added ApplicationController and Application enum #119
@ -31,23 +31,32 @@ public class ApplicationsController {
|
|||||||
return new ResponseEntity<>(getAuthorizedApplications(token), HttpStatus.OK);
|
return new ResponseEntity<>(getAuthorizedApplications(token), HttpStatus.OK);
|
||||||
}
|
}
|
||||||
|
|
||||||
private ArrayList<Applications> getAuthorizedApplications(String token){
|
@GetMapping("/apps/{identifier}")
|
||||||
|
public ResponseEntity<Boolean> getAppAuthorization(@PathVariable Applications identifier, @RequestHeader("Authorization") String token){
|
||||||
|
|
||||||
|
if (getAuthorizedApplications(token).contains(identifier)){
|
||||||
|
return new ResponseEntity<>(true, HttpStatus.OK);
|
||||||
|
}
|
||||||
|
return new ResponseEntity<>(false, HttpStatus.OK);
|
||||||
|
}
|
||||||
|
|
||||||
|
public ArrayList<Applications> getAuthorizedApplications(String token){
|
||||||
Role posterRole = authServ.getUserFromToken(token).getRole();
|
Role posterRole = authServ.getUserFromToken(token).getRole();
|
||||||
ArrayList<Applications> authorizedApps = new ArrayList<>();
|
ArrayList<Applications> authorizedApps = new ArrayList<>();
|
||||||
|
|
||||||
authorizedApps.add(Applications.LOGIN);
|
authorizedApps.add(Applications.Login);
|
||||||
authorizedApps.add(Applications.PROFILE);
|
authorizedApps.add(Applications.Profile);
|
||||||
|
|
||||||
if (posterRole == Role.Teacher || posterRole == Role.Student || posterRole == Role.Admin){
|
if (posterRole == Role.Teacher || posterRole == Role.Student || posterRole == Role.Admin){
|
||||||
authorizedApps.add(Applications.MSG);
|
authorizedApps.add(Applications.Msg);
|
||||||
authorizedApps.add(Applications.FORUM);
|
authorizedApps.add(Applications.Forum);
|
||||||
authorizedApps.add(Applications.RDV);
|
authorizedApps.add(Applications.Rdv);
|
||||||
Maxime marked this conversation as resolved
Outdated
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (posterRole == Role.Teacher || posterRole == Role.Secretary || posterRole == Role.Admin) authorizedApps.add(Applications.MANAGECOURSES);
|
if (posterRole == Role.Teacher || posterRole == Role.Secretary || posterRole == Role.Admin) authorizedApps.add(Applications.ManageCourses);
|
||||||
|
|
||||||
if (posterRole == Role.InscriptionService || posterRole == Role.Admin) authorizedApps.add(Applications.INSCRIPTION);
|
if (posterRole == Role.InscriptionService || posterRole == Role.Admin) authorizedApps.add(Applications.Inscription);
|
||||||
|
|
||||||
return authorizedApps;
|
return authorizedApps;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -43,28 +43,4 @@ public class CurriculumController {
|
|||||||
public ResponseEntity<Iterable<CurriculumCourse>> findAll(){
|
public ResponseEntity<Iterable<CurriculumCourse>> findAll(){
|
||||||
return new ResponseEntity<>(curriculumCourseServ.findAll(),HttpStatus.OK);
|
return new ResponseEntity<>(curriculumCourseServ.findAll(),HttpStatus.OK);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**@PostMapping("/curriculum")
|
|
||||||
public ResponseEntity<String> postCurriculum(@RequestHeader("Authorization") String token,@RequestBody Curriculum curriculum){
|
|
||||||
|
|
||||||
if (!isSecretaryOrAdmin(token)){
|
|
||||||
return new UnauthorizedResponse<>("you're not allowed to post a Curriculum");
|
|
||||||
}
|
|
||||||
|
|
||||||
CurriculumServ.save(Curriculum);
|
|
||||||
|
|
||||||
return new ResponseEntity<>("created !",HttpStatus.CREATED);
|
|
||||||
}**/
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
private boolean isSecretaryOrAdmin(String authorization){
|
|
||||||
if (authorization ==null)
|
|
||||||
return false;
|
|
||||||
|
|
||||||
User poster = authServ.getUserFromToken(authorization);
|
|
||||||
if (poster == null) return false;
|
|
||||||
|
|
||||||
return poster.getRole() == Role.Secretary && poster.getRole() == Role.Admin;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -32,7 +32,7 @@ public class InscriptionController {
|
|||||||
@GetMapping("/requests/register")
|
@GetMapping("/requests/register")
|
||||||
