Sebastijan Grabar baso53

## modify-timecode.sh
#!/usr/bin/env bash
# ---------------------------------------------------------------------------
#  modify-timecode.sh
#  ---------------------------------------------------------------------------
#  • First clip  -> 00:00:00:00
#  • Others      -> offset from first clip’s “Encoded date”
#  • Frames part -> always 00
#  • Streams are copied, NO re-encoding
#
#  Needs: mediainfo, ffmpeg   (brew install mediainfo ffmpeg)

## app-controller-domain-level.java
@RestController
@RequestMapping("/app")
@RequiredArgsConstructor
public class AppController {

    private final CompanyJpaRepository companyRepo;
    private final SubsidiaryJpaRepository subsidiaryRepo;

    @GetMapping(path = "/company/{id}")
    @PreAuthorize("hasAuthority('COMPANY:' + #id  + ':READ')")

## jwt-auth-converter-domain-level.java
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();

        http.oauth2ResourceServer()
                .jwt()
                .jwtAuthenticationConverter(jwtAuthenticationConverter());

## add-domain-granted-authority.java
@RequiredArgsConstructor
public class DomainGrantedAuthority implements GrantedAuthority {

    private final EntityType entityType;
    private final Long entityId;
    private final Permission permission;

    @Override
    public String getAuthority() {
        return entityType +

## jwt-with-domain-level-claims.json
{
  "custom_claims": [
    "COMPANY:1:READ",
    "COMPANY:1:WRITE",
    "COMPANY:2:READ",
    "SUBSIDIARY:125:READ"
  ],
  "iss": "https://securetoken.google.com/fir-auth-springsecurity",
  "aud": "fir-auth-springsecurity",
  "auth_time": 1636893816,

## curl-user-claims-domain-level.sh
curl --location --request POST 'http://localhost:8080/admin/user-claims/WsD5H21KFKYyCOTIbkOwjXLQRsu1' \
--header 'Content-Type: application/json' \
--data-raw '{
    "COMPANY": {
        "1": [
            "READ",
            "WRITE"
        ],
        "2": [
            "READ"

## controller-domain-level-security.java
@RestController
@RequestMapping("/admin")
@RequiredArgsConstructor
public class AdminController {

    private final UserManagementService userManagementService;

    @Secured("ROLE_ANONYMOUS")
    @PostMapping(path = "/user-claims/{uid}")
    public void setUserClaims(

## generated-claims-domain-object-level.json
[
  "COMPANY:1:READ",
  "COMPANY:1:WRITE",
  "COMPANY:2:READ",
  "SUBSIDIARY:125:READ"
]

## user-claims-domain-object.json
{
    "COMPANY": {
        "1": [
            "READ",
            "WRITE"
        ],
        "2": [
            "READ"
        ]
    },

## user-management-service-add-domain-level.java
@Service
@RequiredArgsConstructor
public class UserManagementService {

    private final FirebaseAuth firebaseAuth;

    public void setTokenClaims(String uid, Map<EntityType, Map<Long, Set<Permission>>> requestedPermissions) throws FirebaseAuthException {
        var claims = toUserClaims(requestedPermissions);

        firebaseAuth.setCustomUserClaims(uid, claims);
	#!/usr/bin/env bash
	# ---------------------------------------------------------------------------
	# modify-timecode.sh
	# ---------------------------------------------------------------------------
	# • First clip -> 00:00:00:00
	# • Others -> offset from first clip’s “Encoded date”
	# • Frames part -> always 00
	# • Streams are copied, NO re-encoding
	#
	# Needs: mediainfo, ffmpeg (brew install mediainfo ffmpeg)
	@RestController
	@RequestMapping("/app")
	@RequiredArgsConstructor
	public class AppController {

	private final CompanyJpaRepository companyRepo;
	private final SubsidiaryJpaRepository subsidiaryRepo;

	@GetMapping(path = "/company/{id}")
	@PreAuthorize("hasAuthority('COMPANY:' + #id + ':READ')")
	@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
	public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

	@Override
	protected void configure(HttpSecurity http) throws Exception {
	http.csrf().disable();

	http.oauth2ResourceServer()
	.jwt()
	.jwtAuthenticationConverter(jwtAuthenticationConverter());
	@RequiredArgsConstructor
	public class DomainGrantedAuthority implements GrantedAuthority {

	private final EntityType entityType;
	private final Long entityId;
	private final Permission permission;

	@Override
	public String getAuthority() {
	return entityType +
	{
	"custom_claims": [
	"COMPANY:1:READ",
	"COMPANY:1:WRITE",
	"COMPANY:2:READ",
	"SUBSIDIARY:125:READ"
	],
	"iss": "https://securetoken.google.com/fir-auth-springsecurity",
	"aud": "fir-auth-springsecurity",
	"auth_time": 1636893816,
	curl --location --request POST 'http://localhost:8080/admin/user-claims/WsD5H21KFKYyCOTIbkOwjXLQRsu1' \
	--header 'Content-Type: application/json' \
	--data-raw '{
	"COMPANY": {
	"1": [
	"READ",
	"WRITE"
	],
	"2": [
	"READ"
	@RestController
	@RequestMapping("/admin")
	@RequiredArgsConstructor
	public class AdminController {

	private final UserManagementService userManagementService;

	@Secured("ROLE_ANONYMOUS")
	@PostMapping(path = "/user-claims/{uid}")
	public void setUserClaims(
	@Service
	@RequiredArgsConstructor
	public class UserManagementService {

	private final FirebaseAuth firebaseAuth;

	public void setTokenClaims(String uid, Map<EntityType, Map<Long, Set<Permission>>> requestedPermissions) throws FirebaseAuthException {
	var claims = toUserClaims(requestedPermissions);

	firebaseAuth.setCustomUserClaims(uid, claims);