diff --git a/src/main/java/com/example/onomatopoeiaback/controller/EmployeeController.java b/src/main/java/com/example/onomatopoeiaback/controller/EmployeeController.java index ca379de..29a5739 100644 --- a/src/main/java/com/example/onomatopoeiaback/controller/EmployeeController.java +++ b/src/main/java/com/example/onomatopoeiaback/controller/EmployeeController.java @@ -17,6 +17,8 @@ import org.springframework.web.bind.annotation.*; import java.util.List; +import static com.example.onomatopoeiaback.domain.employee.CheckPosition.checkIsAdmin; + @RestController @RequestMapping("/employee") public class EmployeeController { @@ -31,26 +33,26 @@ public class EmployeeController { @PostMapping("/create") @SecurityRequirement(name = "basicAuth") public ResponseEntity createEmployee(Authentication authentication, @RequestBody EmployeeDTO employeeDTO) { + checkIsAdmin(authentication); return ResponseEntity.ok(employeeService.createEmployee(employeeDTO)); } - @GetMapping("/info") + @GetMapping("/{username}/info") @SecurityRequirement(name = "basicAuth") - public ResponseEntity info(Authentication authentication) { - return ResponseEntity.ok(employeeService.info(Auth.getEmployee(authentication).getLogin())); + public ResponseEntity info(Authentication authentication, @PathVariable String username) { + return ResponseEntity.ok(employeeService.info(Auth.getEmployee(authentication), username)); } @GetMapping("/auth") @SecurityRequirement(name = "basicAuth") - public ResponseEntity auth(Authentication authentication) { - employeeService.auth(Auth.getEmployee(authentication).getLogin()); + public ResponseEntity auth() { return new ResponseEntity<>(HttpStatus.OK); } @PatchMapping("/open") @SecurityRequirement(name = "basicAuth") public ResponseEntity open(Authentication authentication, @RequestBody VisitDTO visitDTO) { - visitService.register(Auth.getEmployee(authentication).getLogin(), visitDTO); + visitService.register(Auth.getEmployee(authentication), visitDTO); return new ResponseEntity<>(HttpStatus.OK); } } diff --git a/src/main/java/com/example/onomatopoeiaback/controller/QrCodeController.java b/src/main/java/com/example/onomatopoeiaback/controller/QrCodeController.java index 0b8b677..2c12f70 100644 --- a/src/main/java/com/example/onomatopoeiaback/controller/QrCodeController.java +++ b/src/main/java/com/example/onomatopoeiaback/controller/QrCodeController.java @@ -11,6 +11,8 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; +import static com.example.onomatopoeiaback.domain.employee.CheckPosition.checkIsAdmin; + @RestController @RequestMapping("/qr_code") public class QrCodeController { @@ -24,6 +26,7 @@ public class QrCodeController { @PostMapping("/create") @SecurityRequirement(name = "basicAuth") public ResponseEntity createQrCode(Authentication authentication, @RequestParam String name) { + checkIsAdmin(authentication); return ResponseEntity.ok(qrCodeService.createQrCode(name)); } } diff --git a/src/main/java/com/example/onomatopoeiaback/controller/VisitController.java b/src/main/java/com/example/onomatopoeiaback/controller/VisitController.java index adc0bb9..426b9cc 100644 --- a/src/main/java/com/example/onomatopoeiaback/controller/VisitController.java +++ b/src/main/java/com/example/onomatopoeiaback/controller/VisitController.java @@ -2,6 +2,7 @@ package com.example.onomatopoeiaback.controller; import com.example.onomatopoeiaback.domain.visit.Visit; import com.example.onomatopoeiaback.domain.visit.VisitDTO; +import com.example.onomatopoeiaback.security.Auth; import com.example.onomatopoeiaback.service.VisitService; import io.swagger.v3.oas.annotations.security.SecurityRequirement; import org.springframework.data.domain.Page; @@ -28,7 +29,7 @@ public class VisitController { @RequestParam(defaultValue = "0") int