fix admin permissions for User and Student endpoints (#101)

webapp/src/main/java/ar/edu/itba/paw/webapp/auth/LoggedUser.java

@@ -14,4 +14,8 @@ public static int getDni() {
 	public static Collection<? extends GrantedAuthority> getAuthorities() {
 		return SecurityContextHolder.getContext().getAuthentication().getAuthorities();
 	}
+
+	public static boolean isAdmin() {
+		return SecurityContextHolder.getContext().getAuthentication().getAuthorities().contains("ADMIN");
+	}
 }

webapp/src/main/java/ar/edu/itba/paw/webapp/controllers/AdminController.java

@@ -3,7 +3,6 @@
 import ar.edu.itba.paw.interfaces.AdminService;
 import ar.edu.itba.paw.models.users.Admin;
 import ar.edu.itba.paw.shared.AdminFilter;
-import ar.edu.itba.paw.webapp.auth.LoggedUser;
 import ar.edu.itba.paw.webapp.models.*;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -101,13 +100,8 @@ public Response adminsUpdate(@PathParam("dni") final int dni,
       return status(Status.NOT_FOUND).build();
     }
 
-    final int loggedDni = LoggedUser.getDni();
-    if(loggedDni != dni) {
-      return status(Status.FORBIDDEN).build();
-    }
-
     final Admin partialAdmin = mapper.convertToAdmin(adminsUpdateDTO);
-    partialAdmin.setDni(loggedDni);
+    partialAdmin.setDni(dni);
     as.update(partialAdmin);
 
     return noContent().build();

webapp/src/main/java/ar/edu/itba/paw/webapp/controllers/StudentController.java

@@ -119,7 +119,7 @@ public Response studentsUpdate(@PathParam("docket") final int docket,
     }
 
 	  final int dni = LoggedUser.getDni();
-	  if(dni != oldStudent.getDni()) {
+	  if(dni != oldStudent.getDni() || !LoggedUser.isAdmin()) {
 		  return status(Status.FORBIDDEN).build();
 	  }
 
@@ -177,7 +177,7 @@ public Response studentsCoursesNew(
     }
 
     final int dni = LoggedUser.getDni();
-    if(dni != student.getDni()) {
+    if(dni != student.getDni() || !LoggedUser.isAdmin()) {
     	return status(Status.FORBIDDEN).build();
     }
 
@@ -208,7 +208,7 @@ public Response studentsCoursesDestroy(
 	  }
 
     final int dni = LoggedUser.getDni();
-    if(dni != student.getDni()) {
+    if(dni != student.getDni() || !LoggedUser.isAdmin()) {
     	return status(Status.FORBIDDEN).build();
     }
 
@@ -259,7 +259,7 @@ public Response studentsGradesIndex(@PathParam("docket") final Integer docket){
     }
 
     final int dni = LoggedUser.getDni();
-    if(dni != student.getDni()) {
+    if(dni != student.getDni() || !LoggedUser.isAdmin()) {
       return status(Status.FORBIDDEN).build();
     }
     final int totalCredits = cs.getTotalPlanCredits();
@@ -320,7 +320,7 @@ public Response studentsGradesUpdate(
     }
 
 	  final int dni = LoggedUser.getDni();
-	  if(dni != student.getDni()) {
+	  if(dni != student.getDni() || !LoggedUser.isAdmin()) {
 		  return status(Status.FORBIDDEN).build();
 	  }
 
@@ -367,7 +367,7 @@ public Response studentsFinalInscriptionsNew(
     }
 
     final int dni = LoggedUser.getDni();
-    if(dni != student.getDni()) {
+    if(dni != student.getDni() || !LoggedUser.isAdmin()) {
       return status(Status.FORBIDDEN).build();
     }
 
@@ -396,7 +396,7 @@ public Response studentsFinalInscriptionsDestroy(
     }
 
     final int dni = LoggedUser.getDni();
-    if(dni != student.getDni()) {
+    if(dni != student.getDni() || !LoggedUser.isAdmin()) {
       return status(Status.FORBIDDEN).build();
     }
 
@@ -421,7 +421,7 @@ public Response studentsFinalInscriptionsAvailable(@PathParam("docket") final In
     }
 
     final int dni = LoggedUser.getDni();
-    if(dni != student.getDni()) {
+    if(dni != student.getDni() || !LoggedUser.isAdmin()) {
       return status(Status.FORBIDDEN).build();
     }
 

webapp/src/main/java/ar/edu/itba/paw/webapp/controllers/UserController.java

@@ -34,7 +34,7 @@ public Response usersPasswordChange(@PathParam("dni") final int dni,
                                       @Valid PasswordDTO passwordDTO) {
 
     final int loggedDni = LoggedUser.getDni();
-    if(loggedDni != dni) {
+    if(loggedDni != dni  || !LoggedUser.isAdmin()) {
       return status(Status.FORBIDDEN).build();
     }