diff --git a/CHANGELOG.md b/CHANGELOG.md index 18c59f56fa5d7bd3a179c7e443a157b57afd3f4b..e210c2b153d2457c91079eb691f6f6055b6284bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,17 @@ +## [1.0.16-RELEASE] +### Added +- Added request authorisation check. +### Changed +- Changes in existing functionality. + +### Deprecated +- Soon-to-be removed features. + +### Removed +- Features that have been removed. + +### Fixed +- Any bug fixes. ## [1.0.15-RELEASE] ### Added - User Statistics diff --git a/pom.xml b/pom.xml index a187f536b6ab08f776e1ab331918d51a7e8db6a1..eb6cf6ccb6df7b5d9da385ab4931025dba22245b 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>com.marketingconfort</groupId> <artifactId>mc-starter-parent</artifactId> - <version>1.0.45-RELEASE</version> + <version>1.0.46-RELEASE</version> <relativePath/> </parent> <groupId>com.marketingconfort</groupId> diff --git a/src/main/java/com/marketingconfort/mydressin/controller/AddressController.java b/src/main/java/com/marketingconfort/mydressin/controller/AddressController.java index b8e6a1a4471b9eb52acebb3d0aed61abb6ee242b..28bed04ffe5fa1e9e34a92992e22450772e9f614 100644 --- a/src/main/java/com/marketingconfort/mydressin/controller/AddressController.java +++ b/src/main/java/com/marketingconfort/mydressin/controller/AddressController.java @@ -9,6 +9,7 @@ import com.marketingconfort.mydressin.service.AddressService; import lombok.AllArgsConstructor; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import java.util.List; @@ -20,42 +21,55 @@ public class AddressController { private final AddressService addressService; + @GetMapping(Paths.ADDRESS_ROOT) - public ResponseEntity<List<AddressDTO>> getAllAddresses() { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<List<AddressDTO>> getAllAddresses(@RequestHeader String requestAuthorization) { List<AddressDTO> addresses = addressService.getAllAddresses(); return ResponseEntity.ok(addresses); } + @GetMapping(Paths.ADDRESSES_BY_CLIENT_EMAIL) - public ResponseEntity<List<AddressDTO>> getAddressByClientEmail( @PathVariable String email) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<List<AddressDTO>> getAddressByClientEmail( + @PathVariable String email, @RequestHeader String requestAuthorization) { List<AddressDTO> addresses = addressService.getAddressByClientEmail(email); return ResponseEntity.ok(addresses); } @GetMapping(Paths.ADDRESS_BY_ID) - public ResponseEntity<AddressDTO> getAddressById(@PathVariable Long id) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<AddressDTO> getAddressById(@PathVariable Long id, @RequestHeader String requestAuthorization) { AddressDTO address = addressService.getAddressById(id); return ResponseEntity.ok(address); } @PostMapping(Paths.ADDRESS_ADD) - public ResponseEntity<AddressDTO> addAddress(@RequestBody SaveAddressRequest saveAddressRequest) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<AddressDTO> addAddress( + @RequestBody SaveAddressRequest saveAddressRequest, @RequestHeader String requestAuthorization) { AddressDTO addAddress = addressService.addAddress(saveAddressRequest); return ResponseEntity.ok(addAddress); } @PutMapping(Paths.ADDRESS_UPDATE) - public ResponseEntity<AddressDTO> updateAddress(@RequestBody AddressDTO addressDTO) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<AddressDTO> updateAddress(@RequestBody AddressDTO addressDTO, @RequestHeader String requestAuthorization) { AddressDTO updatedAddress = addressService.updateAddress(addressDTO); return ResponseEntity.ok(updatedAddress); } @DeleteMapping(Paths.ADDRESS_DELETE) - public ResponseEntity<Void> deleteAddress(@PathVariable Long id) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<Void> deleteAddress(@PathVariable Long id, @RequestHeader String requestAuthorization) { addressService.deleteAddress(id); return ResponseEntity.noContent().build(); } + @PostMapping(Paths.PRIMARY_ADDRESS) - public ResponseEntity<String> setPrimaryAddress(@RequestBody SetPrimaryAddressRequest setPrimaryAddressRequest) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<String> setPrimaryAddress( + @RequestBody SetPrimaryAddressRequest setPrimaryAddressRequest, @RequestHeader String requestAuthorization) { try { addressService.setPrimaryAddress(setPrimaryAddressRequest); return ResponseEntity.ok("L'adresse principale a été définie avec succès."); diff --git a/src/main/java/com/marketingconfort/mydressin/controller/DriverController.java b/src/main/java/com/marketingconfort/mydressin/controller/DriverController.java index 393e1add2d636d9ca6ed74a0d2929a9f524aeb80..b94a4c6a813544b73f236ce30198b13179730480 100644 --- a/src/main/java/com/marketingconfort/mydressin/controller/DriverController.java +++ b/src/main/java/com/marketingconfort/mydressin/controller/DriverController.java @@ -6,10 +6,8 @@ import com.marketingconfort.mydressin.dto.UserDTO; import com.marketingconfort.mydressin.service.UserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.ResponseEntity; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.web.bind.annotation.