diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/MockController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/MockController.java index 787a534..5c6cb16 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/MockController.java +++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/MockController.java @@ -43,7 +43,6 @@ public class MockController { User joe = new User("Mama","Joe","student@student.com","roundabout","DaWarudo",new Date(0), null,Role.Student,passwordEncoder.encode("student")); User meh = new User("Inspiration","lackOf","secretary@secretary.com","a Box","the street",new Date(0), null,Role.Teacher,passwordEncoder.encode("secretary")); User joke = new User("CthemBalls","Lemme","teacher@teacher.com","lab","faculty",new Date(0), null,Role.Teacher,passwordEncoder.encode("teacher")); - mockUsers = new ArrayList(Arrays.asList(herobrine,joe,meh,joke)); userRepo.saveAll(mockUsers); diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java index 43bcd0c..63df79f 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java +++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java @@ -1,15 +1,23 @@ package ovh.herisson.Clyde.EndPoints; +import jakarta.servlet.http.HttpServletRequest; import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; import ovh.herisson.Clyde.Responses.UnauthorizedResponse; import ovh.herisson.Clyde.Services.AuthenticatorService; import ovh.herisson.Clyde.Services.UserService; +import ovh.herisson.Clyde.Tables.Role; import ovh.herisson.Clyde.Tables.User; +import java.io.IOException; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Map; + @RestController @CrossOrigin(origins = "http://localhost:5173") @@ -23,25 +31,80 @@ public class UserController { } @GetMapping("/user") - public ResponseEntity getUser(@RequestHeader("Cookie") String authorization){ + public ResponseEntity> getUser(@RequestHeader("Authorization") String authorization){ if (authorization == null) return new UnauthorizedResponse<>(null); User user = authServ.getUserFromToken(authorization); if (user == null) return new UnauthorizedResponse<>(null); - return new ResponseEntity<>(user, HttpStatus.OK); + + return new ResponseEntity<>(userWithoutPassword(user), HttpStatus.OK); } - @PostMapping("/user") //todo check role - public ResponseEntity postUser(@RequestBody User user){ + @PostMapping("/user") + public ResponseEntity postUser(@RequestBody User user,@RequestHeader("Authorization") String authorization){ + + if (!isSecretaryOrAdmin(authorization)) + return new UnauthorizedResponse<>(null); + userService.save(user); return new ResponseEntity<>(String.format("Account created with ID:%s",user.getRegNo()),HttpStatus.CREATED); } @GetMapping("/users") - public Iterable getAllUsers(){ - return userService.getAll(); + public ResponseEntity>> getAllUsers(@RequestHeader("Authorization") String authorization){ + + if (!isSecretaryOrAdmin(authorization)) + return new UnauthorizedResponse<>(null); + + Iterable users = userService.getAll(); + ArrayList> withoutPassword = new ArrayList<>(); + + for (User u :users){ + withoutPassword.add(userWithoutPassword(u)); + } + return new ResponseEntity<>(withoutPassword, HttpStatus.OK); + } + @PatchMapping("/user") + public ResponseEntity patchUser(@RequestBody Map updates, @RequestHeader("Authorization") String authorization) { + + if (authorization == null) return new UnauthorizedResponse<>(null); + + User poster = authServ.getUserFromToken(authorization); + if (poster == null) {return new UnauthorizedResponse<>("bad authorization");} + + if (!userService.modifyData(poster, updates, poster)) + return new UnauthorizedResponse<>("there was an issue with the updates requested"); + + return new ResponseEntity<>("data modified", HttpStatus.OK); } + /** return user's data except password + * @param user the user to return + * @return all the user data without the password + */ + private HashMap userWithoutPassword(User user){ + HashMap toReturn = new HashMap<>(); + + toReturn.put("regNo",user.getRegNo()); + toReturn.put("firstName",user.getFirstName()); + toReturn.put("lastName",user.getLastName()); + toReturn.put("birthDate",user.getBirthDate()); + toReturn.put("country",user.getCountry()); + toReturn.put("address",user.getAddress()); + toReturn.put("role",user.getRole()); + + return toReturn; + } + + private boolean isSecretaryOrAdmin(String authorization){ + if (authorization ==null) + return false; + + User poster = authServ.getUserFromToken(authorization); + if (poster == null) return false; + + return poster.getRole() == Role.Secretary && poster.getRole() == Role.Admin; + } } diff --git a/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java b/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java index f16c68f..55a2f92 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java @@ -5,16 +5,10 @@ import org.springframework.stereotype.Service; import ovh.herisson.Clyde.Repositories.UserRepository; import ovh.herisson.Clyde.Tables.Role; import ovh.herisson.Clyde.Tables.User; - -import java.text.DateFormat; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Date; -import java.util.List; +import java.util.*; @Service public class UserService { - private final UserRepository userRepo; private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); @@ -34,17 +28,79 @@ public class UserService { } } + /** modify the target data + * verify the permission of modifying from the poster + * + * @param poster the user wanting to modify target's data + * @param updates the changes to be made + * @param target the user to update + * @return if the changes were done or not + */ + public boolean modifyData(User poster, Map updates, User target){ + + if (poster.getRegNo().equals(target.getRegNo())){ + for (Map.Entry entry : updates.entrySet()){ + + if ( entry.getKey().equals("regNo") || entry.getKey().equals("role")) {return false;} + + switch (entry.getKey()){ + case "firstName": + target.setFirstName((String) entry.getValue()); + break; + case "lastName": + target.setLastName((String) entry.getValue()); + break; + case "email": + target.setEmail((String) entry.getValue()); + break; + case "address": + target.setAddress((String) entry.getValue()); + break; + case "country": + target.setCountry((String) entry.getValue()); + break; + case "birthDate": + target.setBirthDate((Date) entry.getValue()); + break; + case "profilePictureUrl": + target.setProfilePictureUrl((String) entry.getValue()); + break; + case "password": + target.setPassword(passwordEncoder.encode((String) entry.getValue())); + break; + } + } + userRepo.save(target); + return true; + } + // the secretary can change roles (for example if a student becomes a teacher) + else if (poster.getRole() == Role.Secretary) + { + for (Map.Entry entry : updates.entrySet()){ + + if ( !entry.getKey().equals("role")) {return false;} + + if (entry.getValue() == Role.Admin){return false;} + + target.setRole((Role) entry.getValue()); + userRepo.save(target); + return true; + } + } + return false; + } + public boolean checkPassword(User user, String tryingPassword){ return passwordEncoder.matches(tryingPassword, user.getPassword()); } public void save(User user){ + user.setPassword(passwordEncoder.encode(user.getPassword())); userRepo.save(user); } public Iterable getAll(){ return userRepo.findAll(); } - } \ No newline at end of file diff --git a/backend/src/main/java/ovh/herisson/Clyde/Tables/User.java b/backend/src/main/java/ovh/herisson/Clyde/Tables/User.java index 55c5be2..1f6aa3b 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Tables/User.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Tables/User.java @@ -8,12 +8,11 @@ import java.util.Date; //et l'attribut tokenApi doit encore être ajouté vu qu'il faut en discuter @Entity -//Je rajoute un s au nom de la table pour éviter les conflits avec les mots réservés @Table(name = "Users") public class User { @Id @GeneratedValue(strategy = GenerationType.AUTO) - private int regNo; + private Long regNo; private String lastName; private String firstName; @Column(unique = true) @@ -38,9 +37,34 @@ public class User { this.password = password; } + + /** Constructor for the first registration request from a student (can't specify a Role) + * + * @param lastName + * @param firstName + * @param email + * @param address + * @param country + * @param birthDate + * @param profilePictureUrl + * @param password + */ + public User(String lastName, String firstName, String email, String address, + String country, Date birthDate, String profilePictureUrl, String password) + { + this.lastName = lastName; + this.firstName = firstName; + this.email = email; + this.address = address; + this.country = country; + this.birthDate = birthDate; + this.profilePictureUrl = profilePictureUrl; + this.password = password; + this.role = Role.Student; + } public User() {} - public int getRegNo(){ + public Long getRegNo(){ return this.regNo; } public String getLastName() {