From 3d5e548b2ba95ba930b79dc1f9911d3af6b96f5c Mon Sep 17 00:00:00 2001 From: "adel.ka" Date: Fri, 24 Oct 2025 09:30:08 +0300 Subject: [PATCH] SUPPORT-9497: ogrn check --- .../ervu_lkrp_ul/db_beans/public_/Keys.java | 10 +- .../ervu_lkrp_ul/db_beans/public_/Public.java | 15 +- .../ervu_lkrp_ul/db_beans/public_/Tables.java | 12 +- .../db_beans/public_/tables/Files.java | 239 ------ .../public_/tables/InteractionLog.java | 5 + .../db_beans/public_/tables/OkopfRecords.java | 7 - .../db_beans/public_/tables/OrgOkved.java | 244 ------ .../public_/tables/OrganizationAllowed.java | 226 ++++++ .../public_/tables/records/FilesRecord.java | 109 --- .../tables/records/InteractionLogRecord.java | 17 +- .../tables/records/OrgOkvedRecord.java | 124 --- .../records/OrganizationAllowedRecord.java | 81 ++ .../ervu/dao/OrganizationAccessDao.java | 25 + .../ervu/security/SecurityConstants.java | 2 + .../esia/service/EsiaAuthService.java | 16 +- .../webbpm/jwt/JwtAuthenticationProvider.java | 9 +- .../webbpm/jwt/helper/SecurityHelper.java | 21 +- .../ervu/security/webbpm/jwt/model/Token.java | 9 +- .../webbpm/jwt/service/JwtTokenService.java | 12 +- .../ervu/service/UploadAccessService.java | 32 + .../2025-10-24-add-org-allowed-table.xml | 14 + .../config/v_1.0/changelog-v_1.0.xml | 1 + frontend/src/ts/ervu/FileUploadChecker.ts | 17 + .../Личный кабинет юр лица.page | 713 +++++++++++++++++- 24 files changed, 1196 insertions(+), 764 deletions(-) delete mode 100644 backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/Files.java delete mode 100644 backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/OrgOkved.java create mode 100644 backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/OrganizationAllowed.java delete mode 100644 backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/records/FilesRecord.java delete mode 100644 backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/records/OrgOkvedRecord.java create mode 100644 backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/records/OrganizationAllowedRecord.java create mode 100644 backend/src/main/java/ru/micord/ervu/dao/OrganizationAccessDao.java create mode 100644 backend/src/main/java/ru/micord/ervu/service/UploadAccessService.java create mode 100644 backend/src/main/resources/config/v_1.0/2025-10-24-add-org-allowed-table.xml create mode 100644 frontend/src/ts/ervu/FileUploadChecker.ts diff --git a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/Keys.java b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/Keys.java index 88de130b..35aa099d 100644 --- a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/Keys.java +++ b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/Keys.java @@ -5,14 +5,12 @@ package ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.Databasechangeloglock; -import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.Files; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.OkopfRecords; -import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.OrgOkved; +import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.OrganizationAllowed; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.Shedlock; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.records.DatabasechangeloglockRecord; -import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.records.FilesRecord; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.records.OkopfRecordsRecord; -import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.records.OrgOkvedRecord; +import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.records.OrganizationAllowedRecord; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.records.ShedlockRecord; import org.jooq.TableField; @@ -33,9 +31,7 @@ public class Keys { // ------------------------------------------------------------------------- public static final UniqueKey DATABASECHANGELOGLOCK_PKEY = Internal.createUniqueKey(Databasechangeloglock.DATABASECHANGELOGLOCK, DSL.name("databasechangeloglock_pkey"), new TableField[] { Databasechangeloglock.DATABASECHANGELOGLOCK.ID }, true); - public static final UniqueKey FILES_PKEY = Internal.createUniqueKey(Files.FILES, DSL.name("files_pkey"), new TableField[] { Files.FILES.FILE_ID }, true); - public static final UniqueKey OKOPF_RECORDS_NAME_KEY = Internal.createUniqueKey(OkopfRecords.OKOPF_RECORDS, DSL.name("okopf_records_name_key"), new TableField[] { OkopfRecords.OKOPF_RECORDS.NAME }, true); public static final UniqueKey OKOPF_RECORDS_PKEY = Internal.createUniqueKey(OkopfRecords.OKOPF_RECORDS, DSL.name("okopf_records_pkey"), new TableField[] { OkopfRecords.OKOPF_RECORDS.OKOPF_RECORDS_ID }, true); - public static final UniqueKey ORG_OKVED_PKEY = Internal.createUniqueKey(OrgOkved.ORG_OKVED, DSL.name("org_okved_pkey"), new TableField[] { OrgOkved.ORG_OKVED.ID }, true); + public static final UniqueKey ORGANIZATION_ALLOWED_PKEY = Internal.createUniqueKey(OrganizationAllowed.ORGANIZATION_ALLOWED, DSL.name("organization_allowed_pkey"), new TableField[] { OrganizationAllowed.ORGANIZATION_ALLOWED.OGRN }, true); public static final UniqueKey SHEDLOCK_PK = Internal.createUniqueKey(Shedlock.SHEDLOCK, DSL.name("shedlock_pk"), new TableField[] { Shedlock.SHEDLOCK.NAME }, true); } diff --git a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/Public.java b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/Public.java index c622294d..5d20db39 100644 --- a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/Public.java +++ b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/Public.java @@ -7,10 +7,9 @@ package ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.DefaultCatalog; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.Databasechangelog; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.Databasechangeloglock; -import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.Files; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.InteractionLog; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.OkopfRecords; -import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.OrgOkved; +import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.OrganizationAllowed; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.Shedlock; import java.util.Arrays; @@ -44,11 +43,6 @@ public class Public extends SchemaImpl { */ public final Databasechangeloglock DATABASECHANGELOGLOCK = Databasechangeloglock.DATABASECHANGELOGLOCK; - /** - * The table public.files. - */ - public final Files FILES = Files.FILES; - /** * The table public.interaction_log. */ @@ -60,9 +54,9 @@ public class Public extends SchemaImpl { public final OkopfRecords OKOPF_RECORDS = OkopfRecords.OKOPF_RECORDS; /** - * The table public.org_okved. + * The table public.organization_allowed. */ - public final OrgOkved ORG_OKVED = OrgOkved.ORG_OKVED; + public final OrganizationAllowed ORGANIZATION_ALLOWED = OrganizationAllowed.ORGANIZATION_ALLOWED; /** * The table public.shedlock. @@ -87,10 +81,9 @@ public class Public extends SchemaImpl { return Arrays.asList( Databasechangelog.DATABASECHANGELOG, Databasechangeloglock.DATABASECHANGELOGLOCK, - Files.FILES, InteractionLog.INTERACTION_LOG, OkopfRecords.OKOPF_RECORDS, - OrgOkved.ORG_OKVED, + OrganizationAllowed.ORGANIZATION_ALLOWED, Shedlock.SHEDLOCK ); } diff --git a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/Tables.java b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/Tables.java index d35dfe07..37305e26 100644 --- a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/Tables.java +++ b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/Tables.java @@ -6,10 +6,9 @@ package ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.Databasechangelog; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.Databasechangeloglock; -import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.Files; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.InteractionLog; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.OkopfRecords; -import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.OrgOkved; +import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.OrganizationAllowed; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.Shedlock; @@ -29,11 +28,6 @@ public class Tables { */ public static final Databasechangeloglock DATABASECHANGELOGLOCK = Databasechangeloglock.DATABASECHANGELOGLOCK; - /** - * The table public.files. - */ - public static final Files FILES = Files.FILES; - /** * The table public.interaction_log. */ @@ -45,9 +39,9 @@ public class Tables { public static final OkopfRecords OKOPF_RECORDS = OkopfRecords.OKOPF_RECORDS; /** - * The table public.org_okved. + * The table public.organization_allowed. */ - public static final OrgOkved ORG_OKVED = OrgOkved.ORG_OKVED; + public static final OrganizationAllowed ORGANIZATION_ALLOWED = OrganizationAllowed.ORGANIZATION_ALLOWED; /** * The table public.shedlock. diff --git a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/Files.java b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/Files.java deleted file mode 100644 index 50a0e23a..00000000 --- a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/Files.java +++ /dev/null @@ -1,239 +0,0 @@ -/* - * This file is generated by jOOQ. - */ -package ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables; - - -import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.Keys; -import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.Public; -import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.records.FilesRecord; - -import java.util.Collection; - -import org.jooq.Condition; -import org.jooq.Field; -import org.jooq.Identity; -import org.jooq.Name; -import org.jooq.PlainSQL; -import org.jooq.QueryPart; -import org.jooq.SQL; -import org.jooq.Schema; -import org.jooq.Select; -import org.jooq.Stringly; -import org.jooq.Table; -import org.jooq.TableField; -import org.jooq.TableOptions; -import org.jooq.UniqueKey; -import org.jooq.impl.DSL; -import org.jooq.impl.SQLDataType; -import org.jooq.impl.TableImpl; - - -/** - * This class is generated by jOOQ. - */ -@SuppressWarnings({ "all", "unchecked", "rawtypes" }) -public class Files extends TableImpl { - - private static final long serialVersionUID = 1L; - - /** - * The reference instance of public.files - */ - public static final Files FILES = new Files(); - - /** - * The class holding records for this type - */ - @Override - public Class getRecordType() { - return FilesRecord.class; - } - - /** - * The column public.files.file_id. - */ - public final TableField FILE_ID = createField(DSL.name("file_id"), SQLDataType.BIGINT.nullable(false).identity(true), this, ""); - - /** - * The column public.files.file. - */ - public final TableField FILE = createField(DSL.name("file"), SQLDataType.BLOB, this, ""); - - /** - * The column public.files.file_name. - */ - public final TableField FILE_NAME = createField(DSL.name("file_name"), SQLDataType.VARCHAR(10000), this, ""); - - /** - * The column public.files.interaction_log_id. - */ - public final TableField INTERACTION_LOG_ID = createField(DSL.name("interaction_log_id"), SQLDataType.BIGINT, this, ""); - - private Files(Name alias, Table aliased) { - this(alias, aliased, (Field[]) null, null); - } - - private Files(Name alias, Table aliased, Field[] parameters, Condition where) { - super(alias, null, aliased, parameters, DSL.comment(""), TableOptions.table(), where); - } - - /** - * Create an aliased public.files table reference - */ - public Files(String alias) { - this(DSL.name(alias), FILES); - } - - /** - * Create an aliased public.files table reference - */ - public Files(Name alias) { - this(alias, FILES); - } - - /** - * Create a public.files table reference - */ - public Files() { - this(DSL.name("files"), null); - } - - @Override - public Schema getSchema() { - return aliased() ? null : Public.PUBLIC; - } - - @Override - public Identity getIdentity() { - return (Identity) super.getIdentity(); - } - - @Override - public UniqueKey getPrimaryKey() { - return Keys.FILES_PKEY; - } - - @Override - public Files as(String alias) { - return new Files(DSL.name(alias), this); - } - - @Override - public Files as(Name alias) { - return new Files(alias, this); - } - - @Override - public Files as(Table alias) { - return new Files(alias.getQualifiedName(), this); - } - - /** - * Rename this table - */ - @Override - public Files rename(String name) { - return new Files(DSL.name(name), null); - } - - /** - * Rename this table - */ - @Override - public Files rename(Name name) { - return new Files(name, null); - } - - /** - * Rename this table - */ - @Override - public Files rename(Table name) { - return new Files(name.getQualifiedName(), null); - } - - /** - * Create an inline derived table from this table - */ - @Override - public Files where(Condition condition) { - return new Files(getQualifiedName(), aliased() ? this : null, null, condition); - } - - /** - * Create an inline derived table from this table - */ - @Override - public Files where(Collection conditions) { - return where(DSL.and(conditions)); - } - - /** - * Create an inline derived table from this table - */ - @Override - public Files where(Condition... conditions) { - return where(DSL.and(conditions)); - } - - /** - * Create an inline derived table from this table - */ - @Override - public Files where(Field condition) { - return where(DSL.condition(condition)); - } - - /** - * Create an inline derived table from this table - */ - @Override - @PlainSQL - public Files where(SQL condition) { - return where(DSL.condition(condition)); - } - - /** - * Create an inline derived table from this table - */ - @Override - @PlainSQL - public Files where(@Stringly.SQL String condition) { - return where(DSL.condition(condition)); - } - - /** - * Create an inline derived table from this table - */ - @Override - @PlainSQL - public Files where(@Stringly.SQL String condition, Object... binds) { - return where(DSL.condition(condition, binds)); - } - - /** - * Create an inline derived table from this table - */ - @Override - @PlainSQL - public Files where(@Stringly.SQL String condition, QueryPart... parts) { - return where(DSL.condition(condition, parts)); - } - - /** - * Create an inline derived table from this table - */ - @Override - public Files whereExists(Select select) { - return where(DSL.exists(select)); - } - - /** - * Create an inline derived table from this table - */ - @Override - public Files whereNotExists(Select select) { - return where(DSL.notExists(select)); - } -} diff --git a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/InteractionLog.java b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/InteractionLog.java index afd65e42..fb2043b6 100644 --- a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/InteractionLog.java +++ b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/InteractionLog.java @@ -99,6 +99,11 @@ public class InteractionLog extends TableImpl { */ public final TableField ERVU_ID = createField(DSL.name("ervu_id"), SQLDataType.VARCHAR(36), this, ""); + /** + * The column public.interaction_log.offset. + */ + public final TableField OFFSET = createField(DSL.name("offset"), SQLDataType.VARCHAR(10), this, ""); + private InteractionLog(Name alias, Table aliased) { this(alias, aliased, (Field[]) null, null); } diff --git a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/OkopfRecords.java b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/OkopfRecords.java index 7f2e0bfe..e9671919 100644 --- a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/OkopfRecords.java +++ b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/OkopfRecords.java @@ -8,9 +8,7 @@ import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.Keys; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.Public; import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.records.OkopfRecordsRecord; -import java.util.Arrays; import java.util.Collection; -import java.util.List; import org.jooq.Condition; import org.jooq.Field; @@ -105,11 +103,6 @@ public class OkopfRecords extends TableImpl { return Keys.OKOPF_RECORDS_PKEY; } - @Override - public List> getUniqueKeys() { - return Arrays.asList(Keys.OKOPF_RECORDS_NAME_KEY); - } - @Override public OkopfRecords as(String alias) { return new OkopfRecords(DSL.name(alias), this); diff --git a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/OrgOkved.java b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/OrgOkved.java deleted file mode 100644 index ba8d15a1..00000000 --- a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/OrgOkved.java +++ /dev/null @@ -1,244 +0,0 @@ -/* - * This file is generated by jOOQ. - */ -package ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables; - - -import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.Keys; -import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.Public; -import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.records.OrgOkvedRecord; - -import java.util.Collection; - -import org.jooq.Condition; -import org.jooq.Field; -import org.jooq.Identity; -import org.jooq.Name; -import org.jooq.PlainSQL; -import org.jooq.QueryPart; -import org.jooq.SQL; -import org.jooq.Schema; -import org.jooq.Select; -import org.jooq.Stringly; -import org.jooq.Table; -import org.jooq.TableField; -import org.jooq.TableOptions; -import org.jooq.UniqueKey; -import org.jooq.impl.DSL; -import org.jooq.impl.SQLDataType; -import org.jooq.impl.TableImpl; - - -/** - * This class is generated by jOOQ. - */ -@SuppressWarnings({ "all", "unchecked", "rawtypes" }) -public class OrgOkved extends TableImpl { - - private static final long serialVersionUID = 1L; - - /** - * The reference instance of public.org_okved - */ - public static final OrgOkved ORG_OKVED = new OrgOkved(); - - /** - * The class holding records for this type - */ - @Override - public Class getRecordType() { - return OrgOkvedRecord.class; - } - - /** - * The column public.org_okved.id. - */ - public final TableField ID = createField(DSL.name("id"), SQLDataType.BIGINT.nullable(false).identity(true), this, ""); - - /** - * The column public.org_okved.code. - */ - public final TableField CODE = createField(DSL.name("code"), SQLDataType.VARCHAR(7), this, ""); - - /** - * The column public.org_okved.okved. - */ - public final TableField OKVED = createField(DSL.name("okved"), SQLDataType.CLOB, this, ""); - - /** - * The column public.org_okved.organization. - */ - public final TableField ORGANIZATION = createField(DSL.name("organization"), SQLDataType.CLOB, this, ""); - - /** - * The column public.org_okved.main_okved. - */ - public final TableField MAIN_OKVED = createField(DSL.name("main_okved"), SQLDataType.BOOLEAN, this, ""); - - private OrgOkved(Name alias, Table aliased) { - this(alias, aliased, (Field[]) null, null); - } - - private OrgOkved(Name alias, Table aliased, Field[] parameters, Condition where) { - super(alias, null, aliased, parameters, DSL.comment(""), TableOptions.table(), where); - } - - /** - * Create an aliased public.org_okved table reference - */ - public OrgOkved(String alias) { - this(DSL.name(alias), ORG_OKVED); - } - - /** - * Create an aliased public.org_okved table reference - */ - public OrgOkved(Name alias) { - this(alias, ORG_OKVED); - } - - /** - * Create a public.org_okved table reference - */ - public OrgOkved() { - this(DSL.name("org_okved"), null); - } - - @Override - public Schema getSchema() { - return aliased() ? null : Public.PUBLIC; - } - - @Override - public Identity getIdentity() { - return (Identity) super.getIdentity(); - } - - @Override - public UniqueKey getPrimaryKey() { - return Keys.ORG_OKVED_PKEY; - } - - @Override - public OrgOkved as(String alias) { - return new OrgOkved(DSL.name(alias), this); - } - - @Override - public OrgOkved as(Name alias) { - return new OrgOkved(alias, this); - } - - @Override - public OrgOkved as(Table alias) { - return new OrgOkved(alias.getQualifiedName(), this); - } - - /** - * Rename this table - */ - @Override - public OrgOkved rename(String name) { - return new OrgOkved(DSL.name(name), null); - } - - /** - * Rename this table - */ - @Override - public OrgOkved rename(Name name) { - return new OrgOkved(name, null); - } - - /** - * Rename this table - */ - @Override - public OrgOkved rename(Table name) { - return new OrgOkved(name.getQualifiedName(), null); - } - - /** - * Create an inline derived table from this table - */ - @Override - public OrgOkved where(Condition condition) { - return new OrgOkved(getQualifiedName(), aliased() ? this : null, null, condition); - } - - /** - * Create an inline derived table from this table - */ - @Override - public OrgOkved where(Collection conditions) { - return where(DSL.and(conditions)); - } - - /** - * Create an inline derived table from this table - */ - @Override - public OrgOkved where(Condition... conditions) { - return where(DSL.and(conditions)); - } - - /** - * Create an inline derived table from this table - */ - @Override - public OrgOkved where(Field condition) { - return where(DSL.condition(condition)); - } - - /** - * Create an inline derived table from this table - */ - @Override - @PlainSQL - public OrgOkved where(SQL condition) { - return where(DSL.condition(condition)); - } - - /** - * Create an inline derived table from this table - */ - @Override - @PlainSQL - public OrgOkved where(@Stringly.SQL String condition) { - return where(DSL.condition(condition)); - } - - /** - * Create an inline derived table from this table - */ - @Override - @PlainSQL - public OrgOkved where(@Stringly.SQL String condition, Object... binds) { - return where(DSL.condition(condition, binds)); - } - - /** - * Create an inline derived table from this table - */ - @Override - @PlainSQL - public OrgOkved where(@Stringly.SQL String condition, QueryPart... parts) { - return where(DSL.condition(condition, parts)); - } - - /** - * Create an inline derived table from this table - */ - @Override - public OrgOkved whereExists(Select select) { - return where(DSL.exists(select)); - } - - /** - * Create an inline derived table from this table - */ - @Override - public OrgOkved whereNotExists(Select select) { - return where(DSL.notExists(select)); - } -} diff --git a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/OrganizationAllowed.java b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/OrganizationAllowed.java new file mode 100644 index 00000000..35e9e2d2 --- /dev/null +++ b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/OrganizationAllowed.java @@ -0,0 +1,226 @@ +/* + * This file is generated by jOOQ. + */ +package ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables; + + +import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.Keys; +import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.Public; +import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.records.OrganizationAllowedRecord; + +import java.sql.Timestamp; +import java.util.Collection; + +import org.jooq.Condition; +import org.jooq.Field; +import org.jooq.Name; +import org.jooq.PlainSQL; +import org.jooq.QueryPart; +import org.jooq.SQL; +import org.jooq.Schema; +import org.jooq.Select; +import org.jooq.Stringly; +import org.jooq.Table; +import org.jooq.TableField; +import org.jooq.TableOptions; +import org.jooq.UniqueKey; +import org.jooq.impl.DSL; +import org.jooq.impl.SQLDataType; +import org.jooq.impl.TableImpl; + + +/** + * This class is generated by jOOQ. + */ +@SuppressWarnings({ "all", "unchecked", "rawtypes" }) +public class OrganizationAllowed extends TableImpl { + + private static final long serialVersionUID = 1L; + + /** + * The reference instance of public.organization_allowed + */ + public static final OrganizationAllowed ORGANIZATION_ALLOWED = new OrganizationAllowed(); + + /** + * The class holding records for this type + */ + @Override + public Class getRecordType() { + return OrganizationAllowedRecord.class; + } + + /** + * The column public.organization_allowed.ogrn. + */ + public final TableField OGRN = createField(DSL.name("ogrn"), SQLDataType.VARCHAR(15).nullable(false), this, ""); + + /** + * The column public.organization_allowed.created_at. + */ + public final TableField CREATED_AT = createField(DSL.name("created_at"), SQLDataType.TIMESTAMP(0).defaultValue(DSL.field(DSL.raw("CURRENT_TIMESTAMP"), SQLDataType.TIMESTAMP)), this, ""); + + private OrganizationAllowed(Name alias, Table aliased) { + this(alias, aliased, (Field[]) null, null); + } + + private OrganizationAllowed(Name alias, Table aliased, Field[] parameters, Condition where) { + super(alias, null, aliased, parameters, DSL.comment(""), TableOptions.table(), where); + } + + /** + * Create an aliased public.organization_allowed table + * reference + */ + public OrganizationAllowed(String alias) { + this(DSL.name(alias), ORGANIZATION_ALLOWED); + } + + /** + * Create an aliased public.organization_allowed table + * reference + */ + public OrganizationAllowed(Name alias) { + this(alias, ORGANIZATION_ALLOWED); + } + + /** + * Create a public.organization_allowed table reference + */ + public OrganizationAllowed() { + this(DSL.name("organization_allowed"), null); + } + + @Override + public Schema getSchema() { + return aliased() ? null : Public.PUBLIC; + } + + @Override + public UniqueKey getPrimaryKey() { + return Keys.ORGANIZATION_ALLOWED_PKEY; + } + + @Override + public OrganizationAllowed as(String alias) { + return new OrganizationAllowed(DSL.name(alias), this); + } + + @Override + public OrganizationAllowed as(Name alias) { + return new OrganizationAllowed(alias, this); + } + + @Override + public OrganizationAllowed as(Table alias) { + return new OrganizationAllowed(alias.getQualifiedName(), this); + } + + /** + * Rename this table + */ + @Override + public OrganizationAllowed rename(String name) { + return new OrganizationAllowed(DSL.name(name), null); + } + + /** + * Rename this table + */ + @Override + public OrganizationAllowed rename(Name name) { + return new OrganizationAllowed(name, null); + } + + /** + * Rename this table + */ + @Override + public OrganizationAllowed rename(Table name) { + return new OrganizationAllowed(name.getQualifiedName(), null); + } + + /** + * Create an inline derived table from this table + */ + @Override + public OrganizationAllowed where(Condition condition) { + return new OrganizationAllowed(getQualifiedName(), aliased() ? this : null, null, condition); + } + + /** + * Create an inline derived table from this table + */ + @Override + public OrganizationAllowed where(Collection conditions) { + return where(DSL.and(conditions)); + } + + /** + * Create an inline derived table from this table + */ + @Override + public OrganizationAllowed where(Condition... conditions) { + return where(DSL.and(conditions)); + } + + /** + * Create an inline derived table from this table + */ + @Override + public OrganizationAllowed where(Field condition) { + return where(DSL.condition(condition)); + } + + /** + * Create an inline derived table from this table + */ + @Override + @PlainSQL + public OrganizationAllowed where(SQL condition) { + return where(DSL.condition(condition)); + } + + /** + * Create an inline derived table from this table + */ + @Override + @PlainSQL + public OrganizationAllowed where(@Stringly.SQL String condition) { + return where(DSL.condition(condition)); + } + + /** + * Create an inline derived table from this table + */ + @Override + @PlainSQL + public OrganizationAllowed where(@Stringly.SQL String condition, Object... binds) { + return where(DSL.condition(condition, binds)); + } + + /** + * Create an inline derived table from this table + */ + @Override + @PlainSQL + public OrganizationAllowed where(@Stringly.SQL String condition, QueryPart... parts) { + return where(DSL.condition(condition, parts)); + } + + /** + * Create an inline derived table from this table + */ + @Override + public OrganizationAllowed whereExists(Select select) { + return where(DSL.exists(select)); + } + + /** + * Create an inline derived table from this table + */ + @Override + public OrganizationAllowed whereNotExists(Select select) { + return where(DSL.notExists(select)); + } +} diff --git a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/records/FilesRecord.java b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/records/FilesRecord.java deleted file mode 100644 index 504b1ec2..00000000 --- a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/records/FilesRecord.java +++ /dev/null @@ -1,109 +0,0 @@ -/* - * This file is generated by jOOQ. - */ -package ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.records; - - -import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.Files; - -import org.jooq.Record1; -import org.jooq.impl.UpdatableRecordImpl; - - -/** - * This class is generated by jOOQ. - */ -@SuppressWarnings({ "all", "unchecked", "rawtypes" }) -public class FilesRecord extends UpdatableRecordImpl { - - private static final long serialVersionUID = 1L; - - /** - * Setter