GET /users doesn't return Admins if the poster isn't an admin
This commit is contained in:
parent
37f8a3ac4e
commit
76f5a39a8f
@ -9,6 +9,8 @@ import ovh.herisson.Clyde.Services.ProtectionService;
|
|||||||
import ovh.herisson.Clyde.Services.UserService;
|
import ovh.herisson.Clyde.Services.UserService;
|
||||||
import ovh.herisson.Clyde.Tables.Role;
|
import ovh.herisson.Clyde.Tables.Role;
|
||||||
import ovh.herisson.Clyde.Tables.User;
|
import ovh.herisson.Clyde.Tables.User;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
@ -53,7 +55,15 @@ public class UserController {
|
|||||||
if (authServ.isNotIn(new Role[]{Role.Admin,Role.Secretary},token))
|
if (authServ.isNotIn(new Role[]{Role.Admin,Role.Secretary},token))
|
||||||
return new UnauthorizedResponse<>(null);
|
return new UnauthorizedResponse<>(null);
|
||||||
|
|
||||||
Iterable<User> users = userService.getAll();
|
Role posterRole = authServ.getUserFromToken(token).getRole();
|
||||||
|
|
||||||
|
Iterable<User> users = new ArrayList<>();
|
||||||
|
|
||||||
|
if (posterRole == Role.Admin)
|
||||||
|
users = userService.getAll();
|
||||||
|
|
||||||
|
else if (posterRole == Role.Secretary)
|
||||||
|
users = userService.getAllExceptAdmins();
|
||||||
|
|
||||||
return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(users), HttpStatus.OK);
|
return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(users), HttpStatus.OK);
|
||||||
}
|
}
|
||||||
|
@ -10,9 +10,14 @@ public interface UserRepository extends CrudRepository<User, Long> {
|
|||||||
|
|
||||||
User findByEmail(String email);
|
User findByEmail(String email);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@Query("select u from User u where u.role = ovh.herisson.Clyde.Tables.Role.Teacher")
|
@Query("select u from User u where u.role = ovh.herisson.Clyde.Tables.Role.Teacher")
|
||||||
Iterable<User> findAllTeachers();
|
Iterable<User> findAllTeachers();
|
||||||
|
|
||||||
@Query("select u from User u where u.role = ovh.herisson.Clyde.Tables.Role.Student")
|
@Query("select u from User u where u.role = ovh.herisson.Clyde.Tables.Role.Student")
|
||||||
Iterable<User> findAllStudents();
|
Iterable<User> findAllStudents();
|
||||||
|
|
||||||
|
@Query("select u from User u where u.role <> ovh.herisson.Clyde.Tables.Role.Admin")
|
||||||
|
Iterable<User> findAllExceptAdmins();
|
||||||
}
|
}
|
@ -114,6 +114,10 @@ public class UserService {
|
|||||||
return userRepo.findAll();
|
return userRepo.findAll();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public Iterable<User> getAllExceptAdmins(){
|
||||||
|
return userRepo.findAllExceptAdmins();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
public Iterable<User> getAllTeachers (){return userRepo.findAllTeachers();}
|
public Iterable<User> getAllTeachers (){return userRepo.findAllTeachers();}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user