UI: settings show/hide update display (#1072)

* UI: settings show/hide update display This PR replaces the PR #1003 In this PR, the visual for available update is added to the foreground. There are new settings to generally show/hide the update display, and only administrators receive the update display. * change to `Bean` * Update AppUpdateShowService.java * add update message * revision service * change shouldShow * Update githubVersion.js * rm folder * Update AppUpdateService.java
2024-04-21 13:15:18 +02:00
parent e74a8e434b
commit a5000fbbc5
41 changed files with 210 additions and 5 deletions
--- a/src/main/java/stirling/software/SPDF/config/security/AppUpdateAuthService.java
+++ b/src/main/java/stirling/software/SPDF/config/security/AppUpdateAuthService.java
@@ -0,0 +1,46 @@
+package stirling.software.SPDF.config.security;
+
+import java.util.Optional;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Service;
+
+import stirling.software.SPDF.config.ShowAdminInterface;
+import stirling.software.SPDF.model.ApplicationProperties;
+import stirling.software.SPDF.model.User;
+import stirling.software.SPDF.repository.UserRepository;
+
+@Service
+class AppUpdateAuthService implements ShowAdminInterface {
+
+    @Autowired private UserRepository userRepository;
+    @Autowired private ApplicationProperties applicationProperties;
+
+    public boolean getShowUpdateOnlyAdmins() {
+        boolean showUpdate = applicationProperties.getSystem().getShowUpdate();
+        if (!showUpdate) {
+            return showUpdate;
+        }
+
+        boolean showUpdateOnlyAdmin = applicationProperties.getSystem().getShowUpdateOnlyAdmin();
+
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+        if (authentication == null || !authentication.isAuthenticated()) {
+            return !showUpdateOnlyAdmin;
+        }
+
+        if (authentication.getName().equalsIgnoreCase("anonymousUser")) {
+            return !showUpdateOnlyAdmin;
+        }
+
+        Optional<User> user = userRepository.findByUsername(authentication.getName());
+        if (user.isPresent() && showUpdateOnlyAdmin) {
+            return "ROLE_ADMIN".equals(user.get().getRolesAsString());
+        }
+
+        return showUpdate;
+    }
+}