public ResponseEntity<Iterable<Map<String,Object>>> getAllRequests(@RequestHeader("Authorization") String token){
|
public ResponseEntity<Iterable<Map<String,Object>>> getAllRequests(@RequestHeader("Authorization") String token){
|
||||||
|
|
||||||
if (!isSecretaryOrAdmin(token)){return new UnauthorizedResponse<>(null);}
|
if (authServ.isNotSecretaryOrAdmin(token)){return new UnauthorizedResponse<>(null);}
|
||||||
|
|
||||||
Iterable<InscriptionRequest> inscriptionRequests = inscriptionServ.getAll();
|
Iterable<InscriptionRequest> inscriptionRequests = inscriptionServ.getAll();
|
||||||
ArrayList<Map<String,Object>> toReturn = new ArrayList<>();
|
ArrayList<Map<String,Object>> toReturn = new ArrayList<>();
|
||||||
@ -64,7 +64,7 @@ public class InscriptionController {
|
|||||||
@RequestHeader("Authorize") String token,
|
@RequestHeader("Authorize") String token,
|
||||||
@RequestBody RequestState requestState)
|
@RequestBody RequestState requestState)
|
||||||
{
|
{
|
||||||
if (!isSecretaryOrAdmin(token)) return new UnauthorizedResponse<>(null);
|
if (authServ.isNotSecretaryOrAdmin(token)) return new UnauthorizedResponse<>(null);
|
||||||
inscriptionServ.modifyState(id, requestState);
|
inscriptionServ.modifyState(id, requestState);
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
@ -83,15 +83,4 @@ public class InscriptionController {
|
|||||||
toReturn.put("state", inscriptionRequest.getState());
|
toReturn.put("state", inscriptionRequest.getState());
|
||||||
return toReturn;
|
return toReturn;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private boolean isSecretaryOrAdmin(String authorization){
|
|
||||||
if (authorization ==null)
|
|
||||||
return false;
|
|
||||||
|
|
||||||
User poster = authServ.getUserFromToken(authorization);
|
|
||||||
if (poster == null) return false;
|
|
||||||
|
|
||||||
return poster.getRole() == Role.Secretary && poster.getRole() == Role.Admin;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
@ -49,4 +49,4 @@ public class LoginController {
|
|||||||
authServ.register(inscriptionRequest);
|
authServ.register(inscriptionRequest);
|
||||||
return new ResponseEntity<>("Is OK", HttpStatus.OK);
|
return new ResponseEntity<>("Is OK", HttpStatus.OK);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -51,6 +51,7 @@ public class MockController {
|
|||||||
User joe = new User("Mama","Joe","student@student.com","roundabout","DaWarudo",new Date(0), null,Role.Student,passwordEncoder.encode("student"));
|
User joe = new User("Mama","Joe","student@student.com","roundabout","DaWarudo",new Date(0), null,Role.Student,passwordEncoder.encode("student"));
|
||||||
User meh = new User("Inspiration","lackOf","secretary@secretary.com","a Box","the street",new Date(0), null,Role.Teacher,passwordEncoder.encode("secretary"));
|
User meh = new User("Inspiration","lackOf","secretary@secretary.com","a Box","the street",new Date(0), null,Role.Teacher,passwordEncoder.encode("secretary"));
|
||||||
User joke = new User("CthemBalls","Lemme","teacher@teacher.com","lab","faculty",new Date(0), null,Role.Teacher,passwordEncoder.encode("teacher"));
|
User joke = new User("CthemBalls","Lemme","teacher@teacher.com","lab","faculty",new Date(0), null,Role.Teacher,passwordEncoder.encode("teacher"));
|
||||||
|
User lena = new User("Louille","Lena","inscriptionService@InscriptionService.com","no","yes",new Date(0), null,Role.Teacher,passwordEncoder.encode("inscriptionService"));
|
||||||
mockUsers = new ArrayList<>(Arrays.asList(herobrine,joe,meh,joke));
|
mockUsers = new ArrayList<>(Arrays.asList(herobrine,joe,meh,joke));
|
||||||
|
|
||||||
userRepo.saveAll(mockUsers);
|
userRepo.saveAll(mockUsers);
|
||||||
|
@ -38,7 +38,7 @@ public class UserController {
|
|||||||
@PostMapping("/user")
|
@PostMapping("/user")
|
||||||
public ResponseEntity<String> postUser(@RequestBody User user,@RequestHeader("Authorization") String authorization){
|
public ResponseEntity<String> postUser(@RequestBody User user,@RequestHeader("Authorization") String authorization){
|
||||||
|
|
||||||
if (!isSecretaryOrAdmin(authorization))
|
if (authServ.isNotSecretaryOrAdmin(authorization))
|
