Max/Backend/ReturnUserPasswordIssue #137
@ -56,17 +56,17 @@ public class ApplicationsController {
|
||||
|
||||
Role posterRole = user.getRole();
|
||||
|
||||
if (!authServ.IsNotIn(new Role[]{Role.Teacher,Role.Student,Role.Admin},token)) {
|
||||
if (!authServ.isNotIn(new Role[]{Role.Teacher,Role.Student,Role.Admin},token)) {
|
||||
authorizedApps.add(Applications.Msg);
|
||||
authorizedApps.add(Applications.Forum);
|
||||
authorizedApps.add(Applications.Rdv);
|
||||
}
|
||||
|
||||
//if Teacher or Secretary or Admin add ManageCourses App
|
||||
if (!authServ.IsNotIn(new Role[]{Role.Teacher,Role.Secretary,Role.Admin},token))
|
||||
if (!authServ.isNotIn(new Role[]{Role.Teacher,Role.Secretary,Role.Admin},token))
|
||||
authorizedApps.add(Applications.ManageCourses);
|
||||
|
||||
if (!authServ.IsNotIn(new Role[]{Role.InscriptionService,Role.Admin},token))
|
||||
if (!authServ.isNotIn(new Role[]{Role.InscriptionService,Role.Admin},token))
|
||||
authorizedApps.add(Applications.Inscription);
|
||||
|
||||
return authorizedApps;
|
||||
|
@ -46,7 +46,7 @@ public class CourseController {
|
||||
@RequestBody Course course)
|
||||
{
|
||||
|
||||
if (authServ.IsNotIn(new Role[]{Role.Secretary,Role.Admin},token))
|
||||
if (authServ.isNotIn(new Role[]{Role.Secretary,Role.Admin},token))
|
||||
return new UnauthorizedResponse<>(null);
|
||||
|
||||
return new ResponseEntity<>(courseServ.save(course), HttpStatus.CREATED);
|
||||
@ -59,15 +59,15 @@ public class CourseController {
|
||||
@PathVariable long id)
|
||||
{
|
||||
|
||||
if (authServ.IsNotIn(new Role[]{Role.Admin,Role.Teacher,Role.Secretary}, token))
|
||||
if (authServ.isNotIn(new Role[]{Role.Admin,Role.Teacher,Role.Secretary}, token))
|
||||
return new UnauthorizedResponse<>(null);
|
||||
|
||||
Course modifiedCourse = courseServ.modifyData(id,updates,authServ.getUserFromToken(token).getRole());
|
||||
|
||||
if (modifiedCourse == null)
|
||||
|
||||
if (!courseServ.modifyData(id, updates, authServ.getUserFromToken(token).getRole()))
|
||||
return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
|
||||
|
||||
return new ResponseEntity<>(modifiedCourse, HttpStatus.OK);
|
||||
return new ResponseEntity<>(HttpStatus.OK);
|
||||
}
|
||||
|
||||
@PostMapping("/course/{id}")
|
||||
@ -76,7 +76,7 @@ public class CourseController {
|
||||
@PathVariable Long id)
|
||||
{
|
||||
|
||||
if (authServ.IsNotIn(new Role[]{Role.Admin,Role.Secretary}, token))
|
||||
if (authServ.isNotIn(new Role[]{Role.Admin,Role.Secretary}, token))
|
||||
return new UnauthorizedResponse<>(null);
|
||||
|
||||
|
||||
|
@ -47,7 +47,7 @@ public class CurriculumController {
|
||||
@PostMapping("/curriculum")
|
||||
public ResponseEntity<Curriculum> postCurriculum(@RequestHeader("Authorization") String token,@RequestBody Curriculum curriculum){
|
||||
|
||||
if (authServ.IsNotIn(new Role[]{Role.Secretary,Role.Admin},token))
|
||||
if (authServ.isNotIn(new Role[]{Role.Secretary,Role.Admin},token))
|
||||
return new UnauthorizedResponse<>(null);
|
||||
|
