added security to assistant posting and Get courses/owned for owners
All checks were successful
Build and test backend / Build-backend (pull_request) Successful in 2m0s
Build and test backend / Test-backend (pull_request) Successful in 1m57s
Build and test FrontEnd / Build-frontend (pull_request) Successful in 23s

This commit is contained in:
Bartha Maxime 2024-03-17 12:13:03 +01:00
parent f7df234312
commit cf2deb983d
7 changed files with 77 additions and 20 deletions

View File

@ -10,8 +10,8 @@ import ovh.herisson.Clyde.Services.ProtectionService;
import ovh.herisson.Clyde.Services.TeacherCourseService; import ovh.herisson.Clyde.Services.TeacherCourseService;
import ovh.herisson.Clyde.Tables.Course; import ovh.herisson.Clyde.Tables.Course;
import ovh.herisson.Clyde.Tables.Role; import ovh.herisson.Clyde.Tables.Role;
import ovh.herisson.Clyde.Tables.User;
import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
@ -49,14 +49,25 @@ public class CourseController {
if (authServ.isNotIn(new Role[]{Role.Admin,Role.Secretary},token)) if (authServ.isNotIn(new Role[]{Role.Admin,Role.Secretary},token))
return new UnauthorizedResponse<>(null); return new UnauthorizedResponse<>(null);
Iterable<Course> courses = courseServ.findAll(); return new ResponseEntity<>(ProtectionService.coursesWithoutPasswords(courseServ.findAll()),HttpStatus.OK);
ArrayList<HashMap<String,Object>> coursesWithoutPassword = new ArrayList<>(); }
for (Course course: courses){ @GetMapping("/courses/owned")
coursesWithoutPassword.add(ProtectionService.courseWithoutPassword(course)); public ResponseEntity<Iterable<HashMap<String ,Object>>> getOwnedCourses(@RequestHeader("Authorization") String token){
} if (authServ.isNotIn(new Role[]{Role.Admin,Role.Teacher},token))
return new UnauthorizedResponse<>(null);
return new ResponseEntity<>(coursesWithoutPassword,HttpStatus.OK); return new ResponseEntity<>(ProtectionService.coursesWithoutPasswords(courseServ.findOwnedCourses(authServ.getUserFromToken(token))),HttpStatus.OK);
}
@GetMapping("/course/{id}/assistants")
public ResponseEntity<Iterable<HashMap<String,Object>>> getCourseAssistants(@RequestHeader("Authorization")String token, @PathVariable long id){
if (authServ.getUserFromToken(token) == null)
return new UnauthorizedResponse<>(null);
Iterable<User> assistants = teacherCourseServ.findCourseAssistants(courseServ.findById(id));
return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(assistants),HttpStatus.OK);
} }

View File

@ -9,7 +9,6 @@ import ovh.herisson.Clyde.Services.ProtectionService;
import ovh.herisson.Clyde.Services.UserService; import ovh.herisson.Clyde.Services.UserService;
import ovh.herisson.Clyde.Tables.Role; import ovh.herisson.Clyde.Tables.Role;
import ovh.herisson.Clyde.Tables.User; import ovh.herisson.Clyde.Tables.User;
import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
@ -55,12 +54,8 @@ public class UserController {
return new UnauthorizedResponse<>(null); return new UnauthorizedResponse<>(null);
Iterable<User> users = userService.getAll(); Iterable<User> users = userService.getAll();
ArrayList<HashMap<String, Object>> withoutPassword = new ArrayList<>();
for (User u :users){ return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(users), HttpStatus.OK);
withoutPassword.add(ProtectionService.userWithoutPassword(u));
}
return new ResponseEntity<>(withoutPassword, HttpStatus.OK);
} }
/** changes the specified user's information /** changes the specified user's information
@ -93,13 +88,8 @@ public class UserController {
return new UnauthorizedResponse<>(null); return new UnauthorizedResponse<>(null);
Iterable<User> teachers = userService.getAllTeachers(); Iterable<User> teachers = userService.getAllTeachers();
ArrayList<HashMap<String, Object>> withoutPassword = new ArrayList<>();
for (User t: teachers){ return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(teachers), HttpStatus.OK);
withoutPassword.add(ProtectionService.userWithoutPassword(t));
}
return new ResponseEntity<>(withoutPassword, HttpStatus.OK);
} }
} }

View File

@ -1,8 +1,15 @@
package ovh.herisson.Clyde.Repositories; package ovh.herisson.Clyde.Repositories;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.CrudRepository; import org.springframework.data.repository.CrudRepository;
import ovh.herisson.Clyde.Tables.Course; import ovh.herisson.Clyde.Tables.Course;
import ovh.herisson.Clyde.Tables.User;
public interface CourseRepository extends CrudRepository<Course,Long> { public interface CourseRepository extends CrudRepository<Course,Long> {
Course findById(long id); Course findById(long id);
@Query("select c from Course c where c.owner = ?1")
Iterable<Course> findAllOwnedCoures(User teacher);
} }

