Stop disabled users from performing operations after account deactivation

Changes: - Added authorization state tracking to authenticated sessions. - Revoked authorization immediately when an account-disabled event is received. - Added authorization validation before protected service operations. - Cleared authorization state on logout. Fixes #2078
2026-06-17 16:47:15 +05:30
parent b011f600cf
commit 82164e42c3
6 changed files with 56 additions and 1 deletions
@@ -14,10 +14,29 @@ Date:19-May-2026
 #include "DataStoreLockGuard.h"

 User* AuthenticationManagementService::m_authenticatedUser = nullptr;
+bool AuthenticationManagementService::m_isAuthorized = false;
 EventManager AuthenticationManagementService::m_eventManager;
 HANDLE AuthenticationManagementService::m_accountDisabledEvent = NULL;
 HANDLE AuthenticationManagementService::m_notificationsAvailableEvent = NULL;

+
+/*
+Function: ensureAuthorization
+Description: Verifies that a user is currently authenticated before allowing
+			 access to a protected operation. Throws an exception if no
+			 authorized user session exists.
+Parameter: None
+Return type: void
+Throws: std::runtime_error - if the user is not authorized
+*/
+void AuthenticationManagementService::ensureAuthorization()
+{
+	if (!m_authenticatedUser || !m_isAuthorized)
+	{
+		throw std::runtime_error("You are not authorized to do this operation!");
+	}
+}
+
 /*
 Function: login
 Description: Authenticates a user by checking the provided username and password
@@ -40,12 +59,14 @@ bool AuthenticationManagementService::login(const std::string& username, const s
 			if (password == user->getPassword())
 			{
 				m_authenticatedUser = user;
+				m_isAuthorized = true;
 				m_eventManager.initialize(
 					user->getId(),
 					[]()
 					{
 						if (m_accountDisabledEvent)
 						{
+							AuthenticationManagementService::m_isAuthorized = false;
 							SetEvent(m_accountDisabledEvent);
 						}
 					},
@@ -86,6 +107,7 @@ void AuthenticationManagementService::logout()
 {
 	m_eventManager.shutdown();
 	m_authenticatedUser = nullptr;
+	m_isAuthorized = false;
 	m_accountDisabledEvent = NULL;
 	m_notificationsAvailableEvent = NULL;
 }
@@ -99,6 +121,7 @@ Return type: void
 */
 void AuthenticationManagementService::changePassword(const std::string& newPassword)
 {
+    AuthenticationManagementService::ensureAuthorization();
 	DataStoreLockGuard lock(m_dataStore);
 	auto& trackedUsersMap = m_dataStore.getUsers();
 	if (m_authenticatedUser == nullptr)
@@ -19,12 +19,14 @@ class AuthenticationManagementService
 {
 private:
    static User* m_authenticatedUser;
+    static bool m_isAuthorized;
    static EventManager m_eventManager;
    static HANDLE m_accountDisabledEvent;
    static HANDLE m_notificationsAvailableEvent;
    DataStore& m_dataStore;
 public:
    AuthenticationManagementService() : m_dataStore(DataStore::getInstance()) {}
+    static void ensureAuthorization();
    bool login(const std::string& username, const std::string& password);
    void logout();
    void changePassword(const std::string& newPassword);
@@ -14,6 +14,7 @@ Date: 22-May-2026
 #include "Factory.h"
 #include "InventoryItem.h"
 #include "InventoryManagementService.h"
