From cf2deb983deae06caacb50243812e92bcbd0533e Mon Sep 17 00:00:00 2001 From: Bartha Maxime <231026@umons.ac.be> Date: Sun, 17 Mar 2024 12:13:03 +0100 Subject: [PATCH] added security to assistant posting and Get courses/owned for owners --- .../Clyde/EndPoints/CourseController.java | 25 ++++++++++++----- .../Clyde/EndPoints/UserController.java | 14 ++-------- .../Clyde/Repositories/CourseRepository.java | 7 +++++ .../Repositories/TeacherCourseRepository.java | 6 +++++ .../Clyde/Services/CourseService.java | 7 +++++ .../Clyde/Services/ProtectionService.java | 27 +++++++++++++++++++ .../Clyde/Services/TeacherCourseService.java | 11 +++++++- 7 files changed, 77 insertions(+), 20 deletions(-) diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/CourseController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/CourseController.java index 82e66da..f3e93d4 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/CourseController.java +++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/CourseController.java @@ -10,8 +10,8 @@ import ovh.herisson.Clyde.Services.ProtectionService; import ovh.herisson.Clyde.Services.TeacherCourseService; import ovh.herisson.Clyde.Tables.Course; import ovh.herisson.Clyde.Tables.Role; +import ovh.herisson.Clyde.Tables.User; -import java.util.ArrayList; import java.util.HashMap; import java.util.Map; @@ -49,14 +49,25 @@ public class CourseController { if (authServ.isNotIn(new Role[]{Role.Admin,Role.Secretary},token)) return new UnauthorizedResponse<>(null); - Iterable courses = courseServ.findAll(); - ArrayList> coursesWithoutPassword = new ArrayList<>(); + return new ResponseEntity<>(ProtectionService.coursesWithoutPasswords(courseServ.findAll()),HttpStatus.OK); + } - for (Course course: courses){ - coursesWithoutPassword.add(ProtectionService.courseWithoutPassword(course)); - } + @GetMapping("/courses/owned") + public ResponseEntity>> getOwnedCourses(@RequestHeader("Authorization") String token){ + if (authServ.isNotIn(new Role[]{Role.Admin,Role.Teacher},token)) + return new UnauthorizedResponse<>(null); - return new ResponseEntity<>(coursesWithoutPassword,HttpStatus.OK); + return new ResponseEntity<>(ProtectionService.coursesWithoutPasswords(courseServ.findOwnedCourses(authServ.getUserFromToken(token))),HttpStatus.OK); + } + + @GetMapping("/course/{id}/assistants") + public ResponseEntity>> getCourseAssistants(@RequestHeader("Authorization")String token, @PathVariable long id){ + if (authServ.getUserFromToken(token) == null) + return new UnauthorizedResponse<>(null); + + Iterable assistants = teacherCourseServ.findCourseAssistants(courseServ.findById(id)); + + return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(assistants),HttpStatus.OK); } diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java index c449a27..bcc866f 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java +++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java @@ -9,7 +9,6 @@ import ovh.herisson.Clyde.Services.ProtectionService; import ovh.herisson.Clyde.Services.UserService; import ovh.herisson.Clyde.Tables.Role; import ovh.herisson.Clyde.Tables.User; -import java.util.ArrayList; import java.util.HashMap; import java.util.Map; @@ -55,12 +54,8 @@ public class UserController { return new UnauthorizedResponse<>(null); Iterable users = userService.getAll(); - ArrayList> withoutPassword = new ArrayList<>(); - for (User u :users){ - withoutPassword.add(ProtectionService.userWithoutPassword(u)); - } - return new ResponseEntity<>(withoutPassword, HttpStatus.OK); + return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(users), HttpStatus.OK); } /** changes the specified user's information @@ -93,13 +88,8 @@ public class UserController { return new UnauthorizedResponse<>(null); Iterable teachers = userService.getAllTeachers(); - ArrayList> withoutPassword = new ArrayList<>(); - for (User t: teachers){ - withoutPassword.add(ProtectionService.userWithoutPassword(t)); - } - - return new ResponseEntity<>(withoutPassword, HttpStatus.OK); + return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(teachers), HttpStatus.OK); } } diff --git a/backend/src/main/java/ovh/herisson/Clyde/Repositories/CourseRepository.java b/backend/src/main/java/ovh/herisson/Clyde/Repositories/CourseRepository.java index 671a995..aa7564a 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Repositories/CourseRepository.