added protection for inscription requests
This commit is contained in:
@ -6,6 +6,7 @@ import org.springframework.web.bind.annotation.*;
|
||||
import ovh.herisson.Clyde.Responses.UnauthorizedResponse;
|
||||
import ovh.herisson.Clyde.Services.AuthenticatorService;
|
||||
import ovh.herisson.Clyde.Services.InscriptionService;
|
||||
import ovh.herisson.Clyde.Services.ProtectionService;
|
||||
import ovh.herisson.Clyde.Tables.InscriptionRequest;
|
||||
import ovh.herisson.Clyde.Tables.RequestState;
|
||||
import ovh.herisson.Clyde.Tables.Role;
|
||||
@ -34,13 +35,8 @@ public class InscriptionController {
|
||||
return new UnauthorizedResponse<>(null);
|
||||
|
||||
Iterable<InscriptionRequest> inscriptionRequests = inscriptionServ.getAll();
|
||||
ArrayList<Map<String,Object>> toReturn = new ArrayList<>();
|
||||
|
||||
for (InscriptionRequest i:inscriptionRequests){
|
||||
toReturn.add(requestWithoutPassword(i));
|
||||
}
|
||||
|
||||
return new ResponseEntity<>(toReturn, HttpStatus.OK);
|
||||
return new ResponseEntity<>(ProtectionService.requestsWithoutPasswords(inscriptionRequests), HttpStatus.OK);
|
||||
}
|
||||
|
||||
|
||||
@ -55,38 +51,21 @@ public class InscriptionController {
|
||||
if (foundInscriptionRequest == null)
|
||||
return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST);
|
||||
|
||||
return new ResponseEntity<>(requestWithoutPassword(foundInscriptionRequest), HttpStatus.OK);
|
||||
return new ResponseEntity<>(ProtectionService.requestWithoutPassword(foundInscriptionRequest), HttpStatus.OK);
|
||||
}
|
||||
|
||||
@PatchMapping("/request/register/{id}")
|
||||
public ResponseEntity<InscriptionRequest> changeRequestState(@PathVariable long id,
|
||||
@RequestHeader("Authorization") String token,
|
||||
@RequestBody RequestState requestState)
|
||||
@RequestBody RequestState state)
|
||||
{
|
||||
|
||||
if (authServ.isNotIn(new Role[]{Role.InscriptionService,Role.Admin},token))
|
||||
return new UnauthorizedResponse<>(null);
|
||||
|
||||
if (!inscriptionServ.modifyState(id, requestState))
|
||||
if (!inscriptionServ.modifyState(id, state))
|
||||
return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
|
||||
|
||||
return new ResponseEntity<>(HttpStatus.OK);
|
||||
}
|
||||
|
||||
private Map<String, Object> requestWithoutPassword(InscriptionRequest inscriptionRequest) {
|
||||
Map<String, Object> toReturn = new HashMap<>();
|
||||
|
||||
toReturn.put("id", inscriptionRequest.getId());
|
||||
toReturn.put("lastName", inscriptionRequest.getLastName());
|
||||
toReturn.put("firstName", inscriptionRequest.getFirstName());
|
||||
toReturn.put("address", inscriptionRequest.getAddress());
|
||||
toReturn.put("email",inscriptionRequest.getEmail());
|
||||
toReturn.put("birthDate", inscriptionRequest.getBirthDate());
|
||||
toReturn.put("country", inscriptionRequest.getCountry());
|
||||
toReturn.put("curriculum", inscriptionRequest.getCurriculumId());
|
||||
toReturn.put("state", inscriptionRequest.getState());
|
||||
toReturn.put("profilePictureUrl", inscriptionRequest.getProfilePicture());
|
||||
|
||||
return toReturn;
|
||||
}
|
||||
}
|
||||
|
||||
@ -7,8 +7,10 @@ import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import ovh.herisson.Clyde.Responses.UnauthorizedResponse;
|
||||