+#include "AuthenticationManagementService.h"
 #include "Timestamp.h"
 #include "User.h"
 #include "Utility.h"
@@ -102,6 +103,7 @@ Return type: void
 */
 void InventoryManagementService::addInventoryItem(const std::string& partName, int quantity, double price)
 {
+    AuthenticationManagementService::ensureAuthorization();
 	DataStoreLockGuard lock(m_dataStore);
 	auto& trackedInventoryItemMap = m_dataStore.getInventoryItems();
    InventoryItem* newItem = Factory::getObject<InventoryItem>(partName, quantity, price);
@@ -118,6 +120,7 @@ Return type: void
 */
 void InventoryManagementService::addInventoryItemStock(const std::string& selectedItemId, int quantity)
 {
+    AuthenticationManagementService::ensureAuthorization();
 	DataStoreLockGuard lock(m_dataStore);
 	auto& trackedInventoryItemMap = m_dataStore.getInventoryItems();
 	int index = trackedInventoryItemMap.find(selectedItemId);
@@ -144,6 +147,7 @@ Return type: util::Map<std::string, InventoryItem*>
 */
 util::Map<std::string, InventoryItem*> InventoryManagementService::getInventoryItems()
 {
+    AuthenticationManagementService::ensureAuthorization();
 	DataStoreLockGuard lock(m_dataStore);
 	auto& trackedInventoryItemMap = m_dataStore.getInventoryItems();
 	auto inventoryMap = util::getObjects(trackedInventoryItemMap);
@@ -158,6 +162,7 @@ Return type: void
 */
 void InventoryManagementService::removeInventoryItem(const std::string& inventoryItemID)
 {
+    AuthenticationManagementService::ensureAuthorization();
 	DataStoreLockGuard lock(m_dataStore);
 	auto& trackedInventoryItemMap = m_dataStore.getInventoryItems();
 	int index = trackedInventoryItemMap.find(inventoryItemID);
@@ -183,6 +188,7 @@ Return type: InventoryItem*
 */
 InventoryItem* InventoryManagementService::getInventoryItem(const std::string& inventoryItemID)
 {
+    AuthenticationManagementService::ensureAuthorization();
 	DataStoreLockGuard lock(m_dataStore);
 	auto& trackedInventoryItemMap = m_dataStore.getInventoryItems();
    int index = trackedInventoryItemMap.find(inventoryItemID);
@@ -15,6 +15,7 @@ Date: 20-May-2026
 #include "Invoice.h"
 #include "JobCard.h"
 #include "PaymentManagementService.h"
+#include "AuthenticationManagementService.h"
 #include "DataStoreLockGuard.h"
 #include "Service.h"
 #include "ServiceBooking.h"
@@ -233,6 +234,7 @@ Returns:
 */
 util::Map<std::string, Invoice*> PaymentManagementService::getInvoices(const std::string& customerID)
 {
+    AuthenticationManagementService::ensureAuthorization();
 	DataStoreLockGuard lock(m_dataStore);
 	auto& currentTrackedInvoices = m_dataStore.getInvoices();
 	util::Map<std::string, Invoice*> currentUserInvoices;
@@ -261,6 +263,7 @@ Throws:
 */
 void PaymentManagementService::completePayment(const std::string& invoiceID, util::PaymentMode paymentMode)
 {
+    AuthenticationManagementService::ensureAuthorization();
 	DataStoreLockGuard lock(m_dataStore);
 	auto& currentTrackedInvoices = m_dataStore.getInvoices();
 	int invoiceIndex = currentTrackedInvoices.find(invoiceID);
@@ -289,7 +292,7 @@ void PaymentManagementService::completePayment(const std::string& invoiceID, uti
 }

 /*
-Function: getAllInvoice
+Function: getAllInvoices
 Description: Provides access to all invoices stored in the data store.