||||||
return new UnauthorizedResponse<>(null);
|
return new UnauthorizedResponse<>(null);
|
||||||
|
|
||||||
userService.save(user);
|
userService.save(user);
|
||||||
@ -48,7 +48,7 @@ public class UserController {
|
|||||||
@GetMapping("/users")
|
@GetMapping("/users")
|
||||||
public ResponseEntity<Iterable<HashMap<String,Object>>> getAllUsers(@RequestHeader("Authorization") String authorization){
|
public ResponseEntity<Iterable<HashMap<String,Object>>> getAllUsers(@RequestHeader("Authorization") String authorization){
|
||||||
|
|
||||||
if (!isSecretaryOrAdmin(authorization))
|
if (authServ.isNotSecretaryOrAdmin(authorization))
|
||||||
return new UnauthorizedResponse<>(null);
|
return new UnauthorizedResponse<>(null);
|
||||||
|
|
||||||
Iterable<User> users = userService.getAll();
|
Iterable<User> users = userService.getAll();
|
||||||
@ -78,7 +78,6 @@ public class UserController {
|
|||||||
*/
|
*/
|
||||||
private HashMap<String,Object> userWithoutPassword(User user){
|
private HashMap<String,Object> userWithoutPassword(User user){
|
||||||
HashMap<String,Object> toReturn = new HashMap<>();
|
HashMap<String,Object> toReturn = new HashMap<>();
|
||||||
|
|
||||||
toReturn.put("regNo",user.getRegNo());
|
toReturn.put("regNo",user.getRegNo());
|
||||||
toReturn.put("firstName",user.getFirstName());
|
toReturn.put("firstName",user.getFirstName());
|
||||||
toReturn.put("lastName",user.getLastName());
|
toReturn.put("lastName",user.getLastName());
|
||||||
@ -86,18 +85,7 @@ public class UserController {
|
|||||||
toReturn.put("country",user.getCountry());
|
toReturn.put("country",user.getCountry());
|
||||||
toReturn.put("address",user.getAddress());
|
toReturn.put("address",user.getAddress());
|
||||||
toReturn.put("role",user.getRole());
|
toReturn.put("role",user.getRole());
|
||||||
|
|
||||||
return toReturn;
|
return toReturn;
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean isSecretaryOrAdmin(String authorization){
|
|
||||||
if (authorization ==null)
|
|
||||||
return false;
|
|
||||||
|
|
||||||
User poster = authServ.getUserFromToken(authorization);
|
|
||||||
if (poster == null) return false;
|
|
||||||
|
|
||||||
return poster.getRole() == Role.Secretary && poster.getRole() == Role.Admin;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,9 +1,8 @@
|
|||||||
package ovh.herisson.Clyde.Services;
|
package ovh.herisson.Clyde.Services;
|
||||||
|
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
import ovh.herisson.Clyde.EndPoints.LoginController;
|
|
||||||
import ovh.herisson.Clyde.Repositories.InscriptionRepository;
|
|
||||||
import ovh.herisson.Clyde.Tables.InscriptionRequest;
|
import ovh.herisson.Clyde.Tables.InscriptionRequest;
|
||||||
|
import ovh.herisson.Clyde.Tables.Role;
|
||||||
import ovh.herisson.Clyde.Tables.Token;
|
import ovh.herisson.Clyde.Tables.Token;
|
||||||
import ovh.herisson.Clyde.Tables.User;
|
import ovh.herisson.Clyde.Tables.User;
|
||||||
|
|
||||||
@ -39,4 +38,17 @@ public class AuthenticatorService {
|
|||||||
public void register(InscriptionRequest inscriptionRequest) {
|
public void register(InscriptionRequest inscriptionRequest) {
|
||||||
inscriptionService.save(inscriptionRequest);
|
inscriptionService.save(inscriptionRequest);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public boolean isNotSecretaryOrAdmin(String authorization){
|
||||||
|
if (authorization ==null)
|
||||||
|
return true;
|
||||||
|
|
||||||
|
User poster = getUserFromToken(authorization);
|
||||||
|
if (poster == null) return true;
|
||||||
|
|
||||||
|
return poster.getRole() != Role.Secretary || poster.getRole() != Role.Admin;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -31,4 +31,4 @@ public class InscriptionService {
|
|||||||
inscriptionRequest.setState(requestState);
|
inscriptionRequest.setState(requestState);
|
||||||
save(inscriptionRequest);
|
save(inscriptionRequest);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -4,10 +4,8 @@ import org.springframework.stereotype.Service;
|
|||||||
import org.springframework.web.multipart.MultipartFile;
|
