(csrf()).param("policyId", "").param("policyNumber","user").param("title",""))
+                .perform(post("/staff/search/processQuery").with(csrf()).param("policyId", "").param("policyNumber","user").param("title",""))
                .andExpect(status().isOk())
                .andReturn();