 Parameters:
 	- none
@@ -298,6 +301,7 @@ Returns:
 */
 util::Map<std::string, Invoice*> PaymentManagementService::getAllInvoices()
 {
+    AuthenticationManagementService::ensureAuthorization();
 	DataStoreLockGuard lock(m_dataStore);
 	util::Map<std::string, Invoice*> invoices;
 	invoices = util::getObjects(m_dataStore.getInvoices());
@@ -317,6 +321,7 @@ Throws:
 */
 void PaymentManagementService::confirmPayment(const std::string& invoiceID)
 {
+    AuthenticationManagementService::ensureAuthorization();
 	DataStoreLockGuard lock(m_dataStore);
 	auto& currentTrackedInvoices = m_dataStore.getInvoices();
 	int invoiceIndex = currentTrackedInvoices.find(invoiceID);
@@ -42,6 +42,7 @@ Return type: void
 */
 void ServiceManagementService::purchaseService(const util::Vector<std::string>& serviceIDs, const std::string& vehicleNumber, const std::string& vehicleBrand, const std::string& vehicleModel)
 {
+    AuthenticationManagementService::ensureAuthorization();
 	AuthenticationManagementService m_authenticationManagementService;
 	auto authenticatedUser = m_authenticationManagementService.getAuthenticatedUser();
 	if (authenticatedUser == nullptr)
@@ -87,6 +88,7 @@ Return type: void
 */
 void ServiceManagementService::purchaseComboPackage(const std::string& comboPackageID, const std::string& vehicleNumber, const std::string& vehicleBrand, const std::string& vehicleModel)
 {
+    AuthenticationManagementService::ensureAuthorization();
 	AuthenticationManagementService m_authenticationManagementService;
 	auto authenticatedUser = m_authenticationManagementService.getAuthenticatedUser();
 	if (authenticatedUser == nullptr)
@@ -433,6 +435,7 @@ Return type: void
 */
 void ServiceManagementService::createComboPackage(const std::string& packageName, const util::Vector<std::string>& serviceIDsInNewCombo, double discountPercentage)
 {
+    AuthenticationManagementService::ensureAuthorization();
    DataStoreLockGuard lock(m_dataStore);
    if (packageName.empty())
    {
@@ -502,6 +505,7 @@ Return type: util::Map<std::string, ComboPackage*>
 */
 util::Map<std::string, ComboPackage*> ServiceManagementService::getComboPackages()
 {
+    AuthenticationManagementService::ensureAuthorization();
    DataStoreLockGuard lock(m_dataStore);
    util::Map<std::string, ComboPackage*> comboPackages;
    comboPackages = util::getObjects(m_dataStore.getComboPackages());
@@ -516,6 +520,7 @@ Return type: void
 */
 void ServiceManagementService::removeComboPackage(const std::string& comboPackageID)
 {
+    AuthenticationManagementService::ensureAuthorization();
    DataStoreLockGuard lock(m_dataStore);
    bool removed = false;
    auto& trackedComboPackages = m_dataStore.getComboPackages();
@@ -548,6 +553,7 @@ Returns:
 */
 util::Map<std::string, ServiceBooking*> ServiceManagementService::getServiceBookings()
 {
+    AuthenticationManagementService::ensureAuthorization();
    DataStoreLockGuard lock(m_dataStore);
    util::Map<std::string, ServiceBooking*> serviceBookings;
    serviceBookings = util::getObjects(m_dataStore.getServiceBookings());
@@ -564,6 +570,7 @@ Returns:
 */
 ServiceBooking* ServiceManagementService::getServiceBooking(const std::string& serviceID)
 {
+    AuthenticationManagementService::ensureAuthorization();
 	auto currentServiceBookings = getServiceBookings();
 	for (int iterator = 0; iterator < currentServiceBookings.getSize(); iterator++)
 	{
@@ -590,6 +597,7 @@ Throws:
 */
 void ServiceManagementService::createJobCard(const std::string& bookingID, const std::string& technicianID, const std::string& serviceID)
 {
+    AuthenticationManagementService::ensureAuthorization();
    DataStoreLockGuard lock(m_dataStore);
 	UserManagementService m_userManagementService;
 	ServiceBooking* currentBooking = getServiceBooking(bookingID);
@@ -667,6 +675,7 @@ Throws:
