added security to the post of course and GET /courses

2024-03-17 02:15:08 +01:00
parent 474a8d3f31
commit 6e6bd285af
2 changed files with 22 additions and 1 deletions
--- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/CourseController.java
+++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/CourseController.java
@@ -40,6 +40,15 @@ public class CourseController {
        return new ResponseEntity<>(foundCourse, HttpStatus.OK);
    }

+    @GetMapping("/courses")
+    public ResponseEntity<Iterable<Course>> getAllCourses(@RequestHeader("Authorization") String token){
+        if (authServ.isNotIn(new Role[]{Role.Admin,Role.Secretary},token))
+            return new UnauthorizedResponse<>(null);
+
+
+        return new ResponseEntity<>(courseServ.findAll(),HttpStatus.OK);
+    }
+

    @PostMapping("/course")
    public ResponseEntity<Course> postCourse(@RequestHeader("Authorization") String token,
@@ -49,7 +58,11 @@ public class CourseController {
        if (authServ.isNotIn(new Role[]{Role.Secretary,Role.Admin},token))
            return new UnauthorizedResponse<>(null);

-        return new ResponseEntity<>(courseServ.save(course), HttpStatus.CREATED);
+        Course createdCourse = courseServ.save(course);
+        if (createdCourse == null)
+            return new ResponseEntity<>(null,HttpStatus.BAD_REQUEST);
+
+        return new ResponseEntity<>(createdCourse, HttpStatus.CREATED);
    }