||||
return new ResponseEntity<>(curriculumServ.save(curriculum),HttpStatus.CREATED);
|
||||
|
@ -30,7 +30,7 @@ public class InscriptionController {
|
||||
@GetMapping("/requests/register")
|
||||
public ResponseEntity<Iterable<Map<String,Object>>> getAllRequests(@RequestHeader("Authorization") String token){
|
||||
|
||||
if (authServ.IsNotIn(new Role[]{Role.Admin,Role.InscriptionService},token))
|
||||
if (authServ.isNotIn(new Role[]{Role.Admin,Role.InscriptionService},token))
|
||||
return new UnauthorizedResponse<>(null);
|
||||
|
||||
Iterable<InscriptionRequest> inscriptionRequests = inscriptionServ.getAll();
|
||||
@ -47,7 +47,7 @@ public class InscriptionController {
|
||||
@GetMapping("/request/register/{id}")
|
||||
public ResponseEntity<Map<String,Object>> getById(@RequestHeader("Authorization") String token, @PathVariable long id){
|
||||
|
||||
if (authServ.IsNotIn(new Role[]{Role.Admin,Role.InscriptionService},token))
|
||||
if (authServ.isNotIn(new Role[]{Role.Admin,Role.InscriptionService},token))
|
||||
return new UnauthorizedResponse<>(null);
|
||||
|
||||
InscriptionRequest foundInscriptionRequest = inscriptionServ.getById(id);
|
||||
@ -80,7 +80,7 @@ public class InscriptionController {
|
||||
@RequestBody RequestState requestState)
|
||||
{
|
||||
|
||||
if (authServ.IsNotIn(new Role[]{Role.InscriptionService,Role.Admin},token))
|
||||
if (authServ.isNotIn(new Role[]{Role.InscriptionService,Role.Admin},token))
|
||||
return new UnauthorizedResponse<>(null);
|
||||
|
||||
if (!inscriptionServ.modifyState(id, requestState))
|
||||
|
@ -29,7 +29,7 @@ public class TokenController {
|
||||
@GetMapping("/tokens")
|
||||
public ResponseEntity<Iterable<Token>> getTokens(@RequestHeader("Authorization")String token){
|
||||
|
||||
if (authServ.IsNotIn(new Role[]{Role.Admin},token))
|
||||
if (authServ.isNotIn(new Role[]{Role.Admin},token))
|
||||
return new UnauthorizedResponse<>(null);
|
||||
|
||||
return new ResponseEntity<>(tokenServ.getAllTokens(), HttpStatus.OK);
|
||||
|
@ -41,7 +41,7 @@ public class UserController {
|
||||
@PostMapping("/user")
|
||||
public ResponseEntity<Map<String ,Object>> postUser(@RequestBody User user,@RequestHeader("Authorization") String token){
|
||||
|
||||
if (authServ.IsNotIn(new Role[]{Role.Admin,Role.InscriptionService,Role.Secretary},token))
|
||||
if (authServ.isNotIn(new Role[]{Role.Admin,Role.InscriptionService,Role.Secretary},token))
|
||||
return new UnauthorizedResponse<>(null);
|
||||
|
||||
return new ResponseEntity<>(userWithoutPassword(userService.save(user)),HttpStatus.CREATED);
|
||||
@ -50,7 +50,7 @@ public class UserController {
|
||||
@GetMapping("/users")
|
||||
public ResponseEntity<Iterable<HashMap<String,Object>>> getAllUsers(@RequestHeader("Authorization") String token){
|
||||
|
||||
if (authServ.IsNotIn(new Role[]{Role.Admin,Role.Secretary},token))
|
||||
if (authServ.isNotIn(new Role[]{Role.Admin,Role.Secretary},token))
|
||||
return new UnauthorizedResponse<>(null);
|
||||
|
||||
