Allow account scaffold to access extended users

cthit · Mar 26, 2024 · 743861a · 743861a
1 parent 4d9940a
commit 743861a
Showing 1 changed file with 16 additions and 3 deletions.
diff --git a/app/src/main/java/it/chalmers/gamma/app/authentication/UserAccessGuard.java b/app/src/main/java/it/chalmers/gamma/app/authentication/UserAccessGuard.java
@@ -30,7 +30,7 @@ public UserAccessGuard(ClientRepository clientRepository) {
   }
 
   public boolean accessToExtended(UserId userId) {
-    return isMe(userId) || isAdmin() || isLocalRunnerAuthenticated();
+    return isMe(userId) || isAdmin() || isLocalRunnerAuthenticated() || isApiKeyWithExtendedAccess();
   }
 
   public boolean isMe(UserId userId) {
@@ -85,7 +85,7 @@ public boolean haveAccessToUser(UserId userId, boolean userLocked) {
       return true;
     }
 
-    if (apiKeyWithAccess()) {
+    if (isApiKeyWithAccess()) {
       return true;
     }
 
@@ -129,7 +129,7 @@ private boolean haveAcceptedClient(UserId userId) {
   }
 
   /** Api Key with type INFO or ACCOUNT_SCAFFOLD have access to user information. */
-  private boolean apiKeyWithAccess() {
+  private boolean isApiKeyWithAccess() {
     if (AuthenticationExtractor.getAuthentication()
         instanceof ApiAuthentication apiAuthenticationPrincipal) {
       ApiKeyType apiKeyType = apiAuthenticationPrincipal.get().keyType();
@@ -138,4 +138,17 @@ private boolean apiKeyWithAccess() {
 
     return false;
   }
+
+  private boolean isApiKeyWithExtendedAccess() {
+    if (AuthenticationExtractor.getAuthentication()
+            instanceof ApiAuthentication apiAuthenticationPrincipal) {
+      ApiKeyType apiKeyType = apiAuthenticationPrincipal.get().keyType();
+      return apiKeyType.equals(ApiKeyType.ACCOUNT_SCAFFOLD);
+    }
+
+    return false;
+  }
+
+
+
 }