1
0
forked from PGL/Clyde

added security to the post of course and GET /courses

This commit is contained in:
Bartha Maxime 2024-03-17 02:15:08 +01:00
parent 474a8d3f31
commit 6e6bd285af
2 changed files with 22 additions and 1 deletions

View File

@ -40,6 +40,15 @@ public class CourseController {
return new ResponseEntity<>(foundCourse, HttpStatus.OK); return new ResponseEntity<>(foundCourse, HttpStatus.OK);
} }
@GetMapping("/courses")
public ResponseEntity<Iterable<Course>> getAllCourses(@RequestHeader("Authorization") String token){
if (authServ.isNotIn(new Role[]{Role.Admin,Role.Secretary},token))
return new UnauthorizedResponse<>(null);
return new ResponseEntity<>(courseServ.findAll(),HttpStatus.OK);
}
@PostMapping("/course") @PostMapping("/course")
public ResponseEntity<Course> postCourse(@RequestHeader("Authorization") String token, public ResponseEntity<Course> postCourse(@RequestHeader("Authorization") String token,
@ -49,7 +58,11 @@ public class CourseController {
if (authServ.isNotIn(new Role[]{Role.Secretary,Role.Admin},token)) if (authServ.isNotIn(new Role[]{Role.Secretary,Role.Admin},token))
return new UnauthorizedResponse<>(null); return new UnauthorizedResponse<>(null);
return new ResponseEntity<>(courseServ.save(course), HttpStatus.CREATED); Course createdCourse = courseServ.save(course);
if (createdCourse == null)
return new ResponseEntity<>(null,HttpStatus.BAD_REQUEST);
return new ResponseEntity<>(createdCourse, HttpStatus.CREATED);
} }

View File

@ -17,6 +17,8 @@ public class CourseService {
} }
public Course save(Course course){ public Course save(Course course){
if (course.getOwner().getRole() != Role.Teacher)
return null;
return courseRepo.save(course); return courseRepo.save(course);
} }
@ -24,6 +26,11 @@ public class CourseService {
return courseRepo.findById(id); return courseRepo.findById(id);
} }
public Iterable<Course> findAll() {
return courseRepo.findAll();
}
public boolean modifyData(long id, Map<String, Object> updates, Role role) { public boolean modifyData(long id, Map<String, Object> updates, Role role) {
Course target = courseRepo.findById(id); Course target = courseRepo.findById(id);
@ -62,4 +69,5 @@ public class CourseService {
courseRepo.save(target); courseRepo.save(target);
return true; return true;
} }
} }