Iterable<User> users = userService.getAll();
|
||||
|
@ -10,7 +10,5 @@ public interface TokenRepository extends CrudRepository<Token,Long> {
|
||||
|
||||
Token getByToken(String token);
|
||||
|
||||
Iterable<Token> getByUser(User user);
|
||||
|
||||
ArrayList <Token> getByUserOrderByExpirationDate(User user);
|
||||
}
|
||||
|
@ -4,19 +4,12 @@ import org.springframework.data.jpa.repository.Query;
|
||||
import org.springframework.data.repository.CrudRepository;
|
||||
import ovh.herisson.Clyde.Tables.User;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
public interface UserRepository extends CrudRepository<User, Long> {
|
||||
|
||||
User findById(long id);
|
||||
|
||||
User findByEmail(String email);
|
||||
|
||||
/**
|
||||
@Query(value = "select a.* from Users a ",nativeQuery = true)
|
||||
Iterable<User> findAllUsers();**/
|
||||
|
||||
@Query("select u from User u where u.role = ovh.herisson.Clyde.Tables.Role.Teacher")
|
||||
Iterable<User> findAllTeachers();
|
||||
|
||||
}
|
@ -39,18 +39,7 @@ public class AuthenticatorService {
|
||||
return inscriptionService.save(inscriptionRequest);
|
||||
}
|
||||
|
||||
|
||||
public boolean isNotSecretaryOrAdmin(String authorization){
|
||||
if (authorization ==null)
|
||||
return true;
|
||||
|
||||
User poster = getUserFromToken(authorization);
|
||||
if (poster == null) return true;
|
||||
|
||||
return poster.getRole() != Role.Secretary || poster.getRole() != Role.Admin;
|
||||
}
|
||||
|
||||
public boolean IsNotIn(Role[] roles, String token){
|
||||
public boolean isNotIn(Role[] roles, String token){
|
||||
if (token == null)
|
||||
return true;
|
||||
|
||||
|
@ -5,7 +5,6 @@ import ovh.herisson.Clyde.Repositories.CourseRepository;
|
||||
import ovh.herisson.Clyde.Tables.Course;
|
||||
import ovh.herisson.Clyde.Tables.Role;
|
||||
import ovh.herisson.Clyde.Tables.User;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
@Service
|
||||
@ -25,21 +24,25 @@ public class CourseService {
|
||||
return courseRepo.findById(id);
|
||||
}
|
||||
|
||||
public Course modifyData(long id, Map<String, Object> updates, Role role) {
|
||||
public boolean modifyData(long id, Map<String, Object> updates, Role role) {
|
||||
Course target = courseRepo.findById(id);
|
||||
|
||||
if (target == null)
|
||||
return null;
|
||||
return false;
|
||||
|
||||
if (role == Role.Teacher){
|
||||
for (Map.Entry<String, Object> entry : updates.entrySet()){
|
||||
if (entry.getKey().equals("title")){
|
||||
target.setTitle((String) entry.getValue());
|
||||
return courseRepo.save(target);
|
||||
courseRepo.save(target);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (role != Role.Secretary)
|
||||
return false;
|
||||
|
||||
for (Map.Entry<String ,Object> entry: updates.entrySet()){
|
||||
switch (entry.getKey()){
|
||||
case "title":
|
||||
@ -49,14 +52,14 @@ public class CourseService {
|
||||
target.setCredits((Integer) entry.getValue());
|
||||
break;
|
||||
case "owner":
|
||||
target.setOwner((User) entry.getValue()); //todo check if is a teacher !