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Repositories/CourseRepository.java @@ -1,8 +1,15 @@ package ovh.herisson.Clyde.Repositories; +import org.springframework.data.jpa.repository.Query; import org.springframework.data.repository.CrudRepository; import ovh.herisson.Clyde.Tables.Course; +import ovh.herisson.Clyde.Tables.User; public interface CourseRepository extends CrudRepository { Course findById(long id); + + + @Query("select c from Course c where c.owner = ?1") + Iterable findAllOwnedCoures(User teacher); + } diff --git a/backend/src/main/java/ovh/herisson/Clyde/Repositories/TeacherCourseRepository.java b/backend/src/main/java/ovh/herisson/Clyde/Repositories/TeacherCourseRepository.java index ffe654a..3dbb7ff 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Repositories/TeacherCourseRepository.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Repositories/TeacherCourseRepository.java @@ -1,8 +1,14 @@ package ovh.herisson.Clyde.Repositories; +import org.springframework.data.jpa.repository.Query; import org.springframework.data.repository.CrudRepository; +import ovh.herisson.Clyde.Tables.Course; import ovh.herisson.Clyde.Tables.TeacherCourse; +import ovh.herisson.Clyde.Tables.User; public interface TeacherCourseRepository extends CrudRepository { + + @Query("select tc.user from TeacherCourse tc where tc.course = ?1") + Iterable findAllAssistantOfCourse(Course course); } diff --git a/backend/src/main/java/ovh/herisson/Clyde/Services/CourseService.java b/backend/src/main/java/ovh/herisson/Clyde/Services/CourseService.java index bdb9ae8..b5dd906 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Services/CourseService.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Services/CourseService.java @@ -31,6 +31,13 @@ public class CourseService { return courseRepo.findAll(); } + + public Iterable findOwnedCourses(User userFromToken) { + return courseRepo.findAllOwnedCoures(userFromToken); + } + + + public boolean modifyData(long id, Map updates, Role role) { Course target = courseRepo.findById(id); diff --git a/backend/src/main/java/ovh/herisson/Clyde/Services/ProtectionService.java b/backend/src/main/java/ovh/herisson/Clyde/Services/ProtectionService.java index 8c778e1..7f2bea8 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Services/ProtectionService.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Services/ProtectionService.java @@ -3,6 +3,7 @@ package ovh.herisson.Clyde.Services; import ovh.herisson.Clyde.Tables.Course; import ovh.herisson.Clyde.Tables.User; +import java.util.ArrayList; import java.util.HashMap; public class ProtectionService { @@ -13,6 +14,7 @@ public class ProtectionService { */ public static HashMap userWithoutPassword(User user){ HashMap toReturn = new HashMap<>(); + toReturn.put("regNo",user.getRegNo()); toReturn.put("lastName",user.getLastName()); toReturn.put("firstName",user.getFirstName()); @@ -24,6 +26,19 @@ public class ProtectionService { toReturn.put("role",user.getRole()); return toReturn; } + + public static Iterable>usersWithoutPasswords(Iterable users){ + ArrayList> toReturn = new ArrayList<>(); + + for (User u : users){ + toReturn.add(userWithoutPassword(u)); + } + + return toReturn; + } + + + public static HashMap courseWithoutPassword(Course course){ HashMap toReturn = new HashMap<>(); @@ -34,5 +49,17 @@ public class ProtectionService { return toReturn; } + public static Iterable> coursesWithoutPasswords(Iterable courses){ + ArrayList> toReturn = new ArrayList<>(); + + for (Course course: courses){ + toReturn.add(ProtectionService.courseWithoutPassword(course)); + } + + return toReturn; + + } + + } diff --git a/backend/src/main/java/ovh/herisson/Clyde/Services/TeacherCourseService.java b/backend/src/main/java/ovh/herisson/Clyde/Services/TeacherCourseService.java index 84900a8..dee3a7b 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Services/TeacherCourseService.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Services/TeacherCourseService.java @@ -4,6 +4,7 @@ import org.springframework.stereotype.Controller; import ovh.herisson.Clyde.Repositories.TeacherCourseRepository; import ovh.herisson.Clyde.Repositories.UserRepository; import ovh.herisson.Clyde.Tables.Course; +import ovh.herisson.Clyde.Tables.Role; import ovh.herisson.Clyde.Tables.TeacherCourse; import ovh.herisson.Clyde.Tables.User; @@ -20,6 +21,13 @@ public class TeacherCourseService { this.userRepo = userRepo; } + public Iterable findCourseAssistants(Course course) { + if (course == null) + return null; + return teacherCourseRepo.findAllAssistantOfCourse(course); + } + + public boolean saveAll(Iterable teacherIds, Course course){ if (course == null || teacherIds == null) @@ -31,7 +39,7 @@ public class TeacherCourseService { if ( teacher== null){ return false; } - if (!toAdd.contains(teacher)) + if (!toAdd.contains(teacher) && teacher.getRole() == Role.Teacher) { toAdd.add(teacher); } @@ -41,4 +49,5 @@ public class TeacherCourseService { } return true; } + }