Max/Backend/BackendClean #121
| @ -0,0 +1,62 @@ | |||||||
|  | package ovh.herisson.Clyde.EndPoints; | ||||||
|  |  | ||||||
|  | import org.springframework.http.HttpStatus; | ||||||
|  | import org.springframework.http.ResponseEntity; | ||||||
|  | import org.springframework.web.bind.annotation.GetMapping; | ||||||
|  | import org.springframework.web.bind.annotation.PathVariable; | ||||||
|  | import org.springframework.web.bind.annotation.RequestHeader; | ||||||
|  | import org.springframework.web.bind.annotation.RestController; | ||||||
|  | import ovh.herisson.Clyde.Services.AuthenticatorService; | ||||||
|  | import ovh.herisson.Clyde.Tables.Applications; | ||||||
|  | import ovh.herisson.Clyde.Tables.Role; | ||||||
|  |  | ||||||
|  | import java.util.ArrayList; | ||||||
|  |  | ||||||
|  | @RestController | ||||||
|  | public class ApplicationsController { | ||||||
|  |  | ||||||
|  |     AuthenticatorService authServ; | ||||||
|  |  | ||||||
|  |     public ApplicationsController(AuthenticatorService authServ){ | ||||||
|  |     this.authServ = authServ; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |  | ||||||
|  |     /** return a list of authorized applications. | ||||||
|  |      *  depends on the token | ||||||
|  |      */ | ||||||
|  |     @GetMapping("/apps") | ||||||
|  |     public ResponseEntity<Iterable<Applications>> getAuthorizedApps(@RequestHeader("Authorization") String token){ | ||||||
|  |  | ||||||
|  |         return new ResponseEntity<>(getAuthorizedApplications(token), HttpStatus.OK); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     @GetMapping("/apps/{identifier}") | ||||||
|  |     public ResponseEntity<Boolean> getAppAuthorization(@PathVariable Applications identifier, @RequestHeader("Authorization") String token){ | ||||||
|  |  | ||||||
|  |         if (getAuthorizedApplications(token).contains(identifier)){ | ||||||
|  |             return new ResponseEntity<>(true, HttpStatus.OK); | ||||||
|  |         } | ||||||
|  |         return new ResponseEntity<>(false, HttpStatus.OK); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     public ArrayList<Applications> getAuthorizedApplications(String token){ | ||||||
|  |         Role posterRole = authServ.getUserFromToken(token).getRole(); | ||||||
|  |         ArrayList<Applications> authorizedApps = new ArrayList<>(); | ||||||
|  |  | ||||||
|  |         authorizedApps.add(Applications.Login); | ||||||
|  |         authorizedApps.add(Applications.Profile); | ||||||
|  |         authorizedApps.add(Applications.Msg); | ||||||
|  |         authorizedApps.add(Applications.Forum); | ||||||
|  |         authorizedApps.add(Applications.Rdv); | ||||||
|  |  | ||||||
|  |         if (posterRole == Role.Student || posterRole == Role.Admin) return authorizedApps; | ||||||
|  |  | ||||||
|  |         if (posterRole == Role.Teacher || posterRole == Role.Secretary || posterRole == Role.Admin) authorizedApps.add(Applications.ManageCourses); | ||||||
|  |  | ||||||
|  |         if (posterRole == Role.InscriptionService || posterRole == Role.Admin) authorizedApps.add(Applications.Inscription); | ||||||
|  |  | ||||||
|  |         return authorizedApps; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  | } | ||||||
| @ -43,28 +43,4 @@ public class CurriculumController { | |||||||
|     public ResponseEntity<Iterable<CurriculumCourse>> findAll(){ |     public ResponseEntity<Iterable<CurriculumCourse>> findAll(){ | ||||||
