protected post /user and get/users and return without password
This commit is contained in:
@ -8,8 +8,11 @@ import org.springframework.web.bind.annotation.*;
|
||||
import ovh.herisson.Clyde.Responses.UnauthorizedResponse;
|
||||
import ovh.herisson.Clyde.Services.AuthenticatorService;
|
||||
import ovh.herisson.Clyde.Services.UserService;
|
||||
import ovh.herisson.Clyde.Tables.Role;
|
||||
import ovh.herisson.Clyde.Tables.User;
|
||||
|
||||
import java.util.ArrayList;
|
||||
|
||||
|
||||
@RestController
|
||||
@CrossOrigin(origins = "http://localhost:5173")
|
||||
@ -23,25 +26,57 @@ public class UserController {
|
||||
}
|
||||
|
||||
@GetMapping("/user")
|
||||
public ResponseEntity<User> getUser(@RequestHeader("Cookie") String authorization){
|
||||
public ResponseEntity<Object[]> getUser(@RequestHeader("Authorization") String authorization){
|
||||
|
||||
if (authorization == null) return new UnauthorizedResponse<>(null);
|
||||
User user = authServ.getUserFromToken(authorization);
|
||||
if (user == null) return new UnauthorizedResponse<>(null);
|
||||
return new ResponseEntity<>(user, HttpStatus.OK);
|
||||
|
||||
return new ResponseEntity<>(userWithoutPassword(user), HttpStatus.OK);
|
||||
}
|
||||
|
||||
@PostMapping("/user") //todo check role
|
||||
public ResponseEntity<String> postUser(@RequestBody User user){
|
||||
@PostMapping("/user")
|
||||
public ResponseEntity<String> postUser(@RequestBody User user,@RequestHeader("Authorization") String authorization){
|
||||
|
||||
if (authorization == null) return new UnauthorizedResponse<>(null);
|
||||
User poster = authServ.getUserFromToken(authorization);
|
||||
|
||||
if (poster.getRole() != Role.Secretary || poster.getRole() != Role.Admin)
|
||||
return new UnauthorizedResponse<>(null);
|
||||
|
||||
|
||||
userService.save(user);
|
||||
return new ResponseEntity<>(String.format("Account created with ID:%s",user.getRegNo()),HttpStatus.CREATED);
|
||||
}
|
||||
|
||||
@GetMapping("/users")
|
||||
public Iterable<User> getAllUsers(){
|
||||
return userService.getAll();
|
||||
public ResponseEntity<Iterable<Object[]>> getAllUsers(@RequestHeader("Authorization") String authorization){
|
||||
|
||||
if (authorization == null) return new UnauthorizedResponse<>(null);
|
||||
User poster = authServ.getUserFromToken(authorization);
|
||||
|
||||
if (poster == null) return new UnauthorizedResponse<>(null);
|
||||
|
||||
if (poster.getRole() != Role.Secretary || poster.getRole() != Role.Admin)
|
||||
return new UnauthorizedResponse<>(null);
|
||||
|
||||
Iterable<User> users = userService.getAll();
|
||||
ArrayList<Object[]> withoutPassword = new ArrayList<>();
|
||||
|
||||
for (User u :users){
|
||||
withoutPassword.add(userWithoutPassword(u));
|
||||
}
|
||||
return new ResponseEntity<>(withoutPassword, HttpStatus.OK);
|
||||
}
|
||||
|
||||
|
||||
|
||||
/** return user's data except password
|
||||
* @param user the user to return
|
||||
* @return all the user data without the password
|
||||
*/
|
||||
private Object[] userWithoutPassword(User user){
|
||||
return new Object[] {user.getRegNo(),user.getFirstName(),user.getLastName(),user.getBirthDate(),user.getCountry(),user.getAddress(),user.getRole()};
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user