Compare commits

...

2 Commits

Author SHA1 Message Date
76f5a39a8f GET /users doesn't return Admins if the poster isn't an admin
All checks were successful
Build and test backend / Build-backend (pull_request) Successful in 2m1s
Build and test backend / Test-backend (pull_request) Successful in 2m0s
Build and test FrontEnd / Build-frontend (pull_request) Successful in 24s
2024-03-17 16:26:30 +01:00
37f8a3ac4e removed an unused variable 2024-03-17 16:25:00 +01:00
4 changed files with 20 additions and 3 deletions

View File

@ -54,8 +54,6 @@ public class ApplicationsController {
// if authed // if authed
authorizedApps.add(Applications.Profile); authorizedApps.add(Applications.Profile);
Role posterRole = user.getRole();
if (!authServ.isNotIn(new Role[]{Role.Teacher,Role.Student,Role.Admin},token)) { if (!authServ.isNotIn(new Role[]{Role.Teacher,Role.Student,Role.Admin},token)) {
authorizedApps.add(Applications.Msg); authorizedApps.add(Applications.Msg);
authorizedApps.add(Applications.Forum); authorizedApps.add(Applications.Forum);

View File

@ -9,6 +9,8 @@ import ovh.herisson.Clyde.Services.ProtectionService;
import ovh.herisson.Clyde.Services.UserService; import ovh.herisson.Clyde.Services.UserService;
import ovh.herisson.Clyde.Tables.Role; import ovh.herisson.Clyde.Tables.Role;
import ovh.herisson.Clyde.Tables.User; import ovh.herisson.Clyde.Tables.User;
import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
@ -53,7 +55,15 @@ public class UserController {
if (authServ.isNotIn(new Role[]{Role.Admin,Role.Secretary},token)) if (authServ.isNotIn(new Role[]{Role.Admin,Role.Secretary},token))
return new UnauthorizedResponse<>(null); return new UnauthorizedResponse<>(null);
Iterable<User> users = userService.getAll(); Role posterRole = authServ.getUserFromToken(token).getRole();
Iterable<User> users = new ArrayList<>();
if (posterRole == Role.Admin)
users = userService.getAll();
else if (posterRole == Role.Secretary)
users = userService.getAllExceptAdmins();
return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(users), HttpStatus.OK); return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(users), HttpStatus.OK);
} }

View File

@ -10,9 +10,14 @@ public interface UserRepository extends CrudRepository<User, Long> {
User findByEmail(String email); User findByEmail(String email);
@Query("select u from User u where u.role = ovh.herisson.Clyde.Tables.Role.Teacher") @Query("select u from User u where u.role = ovh.herisson.Clyde.Tables.Role.Teacher")
Iterable<User> findAllTeachers(); Iterable<User> findAllTeachers();
@Query("select u from User u where u.role = ovh.herisson.Clyde.Tables.Role.Student") @Query("select u from User u where u.role = ovh.herisson.Clyde.Tables.Role.Student")
Iterable<User> findAllStudents(); Iterable<User> findAllStudents();
@Query("select u from User u where u.role <> ovh.herisson.Clyde.Tables.Role.Admin")
Iterable<User> findAllExceptAdmins();
} }

View File

@ -114,6 +114,10 @@ public class UserService {
return userRepo.findAll(); return userRepo.findAll();
} }
public Iterable<User> getAllExceptAdmins(){
return userRepo.findAllExceptAdmins();
}
public Iterable<User> getAllTeachers (){return userRepo.findAllTeachers();} public Iterable<User> getAllTeachers (){return userRepo.findAllTeachers();}