|         return new ResponseEntity<>(curriculumCourseServ.findAll(),HttpStatus.OK); |         return new ResponseEntity<>(curriculumCourseServ.findAll(),HttpStatus.OK); | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     /**@PostMapping("/curriculum") |  | ||||||
|     public ResponseEntity<String> postCurriculum(@RequestHeader("Authorization") String token,@RequestBody Curriculum curriculum){ |  | ||||||
|  |  | ||||||
|         if (!isSecretaryOrAdmin(token)){ |  | ||||||
|             return new UnauthorizedResponse<>("you're not allowed to post a Curriculum"); |  | ||||||
|         } |  | ||||||
|  |  | ||||||
|         CurriculumServ.save(Curriculum); |  | ||||||
|  |  | ||||||
|         return new ResponseEntity<>("created !",HttpStatus.CREATED); |  | ||||||
|     }**/ |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|     private boolean isSecretaryOrAdmin(String authorization){ |  | ||||||
|         if (authorization ==null) |  | ||||||
|             return false; |  | ||||||
|  |  | ||||||
|         User poster = authServ.getUserFromToken(authorization); |  | ||||||
|         if (poster == null) return false; |  | ||||||
|  |  | ||||||
|         return poster.getRole() == Role.Secretary && poster.getRole() == Role.Admin; |  | ||||||
|     } |  | ||||||
| } | } | ||||||
|  | |||||||
| @ -32,7 +32,7 @@ public class InscriptionController { | |||||||
|     @GetMapping("/requests/register") |     @GetMapping("/requests/register") | ||||||
|     public ResponseEntity<Iterable<Map<String,Object>>> getAllRequests(@RequestHeader("Authorization") String token){ |     public ResponseEntity<Iterable<Map<String,Object>>> getAllRequests(@RequestHeader("Authorization") String token){ | ||||||
|  |  | ||||||
|         if (!isSecretaryOrAdmin(token)){return new UnauthorizedResponse<>(null);} |         if (authServ.isNotSecretaryOrAdmin(token)){return new UnauthorizedResponse<>(null);} | ||||||
|  |  | ||||||
|         Iterable<InscriptionRequest> inscriptionRequests = inscriptionServ.getAll(); |         Iterable<InscriptionRequest> inscriptionRequests = inscriptionServ.getAll(); | ||||||
|         ArrayList<Map<String,Object>> toReturn = new ArrayList<>(); |         ArrayList<Map<String,Object>> toReturn = new ArrayList<>(); | ||||||
| @ -64,7 +64,7 @@ public class InscriptionController { | |||||||
|                                                                  @RequestHeader("Authorize") String token, |                                                                  @RequestHeader("Authorize") String token, | ||||||
|                                                                  @RequestBody RequestState requestState) |                                                                  @RequestBody RequestState requestState) | ||||||
|     { |     { | ||||||
|         if (!isSecretaryOrAdmin(token)) return new UnauthorizedResponse<>(null); |         if (authServ.isNotSecretaryOrAdmin(token)) return new UnauthorizedResponse<>(null); | ||||||
|         inscriptionServ.modifyState(id, requestState); |         inscriptionServ.modifyState(id, requestState); | ||||||
|         return null; |         return null; | ||||||
|     } |     } | ||||||
| @ -83,15 +83,4 @@ public class InscriptionController { | |||||||
|         toReturn.put("state", inscriptionRequest.getState()); |         toReturn.put("state", inscriptionRequest.getState()); | ||||||
|         return toReturn; |         return toReturn; | ||||||
|     } |     } | ||||||
|  | } | ||||||
|  |  | ||||||
|     private boolean isSecretaryOrAdmin(String authorization){ |  | ||||||
|         if (authorization ==null) |  | ||||||