for public.files.file_id. - */ - public void setFileId(Long value) { - set(0, value); - } - - /** - * Getter for public.files.file_id. - */ - public Long getFileId() { - return (Long) get(0); - } - - /** - * Setter for public.files.file. - */ - public void setFile(byte[] value) { - set(1, value); - } - - /** - * Getter for public.files.file. - */ - public byte[] getFile() { - return (byte[]) get(1); - } - - /** - * Setter for public.files.file_name. - */ - public void setFileName(String value) { - set(2, value); - } - - /** - * Getter for public.files.file_name. - */ - public String getFileName() { - return (String) get(2); - } - - /** - * Setter for public.files.interaction_log_id. - */ - public void setInteractionLogId(Long value) { - set(3, value); - } - - /** - * Getter for public.files.interaction_log_id. - */ - public Long getInteractionLogId() { - return (Long) get(3); - } - - // ------------------------------------------------------------------------- - // Primary key information - // ------------------------------------------------------------------------- - - @Override - public Record1 key() { - return (Record1) super.key(); - } - - // ------------------------------------------------------------------------- - // Constructors - // ------------------------------------------------------------------------- - - /** - * Create a detached FilesRecord - */ - public FilesRecord() { - super(Files.FILES); - } - - /** - * Create a detached, initialised FilesRecord - */ - public FilesRecord(Long fileId, byte[] file, String fileName, Long interactionLogId) { - super(Files.FILES); - - setFileId(fileId); - setFile(file); - setFileName(fileName); - setInteractionLogId(interactionLogId); - resetChangedOnNotNull(); - } -} diff --git a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/records/InteractionLogRecord.java b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/records/InteractionLogRecord.java index a0d6ee23..3ae205b8 100644 --- a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/records/InteractionLogRecord.java +++ b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/records/InteractionLogRecord.java @@ -159,6 +159,20 @@ public class InteractionLogRecord extends TableRecordImpl return (String) get(9); } + /** + * Setter for public.interaction_log.offset. + */ + public void setOffset(String value) { + set(10, value); + } + + /** + * Getter for public.interaction_log.offset. + */ + public String getOffset() { + return (String) get(10); + } + // ------------------------------------------------------------------------- // Constructors // ------------------------------------------------------------------------- @@ -173,7 +187,7 @@ public class InteractionLogRecord extends TableRecordImpl /** * Create a detached, initialised InteractionLogRecord */ - public InteractionLogRecord(Long id, Timestamp sentDate, String form, String sender, String status, String fileName, Integer recordsSent, Integer recordsAccepted, String fileId, String ervuId) { + public InteractionLogRecord(Long id, Timestamp sentDate, String form, String sender, String status, String fileName, Integer recordsSent, Integer recordsAccepted, String fileId, String ervuId, String offset) { super(InteractionLog.INTERACTION_LOG); setId(id); @@ -186,6 +200,7 @@ public class InteractionLogRecord extends TableRecordImpl setRecordsAccepted(recordsAccepted); setFileId(fileId); setErvuId(ervuId); + setOffset(offset); resetChangedOnNotNull(); } } diff --git a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/records/OrgOkvedRecord.java b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/records/OrgOkvedRecord.java deleted file mode 100644 index 7570d690..00000000 --- a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/records/OrgOkvedRecord.java +++ /dev/null @@ -1,124 +0,0 @@ -/* - * This file is generated by jOOQ. - */ -package ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.records; - - -import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.OrgOkved; - -import org.jooq.Record1; -import org.jooq.impl.UpdatableRecordImpl; - - -/** - * This class is generated by jOOQ. - */ -@SuppressWarnings({ "all", "unchecked", "rawtypes" }) -public class OrgOkvedRecord extends UpdatableRecordImpl { - - private static final long serialVersionUID = 1L; - - /** - * Setter for public.org_okved.id. - */ - public void setId(Long value) { - set(0, value); - } - - /** - * Getter for public.org_okved.id. - */ - public Long getId() { - return (Long) get(0); - } - - /** - * Setter for public.org_okved.code. - */ - public void setCode(String value) { - set(1, value); - } - - /** - * Getter for public.org_okved.code. - */ - public String getCode() { - return (String) get(1); - } - - /** - * Setter for public.org_okved.okved. - */ - public void setOkved(String value) { - set(2, value); - } - - /** - * Getter for public.org_okved.okved. - */ - public String getOkved() { - return (String) get(2); - } - - /** - * Setter for public.org_okved.organization. - */ - public void setOrganization(String value) { - set(3, value); - } - - /** - * Getter for public.org_okved.organization. - */ - public String getOrganization() { - return (String) get(3); - } - - /** - * Setter for public.org_okved.main_okved. - */ - public void setMainOkved(Boolean value) { - set(4, value); - } - - /** - * Getter for public.org_okved.main_okved. - */ - public Boolean getMainOkved() { - return (Boolean) get(4); - } - - // ------------------------------------------------------------------------- - // Primary key information - // ------------------------------------------------------------------------- - - @Override - public Record1 key() { - return (Record1) super.key(); - } - - // ------------------------------------------------------------------------- - // Constructors - // ------------------------------------------------------------------------- - - /** - * Create a detached OrgOkvedRecord - */ - public OrgOkvedRecord() { - super(OrgOkved.ORG_OKVED); - } - - /** - * Create a detached, initialised OrgOkvedRecord - */ - public OrgOkvedRecord(Long id, String code, String okved, String organization, Boolean mainOkved) { - super(OrgOkved.ORG_OKVED); - - setId(id); - setCode(code); - setOkved(okved); - setOrganization(organization); - setMainOkved(mainOkved); - resetChangedOnNotNull(); - } -} diff --git a/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/records/OrganizationAllowedRecord.java b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/records/OrganizationAllowedRecord.java new file mode 100644 index 00000000..13f6027d --- /dev/null +++ b/backend/src/main/java/ervu_lkrp_ul/ervu_lkrp_ul/db_beans/public_/tables/records/OrganizationAllowedRecord.java @@ -0,0 +1,81 @@ +/* + * This file is generated by jOOQ. + */ +package ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.records; + + +import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.OrganizationAllowed; + +import java.sql.Timestamp; + +import org.jooq.Record1; +import org.jooq.impl.UpdatableRecordImpl; + + +/** + * This class is generated by jOOQ. + */ +@SuppressWarnings({ "all", "unchecked", "rawtypes" }) +public class OrganizationAllowedRecord extends UpdatableRecordImpl { + + private