tonitch/Clyde
1
0
Fork 0
forked from PGL/Clyde
Code Pull Requests Activity

protected post /user and get/users and return without password

Browse Source
This commit is contained in:
Bartha Maxime
2024-03-12 00:03:32 +01:00
parent 28d252279a
commit 5c728098df
1 changed files with 41 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java
View File

@ -8,8 +8,11 @@ import org.springframework.web.bind.annotation.*;
import ovh.herisson.Clyde.Responses.UnauthorizedResponse; import ovh.herisson.Clyde.Responses.UnauthorizedResponse;
import ovh.herisson.Clyde.Services.AuthenticatorService; import ovh.herisson.Clyde.Services.AuthenticatorService;
import ovh.herisson.Clyde.Services.UserService; import ovh.herisson.Clyde.Services.UserService;
import ovh.herisson.Clyde.Tables.Role;
import ovh.herisson.Clyde.Tables.User; import ovh.herisson.Clyde.Tables.User;
import java.util.ArrayList;
@RestController @RestController
@CrossOrigin(origins = "http://localhost:5173") @CrossOrigin(origins = "http://localhost:5173")
@ -23,25 +26,57 @@ public class UserController {
} }
@GetMapping("/user") @GetMapping("/user")
public ResponseEntity<User> getUser(@RequestHeader("Cookie") String authorization){ public ResponseEntity<Object[]> getUser(@RequestHeader("Authorization") String authorization){
if (authorization == null) return new UnauthorizedResponse<>(null); if (authorization == null) return new UnauthorizedResponse<>(null);
User user = authServ.getUserFromToken(authorization); User user = authServ.getUserFromToken(authorization);
if (user == null) return new UnauthorizedResponse<>(null); if (user == null) return new UnauthorizedResponse<>(null);
return new ResponseEntity<>(user, HttpStatus.OK);
return new ResponseEntity<>(userWithoutPassword(user), HttpStatus.OK);
} }
@PostMapping("/user") //todo check role @PostMapping("/user")
public ResponseEntity<String> postUser(@RequestBody User user){ public ResponseEntity<String> postUser(@RequestBody User user,@RequestHeader("Authorization") String authorization){
if (authorization == null) return new UnauthorizedResponse<>(null);
User poster = authServ.getUserFromToken(authorization);
if (poster.getRole() != Role.Secretary || poster.getRole() != Role.Admin)
return new UnauthorizedResponse<>(null);
userService.save(user); userService.save(user);
return new ResponseEntity<>(String.format("Account created with ID:%s",user.getRegNo()),HttpStatus.CREATED); return new ResponseEntity<>(String.format("Account created with ID:%s",user.getRegNo()),HttpStatus.CREATED);
} }
@GetMapping("/users") @GetMapping("/users")
public Iterable<User> getAllUsers(){ public ResponseEntity<Iterable<Object[]>> getAllUsers(@RequestHeader("Authorization") String authorization){
return userService.getAll();
if (authorization == null) return new UnauthorizedResponse<>(null);
User poster = authServ.getUserFromToken(authorization);
if (poster == null) return new UnauthorizedResponse<>(null);
if (poster.getRole() != Role.Secretary || poster.getRole() != Role.Admin)
return new UnauthorizedResponse<>(null);
Iterable<User> users = userService.getAll();
ArrayList<Object[]> withoutPassword = new ArrayList<>();
for (User u :users){
withoutPassword.add(userWithoutPassword(u));
}
return new ResponseEntity<>(withoutPassword, HttpStatus.OK);
} }
/** return user's data except password
* @param user the user to return
* @return all the user data without the password
*/
private Object[] userWithoutPassword(User user){
return new Object[] {user.getRegNo(),user.getFirstName(),user.getLastName(),user.getBirthDate(),user.getCountry(),user.getAddress(),user.getRole()};
}
} }