|             return false; |  | ||||||
|  |  | ||||||
|         User poster = authServ.getUserFromToken(authorization); |  | ||||||
|         if (poster == null) return false; |  | ||||||
|  |  | ||||||
|         return poster.getRole() == Role.Secretary && poster.getRole() == Role.Admin; |  | ||||||
|     } |  | ||||||
| } |  | ||||||
|  | |||||||
| @ -49,4 +49,4 @@ public class LoginController { | |||||||
|         authServ.register(inscriptionRequest); |         authServ.register(inscriptionRequest); | ||||||
|         return new ResponseEntity<>("Is OK", HttpStatus.OK); |         return new ResponseEntity<>("Is OK", HttpStatus.OK); | ||||||
|     } |     } | ||||||
| } | } | ||||||
|  | |||||||
| @ -51,6 +51,7 @@ public class MockController { | |||||||
|         User joe = new User("Mama","Joe","student@student.com","roundabout","DaWarudo",new Date(0), null,Role.Student,passwordEncoder.encode("student")); |         User joe = new User("Mama","Joe","student@student.com","roundabout","DaWarudo",new Date(0), null,Role.Student,passwordEncoder.encode("student")); | ||||||
|         User meh = new User("Inspiration","lackOf","secretary@secretary.com","a Box","the street",new Date(0), null,Role.Teacher,passwordEncoder.encode("secretary")); |         User meh = new User("Inspiration","lackOf","secretary@secretary.com","a Box","the street",new Date(0), null,Role.Teacher,passwordEncoder.encode("secretary")); | ||||||
|         User joke = new User("CthemBalls","Lemme","teacher@teacher.com","lab","faculty",new Date(0), null,Role.Teacher,passwordEncoder.encode("teacher")); |         User joke = new User("CthemBalls","Lemme","teacher@teacher.com","lab","faculty",new Date(0), null,Role.Teacher,passwordEncoder.encode("teacher")); | ||||||
|  |         User lena = new User("Louille","Lena","inscriptionService@InscriptionService.com","no","yes",new Date(0), null,Role.Teacher,passwordEncoder.encode("inscriptionService")); | ||||||
|         mockUsers = new ArrayList<>(Arrays.asList(herobrine,joe,meh,joke)); |         mockUsers = new ArrayList<>(Arrays.asList(herobrine,joe,meh,joke)); | ||||||
|  |  | ||||||
|         userRepo.saveAll(mockUsers); |         userRepo.saveAll(mockUsers); | ||||||
|  | |||||||
| @ -38,7 +38,7 @@ public class UserController { | |||||||
|     @PostMapping("/user") |     @PostMapping("/user") | ||||||
|     public ResponseEntity<String> postUser(@RequestBody User user,@RequestHeader("Authorization") String authorization){ |     public ResponseEntity<String> postUser(@RequestBody User user,@RequestHeader("Authorization") String authorization){ | ||||||
|  |  | ||||||
|         if (!isSecretaryOrAdmin(authorization)) |         if (authServ.isNotSecretaryOrAdmin(authorization)) | ||||||
|             return new UnauthorizedResponse<>(null); |             return new UnauthorizedResponse<>(null); | ||||||
|  |  | ||||||
|         userService.save(user); |         userService.save(user); | ||||||
| @ -48,7 +48,7 @@ public class UserController { | |||||||
|     @GetMapping("/users") |     @GetMapping("/users") | ||||||
|     public ResponseEntity<Iterable<HashMap<String,Object>>> getAllUsers(@RequestHeader("Authorization") String authorization){ |     public ResponseEntity<Iterable<HashMap<String,Object>>> getAllUsers(@RequestHeader("Authorization") String authorization){ | ||||||
|  |  | ||||||
|         if (!isSecretaryOrAdmin(authorization)) |         if (authServ.isNotSecretaryOrAdmin(authorization)) | ||||||
|             return new UnauthorizedResponse<>(null); |             return new UnauthorizedResponse<>(null); | ||||||