static final long serialVersionUID = 1L; + + /** + * Setter for public.organization_allowed.ogrn. + */ + public void setOgrn(String value) { + set(0, value); + } + + /** + * Getter for public.organization_allowed.ogrn. + */ + public String getOgrn() { + return (String) get(0); + } + + /** + * Setter for public.organization_allowed.created_at. + */ + public void setCreatedAt(Timestamp value) { + set(1, value); + } + + /** + * Getter for public.organization_allowed.created_at. + */ + public Timestamp getCreatedAt() { + return (Timestamp) get(1); + } + + // ------------------------------------------------------------------------- + // Primary key information + // ------------------------------------------------------------------------- + + @Override + public Record1 key() { + return (Record1) super.key(); + } + + // ------------------------------------------------------------------------- + // Constructors + // ------------------------------------------------------------------------- + + /** + * Create a detached OrganizationAllowedRecord + */ + public OrganizationAllowedRecord() { + super(OrganizationAllowed.ORGANIZATION_ALLOWED); + } + + /** + * Create a detached, initialised OrganizationAllowedRecord + */ + public OrganizationAllowedRecord(String ogrn, Timestamp createdAt) { + super(OrganizationAllowed.ORGANIZATION_ALLOWED); + + setOgrn(ogrn); + setCreatedAt(createdAt); + resetChangedOnNotNull(); + } +} diff --git a/backend/src/main/java/ru/micord/ervu/dao/OrganizationAccessDao.java b/backend/src/main/java/ru/micord/ervu/dao/OrganizationAccessDao.java new file mode 100644 index 00000000..c8843fba --- /dev/null +++ b/backend/src/main/java/ru/micord/ervu/dao/OrganizationAccessDao.java @@ -0,0 +1,25 @@ +package ru.micord.ervu.dao; + +import ervu_lkrp_ul.ervu_lkrp_ul.db_beans.public_.tables.OrganizationAllowed; +import org.jooq.DSLContext; + +import org.springframework.stereotype.Repository; + +/** + * @author Adel Kalimullin + */ +@Repository +public class OrganizationAccessDao { + private final DSLContext dsl; + + public OrganizationAccessDao(DSLContext dsl) { + this.dsl = dsl; + } + + public boolean existsByOgrn(String ogrn) { + return dsl.fetchExists( + dsl.selectFrom(OrganizationAllowed.ORGANIZATION_ALLOWED) + .where(OrganizationAllowed.ORGANIZATION_ALLOWED.OGRN.eq(ogrn)) + ); + } +} diff --git a/backend/src/main/java/ru/micord/ervu/security/SecurityConstants.java b/backend/src/main/java/ru/micord/ervu/security/SecurityConstants.java index bc77f591..d04446d4 100644 --- a/backend/src/main/java/ru/micord/ervu/security/SecurityConstants.java +++ b/backend/src/main/java/ru/micord/ervu/security/SecurityConstants.java @@ -6,4 +6,6 @@ public class SecurityConstants { public static final String AUTH_MARKER = "webbpm.ervu-lkrp-ul"; public static final String PRNS_UUID = "prns_uuid_ul"; public static final String STICKY_SESSION = "stickysession"; + public static final String UPLOAD_ALLOWED_MARKER = "upload_allowed"; + public static final String EMPLOYEE_DOCUMENT_PATH = "/employee/document"; } diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java index a9f403db..7929dcca 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java @@ -62,6 +62,7 @@ import ru.micord.ervu.security.webbpm.jwt.JwtAuthentication; import ru.micord.ervu.security.webbpm.jwt.helper.SecurityHelper; import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService; import ru.micord.ervu.security.webbpm.jwt.model.Token; +import ru.micord.ervu.service.UploadAccessService; import ru.cg.webbpm.modules.core.runtime.api.LocalizedException; import ru.cg.webbpm.modules.core.runtime.api.MessageBundleUtils; @@ -93,6 +94,8 @@ public class EsiaAuthService { private SecurityHelper securityHelper; @Autowired private AuditService auditService; + @Autowired + private UploadAccessService uploadAccessService; @Value("${ervu.kafka.org.reply.topic}") private String requestReplyTopic; @@ -191,6 +194,7 @@ public class EsiaAuthService { String prnOid = null; Long expiresIn = null; boolean hasRole = false; + boolean fileUploadAllowed = false; long timeSignSecret = 0, timeRequestAccessToken = 0, timeVerifySecret = 0; verifyStateFromCookie(request, state, response); try { @@ -280,6 +284,7 @@ public class EsiaAuthService { try { orgInfo = getOrgInfo(esiaAccessTokenStr); hasRole = ulDataService.checkRole(esiaAccessTokenStr); + fileUploadAllowed = uploadAccessService.canUploadFiles(orgInfo.getOgrn()); ervuId = getErvuId(prnOid, orgInfo); if (!hasRole) { LOGGER.error("The user with id = " + prnOid + " does not have the required role"); @@ -298,7 +303,7 @@ public class EsiaAuthService { auditService.processAuthEvent(request, orgInfo, prnOid, status, AuditConstants.LOGIN_EVENT_TYPE); } - createTokenAndAddCookie(response, prnOid, ervuId, hasRole , expiresIn); + createTokenAndAddCookie(response, prnOid, ervuId, hasRole, fileUploadAllowed, expiresIn); } } @@ -371,8 +376,9 @@ public class EsiaAuthService { EsiaAuthInfoStore.addAccessToken(prnOid, esiaAccessTokenStr, expiresIn); EsiaAuthInfoStore.addRefreshToken(prnOid, esiaNewRefreshToken, expiresIn); OrgInfo orgInfo = getOrgInfo(esiaAccessTokenStr); + boolean fileUploadAllowed = uploadAccessService.canUploadFiles(orgInfo.getOgrn()); String ervuId = getErvuId(prnOid, orgInfo); - createTokenAndAddCookie(response, esiaAccessToken.getSbjId(), ervuId, true, expiresIn); + createTokenAndAddCookie(response, esiaAccessToken.getSbjId(), ervuId, true, fileUploadAllowed, expiresIn); } catch (EsiaException | IOException | InterruptedException e) { throw new EsiaException(e); @@ -548,9 +554,9 @@ public class EsiaAuthService { } private void createTokenAndAddCookie(HttpServletResponse response, String userId, String ervuId, - Boolean hasRole, Long expiresIn) { - Token token = jwtTokenService.createAccessToken(userId, expiresIn, ervuId, hasRole); - securityHelper.addAccessCookies(response, token.getValue(), expiresIn.intValue()); + Boolean hasRole, Boolean fileUploadAllowed, Long expiresIn) { + Token token = jwtTokenService.createAccessToken(userId, expiresIn, ervuId, hasRole, fileUploadAllowed); + securityHelper.addAccessCookies(response, token.getValue(), expiresIn.intValue(), fileUploadAllowed); UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(token.getUserAccountId(), null); SecurityContext context = SecurityContextHolder.createEmptyContext(); diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/JwtAuthenticationProvider.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/JwtAuthenticationProvider.java index 8e81e753..ff280904 100644 --- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/JwtAuthenticationProvider.