*; import java.util.List; @@ -22,13 +20,15 @@ public class DriverController { @GetMapping - public ResponseEntity<List<UserDTO>> getAllDrivers() { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<List<UserDTO>> getAllDrivers(@RequestHeader String requestAuthorization) { List<UserDTO> drivers = userService.getAllDrivers(); return ResponseEntity.ok(drivers); } @GetMapping("/{driverId}") - public ResponseEntity<UserDTO> getDriverById(@PathVariable Long driverId) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<UserDTO> getDriverById(@PathVariable Long driverId, @RequestHeader String requestAuthorization) { UserDTO driver = userService.getUserByRoleAndId("DRIVER", driverId); return ResponseEntity.ok(driver); } diff --git a/src/main/java/com/marketingconfort/mydressin/controller/LiveClientController.java b/src/main/java/com/marketingconfort/mydressin/controller/LiveClientController.java index 877f573b107c1f0c16c08bc335f17cd3aabf6f5c..8f1ab2abeb91de6822ddf02ecae5b37c2fefdd75 100644 --- a/src/main/java/com/marketingconfort/mydressin/controller/LiveClientController.java +++ b/src/main/java/com/marketingconfort/mydressin/controller/LiveClientController.java @@ -6,6 +6,7 @@ import com.marketingconfort.mydressin.dto.LiveClientResponse; import com.marketingconfort.mydressin.service.LiveClientService; import lombok.AllArgsConstructor; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import java.util.List; @@ -18,32 +19,38 @@ public class LiveClientController { private LiveClientService liveClientService; @GetMapping(Paths.CLIENTS_GET) - public ResponseEntity<List<LiveClientResponse>> getAllClients() { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<List<LiveClientResponse>> getAllClients(@RequestHeader String requestAuthorization) { List<LiveClientResponse> clients = liveClientService.getAllClients(); return ResponseEntity.ok(clients); } @PutMapping(Paths.CLIENTS_UPDATE) + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") public ResponseEntity<LiveClientDTO> updateClient( @PathVariable("id") long id, - @RequestBody LiveClientDTO liveClientDTO) { + @RequestBody LiveClientDTO liveClientDTO, + @RequestHeader String requestAuthorization) { LiveClientDTO updatedClient = liveClientService.updateClient(id, liveClientDTO); return ResponseEntity.ok(updatedClient); } @PutMapping(Paths.CLIENTS_Ban_client) - public ResponseEntity<LiveClientDTO> banClient(@PathVariable Long clientId) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<LiveClientDTO> banClient(@PathVariable Long clientId, @RequestHeader String requestAuthorization) { LiveClientDTO updatedClient = liveClientService.banClient(clientId); return ResponseEntity.ok(updatedClient); } @PutMapping(Paths.CLIENTS_Unban_client) - public ResponseEntity<LiveClientDTO> unbanClient(@PathVariable Long clientId) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<LiveClientDTO> unbanClient(@PathVariable Long clientId, @RequestHeader String requestAuthorization) { LiveClientDTO updatedClient = liveClientService.unbanClient(clientId); return ResponseEntity.ok(updatedClient); } @PostMapping(Paths.CLIENTS_get) - public ResponseEntity<List<LiveClientDTO>> getClientsByUid(@RequestBody List<Long> clientsUid) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<List<LiveClientDTO>> getClientsByUid(@RequestBody List<Long> clientsUid, @RequestHeader String requestAuthorization) { List<LiveClientDTO> clients = liveClientService.getClientsByUid(clientsUid); return ResponseEntity.ok(clients); } diff --git a/src/main/java/com/marketingconfort/mydressin/controller/RecaptchaController.java b/src/main/java/com/marketingconfort/mydressin/controller/RecaptchaController.java index 5bacde2903e1190b4d9cb22e51eeadb56d8b9505..1d85518576e73d92c1ad83fa3f90b390cfe0af57 100644 --- a/src/main/java/com/marketingconfort/mydressin/controller/RecaptchaController.java +++ b/src/main/java/com/marketingconfort/mydressin/controller/RecaptchaController.java @@ -4,19 +4,27 @@ import com.marketingconfort.mydressin.constants.Paths; import com.marketingconfort.mydressin.service.RecaptchaService; import lombok.AllArgsConstructor; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; @AllArgsConstructor @RestController @RequestMapping(Paths.USER_BASE) public class RecaptchaController { + private final RecaptchaService recaptchaService; + + @GetMapping(Paths.VALIDATE_RECAPTCHA) - public ResponseEntity<Boolean> validateTokenRecaptcha(@PathVariable String token) throws Exception { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<Boolean> validateTokenRecaptcha(@PathVariable String token, @RequestHeader String requestAuthorization) throws Exception { return ResponseEntity.ok(recaptchaService.validateToken(token)); } + @GetMapping(Paths.RETURN_SITE_KEY) - public ResponseEntity<String> returnSiteKey(){ + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<String> returnSiteKey(@RequestHeader String requestAuthorization){ return ResponseEntity.ok(recaptchaService.returnCaptchaSiteKey()); } + } diff --git a/src/main/java/com/marketingconfort/mydressin/controller/RoleController.java b/src/main/java/com/marketingconfort/mydressin/controller/RoleController.java index d5d1b0228f81821dcdc9bf6ada2936fd237b6b12..9f88bfb83c59ddb4522fcadaa11fa1f49a48e236 100644 --- a/src/main/java/com/marketingconfort/mydressin/controller/RoleController.java +++ b/src/main/java/com/marketingconfort/mydressin/controller/RoleController.java @@ -8,62 +8,69 @@ import com.marketingconfort.mydressin.service.RoleService; import lombok.AllArgsConstructor; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import java.util.List; - @RestController - @RequestMapping(Paths.ROLE_BASE) - @AllArgsConstructor - public class RoleController { +@RestController +@RequestMapping(Paths.ROLE_BASE) +@AllArgsConstructor +public class RoleController { - private final RoleService roleService; + private final RoleService roleService; - @GetMapping(Paths.ROLE_ROOT) - public ResponseEntity<List<RoleDTO>> getAllRoles() { - List<RoleDTO> roles = roleService.getAllRoles(); - return new ResponseEntity<>(roles, HttpStatus.OK); - } - @GetMapping(Paths.ROLE_BY_ID) - public ResponseEntity<RoleDTO> getRoleById(@PathVariable Long id) { - try { - RoleDTO role = roleService.getRoleById(id); - return new ResponseEntity<>(role, HttpStatus.OK); - } catch (BusinessException e) { - return new ResponseEntity<>(null, HttpStatus.NOT_FOUND); - } - } + @GetMapping(Paths.ROLE_ROOT) + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<List<RoleDTO>> getAllRoles(@RequestHeader String requestAuthorization) { + List<RoleDTO> roles = roleService.getAllRoles(); + return new ResponseEntity<>(roles, HttpStatus.OK); + } - @PostMapping(Paths.ROLE_ADD) - public ResponseEntity<RoleDTO> addRole(@RequestBody RoleDtoSave roleDtoSave) { - try { - RoleDTO createdRole = roleService.addRole(roleDtoSave); - return new ResponseEntity<>(createdRole, HttpStatus.CREATED); - } catch (BusinessException e) { - return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST); - } + @GetMapping(Paths.ROLE_BY_ID) + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<RoleDTO> getRoleById(@PathVariable Long id, @RequestHeader String requestAuthorization) { + try { + RoleDTO role = roleService.getRoleById(id); + return new ResponseEntity<>(role, HttpStatus.OK); + } catch (BusinessException e) { + return new ResponseEntity<>(null, HttpStatus.NOT_FOUND); } + } - @PutMapping(Paths.ROLE_UPDATE) - public ResponseEntity<RoleDTO> updateRole(@PathVariable Long id, @RequestBody RoleDtoSave roleDTO) { - try { - RoleDTO updatedRole = roleService.updateRole(id, roleDTO); - return new ResponseEntity<>(updatedRole, HttpStatus.OK); - } catch (BusinessException e) { - return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST); - } + @PostMapping(Paths.ROLE_ADD) + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<RoleDTO> addRole(@RequestBody RoleDtoSave roleDtoSave, @RequestHeader String requestAuthorization) { + try { + RoleDTO createdRole = roleService.addRole(roleDtoSave); + return new ResponseEntity<>(createdRole, HttpStatus.CREATED); + } catch (BusinessException e) { + return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST); } + } - @DeleteMapping(Paths.ROLE_DELETE) - public ResponseEntity<Void> deleteRole(@PathVariable