|  |  | ||||||
|         Iterable<User> users = userService.getAll(); |         Iterable<User> users = userService.getAll(); | ||||||
| @ -78,7 +78,6 @@ public class UserController { | |||||||
|          */ |          */ | ||||||
|     private HashMap<String,Object> userWithoutPassword(User user){ |     private HashMap<String,Object> userWithoutPassword(User user){ | ||||||
|         HashMap<String,Object> toReturn = new HashMap<>(); |         HashMap<String,Object> toReturn = new HashMap<>(); | ||||||
|  |  | ||||||
|         toReturn.put("regNo",user.getRegNo()); |         toReturn.put("regNo",user.getRegNo()); | ||||||
|         toReturn.put("firstName",user.getFirstName()); |         toReturn.put("firstName",user.getFirstName()); | ||||||
|         toReturn.put("lastName",user.getLastName()); |         toReturn.put("lastName",user.getLastName()); | ||||||
| @ -86,18 +85,7 @@ public class UserController { | |||||||
|         toReturn.put("country",user.getCountry()); |         toReturn.put("country",user.getCountry()); | ||||||
|         toReturn.put("address",user.getAddress()); |         toReturn.put("address",user.getAddress()); | ||||||
|         toReturn.put("role",user.getRole()); |         toReturn.put("role",user.getRole()); | ||||||
|  |  | ||||||
|         return toReturn; |         return toReturn; | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     private boolean isSecretaryOrAdmin(String authorization){ |  | ||||||
|         if (authorization ==null) |  | ||||||
|             return false; |  | ||||||
|  |  | ||||||
|         User poster = authServ.getUserFromToken(authorization); |  | ||||||
|         if (poster == null) return false; |  | ||||||
|  |  | ||||||
|         return poster.getRole() == Role.Secretary && poster.getRole() == Role.Admin; |  | ||||||
|     } |  | ||||||
| } | } | ||||||
|  |  | ||||||
|  | |||||||
| @ -1,9 +1,8 @@ | |||||||
| package ovh.herisson.Clyde.Services; | package ovh.herisson.Clyde.Services; | ||||||
|  |  | ||||||
| import org.springframework.stereotype.Service; | import org.springframework.stereotype.Service; | ||||||
| import ovh.herisson.Clyde.EndPoints.LoginController; |  | ||||||
| import ovh.herisson.Clyde.Repositories.InscriptionRepository; |  | ||||||
| import ovh.herisson.Clyde.Tables.InscriptionRequest; | import ovh.herisson.Clyde.Tables.InscriptionRequest; | ||||||
|  | import ovh.herisson.Clyde.Tables.Role; | ||||||
| import ovh.herisson.Clyde.Tables.Token; | import ovh.herisson.Clyde.Tables.Token; | ||||||
| import ovh.herisson.Clyde.Tables.User; | import ovh.herisson.Clyde.Tables.User; | ||||||
|  |  | ||||||
| @ -39,4 +38,17 @@ public class AuthenticatorService { | |||||||
|     public void register(InscriptionRequest inscriptionRequest) { |     public void register(InscriptionRequest inscriptionRequest) { | ||||||
|         inscriptionService.save(inscriptionRequest); |         inscriptionService.save(inscriptionRequest); | ||||||
|     } |     } | ||||||
|  |  | ||||||
|  |  | ||||||
|  |     public boolean isNotSecretaryOrAdmin(String authorization){ | ||||||
|  |         if (authorization ==null) | ||||||
|  |             return true; | ||||||
|  |  | ||||||
|  |         User poster = getUserFromToken(authorization); | ||||||
|  |         if (poster == null) return true; | ||||||
|  |  | ||||||
|  |         return poster.getRole() != Role.Secretary || poster.getRole() != Role.Admin; | ||||||
|  |     } | ||||||
|  |  | ||||||
| } | } | ||||||
|  |  | ||||||
|  | |||||||