import ovh.herisson.Clyde.Services.AuthenticatorService;
|
||||
import ovh.herisson.Clyde.Services.ProtectionService;
|
||||
import ovh.herisson.Clyde.Tables.InscriptionRequest;
|
||||
import java.util.Date;
|
||||
import java.util.Map;
|
||||
|
||||
@RestController
|
||||
@CrossOrigin(originPatterns = "*", allowCredentials = "true")
|
||||
@ -45,7 +47,10 @@ public class LoginController {
|
||||
}
|
||||
|
||||
@PostMapping("/register")
|
||||
public ResponseEntity<InscriptionRequest> register(@RequestBody InscriptionRequest inscriptionRequest){
|
||||
return new ResponseEntity<>(authServ.register(inscriptionRequest), HttpStatus.CREATED);
|
||||
public ResponseEntity<Map<String,Object>> register(@RequestBody InscriptionRequest inscriptionRequest){
|
||||
|
||||
InscriptionRequest returnedInscriptionRequest = authServ.register(inscriptionRequest);
|
||||
|
||||
return new ResponseEntity<>(ProtectionService.requestWithoutPassword(returnedInscriptionRequest), HttpStatus.CREATED);
|
||||
}
|
||||
}
|
||||
|
||||
@ -121,4 +121,13 @@ public class UserController {
|
||||
|
||||
return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(students), HttpStatus.OK);
|
||||
}
|
||||
|
||||
@DeleteMapping("/user/{id}")
|
||||
public ResponseEntity<String> deleteStudent(@RequestHeader("Authorization") String token, @PathVariable Long id){
|
||||
if (authServ.isNotIn(new Role[]{Role.Admin,Role.Secretary},token))
|
||||
return new UnauthorizedResponse<>(null);
|
||||
|
||||
userService.delete(userService.getUserById(id));
|
||||
return new ResponseEntity<>(HttpStatus.OK);
|
||||
}
|
||||
}
|
||||
@ -1,10 +1,12 @@
|
||||
package ovh.herisson.Clyde.Services;
|
||||
|
||||
import ovh.herisson.Clyde.Tables.Course;
|
||||
import ovh.herisson.Clyde.Tables.InscriptionRequest;
|
||||
import ovh.herisson.Clyde.Tables.User;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
public class ProtectionService {
|
||||
|
||||
@ -61,5 +63,32 @@ public class ProtectionService {
|
||||
}
|
||||
|
||||
|
||||
public static Map<String, Object> requestWithoutPassword(InscriptionRequest inscriptionRequest) {
|
||||
Map<String, Object> toReturn = new HashMap<>();
|
||||
|
||||
toReturn.put("id", inscriptionRequest.getId());
|
||||
toReturn.put("lastName", inscriptionRequest.getLastName());
|
||||
toReturn.put("firstName", inscriptionRequest.getFirstName());
|
||||
toReturn.put("address", inscriptionRequest.getAddress());
|
||||
toReturn.put("email",inscriptionRequest.getEmail());
|
||||
toReturn.put("birthDate", inscriptionRequest.getBirthDate());
|
||||
toReturn.put("country", inscriptionRequest.getCountry());
|
||||
toReturn.put("curriculum", inscriptionRequest.getCurriculumId());
|
||||
toReturn.put("state", inscriptionRequest.getState());
|
||||
toReturn.put("profilePictureUrl", inscriptionRequest.getProfilePicture());
|
||||
|
||||
return toReturn;
|
||||
}
|
||||
|
||||
public static Iterable<Map<String ,Object>> requestsWithoutPasswords(Iterable<InscriptionRequest> inscriptionRequests){
|
||||
|
||||
ArrayList<Map<String,Object>> toReturn = new ArrayList<>();
|
||||
|
||||
for (InscriptionRequest i:inscriptionRequests){
|
||||
toReturn.add(requestWithoutPassword(i));
|
||||
}
|
||||
return toReturn;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user