backend/src/main/java/ovh/herisson/Clyde/EndPoints/MockController.java

@@ -48,7 +48,6 @@ public class MockController {
         User joe = new User("Mama","Joe","student@student.com","roundabout","DaWarudo",new Date(0), null,Role.Student,passwordEncoder.encode("student"));
         User meh = new User("Inspiration","lackOf","secretary@secretary.com","a Box","the street",new Date(0), null,Role.Teacher,passwordEncoder.encode("secretary"));
         User joke = new User("CthemBalls","Lemme","teacher@teacher.com","lab","faculty",new Date(0), null,Role.Teacher,passwordEncoder.encode("teacher"));
-
         mockUsers = new ArrayList<User>(Arrays.asList(herobrine,joe,meh,joke));
 
         userRepo.saveAll(mockUsers);

backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java

@@ -1,15 +1,23 @@
 package ovh.herisson.Clyde.EndPoints;
 
 
+import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.http.HttpStatus;
 
+import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 import ovh.herisson.Clyde.Responses.UnauthorizedResponse;
 import ovh.herisson.Clyde.Services.AuthenticatorService;
 import ovh.herisson.Clyde.Services.UserService;
+import ovh.herisson.Clyde.Tables.Role;
 import ovh.herisson.Clyde.Tables.User;
 
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Map;
+
 
 @RestController
 @CrossOrigin(origins = "http://localhost:5173")
@@ -23,25 +31,80 @@ public class UserController {
     }
 
     @GetMapping("/user")
-    public ResponseEntity<User> getUser(@RequestHeader("Cookie") String authorization){
+    public ResponseEntity<HashMap<String,Object>> getUser(@RequestHeader("Authorization") String authorization){
 
         if (authorization == null) return new UnauthorizedResponse<>(null);
         User user = authServ.getUserFromToken(authorization);
         if (user == null) return new UnauthorizedResponse<>(null);
-        return new ResponseEntity<>(user, HttpStatus.OK);
+
+        return new ResponseEntity<>(userWithoutPassword(user), HttpStatus.OK);
     }
 
-    @PostMapping("/user") //todo check role
-    public ResponseEntity<String> postUser(@RequestBody User user){
+    @PostMapping("/user")
+    public ResponseEntity<String> postUser(@RequestBody User user,@RequestHeader("Authorization") String authorization){
+
+        if (!isSecretaryOrAdmin(authorization))
+            return new UnauthorizedResponse<>(null);
+
         userService.save(user);
         return new ResponseEntity<>(String.format("Account created with ID:%s",user.getRegNo()),HttpStatus.CREATED);
     }
 
     @GetMapping("/users")
-    public Iterable<User> getAllUsers(){
-        return userService.getAll();
+    public ResponseEntity<Iterable<HashMap<String,Object>>> getAllUsers(@RequestHeader("Authorization") String authorization){
+
+        if (!isSecretaryOrAdmin(authorization))
+            return new UnauthorizedResponse<>(null);
+
+        Iterable<User> users = userService.getAll();
+        ArrayList<HashMap<String, Object>> withoutPassword = new ArrayList<>();
+
+        for (User u :users){
+            withoutPassword.add(userWithoutPassword(u));
+        }
+        return new ResponseEntity<>(withoutPassword, HttpStatus.OK);
+    }
+    @PatchMapping("/user")
+    public ResponseEntity<String> patchUser(@RequestBody Map<String,Object> updates, @RequestHeader("Authorization") String authorization) {
+
+        if (authorization == null) return new UnauthorizedResponse<>(null);
+
+        User poster = authServ.getUserFromToken(authorization);
+        if (poster == null) {return new UnauthorizedResponse<>("bad authorization");}
+
+        if (!userService.modifyData(poster, updates, poster))
+            return new UnauthorizedResponse<>("there was an issue with the updates requested");
+
+        return new ResponseEntity<>("data modified", HttpStatus.OK);
     }
 
 
+        /** return user's data except password
+         * @param user the user to return
+         * @return all the user data without the password
+         */
+    private HashMap<String,Object> userWithoutPassword(User user){
+        HashMap<String,Object> toReturn = new HashMap<>();
+
+        toReturn.put("regNo",user.getRegNo());
+        toReturn.put("firstName",user.getFirstName());
+        toReturn.put("lastName",user.getLastName());
+        toReturn.put("birthDate",user.getBirthDate());
+        toReturn.put("country",user.getCountry());
+        toReturn.put("address",user.getAddress());
+        toReturn.put("role",user.getRole());
+
+        return toReturn;
+    }
+
+    private boolean isSecretaryOrAdmin(String authorization){
+        if (authorization ==null)
+            return false;
+
+        User poster = authServ.getUserFromToken(authorization);
+        if (poster == null) return false;
+
+        return poster.getRole() == Role.Secretary && poster.getRole() == Role.Admin;
+    }
 }
 

backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java

@@ -5,16 +5,10 @@ import org.springframework.stereotype.Service;
 import ovh.herisson.Clyde.Repositories.UserRepository;
 import ovh.herisson.Clyde.Tables.Role;
 import ovh.herisson.Clyde.Tables.User;
-
-import java.text.DateFormat;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Date;
-import java.util.List;
+import java.util.*;
 