| @ -31,4 +31,4 @@ public class InscriptionService { | |||||||
|         inscriptionRequest.setState(requestState); |         inscriptionRequest.setState(requestState); | ||||||
|         save(inscriptionRequest); |         save(inscriptionRequest); | ||||||
|     } |     } | ||||||
| } | } | ||||||
|  | |||||||
| @ -4,10 +4,8 @@ import org.springframework.stereotype.Service; | |||||||
| import org.springframework.web.multipart.MultipartFile; | import org.springframework.web.multipart.MultipartFile; | ||||||
| import ovh.herisson.Clyde.Repositories.FileRepository; | import ovh.herisson.Clyde.Repositories.FileRepository; | ||||||
| import ovh.herisson.Clyde.Tables.*; | import ovh.herisson.Clyde.Tables.*; | ||||||
|  |  | ||||||
| import java.io.File; | import java.io.File; | ||||||
| import java.io.IOException; | import java.io.IOException; | ||||||
|  |  | ||||||
| import java.nio.file.Files; | import java.nio.file.Files; | ||||||
| import java.nio.file.Path; | import java.nio.file.Path; | ||||||
| import java.nio.file.Paths; | import java.nio.file.Paths; | ||||||
|  | |||||||
| @ -5,17 +5,15 @@ import org.springframework.stereotype.Service; | |||||||
| import ovh.herisson.Clyde.Repositories.TokenRepository; | import ovh.herisson.Clyde.Repositories.TokenRepository; | ||||||
| import ovh.herisson.Clyde.Tables.Token; | import ovh.herisson.Clyde.Tables.Token; | ||||||
| import ovh.herisson.Clyde.Tables.User; | import ovh.herisson.Clyde.Tables.User; | ||||||
|  |  | ||||||
| import java.io.UnsupportedEncodingException; | import java.io.UnsupportedEncodingException; | ||||||
| import java.security.SecureRandom; | import java.security.SecureRandom; | ||||||
| import java.util.ArrayList; | import java.util.ArrayList; | ||||||
| import java.util.Base64; | import java.util.Base64; | ||||||
| import java.util.Calendar; | import java.util.Calendar; | ||||||
| import java.util.Date; |  | ||||||
|  |  | ||||||
| @Service | @Service | ||||||
| public class TokenService { | public class TokenService { | ||||||
|     TokenRepository tokenRepo; |     private final TokenRepository tokenRepo; | ||||||
|  |  | ||||||
|     public TokenService(TokenRepository tokenRepo){ |     public TokenService(TokenRepository tokenRepo){ | ||||||
|         this.tokenRepo = tokenRepo; |         this.tokenRepo = tokenRepo; | ||||||
|  | |||||||
| @ -0,0 +1,21 @@ | |||||||
|  | package ovh.herisson.Clyde.Tables; | ||||||
|  |  | ||||||
|  | public enum Applications { | ||||||
|  |     // without any token | ||||||
|  |     Login, | ||||||
|  |  | ||||||
|  |     // with any token | ||||||
|  |     Profile, | ||||||
|  |  | ||||||
|  |  | ||||||
|  |     // Students and higher authorization | ||||||
|  |     Msg, | ||||||
|  |     Forum, | ||||||
|  |     Rdv, | ||||||
|  |  | ||||||
|  |     // teachers and Secretary authorization | ||||||
|  |     ManageCourses, | ||||||
|  |  | ||||||
|  |     // InscriptionService authorization | ||||||
|  |     Inscription | ||||||
|  | } | ||||||
| @ -3,5 +3,5 @@ package ovh.herisson.Clyde.Tables; | |||||||
| public enum RequestState { | public enum RequestState { | ||||||
|     Accepted, |     Accepted, | ||||||
|     Refused, |     Refused, | ||||||
|     Pending; |     Pending | ||||||
| } | } | ||||||
|  | |||||||
| @ -5,5 +5,5 @@ public enum Role { | |||||||
|     Student, |     Student, | ||||||
|     Admin, |     Admin, | ||||||
|     InscriptionService, |     InscriptionService, | ||||||
|     Secretary; |     Secretary | ||||||
| } | } | ||||||
		Reference in New Issue
	
	Block a user