From 1c85f2b0fd64dda2549b5b4566d0f56242f39e24 Mon Sep 17 00:00:00 2001
From: _Bastler <git@bstly.de>
Date: Sat, 19 Feb 2022 10:14:19 +0100
Subject: [PATCH] fix permission calc

---
 .../we/businesslogic/PermissionManager.java   | 70 ++++++++++++-------
 .../oidc/businesslogic/OidcTokenManager.java  |  1 +
 pom.xml                                       |  2 +-
 3 files changed, 46 insertions(+), 27 deletions(-)

diff --git a/core/src/main/java/de/bstly/we/businesslogic/PermissionManager.java b/core/src/main/java/de/bstly/we/businesslogic/PermissionManager.java
index a3fb9df..2b21309 100755
--- a/core/src/main/java/de/bstly/we/businesslogic/PermissionManager.java
+++ b/core/src/main/java/de/bstly/we/businesslogic/PermissionManager.java
@@ -46,9 +46,26 @@ public class PermissionManager implements UserDataProvider {
 	 * @return the list
 	 */
 	public List<Permission> get(Long target, String name) {
-		if (target != null) {
+		if (target != null && StringUtils.hasText(name)) {
 			return Lists.newArrayList(permissionRepository
-					.findAll(qPermission.name.eq(name).and(qPermission.target.eq(target))));
+					.findAll(qPermission.target.eq(target).and(qPermission.name.eq(name))));
+		}
+		return Lists.newArrayList();
+	}
+
+	/**
+	 * Gets the not expires.
+	 *
+	 * @param target the target
+	 * @param name the name
+	 * @return the not expires
+	 */
+	public List<Permission> getNotExpires(Long target, String name) {
+		if (target != null && StringUtils.hasText(name)) {
+			return Lists.newArrayList(permissionRepository
+					.findAll(qPermission.target.eq(target).and(qPermission.name.eq(name))
+							.and(qPermission.expires.after(Instant.now()).and(qPermission.starts
+									.isNull().or(qPermission.starts.before(Instant.now()))))));
 		}
 		return Lists.newArrayList();
 	}
@@ -169,16 +186,12 @@ public class PermissionManager implements UserDataProvider {
 	 * @return the permission
 	 */
 	public Permission update(Permission permission) {
-		Assert.isTrue(
-				permissionRepository.exists(qPermission.target
-						.eq(permission.getTarget()).and(qPermission.name.eq(permission.getName()))),
-				"Permission '"
-						+ permission.getName()
-						+ "' for target + '"
-						+ permission.getTarget()
-						+ "' not exists!");
-		Permission updatePermission = permissionRepository.findOne(qPermission.target
-				.eq(permission.getTarget()).and(qPermission.name.eq(permission.getName()))).get();
+		Assert.isTrue(permissionRepository.existsById(permission.getId()), "Permission '"
+				+ permission.getName()
+				+ "' for target + '"
+				+ permission.getTarget()
+				+ "' not exists!");
+		Permission updatePermission = permissionRepository.getById(permission.getId());
 		updatePermission.setStarts(permission.getStarts());
 		updatePermission.setExpires(permission.getExpires());
 		updatePermission.setAddon(permission.isAddon());
@@ -215,17 +228,9 @@ public class PermissionManager implements UserDataProvider {
 	 * @param name the name
 	 */
 	public void delete(Long target, String name) {
-		Assert.isTrue(
-				permissionRepository
-						.exists(qPermission.target.eq(target).and(qPermission.name.eq(name))),
-				"Permission '"
-						+ name
-						+ "' for target + '"
-						+ target
-						+ "' not exists!");
-		Permission delete = permissionRepository
-				.findOne(qPermission.target.eq(target).and(qPermission.name.eq(name))).get();
-		permissionRepository.delete(delete);
+		for (Permission permission : get(target, name)) {
+			permissionRepository.delete(permission);
+		}
 	}
 
 	/**
@@ -345,9 +350,17 @@ public class PermissionManager implements UserDataProvider {
 				List<Permission> existingPermissions = get(target, name);
 
 				for (Permission existingPermission : existingPermissions) {
-					if (existingPermission.getStarts() == null) {
-						permission = existingPermission;
-						break;
+					if (existingPermission.getExpires().isBefore(expires)) {
+						if (starts != null) {
+							if (existingPermission.getStarts() == null
+									|| existingPermission.getStarts().isAfter(starts)) {
+								permission = existingPermission;
+								break;
+							}
+						} else if (existingPermission.getStarts() == null) {
+							permission = existingPermission;
+							break;
+						}
 					}
 				}
 
@@ -359,6 +372,11 @@ public class PermissionManager implements UserDataProvider {
 					permission.setStarts(permissionStarts);
 					permission.setExpires(permissionsExpires);
 				} else {
+					if (permission.getStarts() != null
+							&& permission.getStarts().isBefore(Instant.now())) {
+						permission.setStarts(null);
+					}
+
 					permission.setExpires(InstantHelper.plus(permission.getExpires(),
 							permissionMapping.getLifetime(), permissionMapping.getLifetimeUnit()));
 				}
diff --git a/oidc/src/main/java/de/bstly/we/oidc/businesslogic/OidcTokenManager.java b/oidc/src/main/java/de/bstly/we/oidc/businesslogic/OidcTokenManager.java
index 7d82748..e3b0c40 100644
--- a/oidc/src/main/java/de/bstly/we/oidc/businesslogic/OidcTokenManager.java
+++ b/oidc/src/main/java/de/bstly/we/oidc/businesslogic/OidcTokenManager.java
@@ -184,6 +184,7 @@ public class OidcTokenManager implements SmartInitializingSingleton {
 		Builder claimsSetBuilder = new Builder();
 		claimsSetBuilder.subject(String.valueOf(user.getId()));
 		claimsSetBuilder.claim("name", user.getUsername());
+		claimsSetBuilder.claim("username", user.getUsername());
 		claimsSetBuilder.claim("preferred_username", user.getUsername());
 
 		UserProfileField emailProfileField = userProfileFieldManager.get(user.getId(),
diff --git a/pom.xml b/pom.xml
index 6d85caa..ac70d01 100755
--- a/pom.xml
+++ b/pom.xml
@@ -13,7 +13,7 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<java.version>11</java.version>
 		<log4j2.version>2.17.1</log4j2.version>
-		<revision>1.6.2-SNAPSHOT</revision>
+		<revision>1.6.3-SNAPSHOT</revision>
 	</properties>
 
 	<parent>