Long id) { - try { - roleService.removeRole(id); - return new ResponseEntity<>(HttpStatus.NO_CONTENT); - } catch (BusinessException e) { - return new ResponseEntity<>(HttpStatus.NOT_FOUND); - } + @PutMapping(Paths.ROLE_UPDATE) + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<RoleDTO> updateRole( + @PathVariable Long id, @RequestBody RoleDtoSave roleDTO, @RequestHeader String requestAuthorization) { + try { + RoleDTO updatedRole = roleService.updateRole(id, roleDTO); + return new ResponseEntity<>(updatedRole, HttpStatus.OK); + } catch (BusinessException e) { + return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST); } } + @DeleteMapping(Paths.ROLE_DELETE) + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<Void> deleteRole(@PathVariable Long id, @RequestHeader String requestAuthorization) { + try { + roleService.removeRole(id); + return new ResponseEntity<>(HttpStatus.NO_CONTENT); + } catch (BusinessException e) { + return new ResponseEntity<>(HttpStatus.NOT_FOUND); + } + } +} diff --git a/src/main/java/com/marketingconfort/mydressin/controller/StatisticsController.java b/src/main/java/com/marketingconfort/mydressin/controller/StatisticsController.java index 6dd38ce25ee35b9b18b12f5ba832f2a55cb14b59..f2b94d75005ff3aac3a7237cf9db41b42fc5bf45 100644 --- a/src/main/java/com/marketingconfort/mydressin/controller/StatisticsController.java +++ b/src/main/java/com/marketingconfort/mydressin/controller/StatisticsController.java @@ -4,10 +4,8 @@ import com.marketingconfort.mydressin.constants.Paths; import com.marketingconfort.mydressin.service.StatisticsService; import com.marketingconfort.starter.core.exceptions.FunctionalException; import org.springframework.format.annotation.DateTimeFormat; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.web.bind.annotation.*; import java.util.Date; import java.util.List; @@ -24,18 +22,22 @@ public class StatisticsController { } @GetMapping("/count") + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") public Long getUsersCountByRolesAndDateRange( @RequestParam(required = false) List<String> roleName, @RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd") Date startDate, - @RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd") Date endDate) throws FunctionalException { + @RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd") Date endDate, + @RequestHeader String requestAuthorization) throws FunctionalException { return statisticsService.countUsersByRolesAndDateRange(roleName, startDate, endDate); } @GetMapping("/countByTag") + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") public Long getUsersCountByTagAndDateRange( @RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd") Date startDate, - @RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd") Date endDate) { + @RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd") Date endDate, + @RequestHeader String requestAuthorization) { return statisticsService.countUsersByTagAndDateRange(startDate, endDate); } diff --git a/src/main/java/com/marketingconfort/mydressin/controller/SupplierController.java b/src/main/java/com/marketingconfort/mydressin/controller/SupplierController.java index 26327f81b416d7d515de7563d00e623e81d4e62a..3c7437827965335e164c9d34bcfa42718354f849 100644 --- a/src/main/java/com/marketingconfort/mydressin/controller/SupplierController.java +++ b/src/main/java/com/marketingconfort/mydressin/controller/SupplierController.java @@ -11,13 +11,13 @@ import com.marketingconfort.starter.core.exceptions.FunctionalException; import com.marketingconfort.starter.core.exceptions.TechnicalException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import java.util.List; @RestController @RequestMapping(Paths.SUPPLIER) - public class SupplierController { private final SupplierService supplierService; @@ -26,47 +26,66 @@ public class SupplierController { this.supplierService = supplierService; } + @GetMapping - public ResponseEntity<List<SupplierDTO>> getAllSuppliers() { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<List<SupplierDTO>> getAllSuppliers(@RequestHeader String requestAuthorization) { List<SupplierDTO> suppliers = supplierService.getAllSuppliers(); return ResponseEntity.ok(suppliers); } + @GetMapping("/notArchived") - public ResponseEntity<List<SupplierDTO>> getNotArchivesSuppliers() { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<List<SupplierDTO>> getNotArchivesSuppliers(@RequestHeader