byte/expensetracker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Encapsulated methods that are allowed only for admins. Removed ability to add new user, new user must be registered using auth.

Browse Source
This commit is contained in:
Dmitrii Cravcenco
2023-10-07 10:18:02 +03:00
parent 128a1fabc1
commit 19ac92f268
6 changed files with 31 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/main/java/com/faf223/expensetrackerfaf/controller/UserController.java
View File

@@ -6,11 +6,13 @@ import com.faf223.expensetrackerfaf.dto.mappers.UserMapper;
import com.faf223.expensetrackerfaf.model.User;
import com.faf223.expensetrackerfaf.service.UserService;
import lombok.RequiredArgsConstructor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.*;
import java.util.ArrayList;
@RestController
@RequestMapping("/users")
@RequiredArgsConstructor
@@ -19,24 +21,12 @@ public class UserController {
private final UserService userService;
private final UserMapper userMapper;
@PostMapping()
public ResponseEntity<UserDTO> createNewUser(@RequestBody UserCreationDTO userDTO,
BindingResult bindingResult) {
User user = userMapper.toUser(userDTO);
if (!bindingResult.hasErrors()) {
userService.createOrUpdateUser(user);
return ResponseEntity.ok(userMapper.toDto(user));
} else {
return ResponseEntity.notFound().build();
}
}
@PatchMapping()
public ResponseEntity<UserDTO> updateUser(@RequestBody UserCreationDTO userDTO,
BindingResult bindingResult) {
User user = userMapper.toUser(userDTO);
if (!bindingResult.hasErrors()) {
userService.createOrUpdateUser(user);
userService.updateUser(user);
return ResponseEntity.ok(userMapper.toDto(user));
} else {
return ResponseEntity.notFound().build();
@@ -49,5 +39,13 @@ public class UserController {
if (user != null) return ResponseEntity.ok(userMapper.toDto(user));
else return ResponseEntity.notFound().build();
}
@GetMapping()
@PreAuthorize("hasRole('ADMIN')")
public ResponseEntity<ArrayList<UserDTO>> getAllUsers() {
ArrayList<User> users = new ArrayList<>(userService.getUsers());
return ResponseEntity.ok(userMapper.toDto(users));
}
}