From 76f5a39a8f91c47448182f447374d96d4e1ff6b7 Mon Sep 17 00:00:00 2001 From: Bartha Maxime <231026@umons.ac.be> Date: Sun, 17 Mar 2024 16:26:30 +0100 Subject: [PATCH] GET /users doesn't return Admins if the poster isn't an admin --- .../ovh/herisson/Clyde/EndPoints/UserController.java | 12 +++++++++++- .../herisson/Clyde/Repositories/UserRepository.java | 5 +++++ .../ovh/herisson/Clyde/Services/UserService.java | 4 ++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java index aee09b6..2ace404 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java +++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java @@ -9,6 +9,8 @@ import ovh.herisson.Clyde.Services.ProtectionService; import ovh.herisson.Clyde.Services.UserService; import ovh.herisson.Clyde.Tables.Role; import ovh.herisson.Clyde.Tables.User; + +import java.util.ArrayList; import java.util.HashMap; import java.util.Map; @@ -53,7 +55,15 @@ public class UserController { if (authServ.isNotIn(new Role[]{Role.Admin,Role.Secretary},token)) return new UnauthorizedResponse<>(null); - Iterable users = userService.getAll(); + Role posterRole = authServ.getUserFromToken(token).getRole(); + + Iterable users = new ArrayList<>(); + + if (posterRole == Role.Admin) + users = userService.getAll(); + + else if (posterRole == Role.Secretary) + users = userService.getAllExceptAdmins(); return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(users), HttpStatus.OK); } diff --git a/backend/src/main/java/ovh/herisson/Clyde/Repositories/UserRepository.java b/backend/src/main/java/ovh/herisson/Clyde/Repositories/UserRepository.java index a275948..413f090 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Repositories/UserRepository.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Repositories/UserRepository.java @@ -10,9 +10,14 @@ public interface UserRepository extends CrudRepository { User findByEmail(String email); + + @Query("select u from User u where u.role = ovh.herisson.Clyde.Tables.Role.Teacher") Iterable findAllTeachers(); @Query("select u from User u where u.role = ovh.herisson.Clyde.Tables.Role.Student") Iterable findAllStudents(); + + @Query("select u from User u where u.role <> ovh.herisson.Clyde.Tables.Role.Admin") + Iterable findAllExceptAdmins(); } \ No newline at end of file diff --git a/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java b/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java index 52078dc..3d30a89 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java @@ -114,6 +114,10 @@ public class UserService { return userRepo.findAll(); } + public Iterable getAllExceptAdmins(){ + return userRepo.findAllExceptAdmins(); + } + public Iterable getAllTeachers (){return userRepo.findAllTeachers();}