added security to assistant posting and Get courses/owned for owners
This commit is contained in:
@ -10,8 +10,8 @@ import ovh.herisson.Clyde.Services.ProtectionService;
|
|||||||
import ovh.herisson.Clyde.Services.TeacherCourseService;
|
import ovh.herisson.Clyde.Services.TeacherCourseService;
|
||||||
import ovh.herisson.Clyde.Tables.Course;
|
import ovh.herisson.Clyde.Tables.Course;
|
||||||
import ovh.herisson.Clyde.Tables.Role;
|
import ovh.herisson.Clyde.Tables.Role;
|
||||||
|
import ovh.herisson.Clyde.Tables.User;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
@ -49,14 +49,25 @@ public class CourseController {
|
|||||||
if (authServ.isNotIn(new Role[]{Role.Admin,Role.Secretary},token))
|
if (authServ.isNotIn(new Role[]{Role.Admin,Role.Secretary},token))
|
||||||
return new UnauthorizedResponse<>(null);
|
return new UnauthorizedResponse<>(null);
|
||||||
|
|
||||||
Iterable<Course> courses = courseServ.findAll();
|
return new ResponseEntity<>(ProtectionService.coursesWithoutPasswords(courseServ.findAll()),HttpStatus.OK);
|
||||||
ArrayList<HashMap<String,Object>> coursesWithoutPassword = new ArrayList<>();
|
}
|
||||||
|
|
||||||
for (Course course: courses){
|
@GetMapping("/courses/owned")
|
||||||
coursesWithoutPassword.add(ProtectionService.courseWithoutPassword(course));
|
public ResponseEntity<Iterable<HashMap<String ,Object>>> getOwnedCourses(@RequestHeader("Authorization") String token){
|
||||||
}
|
if (authServ.isNotIn(new Role[]{Role.Admin,Role.Teacher},token))
|
||||||
|
return new UnauthorizedResponse<>(null);
|
||||||
|
|
||||||
return new ResponseEntity<>(coursesWithoutPassword,HttpStatus.OK);
|
return new ResponseEntity<>(ProtectionService.coursesWithoutPasswords(courseServ.findOwnedCourses(authServ.getUserFromToken(token))),HttpStatus.OK);
|
||||||
|
}
|
||||||
|
|
||||||
|
@GetMapping("/course/{id}/assistants")
|
||||||
|
public ResponseEntity<Iterable<HashMap<String,Object>>> getCourseAssistants(@RequestHeader("Authorization")String token, @PathVariable long id){
|
||||||
|
if (authServ.getUserFromToken(token) == null)
|
||||||
|
return new UnauthorizedResponse<>(null);
|
||||||
|
|
||||||
|
Iterable<User> assistants = teacherCourseServ.findCourseAssistants(courseServ.findById(id));
|
||||||
|
|
||||||
|
return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(assistants),HttpStatus.OK);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -9,7 +9,6 @@ import ovh.herisson.Clyde.Services.ProtectionService;
|
|||||||
import ovh.herisson.Clyde.Services.UserService;
|
import ovh.herisson.Clyde.Services.UserService;
|
||||||
import ovh.herisson.Clyde.Tables.Role;
|
import ovh.herisson.Clyde.Tables.Role;
|
||||||
import ovh.herisson.Clyde.Tables.User;
|
import ovh.herisson.Clyde.Tables.User;
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
@ -55,12 +54,8 @@ public class UserController {
|
|||||||
return new UnauthorizedResponse<>(null);
|
return new UnauthorizedResponse<>(null);
|
||||||
|
|
||||||
Iterable<User> users = userService.getAll();
|
Iterable<User> users = userService.getAll();
|
||||||
ArrayList<HashMap<String, Object>> withoutPassword = new ArrayList<>();
|
|
||||||
|
|
||||||
for (User u :users){
|
return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(users), HttpStatus.OK);
|
||||||
withoutPassword.add(ProtectionService.userWithoutPassword(u));
|
|
||||||
}
|
|
||||||
return new ResponseEntity<>(withoutPassword, HttpStatus.OK);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/** changes the specified user's information
|
/** changes the specified user's information
|
||||||
@ -93,13 +88,8 @@ public class UserController {
|
|||||||
