Add another way of checking if client has access to user in UserAccessGuard (#940)

Author: Portals

app/src/main/java/it/chalmers/gamma/app/authentication/UserAccessGuard.java

@@ -2,6 +2,7 @@
 
 import it.chalmers.gamma.app.apikey.domain.ApiKeyType;
 import it.chalmers.gamma.app.client.domain.ClientRepository;
+import it.chalmers.gamma.app.client.domain.ClientUid;
 import it.chalmers.gamma.app.user.domain.UserId;
 import it.chalmers.gamma.bootstrap.BootstrapAuthenticated;
 import it.chalmers.gamma.security.authentication.ApiAuthentication;
@@ -100,7 +101,7 @@ public boolean haveAccessToUser(UserId userId, boolean userLocked) {
       return true;
     }
 
-    LOGGER.debug("tried to access the user: {}; ", userId);
+    LOGGER.info("tried to access the user: {}; ", userId);
 
     // Return false by default
     return false;
@@ -131,6 +132,19 @@ private boolean haveAcceptedClient(UserId userId) {
       }
     }
 
+    if (SecurityContextHolder.getContext().getAuthentication()
+      instanceof OAuth2ClientAuthenticationToken token) {
+      var client = token.getRegisteredClient();
+
+      if (client == null) {
+        return false;
+      }
+
+      var clientUid = ClientUid.valueOf(client.getId());
+
+      return clientRepository.isApprovedByUser(userId, clientUid);
+    }
+
     return false;
   }