 */
 void ServiceManagementService::createService(const std::string& name, const util::Vector<std::string>& inventoryItemIDs, double laborCost)
 {
+    AuthenticationManagementService::ensureAuthorization();
    DataStoreLockGuard lock(m_dataStore);
 	util::Map<std::string, InventoryItem*> currentServiceInventoryItems;
 	auto& trackedInventoryItems = m_dataStore.getInventoryItems();
@@ -713,6 +722,7 @@ Returns:
 */
 util::Map<std::string, Service*> ServiceManagementService::getServices()
 {
+    AuthenticationManagementService::ensureAuthorization();
    DataStoreLockGuard lock(m_dataStore);
    util::Map<std::string, Service*> services;
    services = util::getObjects(m_dataStore.getServices());
@@ -731,6 +741,7 @@ Throws:
 */
 void ServiceManagementService::removeService(const std::string& serviceID)
 {
+    AuthenticationManagementService::ensureAuthorization();
    DataStoreLockGuard lock(m_dataStore);
 	auto& currentTrackedServices = m_dataStore.getServices();
    auto& currentTrackedComboPackages =  m_dataStore.getComboPackages();
@@ -778,6 +789,7 @@ Returns:
 */
 util::Map<std::string, ServiceBooking*> ServiceManagementService::getServiceBookings(const std::string& customerID)
 {
+    AuthenticationManagementService::ensureAuthorization();
 	util::Map<std::string, ServiceBooking*> currentServiceBookings = getServiceBookings();
 	util::Map<std::string, ServiceBooking*> currentUserServiceBookings;
 	if (currentServiceBookings.getSize() != 0)
@@ -804,6 +816,7 @@ Returns:
 */
 util::Map<std::string, JobCard*> ServiceManagementService::getJobCards(const std::string& technicianID)
 {
+    AuthenticationManagementService::ensureAuthorization();
    DataStoreLockGuard lock(m_dataStore);
 	auto& trackedJobCards = m_dataStore.getJobCards();
 	util::Map<std::string, JobCard*> technicianJobCards;
@@ -858,6 +871,7 @@ Returns:
 */
 void ServiceManagementService::updateJobStatus(const std::string& jobID)
 {
+    AuthenticationManagementService::ensureAuthorization();
    DataStoreLockGuard lock(m_dataStore);
 	AuthenticationManagementService authenticationManagementService;
 	PaymentManagementService paymentManagementService;
@@ -15,6 +15,7 @@ Date:19-May-2026
 #include "Notification.h"
 #include "PaymentManagementService.h"
 #include "ServiceManagementService.h"
+#include "AuthenticationManagementService.h"
 #include "User.h"
 #include "UserManagementService.h"
 #include "Vector.h"
@@ -114,6 +115,7 @@ Return type: void
 */
 void UserManagementService::updateUserDetails(const std::string& userID, const std::string& email, const std::string& phone)
 {
+    AuthenticationManagementService::ensureAuthorization();
 	DataStoreLockGuard lock(m_dataStore);
 	auto& trackedUsersMap = m_dataStore.getUsers();
 	auto usersMap = util::getObjects(trackedUsersMap);
@@ -161,6 +163,7 @@ Throws:
 */
 util::Vector<Notification*> UserManagementService::getUserNotifications(const std::string& userID)
 {
+    AuthenticationManagementService::ensureAuthorization();
 	DataStoreLockGuard lock(m_dataStore);
 	auto& trackedUsersMap = m_dataStore.getUsers(); 
 	if (trackedUsersMap.find(userID) == -1)
@@ -204,6 +207,7 @@ Throws:
 */
 void UserManagementService::deleteNotification(const std::string& notificationID, const std::string& userID)
 {
+    AuthenticationManagementService::ensureAuthorization();
 	DataStoreLockGuard lock(m_dataStore);
 	auto& trackedUsersMap = m_dataStore.getUsers();
 	auto& trackedNotificationsMap = m_dataStore.getNotifications();
@@ -265,6 +269,7 @@ Return type: void
 */
 void UserManagementService::removeUser(const std::string& userID)
 {
+    AuthenticationManagementService::ensureAuthorization();
 	InventoryManagementService inventoryManagementService;
 	PaymentManagementService paymentManagementService;
 	ServiceManagementService serviceManagementService;