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/JwtAuthenticationProvider.java @@ -6,6 +6,7 @@ import javax.servlet.http.HttpServletRequest; import io.jsonwebtoken.ExpiredJwtException; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.AccessDeniedException; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.CredentialsExpiredException; @@ -19,10 +20,10 @@ import ru.micord.ervu.security.webbpm.jwt.model.Token; import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService; import static org.springframework.web.context.request.RequestAttributes.REFERENCE_REQUEST; +import static ru.micord.ervu.security.SecurityConstants.EMPLOYEE_DOCUMENT_PATH; @Component public class JwtAuthenticationProvider implements AuthenticationProvider { - private final JwtTokenService jwtTokenService; @Autowired @@ -56,6 +57,12 @@ public class JwtAuthenticationProvider implements AuthenticationProvider { } if (jwtTokenService.isValid(token) && token.getHasRole()) { + String requestPath = request.getRequestURI(); + if (EMPLOYEE_DOCUMENT_PATH.equals(requestPath) && + Boolean.FALSE.equals(token.isFileUploadAllowed())) { + throw new AccessDeniedException("File upload is not allowed for this organization"); + } + UsernamePasswordAuthenticationToken pwdToken = UsernamePasswordAuthenticationToken.authenticated(token.getUserAccountId(), null, Collections.emptyList() diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/helper/SecurityHelper.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/helper/SecurityHelper.java index bc697581..649ab86b 100644 --- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/helper/SecurityHelper.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/helper/SecurityHelper.java @@ -17,6 +17,7 @@ import static org.springframework.web.context.request.RequestAttributes.REFERENC import static ru.micord.ervu.security.SecurityConstants.AUTH_MARKER; import static ru.micord.ervu.security.SecurityConstants.AUTH_TOKEN; import static ru.micord.ervu.security.SecurityConstants.PRNS_UUID; +import static ru.micord.ervu.security.SecurityConstants.UPLOAD_ALLOWED_MARKER; public final class SecurityHelper { @Value("${cookie.path:#{null}}") @@ -45,6 +46,14 @@ public final class SecurityHelper { .httpOnly(false) .build(); addResponseCookie(response, emptyAuthMarker); + + ResponseCookie emptyUploadAllowed = createCookie(UPLOAD_ALLOWED_MARKER, null, "/") + .maxAge(0) + .secure(false) + .httpOnly(false) + .build(); + addResponseCookie(response, emptyUploadAllowed); + clearCookie(response, PRNS_UUID, accessCookiePath); } @@ -52,7 +61,8 @@ public final class SecurityHelper { response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString()); } - public void addAccessCookies(HttpServletResponse response, String cookieValue, int expiry) { + public void addAccessCookies(HttpServletResponse response, String cookieValue, int expiry, + Boolean fileUploadAllowed) { ResponseCookie authTokenCookie = createCookie(AUTH_TOKEN, cookieValue, accessCookiePath) .maxAge(expiry) .build(); @@ -64,6 +74,15 @@ public final class SecurityHelper { .httpOnly(false) .build(); addResponseCookie(response, authMarker); + + if (fileUploadAllowed) { + ResponseCookie uploadAllowedCookie = createCookie(UPLOAD_ALLOWED_MARKER, "true", "/") + .maxAge(expiry) + .secure(false) + .httpOnly(false) + .build(); + addResponseCookie(response, uploadAllowedCookie); + } } public ResponseCookie.ResponseCookieBuilder createCookie(String name, String value, String path) { diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/model/Token.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/model/Token.java index c64413ed..9e9b5374 100644 --- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/model/Token.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/model/Token.java @@ -8,13 +8,16 @@ public class Token { private final Date expirationDate; private final String value; private final Boolean hasRole; + private final Boolean fileUploadAllowed; - public Token(String userAccountId, String issuer, Date expirationDate, String value, Boolean hasRole) { + public Token(String userAccountId, String issuer, Date expirationDate, String value, Boolean hasRole, + Boolean fileUploadAllowed) { this.userAccountId = userAccountId; this.issuer = issuer; this.expirationDate = expirationDate; this.value = value; this.hasRole = hasRole; + this.fileUploadAllowed = fileUploadAllowed; } public String getUserAccountId() { @@ -40,4 +43,8 @@ public class Token { public Boolean getHasRole() { return hasRole; } + + public Boolean isFileUploadAllowed() { + return fileUploadAllowed; + } } diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java index 75b1eabe..386f1063 100644 --- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java @@ -43,8 +43,7 @@ public class JwtTokenService { this.signingKey = Keys.hmacShaKeyFor(encodedKey); } - public Token createAccessToken(String userAccountId, Long expiresIn, String ervuId, Boolean hasRole) { - + public Token createAccessToken(String userAccountId, Long expiresIn, String ervuId, Boolean hasRole, Boolean fileUploadAllowed) { Date expirationDate = new Date(System.currentTimeMillis() + 1000L * expiresIn); String value = Jwts.builder() .setSubject(userAccountId + ":" + ervuId) @@ -52,9 +51,12 @@ public class JwtTokenService { .setIssuedAt(new Date(System.currentTimeMillis())) .setExpiration(expirationDate) .claim("hasRole", hasRole) + .claim("fileUploadAllowed", fileUploadAllowed) .signWith(signingKey) .compact(); - return new Token(userAccountId + ":" + ervuId, tokenIssuerName, expirationDate, value, hasRole); + return new Token(userAccountId + ":" + ervuId, tokenIssuerName, expirationDate, value, hasRole, + fileUploadAllowed + ); } public boolean isValid(Token token) { @@ -77,7 +79,9 @@ public class JwtTokenService { .parseClaimsJws(token) .getBody(); - return new Token(claims.getSubject(), claims.getIssuer(), claims.getExpiration(), token, claims.get("hasRole", Boolean.class)); + return new Token(claims.getSubject(), claims.getIssuer(), claims.getExpiration(), token, + claims.get("hasRole", Boolean.class), claims.get("fileUploadAllowed", Boolean.class) + ); } public String getAccessToken(HttpServletRequest request) { diff --git a/backend/src/main/java/ru/micord/ervu/service/UploadAccessService.java b/backend/src/main/java/ru/micord/ervu/service/UploadAccessService.java new file mode 100644 index 00000000..e02495b4 --- /dev/null +++ b/backend/src/main/java/ru/micord/ervu/service/UploadAccessService.java @@ -0,0 +1,32 @@ +package ru.micord.ervu.service; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Service; +import org.springframework.util.StringUtils; +import ru.micord.ervu.dao.OrganizationAccessDao; + + +/** + * @author Adel Kalimullin + */ +@Service +public class UploadAccessService { + private final OrganizationAccessDao organizationAccessDao; + private final boolean ogrnCheckEnabled; + + public UploadAccessService( + OrganizationAccessDao organizationAccessDao, + @Value("${file.upload.ogrn_check.enabled:false}") boolean ogrnCheckEnabled + ) { + this.organizationAccessDao = organizationAccessDao; + this.ogrnCheckEnabled = ogrnCheckEnabled; + } + + public boolean canUploadFiles(String ogrn) { + if (!ogrnCheckEnabled) { + return true; + } + + return StringUtils.hasText(ogrn) && organizationAccessDao.existsByOgrn(ogrn); + } +} diff --git a/backend/src/main/resources/config/v_1.0/2025-10-24-add-org-allowed-table.xml b/backend/src/main/resources/config/v_1.0/2025-10-24-add-org-allowed-table.xml new file mode 100644 index 00000000..97e102d6 --- /dev/null +++ b/backend/src/main/resources/config/v_1.0/2025-10-24-add-org-allowed-table.xml @@ -0,0 +1,14 @@ + + + + + Create table for organizations allowed to upload files + + + + + + + + + diff --git a/backend/src/main/resources/config/v_1.0/changelog-v_1.0.xml