return new UnauthorizedResponse<>(null);
|
return new UnauthorizedResponse<>(null);
|
||||||
|
|
||||||
Iterable<User> teachers = userService.getAllTeachers();
|
Iterable<User> teachers = userService.getAllTeachers();
|
||||||
ArrayList<HashMap<String, Object>> withoutPassword = new ArrayList<>();
|
|
||||||
|
|
||||||
for (User t: teachers){
|
return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(teachers), HttpStatus.OK);
|
||||||
withoutPassword.add(ProtectionService.userWithoutPassword(t));
|
|
||||||
}
|
|
||||||
|
|
||||||
return new ResponseEntity<>(withoutPassword, HttpStatus.OK);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -1,8 +1,15 @@
|
|||||||
package ovh.herisson.Clyde.Repositories;
|
package ovh.herisson.Clyde.Repositories;
|
||||||
|
|
||||||
|
import org.springframework.data.jpa.repository.Query;
|
||||||
import org.springframework.data.repository.CrudRepository;
|
import org.springframework.data.repository.CrudRepository;
|
||||||
import ovh.herisson.Clyde.Tables.Course;
|
import ovh.herisson.Clyde.Tables.Course;
|
||||||
|
import ovh.herisson.Clyde.Tables.User;
|
||||||
|
|
||||||
public interface CourseRepository extends CrudRepository<Course,Long> {
|
public interface CourseRepository extends CrudRepository<Course,Long> {
|
||||||
Course findById(long id);
|
Course findById(long id);
|
||||||
|
|
||||||
|
|
||||||
|
@Query("select c from Course c where c.owner = ?1")
|
||||||
|
Iterable<Course> findAllOwnedCoures(User teacher);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,8 +1,14 @@
|
|||||||
package ovh.herisson.Clyde.Repositories;
|
package ovh.herisson.Clyde.Repositories;
|
||||||
|
|
||||||
|
|
||||||
|
import org.springframework.data.jpa.repository.Query;
|
||||||
import org.springframework.data.repository.CrudRepository;
|
import org.springframework.data.repository.CrudRepository;
|
||||||
|
import ovh.herisson.Clyde.Tables.Course;
|
||||||
import ovh.herisson.Clyde.Tables.TeacherCourse;
|
import ovh.herisson.Clyde.Tables.TeacherCourse;
|
||||||
|
import ovh.herisson.Clyde.Tables.User;
|
||||||
|
|
||||||
public interface TeacherCourseRepository extends CrudRepository<TeacherCourse, Long> {
|
public interface TeacherCourseRepository extends CrudRepository<TeacherCourse, Long> {
|
||||||
|
|
||||||
|
@Query("select tc.user from TeacherCourse tc where tc.course = ?1")
|
||||||
|
Iterable<User> findAllAssistantOfCourse(Course course);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -31,6 +31,13 @@ public class CourseService {
|
|||||||
return courseRepo.findAll();
|
return courseRepo.findAll();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public Iterable<Course> findOwnedCourses(User userFromToken) {
|
||||||
|
return courseRepo.findAllOwnedCoures(userFromToken);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
public boolean modifyData(long id, Map<String, Object> updates, Role role) {
|
public boolean modifyData(long id, Map<String, Object> updates, Role role) {
|
||||||
Course target = courseRepo.findById(id);
|
Course target = courseRepo.findById(id);
|
||||||
|
|
||||||
|
|||||||
@ -3,6 +3,7 @@ package ovh.herisson.Clyde.Services;
|
|||||||
import ovh.herisson.Clyde.Tables.Course;
|
import ovh.herisson.Clyde.Tables.Course;
|
||||||
import ovh.herisson.Clyde.Tables.User;
|
import ovh.herisson.Clyde.Tables.User;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
|
||||||
public class ProtectionService {
|
public class ProtectionService {
|
||||||
@ -13,6 +14,7 @@ public class ProtectionService {
|
|||||||
*/
|
*/
|
||||||
public static HashMap<String,Object> userWithoutPassword(User user){
|
public static HashMap<String,Object> userWithoutPassword(User user){