|
||||
if (((User) entry.getValue() ).getRole() != Role.Teacher)
|
||||
break;
|
||||
|
||||
target.setOwner((User) entry.getValue());
|
||||
break;
|
||||
}
|
||||
}
|
||||
return courseRepo.save(target);
|
||||
}
|
||||
|
||||
public void delete(Long id) {
|
||||
courseRepo.deleteById(id);
|
||||
courseRepo.save(target);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
@ -1,13 +1,10 @@
|
||||
package ovh.herisson.Clyde.Services;
|
||||
|
||||
import org.springframework.stereotype.Service;
|
||||
import ovh.herisson.Clyde.Repositories.CourseRepository;
|
||||
import ovh.herisson.Clyde.Repositories.CurriculumCourseRepository;
|
||||
import ovh.herisson.Clyde.Repositories.CurriculumRepository;
|
||||
import ovh.herisson.Clyde.Tables.Course;
|
||||
import ovh.herisson.Clyde.Tables.Curriculum;
|
||||
import ovh.herisson.Clyde.Tables.CurriculumCourse;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
@ -17,27 +14,21 @@ public class CurriculumCourseService {
|
||||
|
||||
private final CurriculumCourseRepository curriculumCourseRepo;
|
||||
|
||||
private final CourseRepository courseRepo;
|
||||
|
||||
private final CurriculumRepository curriculumRepo;
|
||||
|
||||
public CurriculumCourseService(CurriculumCourseRepository curriculumCourseRepository, CourseRepository courseRepo, CurriculumRepository curriculumRepo) {
|
||||
public CurriculumCourseService(CurriculumCourseRepository curriculumCourseRepository) {
|
||||
this.curriculumCourseRepo = curriculumCourseRepository;
|
||||
this.courseRepo = courseRepo;
|
||||
this.curriculumRepo = curriculumRepo;
|
||||
}
|
||||
|
||||
public void save(CurriculumCourse curriculumCourse){
|
||||
curriculumCourseRepo.save(curriculumCourse);
|
||||
}
|
||||
|
||||
public Iterable<CurriculumCourse> findAll(){
|
||||
return curriculumCourseRepo.findAll();
|
||||
}
|
||||
|
||||
|
||||
public Map<String, Object> getDepthCurriculum(Curriculum curriculum){
|
||||
|
||||
if (curriculum == null)
|
||||
return null;
|
||||
|
||||
HashMap<String ,Object> toReturn = new HashMap<>();
|
||||
ArrayList<Course> courses = new ArrayList<>();
|
||||
for (Course c: curriculumCourseRepo.findCoursesByCurriculum(curriculum)){
|
||||
@ -61,8 +52,4 @@ public class CurriculumCourseService {
|
||||
}
|
||||
return toReturn;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
@ -15,12 +15,8 @@ public class CurriculumService {
|
||||
public Curriculum save(Curriculum curriculum){
|
||||
return curriculumRepo.save(curriculum);
|
||||
}
|
||||
|
||||
public Curriculum findById(long id){
|
||||
return curriculumRepo.findById(id);
|
||||
}
|
||||
|
||||
public void delete(Long id) {
|
||||
curriculumRepo.deleteById(id);
|
||||
}
|
||||
}
|
||||
}
|
@ -35,6 +35,9 @@ public class StorageService {
|
||||
|
||||
public StorageFile store(MultipartFile file, FileType fileType) {
|
||||
|
||||
if (file == null || file.getOriginalFilename() == null)
|
||||
return null;
|
||||
|
||||
if (file.getOriginalFilename().isEmpty()){return null;}
|
||||
|
||||
UUID uuid = UUID.randomUUID();
|
||||
|
@ -22,21 +22,23 @@ public class TeacherCourseService {
|
||||
|
||||
public boolean saveAll(Iterable<Long> teacherIds, Course course){
|
||||
|
||||
if (course == null)
|
||||
if (course == null || teacherIds == null)
|
||||
return false;
|
||||
|
||||
ArrayList<Long> addedIds = new ArrayList<>();
|
||||
ArrayList<User> toAdd = new ArrayList<>();
|
||||