page, @RequestParam(defaultValue = "10") int size) { - Page visits = visitService.getVisits(login, page, size); + Page visits = visitService.getVisits(Auth.getEmployee(authentication), login, page, size); return ResponseEntity.ok(visits); } } diff --git a/src/main/java/com/example/onomatopoeiaback/domain/employee/CheckPosition.java b/src/main/java/com/example/onomatopoeiaback/domain/employee/CheckPosition.java new file mode 100644 index 0000000..1f77b29 --- /dev/null +++ b/src/main/java/com/example/onomatopoeiaback/domain/employee/CheckPosition.java @@ -0,0 +1,20 @@ +package com.example.onomatopoeiaback.domain.employee; + +import com.example.onomatopoeiaback.exceptions.ForbiddenException; +import com.example.onomatopoeiaback.security.Auth; +import org.springframework.security.core.Authentication; + +public class CheckPosition { + public static void checkIsAdmin(Employee employee) { + if (employee == null || !employee.getPosition().equals(PositionType.ADMINISTRATOR)) { + throw new ForbiddenException(); + } + } + + public static void checkIsAdmin(Authentication authentication) { + Employee employee = Auth.getEmployee(authentication); + if (employee == null || !employee.getPosition().equals(PositionType.ADMINISTRATOR)) { + throw new ForbiddenException(); + } + } +} diff --git a/src/main/java/com/example/onomatopoeiaback/exceptions/GeneralExceptionsHandler.java b/src/main/java/com/example/onomatopoeiaback/exceptions/GeneralExceptionsHandler.java index dd1dfe1..4cb2d77 100644 --- a/src/main/java/com/example/onomatopoeiaback/exceptions/GeneralExceptionsHandler.java +++ b/src/main/java/com/example/onomatopoeiaback/exceptions/GeneralExceptionsHandler.java @@ -28,4 +28,11 @@ public class GeneralExceptionsHandler { public ExceptionDTO handleForbiddenException(ForbiddenException e) { return new ExceptionDTO("FORBIDDEN", e.getMessage()); } + + @ResponseStatus(HttpStatus.NOT_FOUND) + @ExceptionHandler(NotFoundException.class) + @ResponseBody + public ExceptionDTO notFoundException(NotFoundException e) { + return new ExceptionDTO("NOT FOUND", e.getMessage()); + } } diff --git a/src/main/java/com/example/onomatopoeiaback/exceptions/NotFoundException.java b/src/main/java/com/example/onomatopoeiaback/exceptions/NotFoundException.java new file mode 100644 index 0000000..b91bfb8 --- /dev/null +++ b/src/main/java/com/example/onomatopoeiaback/exceptions/NotFoundException.java @@ -0,0 +1,8 @@ +package com.example.onomatopoeiaback.exceptions; + +import org.springframework.http.HttpStatus; +import org.springframework.web.bind.annotation.ResponseStatus; + +@ResponseStatus(code = HttpStatus.NOT_FOUND, reason = "Запрашиваемые данные не найдены") +public class NotFoundException extends RuntimeException { +} diff --git a/src/main/java/com/example/onomatopoeiaback/service/EmployeeService.java b/src/main/java/com/example/onomatopoeiaback/service/EmployeeService.java index 16721af..745f0bd 100644 --- a/src/main/java/com/example/onomatopoeiaback/service/EmployeeService.java +++ b/src/main/java/com/example/onomatopoeiaback/service/EmployeeService.java @@ -2,9 +2,10 @@ package com.example.onomatopoeiaback.service; import com.example.onomatopoeiaback.domain.employee.Employee; import com.example.onomatopoeiaback.domain.employee.EmployeeDTO; -import com.example.onomatopoeiaback.exceptions.UnauthorizedException; +import com.example.onomatopoeiaback.domain.employee.PositionType; +import com.example.onomatopoeiaback.exceptions.ForbiddenException; +import com.example.onomatopoeiaback.exceptions.NotFoundException; import com.example.onomatopoeiaback.repository.EmployeeRepository; -import com.example.onomatopoeiaback.repository.VisitRepository; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.stereotype.Service; @@ -35,21 +36,15 @@ public class