|
||||||
HashMap<String,Object> toReturn = new HashMap<>();
|
HashMap<String,Object> toReturn = new HashMap<>();
|
||||||
|
|
||||||
toReturn.put("regNo",user.getRegNo());
|
toReturn.put("regNo",user.getRegNo());
|
||||||
toReturn.put("lastName",user.getLastName());
|
toReturn.put("lastName",user.getLastName());
|
||||||
toReturn.put("firstName",user.getFirstName());
|
toReturn.put("firstName",user.getFirstName());
|
||||||
@ -24,6 +26,19 @@ public class ProtectionService {
|
|||||||
toReturn.put("role",user.getRole());
|
toReturn.put("role",user.getRole());
|
||||||
return toReturn;
|
return toReturn;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static Iterable<HashMap<String ,Object>>usersWithoutPasswords(Iterable<User> users){
|
||||||
|
ArrayList<HashMap<String,Object>> toReturn = new ArrayList<>();
|
||||||
|
|
||||||
|
for (User u : users){
|
||||||
|
toReturn.add(userWithoutPassword(u));
|
||||||
|
}
|
||||||
|
|
||||||
|
return toReturn;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
public static HashMap<String,Object> courseWithoutPassword(Course course){
|
public static HashMap<String,Object> courseWithoutPassword(Course course){
|
||||||
HashMap<String ,Object> toReturn = new HashMap<>();
|
HashMap<String ,Object> toReturn = new HashMap<>();
|
||||||
|
|
||||||
@ -34,5 +49,17 @@ public class ProtectionService {
|
|||||||
return toReturn;
|
return toReturn;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static Iterable<HashMap<String ,Object>> coursesWithoutPasswords(Iterable<Course> courses){
|
||||||
|
ArrayList<HashMap<String,Object>> toReturn = new ArrayList<>();
|
||||||
|
|
||||||
|
for (Course course: courses){
|
||||||
|
toReturn.add(ProtectionService.courseWithoutPassword(course));
|
||||||
|
}
|
||||||
|
|
||||||
|
return toReturn;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -4,6 +4,7 @@ import org.springframework.stereotype.Controller;
|
|||||||
import ovh.herisson.Clyde.Repositories.TeacherCourseRepository;
|
import ovh.herisson.Clyde.Repositories.TeacherCourseRepository;
|
||||||
import ovh.herisson.Clyde.Repositories.UserRepository;
|
import ovh.herisson.Clyde.Repositories.UserRepository;
|
||||||
import ovh.herisson.Clyde.Tables.Course;
|
import ovh.herisson.Clyde.Tables.Course;
|
||||||
|
import ovh.herisson.Clyde.Tables.Role;
|
||||||
import ovh.herisson.Clyde.Tables.TeacherCourse;
|
import ovh.herisson.Clyde.Tables.TeacherCourse;
|
||||||
import ovh.herisson.Clyde.Tables.User;
|
import ovh.herisson.Clyde.Tables.User;
|
||||||
|
|
||||||
@ -20,6 +21,13 @@ public class TeacherCourseService {
|
|||||||
this.userRepo = userRepo;
|
this.userRepo = userRepo;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public Iterable<User> findCourseAssistants(Course course) {
|
||||||
|
if (course == null)
|
||||||
|
return null;
|
||||||
|
return teacherCourseRepo.findAllAssistantOfCourse(course);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
public boolean saveAll(Iterable<Long> teacherIds, Course course){
|
public boolean saveAll(Iterable<Long> teacherIds, Course course){
|
||||||
|
|
||||||
if (course == null || teacherIds == null)
|
if (course == null || teacherIds == null)
|
||||||
@ -31,7 +39,7 @@ public class TeacherCourseService {
|
|||||||
if ( teacher== null){
|
if ( teacher== null){
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (!toAdd.contains(teacher))
|
if (!toAdd.contains(teacher) && teacher.getRole() == Role.Teacher)
|
||||||
{
|
{
|
||||||
toAdd.add(teacher);
|
toAdd.add(teacher);
|
||||||
}
|
}
|
||||||
@ -41,4 +49,5 @@ public class TeacherCourseService {
|
|||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user