de.sainth.recipe.backend.rest.controller.UserController.java Source code

Java tutorial

  1. HOME
  2. Java
  3. de.sainth.recipe.backend.rest.controller.UserController.java

Introduction

Here is the source code for de.sainth.recipe.backend.rest.controller.UserController.java

Source

/*
 * Copyright (c) 2017 sainth (sainth@sainth.de)
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301  USA
 */

package de.sainth.recipe.backend.rest.controller;

import de.sainth.recipe.backend.db.repositories.UserRepository;
import de.sainth.recipe.backend.rest.views.User;
import de.sainth.recipe.backend.security.RecipeManagerAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;

import javax.validation.Valid;
import java.util.List;

import static de.sainth.recipe.backend.rest.views.User.Permission.ROLE_ADMIN;
import static de.sainth.recipe.backend.rest.views.User.Permission.ROLE_USER;

@RestController
@RequestMapping("/users")
public class UserController {
    @Autowired
    UserRepository repository;

    @Secured("ROLE_ADMIN")
    @RequestMapping()
    List<User> getAll() {
        return repository.findAll();
    }

    @Secured({ "ROLE_USER", "ROLE_ADMIN" })
    @RequestMapping("{id}")
    HttpEntity<User> get(@PathVariable("id") Long id) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        RecipeManagerAuthenticationToken token = (RecipeManagerAuthenticationToken) authentication;
        if (ROLE_ADMIN.name().equals(token.getRole())
                || (ROLE_USER.name().equals(token.getRole()) && token.getPrincipal().equals(id))) {
            return new ResponseEntity<>(repository.findOne(id), HttpStatus.OK);
        } else {
            return new ResponseEntity<>(HttpStatus.FORBIDDEN);
        }
    }

    @Secured({ "ROLE_USER", "ROLE_ADMIN" })
    @RequestMapping(value = "{id}", method = RequestMethod.DELETE)
    @ResponseStatus(HttpStatus.NO_CONTENT)
    void delete(@PathVariable("id") Long id) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        RecipeManagerAuthenticationToken token = (RecipeManagerAuthenticationToken) authentication;
        if (ROLE_ADMIN.name().equals(token.getRole())
                || (ROLE_USER.name().equals(token.getRole()) && token.getPrincipal().equals(id))) {
            repository.delete(id);
        }
    }

    @Secured("ROLE_ADMIN")
    @RequestMapping(method = RequestMethod.POST)
    HttpEntity<User> add(@Valid @RequestBody User user) {
        User u = repository.save(user);
        return new ResponseEntity<>(u, HttpStatus.CREATED);
    }

    @Secured({ "ROLE_USER", "ROLE_ADMIN" })
    @RequestMapping(value = "{id}/password", method = RequestMethod.PUT)
    HttpEntity<User> updatePassword(@PathVariable("id") Long id, @Valid @RequestBody String password) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        RecipeManagerAuthenticationToken token = (RecipeManagerAuthenticationToken) authentication;
        if (ROLE_ADMIN.name().equals(token.getRole())
                || (ROLE_USER.name().equals(token.getRole()) && token.getPrincipal().equals(id))) {
            User u = repository.updatePassword(id, password);
            return new ResponseEntity<>(u, HttpStatus.OK);
        } else {
            return new ResponseEntity<>(HttpStatus.FORBIDDEN);
        }
    }

    @Secured({ "ROLE_USER", "ROLE_ADMIN" })
    @RequestMapping(value = "{id}", method = RequestMethod.PUT)
    HttpEntity<User> update(@PathVariable("id") Long id, @Valid @RequestBody User user) {
        if (id.equals(user.getId())) {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            RecipeManagerAuthenticationToken token = (RecipeManagerAuthenticationToken) authentication;
            if (ROLE_ADMIN.name().equals(token.getRole())
                    || (ROLE_USER.name().equals(token.getRole()) && token.getPrincipal().equals(id))) {
                if (repository.findOne(user.getId()) != null) {
                    repository.save(user);
                    return new ResponseEntity<>(user, HttpStatus.OK);
                }
            } else {
                return new ResponseEntity<>(HttpStatus.FORBIDDEN);
            }
        }
        return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
    }
}