1
0
forked from PGL/Clyde

added security to assistant posting and Get courses/owned for owners

This commit is contained in:
Bartha Maxime 2024-03-17 12:13:03 +01:00
parent f7df234312
commit cf2deb983d
7 changed files with 77 additions and 20 deletions

View File

@ -10,8 +10,8 @@ import ovh.herisson.Clyde.Services.ProtectionService;
import ovh.herisson.Clyde.Services.TeacherCourseService;
import ovh.herisson.Clyde.Tables.Course;
import ovh.herisson.Clyde.Tables.Role;
import ovh.herisson.Clyde.Tables.User;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
@ -49,14 +49,25 @@ public class CourseController {
if (authServ.isNotIn(new Role[]{Role.Admin,Role.Secretary},token))
return new UnauthorizedResponse<>(null);
Iterable<Course> courses = courseServ.findAll();
ArrayList<HashMap<String,Object>> coursesWithoutPassword = new ArrayList<>();
for (Course course: courses){
coursesWithoutPassword.add(ProtectionService.courseWithoutPassword(course));
return new ResponseEntity<>(ProtectionService.coursesWithoutPasswords(courseServ.findAll()),HttpStatus.OK);
}
return new ResponseEntity<>(coursesWithoutPassword,HttpStatus.OK);
@GetMapping("/courses/owned")
public ResponseEntity<Iterable<HashMap<String ,Object>>> getOwnedCourses(@RequestHeader("Authorization") String token){
if (authServ.isNotIn(new Role[]{Role.Admin,Role.Teacher},token))
return new UnauthorizedResponse<>(null);
return new ResponseEntity<>(ProtectionService.coursesWithoutPasswords(courseServ.findOwnedCourses(authServ.getUserFromToken(token))),HttpStatus.OK);
}
@GetMapping("/course/{id}/assistants")
public ResponseEntity<Iterable<HashMap<String,Object>>> getCourseAssistants(@RequestHeader("Authorization")String token, @PathVariable long id){
if (authServ.getUserFromToken(token) == null)
return new UnauthorizedResponse<>(null);
Iterable<User> assistants = teacherCourseServ.findCourseAssistants(courseServ.findById(id));
return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(assistants),HttpStatus.OK);
}

View File

@ -9,7 +9,6 @@ import ovh.herisson.Clyde.Services.ProtectionService;
import ovh.herisson.Clyde.Services.UserService;
import ovh.herisson.Clyde.Tables.Role;
import ovh.herisson.Clyde.Tables.User;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
@ -55,12 +54,8 @@ public class UserController {
return new UnauthorizedResponse<>(null);
Iterable<User> users = userService.getAll();
ArrayList<HashMap<String, Object>> withoutPassword = new ArrayList<>();
for (User u :users){
withoutPassword.add(ProtectionService.userWithoutPassword(u));
}
return new ResponseEntity<>(withoutPassword, HttpStatus.OK);
return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(users), HttpStatus.OK);
}
/** changes the specified user's information
@ -93,13 +88,8 @@ public class UserController {
return new UnauthorizedResponse<>(null);
Iterable<User> teachers = userService.getAllTeachers();
ArrayList<HashMap<String, Object>> withoutPassword = new ArrayList<>();
for (User t: teachers){
withoutPassword.add(ProtectionService.userWithoutPassword(t));
}
return new ResponseEntity<>(withoutPassword, HttpStatus.OK);
return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(teachers), HttpStatus.OK);
}
}

View File

@ -1,8 +1,15 @@
package ovh.herisson.Clyde.Repositories;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.CrudRepository;
import ovh.herisson.Clyde.Tables.Course;
import ovh.herisson.Clyde.Tables.User;
public interface CourseRepository extends CrudRepository<Course,Long> {
Course findById(long id);
@Query("select c from Course c where c.owner = ?1")
Iterable<Course> findAllOwnedCoures(User teacher);
}

View File

@ -1,8 +1,14 @@
package ovh.herisson.Clyde.Repositories;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.CrudRepository;
import ovh.herisson.Clyde.Tables.Course;
import ovh.herisson.Clyde.Tables.TeacherCourse;
import ovh.herisson.Clyde.Tables.User;
public interface TeacherCourseRepository extends CrudRepository<TeacherCourse, Long> {
@Query("select tc.user from TeacherCourse tc where tc.course = ?1")
Iterable<User> findAllAssistantOfCourse(Course course);
}

View File

@ -31,6 +31,13 @@ public class CourseService {
return courseRepo.findAll();
}
public Iterable<Course> findOwnedCourses(User userFromToken) {
return courseRepo.findAllOwnedCoures(userFromToken);
}
public boolean modifyData(long id, Map<String, Object> updates, Role role) {
Course target = courseRepo.findById(id);

View File

@ -3,6 +3,7 @@ package ovh.herisson.Clyde.Services;
import ovh.herisson.Clyde.Tables.Course;
import ovh.herisson.Clyde.Tables.User;
import java.util.ArrayList;
import java.util.HashMap;
public class ProtectionService {
@ -13,6 +14,7 @@ public class ProtectionService {
*/
public static HashMap<String,Object> userWithoutPassword(User user){
HashMap<String,Object> toReturn = new HashMap<>();
toReturn.put("regNo",user.getRegNo());
toReturn.put("lastName",user.getLastName());
toReturn.put("firstName",user.getFirstName());
@ -24,6 +26,19 @@ public class ProtectionService {
toReturn.put("role",user.getRole());
return toReturn;
}
public static Iterable<HashMap<String ,Object>>usersWithoutPasswords(Iterable<User> users){
ArrayList<HashMap<String,Object>> toReturn = new ArrayList<>();
for (User u : users){
toReturn.add(userWithoutPassword(u));
}
return toReturn;
}
public static HashMap<String,Object> courseWithoutPassword(Course course){
HashMap<String ,Object> toReturn = new HashMap<>();
@ -34,5 +49,17 @@ public class ProtectionService {
return toReturn;
}
public static Iterable<HashMap<String ,Object>> coursesWithoutPasswords(Iterable<Course> courses){
ArrayList<HashMap<String,Object>> toReturn = new ArrayList<>();
for (Course course: courses){
toReturn.add(ProtectionService.courseWithoutPassword(course));
}
return toReturn;
}
}

View File

@ -4,6 +4,7 @@ import org.springframework.stereotype.Controller;
import ovh.herisson.Clyde.Repositories.TeacherCourseRepository;
import ovh.herisson.Clyde.Repositories.UserRepository;
import ovh.herisson.Clyde.Tables.Course;
import ovh.herisson.Clyde.Tables.Role;
import ovh.herisson.Clyde.Tables.TeacherCourse;
import ovh.herisson.Clyde.Tables.User;
@ -20,6 +21,13 @@ public class TeacherCourseService {
this.userRepo = userRepo;
}
public Iterable<User> findCourseAssistants(Course course) {
if (course == null)
return null;
return teacherCourseRepo.findAllAssistantOfCourse(course);
}
public boolean saveAll(Iterable<Long> teacherIds, Course course){
if (course == null || teacherIds == null)
@ -31,7 +39,7 @@ public class TeacherCourseService {
if ( teacher== null){
return false;
}
if (!toAdd.contains(teacher))
if (!toAdd.contains(teacher) && teacher.getRole() == Role.Teacher)
{
toAdd.add(teacher);
}
@ -41,4 +49,5 @@ public class TeacherCourseService {
}
return true;
}
}