protected post /user and get/users and return without password

added a small description
2024-03-12 00:03:32 +01:00 · 2024-03-11 22:33:53 +01:00
2 changed files with 66 additions and 7 deletions
--- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java
+++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java
@ -8,8 +8,11 @@ import org.springframework.web.bind.annotation.*;
 import ovh.herisson.Clyde.Responses.UnauthorizedResponse;
 import ovh.herisson.Clyde.Services.AuthenticatorService;
 import ovh.herisson.Clyde.Services.UserService;
+import ovh.herisson.Clyde.Tables.Role;
 import ovh.herisson.Clyde.Tables.User;

+import java.util.ArrayList;
+

@RestController
@CrossOrigin(origins = "http://localhost:5173")
@ -23,25 +26,57 @@ public class UserController {
    }

    @GetMapping("/user")
-    public ResponseEntity<User> getUser(@RequestHeader("Cookie") String authorization){
+    public ResponseEntity<Object[]> getUser(@RequestHeader("Authorization") String authorization){

        if (authorization == null) return new UnauthorizedResponse<>(null);
        User user = authServ.getUserFromToken(authorization);
        if (user == null) return new UnauthorizedResponse<>(null);
-        return new ResponseEntity<>(user, HttpStatus.OK);
+
+        return new ResponseEntity<>(userWithoutPassword(user), HttpStatus.OK);
    }

-    @PostMapping("/user") //todo check role
-    public ResponseEntity<String> postUser(@RequestBody User user){
+    @PostMapping("/user")
+    public ResponseEntity<String> postUser(@RequestBody User user,@RequestHeader("Authorization") String authorization){
+
+        if (authorization == null) return new UnauthorizedResponse<>(null);
+        User poster = authServ.getUserFromToken(authorization);
+
+        if (poster.getRole() != Role.Secretary || poster.getRole() != Role.Admin)
+            return new UnauthorizedResponse<>(null);
+
+
        userService.save(user);
        return new ResponseEntity<>(String.format("Account created with ID:%s",user.getRegNo()),HttpStatus.CREATED);
    }

    @GetMapping("/users")
-    public Iterable<User> getAllUsers(){
-        return userService.getAll();
+    public ResponseEntity<Iterable<Object[]>> getAllUsers(@RequestHeader("Authorization") String authorization){
+
+        if (authorization == null) return new UnauthorizedResponse<>(null);
+        User poster = authServ.getUserFromToken(authorization);
+
+        if (poster == null) return new UnauthorizedResponse<>(null);
+
+        if (poster.getRole() != Role.Secretary || poster.getRole() != Role.Admin)
+            return new UnauthorizedResponse<>(null);
+
+        Iterable<User> users = userService.getAll();
+        ArrayList<Object[]> withoutPassword = new ArrayList<>();
+
+        for (User u :users){
+            withoutPassword.add(userWithoutPassword(u));
+        }
+        return new ResponseEntity<>(withoutPassword, HttpStatus.OK);
    }


+
+    /** return user's data except password
+     * @param user the user to return
+     * @return all the user data without the password
+     */
+    private Object[] userWithoutPassword(User user){
+        return new Object[] {user.getRegNo(),user.getFirstName(),user.getLastName(),user.getBirthDate(),user.getCountry(),user.getAddress(),user.getRole()};
+    }
 }

--- a/backend/src/main/java/ovh/herisson/Clyde/Tables/User.java
+++ b/backend/src/main/java/ovh/herisson/Clyde/Tables/User.java
@ -8,7 +8,6 @@ import java.util.Date;
 //et l'attribut tokenApi doit encore être ajouté vu qu'il faut en discuter

@Entity
-//Je rajoute un s au nom de la table pour éviter les conflits avec les mots réservés
@Table(name = "Users")
 public class User {
    @Id
@ -37,6 +36,31 @@ public class User {
        this.password = password;
    }

+
+    /** Constructor for the first registration request from a student (can't specify a Role)
+     *
+     * @param lastName
+     * @param firstName
+     * @param email
+     * @param address
+     * @param country
+     * @param birthDate
+     * @param profilePictureUrl
+     * @param password
+     */
+    public User(String lastName, String firstName, String email, String address,
+                String country, Date birthDate, String profilePictureUrl, String password)
+    {
+        this.lastName = lastName;
+        this.firstName = firstName;
+        this.email = email;
+        this.address = address;
+        this.country = country;
+        this.birthDate = birthDate;
+        this.profilePictureUrl = profilePictureUrl;
+        this.password = password;
+        this.role = Role.Student;
+    }
    public User() {}

    public int getRegNo(){
Author	SHA1	Message	Date
Bartha Maxime	5c728098df	protected post /user and get/users and return without password All checks were successful Build and test backend / Build-backend (pull_request) Successful in 1m58s Details Build and test backend / Test-backend (pull_request) Successful in 1m55s Details Build and test FrontEnd / Build-frontend (pull_request) Successful in 23s Details	2024-03-12 00:03:32 +01:00
Bartha Maxime	28d252279a	added a small description	2024-03-11 22:33:53 +01:00