for (Long teacherId : teacherIds){
|
||||
User teacher = userRepo.findById((long) teacherId);
|
||||
if ( teacher== null){
|
||||
return false;
|
||||
}
|
||||
if (!addedIds.contains(teacherId))
|
||||
if (!toAdd.contains(teacher))
|
||||
{
|
||||
teacherCourseRepo.save(new TeacherCourse(teacher,course));
|
||||
addedIds.add(teacherId);
|
||||
toAdd.add(teacher);
|
||||
}
|
||||
}
|
||||
for (User teacher: toAdd){
|
||||
teacherCourseRepo.save(new TeacherCourse(teacher,course));
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
@ -40,16 +40,19 @@ public class TokenService {
|
||||
|
||||
public User getUserFromToken(String token) {
|
||||
Token tokenRep = tokenRepo.getByToken(token);
|
||||
if (tokenRep == null) return null;
|
||||
if (tokenRep == null)
|
||||
return null;
|
||||
|
||||
return tokenRep.getUser();
|
||||
}
|
||||
|
||||
public void saveToken(Token token){
|
||||
//Si l'utilisateur a déja 5 token delete celui qui devait expirer le plus vite
|
||||
ArrayList<Token> tokenList = tokenRepo.getByUserOrderByExpirationDate(token.getUser());
|
||||
|
||||
while(tokenList.size() >= 5){
|
||||
tokenRepo.delete(tokenList.get(0));
|
||||
tokenList.remove(tokenList.get(0));
|
||||
tokenRepo.delete(tokenList.getFirst());
|
||||
tokenList.remove(tokenList.getFirst());
|
||||
}
|
||||
tokenRepo.save(token);
|
||||
}
|
||||
@ -67,5 +70,5 @@ public class TokenService {
|
||||
tokenRepo.delete(t);
|
||||
}
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
|
@ -17,8 +17,15 @@ public class UserService {
|
||||
}
|
||||
|
||||
|
||||
/** return the user identified by th identifier
|
||||
*
|
||||
* @param identifier can be an email or the RegNo
|
||||
* @return the identified user
|
||||
*/
|
||||
public User getUser(String identifier){
|
||||
if (identifier == null) return null;
|
||||
if (identifier == null)
|
||||
return null;
|
||||
|
||||
try {
|
||||
int id = Integer.parseInt(identifier);
|
||||
return userRepo.findById(id);
|
||||
@ -33,7 +40,7 @@ public class UserService {
|
||||
*
|
||||
* @param poster the user wanting to modify target's data
|
||||
* @param updates the changes to be made
|
||||
* @param target the user to update
|
||||
* @param targetId the id of the user to update
|
||||
* @return if the changes were done or not
|
||||
*/
|
||||
public boolean modifyData(long targetId, Map<String ,Object> updates, User poster){
|
||||
@ -45,8 +52,6 @@ public class UserService {
|
||||
if (poster.getRegNo().equals(target.getRegNo())){
|
||||
for (Map.Entry<String, Object> entry : updates.entrySet()){
|
||||
|
||||
if ( entry.getKey().equals("regNo") || entry.getKey().equals("role")) {return false;}
|
||||
|
||||
switch (entry.getKey()){
|
||||
case "firstName":
|
||||
target.setFirstName((String) entry.getValue());
|
||||
@ -82,13 +87,14 @@ public class UserService {
|
||||
{
|
||||
for (Map.Entry<String, Object> entry : updates.entrySet()){
|
||||
|
||||
if ( !entry.getKey().equals("role")) {return false;}
|
||||
if ( entry.getKey().equals("role")) {
|
||||
|
||||
if (entry.getValue() == Role.Admin) {return false;}
|
||||
if (entry.getValue() == Role.Admin) {return false;}
|
||||
|
||||
target.setRole((Role) entry.getValue());
|
||||
userRepo.save(target);
|
||||
return true;
|
||||
target.setRole((Role) entry.getValue());
|
||||
userRepo.save(target);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
|
Loading…
Reference in New Issue
Block a user