 @Service
 public class UserService {
-
     private final UserRepository userRepo;
     private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
 
@@ -34,17 +28,79 @@ public class UserService {
         }
     }
 
+    /** modify the target data
+     * verify the permission of modifying from the poster
+     *
+     * @param poster the user wanting to modify target's data
+     * @param updates the changes to be made
+     * @param target the user to update
+     * @return if the changes were done or not
+     */
+    public boolean modifyData(User poster, Map<String ,Object> updates, User target){
+
+        if (poster.getRegNo().equals(target.getRegNo())){
+            for (Map.Entry<String, Object> entry : updates.entrySet()){
+
+                if ( entry.getKey().equals("regNo") || entry.getKey().equals("role")) {return false;}
+
+                switch (entry.getKey()){
+                    case "firstName":
+                        target.setFirstName((String) entry.getValue());
+                        break;
+                    case "lastName":
+                        target.setLastName((String) entry.getValue());
+                        break;
+                    case "email":
+                        target.setEmail((String) entry.getValue());
+                        break;
+                    case "address":
+                        target.setAddress((String) entry.getValue());
+                        break;
+                    case "country":
+                        target.setCountry((String) entry.getValue());
+                        break;
+                    case "birthDate":
+                        target.setBirthDate((Date) entry.getValue());
+                        break;
+                    case "profilePictureUrl":
+                        target.setProfilePictureUrl((String) entry.getValue());
+                        break;
+                    case "password":
+                        target.setPassword(passwordEncoder.encode((String) entry.getValue()));
+                        break;
+                }
+            }
+            userRepo.save(target);
+            return true;
+        }
+        // the secretary can change roles (for example if a student becomes a teacher)
+        else if (poster.getRole() == Role.Secretary)
+        {
+            for (Map.Entry<String, Object> entry : updates.entrySet()){
+
+                if ( !entry.getKey().equals("role")) {return false;}
+
+                if (entry.getValue() == Role.Admin){return false;}
+
+                target.setRole((Role) entry.getValue());
+                userRepo.save(target);
+                return true;
+            }
+        }
+        return false;
+    }
+
 
     public boolean checkPassword(User user, String tryingPassword){
         return passwordEncoder.matches(tryingPassword,  user.getPassword());
     }
 
     public void save(User  user){
+        user.setPassword(passwordEncoder.encode(user.getPassword()));
         userRepo.save(user);
     }
 
     public Iterable<User> getAll(){
         return userRepo.findAll();
     }
-
 }

backend/src/main/java/ovh/herisson/Clyde/Tables/User.java

@@ -8,12 +8,11 @@ import java.util.Date;
 //et l'attribut tokenApi doit encore être ajouté vu qu'il faut en discuter
 
 @Entity
-//Je rajoute un s au nom de la table pour éviter les conflits avec les mots réservés
 @Table(name = "Users")
 public class User {
     @Id
     @GeneratedValue(strategy = GenerationType.AUTO)
-    private int regNo;
+    private Long regNo;
     private String lastName;
     private String firstName;
     @Column(unique = true)
@@ -38,9 +37,34 @@ public class User {
         this.password = password;
     }
 
+
+    /** Constructor for the first registration request from a student (can't specify a Role)
+     *
+     * @param lastName
+     * @param firstName
+     * @param email
+     * @param address
+     * @param country
+     * @param birthDate
+     * @param profilePictureUrl
+     * @param password
+     */
+    public User(String lastName, String firstName, String email, String address,
+                String country, Date birthDate, String profilePictureUrl, String password)
+    {
+        this.lastName = lastName;
+        this.firstName = firstName;
+        this.email = email;
+        this.address = address;
+        this.country = country;
+        this.birthDate = birthDate;
+        this.profilePictureUrl = profilePictureUrl;
+        this.password = password;
+        this.role = Role.Student;
+    }
     public User() {}
 
-    public int getRegNo(){
+    public Long getRegNo(){
         return this.regNo;
     }
     public String getLastName() {