jjimenez/erp-imprimelibros
1
0
Fork 0
mirror of https://git.imnavajas.es/jjimenez/erp-imprimelibros.git synced 2026-02-10 21:09:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'fix/problema_impersonate' into 'main'

Browse Source 
arreglado el problema http. el superadmin no puede ser impersonate

See merge request jjimenez/erp-imprimelibros!41
This commit is contained in:
Jaime Jimenez Ortega
2026-02-09 11:19:53 +00:00
parent 433a055b14 8282c92419
commit cef0af1bd2
4 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/main/java/com/imprimelibros/erp/users/ImpersonationController.java
View File

@ -11,6 +11,7 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
@ -37,28 +38,28 @@ public class ImpersonationController {
@PostMapping("/impersonate") @PostMapping("/impersonate")
@PreAuthorize("hasRole('ADMIN') or hasRole('SUPERADMIN')") @PreAuthorize("hasRole('ADMIN') or hasRole('SUPERADMIN')")
public String impersonate( public ResponseEntity<Void> impersonate(
@RequestParam("username") String username, @RequestParam("username") String username,
Authentication authentication, Authentication authentication,
HttpServletRequest request) { HttpServletRequest request) {
if (authentication == null) { if (authentication == null) {
return "redirect:/login"; return ResponseEntity.status(401).build();
} }
if (hasRole(authentication, PREVIOUS_ADMIN_ROLE)) { if (hasRole(authentication, PREVIOUS_ADMIN_ROLE)) {
return "redirect:/"; return ResponseEntity.status(409).build();
} }
String normalized = sanitizer.plain(username); String normalized = sanitizer.plain(username);
if (normalized == null || normalized.isBlank()) { if (normalized == null || normalized.isBlank()) {
return "redirect:/users"; return ResponseEntity.badRequest().build();
} }
normalized = normalized.trim().toLowerCase(); normalized = normalized.trim().toLowerCase();
if (authentication.getName() != null if (authentication.getName() != null
&& authentication.getName().equalsIgnoreCase(normalized)) { && authentication.getName().equalsIgnoreCase(normalized)) {
return "redirect:/users"; return ResponseEntity.status(409).build();
} }
UserDetails target; UserDetails target;
@ -68,10 +69,9 @@ public class ImpersonationController {
throw new AccessDeniedException("No autorizado"); throw new AccessDeniedException("No autorizado");
} }
boolean currentIsSuperAdmin = hasRole(authentication, "ROLE_SUPERADMIN");
boolean targetIsSuperAdmin = target.getAuthorities().stream() boolean targetIsSuperAdmin = target.getAuthorities().stream()
.anyMatch(a -> "ROLE_SUPERADMIN".equals(a.getAuthority())); .anyMatch(a -> "ROLE_SUPERADMIN".equals(a.getAuthority()));
if (targetIsSuperAdmin && !currentIsSuperAdmin) { if (targetIsSuperAdmin) {
throw new AccessDeniedException("No autorizado"); throw new AccessDeniedException("No autorizado");
} }
@ -88,7 +88,7 @@ public class ImpersonationController {
newAuth.setDetails(authentication.getDetails()); newAuth.setDetails(authentication.getDetails());
SecurityContextHolder.getContext().setAuthentication(newAuth); SecurityContextHolder.getContext().setAuthentication(newAuth);
return "redirect:/"; return ResponseEntity.noContent().build();
} }
@PostMapping("/impersonate/exit") @PostMapping("/impersonate/exit")

2
src/main/java/com/imprimelibros/erp/users/UserController.java
View File

@ -151,7 +151,7 @@ public class UserController {
.append(user.getId()) .append(user.getId())
.append("\" class=\"link-success btn-edit-user fs-15\"><i class=\"ri-edit-2-line\"></i></a>"); .append("\" class=\"link-success btn-edit-user fs-15\"><i class=\"ri-edit-2-line\"></i></a>");
if (!isSelf && (isSuperAdmin || !targetIsSuperAdmin)) { if (!isSelf && !targetIsSuperAdmin) {
actions.append("<a href=\"javascript:void(0);\" data-username=\"") actions.append("<a href=\"javascript:void(0);\" data-username=\"")
.append(user.getUserName()) .append(user.getUserName())
.append("\" class=\"link-info btn-impersonate-user fs-15\"><i class=\"ri-user-shared-line\"></i></a>"); .append("\" class=\"link-info btn-impersonate-user fs-15\"><i class=\"ri-user-shared-line\"></i></a>");

2
src/main/resources/application.properties
View File

@ -1,7 +1,7 @@
spring.application.name=erp spring.application.name=erp
# Active profile # Active profile
#spring.profiles.active=local #spring.profiles.active=local
spring.profiles.active=local spring.profiles.active=dev
#spring.profiles.active=test #spring.profiles.active=test
#spring.profiles.active=prod #spring.profiles.active=prod

2
src/main/resources/i18n/users_es.properties
View File

@ -61,7 +61,7 @@ usuarios.delete.text=¿Está seguro de que desea eliminar al usuario?<br>Esta ac
usuarios.delete.ok.title=Usuario eliminado usuarios.delete.ok.title=Usuario eliminado
usuarios.delete.ok.text=El usuario ha sido eliminado con éxito. usuarios.delete.ok.text=El usuario ha sido eliminado con éxito.
usuarios.impersonate.title=Entrar como usuario usuarios.impersonate.title=Entrar como usuario
usuarios.impersonate.text=Vas a iniciar sesión como <b>{0}</b>. Podrás volver a tu usuario desde el menú. usuarios.impersonate.text=Vas a iniciar sesión como <b>{0}</b>. Podrás volver a tu usuario desde el menú.
usuarios.impersonate.button=Entrar usuarios.impersonate.button=Entrar
usuarios.profile.title=Editar perfil usuarios.profile.title=Editar perfil
usuarios.profile.success=Perfil actualizado correctamente. usuarios.profile.success=Perfil actualizado correctamente.