View File

@ -1,8 +1,14 @@
package ovh.herisson.Clyde.Repositories; package ovh.herisson.Clyde.Repositories;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.CrudRepository; import org.springframework.data.repository.CrudRepository;
import ovh.herisson.Clyde.Tables.Course;
import ovh.herisson.Clyde.Tables.TeacherCourse; import ovh.herisson.Clyde.Tables.TeacherCourse;
import ovh.herisson.Clyde.Tables.User;
public interface TeacherCourseRepository extends CrudRepository<TeacherCourse, Long> { public interface TeacherCourseRepository extends CrudRepository<TeacherCourse, Long> {
@Query("select tc.user from TeacherCourse tc where tc.course = ?1")
Iterable<User> findAllAssistantOfCourse(Course course);
} }

View File

@ -31,6 +31,13 @@ public class CourseService {
return courseRepo.findAll(); return courseRepo.findAll();
} }
public Iterable<Course> findOwnedCourses(User userFromToken) {
return courseRepo.findAllOwnedCoures(userFromToken);
}
public boolean modifyData(long id, Map<String, Object> updates, Role role) { public boolean modifyData(long id, Map<String, Object> updates, Role role) {
Course target = courseRepo.findById(id); Course target = courseRepo.findById(id);

View File

@ -3,6 +3,7 @@ package ovh.herisson.Clyde.Services;
import ovh.herisson.Clyde.Tables.Course; import ovh.herisson.Clyde.Tables.Course;
import ovh.herisson.Clyde.Tables.User; import ovh.herisson.Clyde.Tables.User;
import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
public class ProtectionService { public class ProtectionService {
@ -13,6 +14,7 @@ public class ProtectionService {
*/ */
public static HashMap<String,Object> userWithoutPassword(User user){ public static HashMap<String,Object> userWithoutPassword(User user){
HashMap<String,Object> toReturn = new HashMap<>(); HashMap<String,Object> toReturn = new HashMap<>();
toReturn.put("regNo",user.getRegNo()); toReturn.put("regNo",user.getRegNo());
toReturn.put("lastName",user.getLastName()); toReturn.put("lastName",user.getLastName());
toReturn.put("firstName",user.getFirstName()); toReturn.put("firstName",user.getFirstName());
@ -24,6 +26,19 @@ public class ProtectionService {
toReturn.put("role",user.getRole()); toReturn.put("role",user.getRole());
return toReturn; return toReturn;
} }
public static Iterable<HashMap<String ,Object>>usersWithoutPasswords(Iterable<User> users){
ArrayList<HashMap<String,Object>> toReturn = new ArrayList<>();
for (User u : users){
toReturn.add(userWithoutPassword(u));
}
return toReturn;
}
public static HashMap<String,Object> courseWithoutPassword(Course course){ public static HashMap<String,Object> courseWithoutPassword(Course course){
HashMap<String ,Object> toReturn = new HashMap<>(); HashMap<String ,Object> toReturn = new HashMap<>();
@ -34,5 +49,17 @@ public class ProtectionService {
return toReturn; return toReturn;
} }
public static Iterable<HashMap<String ,Object>> coursesWithoutPasswords(Iterable<Course> courses){
ArrayList<HashMap<String,Object>> toReturn = new ArrayList<>();
for (Course course: courses){
toReturn.add(ProtectionService.courseWithoutPassword(course));
}
return toReturn;
}
} }

View File

@ -4,6 +4,7 @@ import org.springframework.stereotype.Controller;
import ovh.herisson.Clyde.Repositories.TeacherCourseRepository; import ovh.herisson.Clyde.Repositories.TeacherCourseRepository;
import ovh.herisson.Clyde.Repositories.UserRepository; import ovh.herisson.Clyde.Repositories.UserRepository;
import ovh.herisson.Clyde.Tables.Course; import ovh.herisson.Clyde.Tables.Course;
import ovh.herisson.Clyde.Tables.Role;
import ovh.herisson.Clyde.Tables.TeacherCourse; import ovh.herisson.Clyde.Tables.TeacherCourse;
import ovh.herisson.Clyde.Tables.User; import ovh.herisson.Clyde.Tables.User;
@ -20,6 +21,13 @@ public class TeacherCourseService {
this.userRepo = userRepo; this.userRepo = userRepo;
} }
public Iterable<User> findCourseAssistants(Course course) {
if (course == null)
return null;
return teacherCourseRepo.findAllAssistantOfCourse(course);
}
public boolean saveAll(Iterable<Long> teacherIds, Course course){ public boolean saveAll(Iterable<Long> teacherIds, Course course){
if (course == null || teacherIds == null) if (course == null || teacherIds == null)
@ -31,7 +39,7 @@ public class TeacherCourseService {
if ( teacher== null){ if ( teacher== null){
return false; return false;
} }
if (!toAdd.contains(teacher)) if (!toAdd.contains(teacher) && teacher.getRole() == Role.Teacher)
{ {
toAdd.add(teacher); toAdd.add(teacher);
} }
@ -41,4 +49,5 @@ public class TeacherCourseService {
} }
return true; return true;
} }
} }