Merge remote-tracking branch 'origin/develop' into feature/SUPPORT-9363

# Conflicts: # backend/src/main/java/ru/micord/ervu/account_applications/security/config/SecurityConfig.java
2025-09-01 08:52:22 +03:00 · 2025-09-01 08:52:22 +03:00 · ae5181e9f2
commit ae5181e9f2
parent 3fef27e79e 3a4a733c4b
8 changed files with 184 additions and 13 deletions
--- a/backend/src/main/java/ru/micord/ervu/account_applications/controller/RecruitmentController.java
+++ b/backend/src/main/java/ru/micord/ervu/account_applications/controller/RecruitmentController.java
@ -0,0 +1,32 @@
+package ru.micord.ervu.account_applications.controller;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import ru.micord.ervu.account_applications.security.context.SecurityContext;
+import ru.micord.ervu.account_applications.service.RecruitmentService;
+
+/**
+ * @author gulnaz
+ */
+@Controller
+public class RecruitmentController {
+
+  private final SecurityContext securityContext;
+  private final RecruitmentService recruitmentService;
+
+  public RecruitmentController(SecurityContext securityContext, RecruitmentService recruitmentService) {
+    this.securityContext = securityContext;
+    this.recruitmentService = recruitmentService;
+  }
+
+  @GetMapping(value = "/allowed")
+  public ResponseEntity<Boolean> checkAccess(HttpServletRequest request) {
+    Long appNumber = Long.valueOf(request.getHeader("app-number"));
+    boolean checkParents = Boolean.parseBoolean(request.getHeader("check-parents"));
+    String domainId = securityContext.getDomainId();
+    return ResponseEntity.ok(recruitmentService.exists(appNumber, domainId, checkParents));
+  }
+}
--- a/backend/src/main/java/ru/micord/ervu/account_applications/dao/RecruitmentDao.java
+++ b/backend/src/main/java/ru/micord/ervu/account_applications/dao/RecruitmentDao.java
@ -5,12 +5,16 @@ import java.util.Optional;
 import java.util.UUID;

 import org.jooq.DSLContext;
+import org.jooq.Field;
+import org.jooq.Name;
+import org.jooq.Select;
 import org.jooq.Table;
 import org.jooq.TableField;
 import org.jooq.impl.DSL;
 import org.springframework.stereotype.Repository;
 import ru.micord.ervu.account_applications.db_beans.public_.Tables;
 import ru.micord.ervu.account_applications.db_beans.public_.tables.Recruitment;
+import ru.micord.ervu.account_applications.db_beans.public_.tables.UserApplicationList;
 import ru.micord.ervu.account_applications.db_beans.public_.tables.records.RecruitmentRecord;

 /**
@ -78,6 +82,43 @@ public class RecruitmentDao extends AbstractDataDao<RecruitmentRecord> {
    setFieldByField(Recruitment.RECRUITMENT.ACTIVE, active, Recruitment.RECRUITMENT.IDM_ID, id);
  }