import org.springframework.web.multipart.MultipartFile;
|
||||||
import ovh.herisson.Clyde.Repositories.FileRepository;
|
import ovh.herisson.Clyde.Repositories.FileRepository;
|
||||||
import ovh.herisson.Clyde.Tables.*;
|
import ovh.herisson.Clyde.Tables.*;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
||||||
import java.nio.file.Files;
|
import java.nio.file.Files;
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
import java.nio.file.Paths;
|
import java.nio.file.Paths;
|
||||||
|
@ -5,16 +5,15 @@ import org.springframework.stereotype.Service;
|
|||||||
import ovh.herisson.Clyde.Repositories.TokenRepository;
|
import ovh.herisson.Clyde.Repositories.TokenRepository;
|
||||||
import ovh.herisson.Clyde.Tables.Token;
|
import ovh.herisson.Clyde.Tables.Token;
|
||||||
import ovh.herisson.Clyde.Tables.User;
|
import ovh.herisson.Clyde.Tables.User;
|
||||||
|
|
||||||
import java.io.UnsupportedEncodingException;
|
import java.io.UnsupportedEncodingException;
|
||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
import java.util.Base64;
|
||||||
import java.util.Calendar;
|
import java.util.Calendar;
|
||||||
import java.util.Date;
|
|
||||||
|
|
||||||
@Service
|
@Service
|
||||||
public class TokenService {
|
public class TokenService {
|
||||||
TokenRepository tokenRepo;
|
private final TokenRepository tokenRepo;
|
||||||
|
|
||||||
public TokenService(TokenRepository tokenRepo){
|
public TokenService(TokenRepository tokenRepo){
|
||||||
this.tokenRepo = tokenRepo;
|
this.tokenRepo = tokenRepo;
|
||||||
@ -30,13 +29,10 @@ public class TokenService {
|
|||||||
new SecureRandom().nextBytes(bytes);
|
new SecureRandom().nextBytes(bytes);
|
||||||
for (int i = 0; i < bytes.length; i++) {
|
for (int i = 0; i < bytes.length; i++) {
|
||||||
bytes[i] = (byte) (((bytes[i]+256)%256 %95+ 32));
|
bytes[i] = (byte) (((bytes[i]+256)%256 %95+ 32));
|
||||||
while ((char)bytes[i] == ';'){
|
|
||||||
bytes[i] = new SecureRandom().generateSeed(1)[0];
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
// will never end up in the catch because of the way that SecureRandom.nextBytes is implemented
|
// will never end up in the catch because of the way that SecureRandom.nextBytes is implemented
|
||||||
try {
|
try {
|
||||||
return new String(bytes,"ISO_8859_1");
|
return new String(Base64.getEncoder().encode(bytes),"ISO_8859_1");
|
||||||
} catch (UnsupportedEncodingException e) {
|
} catch (UnsupportedEncodingException e) {
|
||||||
throw new RuntimeException(e);
|
throw new RuntimeException(e);
|
||||||
}
|
}
|
||||||
|
@ -2,23 +2,20 @@ package ovh.herisson.Clyde.Tables;
|
|||||||
|
|
||||||
public enum Applications {
|
public enum Applications {
|
||||||
// without any token
|
// without any token
|
||||||
LOGIN,
|
Login,
|
||||||
|
|
||||||
// with any token
|
// with any token
|
||||||
PROFILE,
|
Profile,
|
||||||
|
|
||||||
|
|
||||||
// Students and higher authorization
|
// Students and higher authorization
|
||||||
MSG,
|
Msg,
|
||||||
FORUM,
|
Forum,
|
||||||
RDV,
|
Rdv,
|
||||||
|
|
||||||
// teachers and Secretary authorization
|
// teachers and Secretary authorization
|
||||||
MANAGECOURSES,
|
ManageCourses,
|
||||||
|
|
||||||
// InscriptionService authorization
|
// InscriptionService authorization
|
||||||
INSCRIPTION;
|
Inscription
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -3,5 +3,5 @@ package ovh.herisson.Clyde.Tables;
|
|||||||
public enum RequestState {
|
public enum RequestState {
|
||||||
Accepted,
|
Accepted,
|
||||||
Refused,
|
Refused,
|
||||||
Pending;
|
Pending
|
||||||
}
|
}
|
||||||
|
@ -5,5 +5,5 @@ public enum Role {
|
|||||||
Student,
|
Student,
|
||||||
Admin,
|
Admin,
|
||||||
InscriptionService,
|
InscriptionService,
|
||||||
Secretary;
|
Secretary
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user
cette ligne est un peut bizzare dans le sens ou si il est admin il va retourner direct et par récupérer les autres... Aussi de base msg forum et rdv c'est que pour les student et profs. Si c'est chiant pourquoi pas laisser msg et forum mais rdv c'est spécifique aux profs et etudiants ^^
petit mistake oui bien vu !