EmployeeService { return employee; } - public void auth(String login) { - Optional employeeOptional = employeeRepository.findByLogin(login); - - if (employeeOptional.isEmpty()) { - throw new UnauthorizedException(); + public Employee info(Employee employee, String login) { + Optional requestedEmployeeOptional = employeeRepository.findByLogin(login); + if (requestedEmployeeOptional.isEmpty()) { + throw new NotFoundException(); } - } - - public Employee info(String login) { - Optional employeeOptional = employeeRepository.findByLogin(login); - - if (employeeOptional.isEmpty()) { - throw new UnauthorizedException(); + Employee requestedEmployee = requestedEmployeeOptional.get(); + if (employee.getPosition().equals(PositionType.ADMINISTRATOR) || employee.getId() == requestedEmployee.getId()) { + return requestedEmployee; } - - return employeeOptional.get(); + throw new ForbiddenException(); } } diff --git a/src/main/java/com/example/onomatopoeiaback/service/VisitService.java b/src/main/java/com/example/onomatopoeiaback/service/VisitService.java index e88b3b7..3dc2627 100644 --- a/src/main/java/com/example/onomatopoeiaback/service/VisitService.java +++ b/src/main/java/com/example/onomatopoeiaback/service/VisitService.java @@ -2,10 +2,12 @@ package com.example.onomatopoeiaback.service; import com.example.onomatopoeiaback.domain.employee.Employee; +import com.example.onomatopoeiaback.domain.employee.PositionType; import com.example.onomatopoeiaback.domain.qrcode.QrCode; import com.example.onomatopoeiaback.domain.visit.Visit; import com.example.onomatopoeiaback.domain.visit.VisitDTO; import com.example.onomatopoeiaback.exceptions.BadRequestException; +import com.example.onomatopoeiaback.exceptions.ForbiddenException; import com.example.onomatopoeiaback.exceptions.UnauthorizedException; import com.example.onomatopoeiaback.repository.EmployeeRepository; import com.example.onomatopoeiaback.repository.QrCodeRepository; @@ -34,21 +36,15 @@ public class VisitService { } - public void register(String login, VisitDTO visitDTO) { - Optional employeeOptional = employeeRepository.findByLogin(login); + public void register(Employee employee, VisitDTO visitDTO) { LocalDateTime localDateTime = LocalDateTime.now().truncatedTo(ChronoUnit.SECONDS); Optional qrCodeOptional = qrCodeRepository.findById(visitDTO.getQrCodeId()); if (qrCodeOptional.isEmpty()) { throw new BadRequestException(); } - - if (employeeOptional.isEmpty()) { - throw new UnauthorizedException(); - } - QrCode qrCode = qrCodeOptional.get(); - Employee employee = employeeOptional.get(); + Visit visit = new Visit(); visit.setQrCode(qrCode); visit.setVisitType(visitDTO.getVisitType()); @@ -59,14 +55,19 @@ public class VisitService { employeeRepository.saveAndFlush(employee); } - public Page getVisits(String login, Integer page, Integer size) { - Optional employeeOptional = employeeRepository.findByLogin(login); + public Page getVisits(Employee employee, String requestedEmployeeLogin, Integer page, Integer size) { + Optional employeeOptional = employeeRepository.findByLogin(requestedEmployeeLogin); if (employeeOptional.isEmpty()) { throw new UnauthorizedException(); } + Employee requestedEmployee = employeeOptional.get(); - PageRequest pageable = PageRequest.of(page, size); - return visitRepository.findByEmployeeId(employeeOptional.get().getId(), pageable); + if (employee.getPosition().equals(PositionType.ADMINISTRATOR) || employee.getId() == requestedEmployee.getId()) { + PageRequest pageable = PageRequest.of(page, size); + return visitRepository.findByEmployeeId(requestedEmployee.getId(), pageable); + } + + throw new ForbiddenException(); } } diff --git a/src/main/resources/default-admin.sql b/src/main/resources/default-admin.sql deleted file mode 100644 index e69de29..0000000