+  public boolean exists(Long appNumber, String domainId, boolean checkParents) {
+    Recruitment orgTable = Recruitment.RECRUITMENT;
+    UserApplicationList appTable = UserApplicationList.USER_APPLICATION_LIST;
+    String parentOrg = "parent_org";
+    Name parentOrgName = DSL.name(parentOrg);
+    Table<?> parentOrgTable = DSL.table(parentOrgName);
+    Field<String> parentIdmId = DSL.field(DSL.name(parentOrg, orgTable.IDM_ID.getName()),
+        String.class
+    );
+    Field<String> parentParentId = DSL.field(DSL.name(parentOrg, orgTable.PARENT_ID.getName()),
+        String.class
+    );
+    Select<?> select = checkParents
+                       ? dsl.withRecursive(parentOrgName)
+                           .as(dsl.select(orgTable.IDM_ID, orgTable.PARENT_ID)
+                               .from(orgTable)
+                               .where(orgTable.IDM_ID.eq(
+                                   dsl.select(orgTable.IDM_ID)
+                                       .from(orgTable)
+                                       .join(appTable).on(appTable.RECRUITMENT_ID.eq(orgTable.ID))
+                                       .where(appTable.NUMBER_APP.eq(appNumber))))
+                                   .unionAll(dsl.select(orgTable.IDM_ID, orgTable.PARENT_ID)
+                                       .from(orgTable)
+                                       .join(parentOrgTable).on(orgTable.IDM_ID.eq(parentParentId))))
+                           .select(parentIdmId)
+                           .from(parentOrgTable)
+                           .where(parentIdmId.eq(domainId))
+                       : dsl.select(orgTable.IDM_ID)
+                           .from(orgTable)
+                           .join(appTable)
+                           .on(appTable.RECRUITMENT_ID.eq(orgTable.ID))
+                           .where(appTable.NUMBER_APP.eq(appNumber)
+                               .and(orgTable.IDM_ID.eq(domainId)));
+
+    return dsl.fetchExists(select);
+  }
+
  @Override
  protected Table<RecruitmentRecord> getTable() {
    return Tables.RECRUITMENT;
--- a/backend/src/main/java/ru/micord/ervu/account_applications/security/config/SecurityConfig.java
+++ b/backend/src/main/java/ru/micord/ervu/account_applications/security/config/SecurityConfig.java
@ -15,6 +15,8 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
 import ru.micord.ervu.account_applications.security.filter.JwtAuthenticationFilter;
 import ru.micord.ervu.account_applications.security.provider.ErvuJwtAuthenticationProvider;

+import static ru.micord.ervu.account_applications.security.config.SecurityConstant.CREATE_APPLICATION_AUTHORITY;
+import static ru.micord.ervu.account_applications.security.config.SecurityConstant.CREATE_APPLICATION_PERMISSIONS;

@Configuration
@EnableWebSecurity
@ -30,7 +32,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        .authorizeHttpRequests(auth -> {
          auth.antMatchers("/version").permitAll();
          auth.antMatchers("/session").authenticated();
+          auth.antMatchers(CREATE_APPLICATION_PERMISSIONS).hasAuthority(CREATE_APPLICATION_AUTHORITY);
          auth.anyRequest().authenticated();
+
        })
        .sessionManagement(session ->
            session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
--- a/backend/src/main/java/ru/micord/ervu/account_applications/security/config/SecurityConstant.java
+++ b/backend/src/main/java/ru/micord/ervu/account_applications/security/config/SecurityConstant.java
@ -0,0 +1,16 @@
+package ru.micord.ervu.account_applications.security.config;
+
+/**
+ * @author gulnaz
+ */
+public class SecurityConstant {
+  public static final String CREATE_APPLICATION_AUTHORITY = "responsible_for_information_security";
+
+  public static final String[] CREATE_APPLICATION_PERMISSIONS = {
+      "/rpc/add_user_application/**",
+      "/rpc/edit_user_application/**",
+      "/rpc/block_user_application/**",
+      "/rpc/unblock_user_application/**",
+      "/rpc/reset_password/**"
+  };
+}
--- a/backend/src/main/java/ru/micord/ervu/account_applications/service/RecruitmentService.java
+++ b/backend/src/main/java/ru/micord/ervu/account_applications/service/RecruitmentService.java
@ -0,0 +1,21 @@
+package ru.micord.ervu.account_applications.service;
+
+import org.springframework.stereotype.Service;
+import ru.micord.ervu.account_applications.dao.RecruitmentDao;
+
+/**
+ * @author gulnaz
+ */
+@Service
+public class RecruitmentService {
+
+  private final RecruitmentDao recruitmentDao;
+
+  public RecruitmentService(RecruitmentDao recruitmentDao) {
+    this.recruitmentDao = recruitmentDao;
+  }
+
+  public boolean exists(Long appNumber, String domainId, boolean checkParents) {
+    return recruitmentDao.exists(appNumber, domainId, checkParents);
+  }
+}