b/backend/src/main/resources/config/v_1.0/changelog-v_1.0.xml index 21dee61d..ae476ae2 100644 --- a/backend/src/main/resources/config/v_1.0/changelog-v_1.0.xml +++ b/backend/src/main/resources/config/v_1.0/changelog-v_1.0.xml @@ -8,5 +8,6 @@ + \ No newline at end of file diff --git a/frontend/src/ts/ervu/FileUploadChecker.ts b/frontend/src/ts/ervu/FileUploadChecker.ts new file mode 100644 index 00000000..f8ea59f7 --- /dev/null +++ b/frontend/src/ts/ervu/FileUploadChecker.ts @@ -0,0 +1,17 @@ +import {Behavior, Visible} from "@webbpm/base-package"; +import {CookieService} from "ngx-cookie"; + +export class FileUploadChecker extends Behavior { + private cookieService: CookieService; + + + initialize() { + this.cookieService = this.injector.get(CookieService); + } + + + @Visible() + public fileUploadAllowed(): boolean { + return this.cookieService.get("upload_allowed") != null; + } +} \ No newline at end of file diff --git a/resources/src/main/resources/business-model/Личный кабинет юр лица.page b/resources/src/main/resources/business-model/Личный кабинет юр лица.page index eb8f7f58..bf1ec2fc 100644 --- a/resources/src/main/resources/business-model/Личный кабинет юр лица.page +++ b/resources/src/main/resources/business-model/Личный кабинет юр лица.page @@ -172,6 +172,14 @@ + + + FileUploadChecker + ervu + + true + true + 9d1b5af1-0b8f-4b1b-b9a5-c2e6acf72d91 829f09dd-e33f-4b1f-90ea-16994e373d7e @@ -887,6 +895,7 @@ 1a3543a3-3797-4d65-8319-d88e8ccd34e1 Диалог - выбор файла и отправка true + false false @@ -913,6 +922,30 @@ elseActions + + + + + behavior + + {"objectId":"93a1b29d-c3c8-4300-a063-44720562dff3","packageName":"component","className":"Dialog","type":"TS"} + + + + method + + "show" + + + + value + + null + + + + + @@ -943,6 +976,79 @@ ifCondition + + conditions + + + + + + _isGroupSelected + + false + + + + one + + + + conditionFirstPart + + + + objectValue + + + + behavior + + {"objectId":"4e49112c-ab94-49d7-b070-a69609516251","packageName":"ervu","className":"FileUploadChecker","type":"TS"} + + + + method + + "fileUploadAllowed" + + + + + + + + + + conditionSecondPart + + + + staticValue + + + boolean + + +true + + + + + + + operation + + "EQUALS" + + + + + + + + + + logicalOperation @@ -4476,6 +4582,35 @@ false + + elseActions + + + + + + behavior + + {"objectId":"93a1b29d-c3c8-4300-a063-44720562dff3","packageName":"component","className":"Dialog","type":"TS"} + + + + method + + "show" + + + + value + + null + + + + + + + eventRefs @@ -4503,6 +4638,79 @@ ifCondition + + conditions + + + + + + _isGroupSelected + + false + + + + one + + + + conditionFirstPart + + + + objectValue + + + + behavior + + {"objectId":"4e49112c-ab94-49d7-b070-a69609516251","packageName":"ervu","className":"FileUploadChecker","type":"TS"} + + + + method + + "fileUploadAllowed" + + + + + + + + + + conditionSecondPart + + + + staticValue + + + boolean + + +true + + + + + + + operation + + "EQUALS" + + + + + + + + + + logicalOperation @@ -7839,6 +8047,30 @@ elseActions + + + + + behavior + + {"objectId":"93a1b29d-c3c8-4300-a063-44720562dff3","packageName":"component","className":"Dialog","type":"TS"} + + + + method + + "show" + + + + value + + null + + + + + @@ -7869,6 +8101,79 @@ ifCondition + + conditions + + + + + + _isGroupSelected + + false + + + + one + + + + conditionFirstPart + + + + objectValue + + + + behavior + + {"objectId":"4e49112c-ab94-49d7-b070-a69609516251","packageName":"ervu","className":"FileUploadChecker","type":"TS"} + + + + method + + "fileUploadAllowed" + + + + + + + + + + conditionSecondPart + + + + staticValue + + + boolean + + +true + + + + + + + operation + + "EQUALS" + + + + + + + + + + logicalOperation @@ -11323,6 +11628,35 @@ false + + elseActions + + + + + + behavior + + {"objectId":"93a1b29d-c3c8-4300-a063-44720562dff3","packageName":"component","className":"Dialog","type":"TS"} + + + + method + + "show" + + + + value + + null + + + + + + + eventRefs @@ -11350,6 +11684,79 @@ ifCondition + + conditions + + + + + + _isGroupSelected + + false + + + + one + + + + conditionFirstPart + + + + objectValue + + + + behavior + + {"objectId":"4e49112c-ab94-49d7-b070-a69609516251","packageName":"ervu","className":"FileUploadChecker","type":"TS"} + + + + method + + "fileUploadAllowed" + + + + + + + + + + conditionSecondPart + + + + staticValue + + + boolean + + +true + + + + + + + operation + + "EQUALS" + + + + + + + + + + logicalOperation @@ -14126,7 +14533,6 @@ 991237d3-8cb9-48af-8501-030a3c8c6cfc Группа полей true - false false @@ -14873,6 +15279,35 @@ false + + elseActions + + + + + + behavior + + {"objectId":"93a1b29d-c3c8-4300-a063-44720562dff3","packageName":"component","className":"Dialog","type":"TS"} + + + + method + + "show" + + + + value + + null + + + + + + + eventRefs @@ -14900,6 +15335,79 @@ ifCondition + + conditions + + + + + + _isGroupSelected + + false + + + + one + + + + conditionFirstPart + + + + objectValue + + + + behavior + + {"objectId":"4e49112c-ab94-49d7-b070-a69609516251","packageName":"ervu","className":"FileUploadChecker","type":"TS"} + + + + method + + "fileUploadAllowed" + + + + + + + + + + conditionSecondPart + + + + staticValue + + + boolean + + +true + + + + + + + operation + + "EQUALS" + + + + + + + + + + logicalOperation @@ -18327,4 +18835,207 @@ + + 86f297f1-ab3d-40e0-ac2f-89cc944b7f0a + 93a1b29d-c3c8-4300-a063-44720562dff3 + Диалог- временное решение для загрузки файла + true + false + + + + closable + + false + + + + cssClasses + + + +"align-center" + + + + +"win-error" + + + + + + + + + + + + 98594cec-0a9b-4cef-af09-e1b71cb2ad9e + d6e0aa92-78ed-470e-8a98-9cce3f30efe5 + Обработка событий-show dialog + false + true + + + 9d1b5af1-0b8f-4b1b-b9a5-c2e6acf72d91 + 03e9410a-8d47-4a74-b0c3-cfb8900004f1 + Вертикальный контейнер + true + false + + + + + + + ba24d307-0b91-4299-ba82-9d0b52384ff2 + 8e234aed-6ad7-4e00-834f-e043f2d29c55 + Текст + false + false + + + + collectible + +false + + + + initialValue + +"Система находится в опытной эксплуатации. Функция загрузки данных от организаций будет доступна позднее." + + + + + + + + + false + + + + fd7e47b9-dce1-4d14-9f3a-580c79f59579 + b32b3411-2032-4713-8c5c-67cb114ad231 + Кнопка + false + true + + + + 9d1b5af1-0b8f-4b1b-b9a5-c2e6acf72d91 + b28dce91-46cb-46fe-a309-ccc2ace6cb34 + Вертикальный контейнер + true + false + + + + + + + 98594cec-0a9b-4cef-af09-e1b71cb2ad9e + 14c11640-a5b2-4aea-a6a7-4b1ff334de7c + Обработка событий-close dialog + false + false + + + + eventRefs + + + + + + behavior + + {"objectId":"b32b3411-2032-4713-8c5c-67cb114ad231","packageName":"component.button","className":"Button","type":"TS"} + + + + propertyName + + "successActionEvent" + + + + + + + + + ifCondition + + + + logicalOperation + + null + + + + + + + thenActions + + + + + + behavior + + {"objectId":"93a1b29d-c3c8-4300-a063-44720562dff3","packageName":"component","className":"Dialog","type":"TS"} + + + + method + + "hide" + + + + value + + null + + + + + + + + + + + + fd7e47b9-dce1-4d14-9f3a-580c79f59579 + b32b3411-2032-4713-8c5c-67cb114ad231 + Кнопка + false + false + + + + caption + +"Закрыть" + + + + + + + d7d54cfb-26b5-4dba-b56f-b6247183c24d + f6703dc0-c93c-4d28-adb7-a04faf79a920 + Горизонтальный контейнер + true + true + + +