String requestAuthorization) { List<SupplierDTO> suppliers = supplierService.getNotArchivedSuppliers(); return ResponseEntity.ok(suppliers); } + @GetMapping("/{supplierId}") - public ResponseEntity<SupplierDTO> getSupplierById(@PathVariable Long supplierId) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<SupplierDTO> getSupplierById( + @PathVariable Long supplierId, @RequestHeader String requestAuthorization) { SupplierDTO supplier = supplierService.getSupplierById(supplierId); return ResponseEntity.ok(supplier); } @PostMapping(Paths.ADD_SUPPLIER) - public ResponseEntity<SupplierDTO> addSupplier (@RequestBody SaveSupplierRequest saveSupplierRequest) throws TechnicalException, FunctionalException { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<SupplierDTO> addSupplier ( + @RequestBody SaveSupplierRequest saveSupplierRequest, + @RequestHeader String requestAuthorization) throws TechnicalException, FunctionalException { SupplierDTO response = supplierService.saveSupplier(saveSupplierRequest); return ResponseEntity.ok(response); } - @PutMapping("/update") - public SupplierDTO updateSupplier(@RequestBody SupplierDTO supplierDTO) { - return supplierService.updateSupplier(supplierDTO); - } - - @DeleteMapping("/delete/{id}") - public void deleteSupplier(@PathVariable Long id) { - supplierService.deleteSupplier(id); - } @PutMapping("/{id}/{isArchived}") - public ResponseEntity<String> archiveSupplier(@PathVariable("id") Long supplierId, @PathVariable boolean isArchived) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<String> archiveSupplier( + @PathVariable("id") Long supplierId, + @PathVariable boolean isArchived, + @RequestHeader String requestAuthorization) { supplierService.archiveSupplier(supplierId, isArchived); String message = isArchived ? "Fournisseur archivé avec succès." : "Fournisseur désarchivé avec succès."; return ResponseEntity.ok(message); } + @GetMapping("/archived") - public ResponseEntity<List<SupplierDTO>> getArchivedSuppliers() { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<List<SupplierDTO>> getArchivedSuppliers(@RequestHeader String requestAuthorization) { List<SupplierDTO> suppliers = supplierService.getArchivedSuppliers(); return ResponseEntity.ok(suppliers); } + @PutMapping("/update") + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public SupplierDTO updateSupplier(@RequestBody SupplierDTO supplierDTO, @RequestHeader String requestAuthorization) { + return supplierService.updateSupplier(supplierDTO); + } + + @DeleteMapping("/delete/{id}") + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public void deleteSupplier(@PathVariable Long id, @RequestHeader String requestAuthorization) { + supplierService.deleteSupplier(id); + } + } diff --git a/src/main/java/com/marketingconfort/mydressin/controller/UnregisteredClientController.java b/src/main/java/com/marketingconfort/mydressin/controller/UnregisteredClientController.java index 2ad0066e3d59111281406b4ff364858d9b72b073..a942345112ac563ed88ffa1c01ec55241a1cc82e 100644 --- a/src/main/java/com/marketingconfort/mydressin/controller/UnregisteredClientController.java +++ b/src/main/java/com/marketingconfort/mydressin/controller/UnregisteredClientController.java @@ -8,6 +8,7 @@ import com.marketingconfort.mydressin.service.UnregisteredClientService; import lombok.AllArgsConstructor; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import java.util.List; @@ -19,20 +20,25 @@ public class UnregisteredClientController { private final UnregisteredClientService unregisteredClientService; + @PostMapping(Paths.UNREGISTERED_CLIENT_ADD) - public ResponseEntity<UnregisteredClientDTO> createUnregisteredClient(@RequestParam String pseudo) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<UnregisteredClientDTO> createUnregisteredClient( + @RequestParam String pseudo, @RequestHeader String requestAuthorization) { UnregisteredClientDTO clientDTO = unregisteredClientService.createUnregisteredClient(pseudo); return ResponseEntity.ok(clientDTO); } @GetMapping(Paths.UNREGISTERED_CLIENT_ROOT) - public ResponseEntity<List<UnregisteredClientDTO>> getAllUnregisteredClients() { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<List<UnregisteredClientDTO>> getAllUnregisteredClients(@RequestHeader String requestAuthorization) { List<UnregisteredClientDTO> clients = unregisteredClientService.getAllUnregisteredClients(); return ResponseEntity.ok(clients); } @DeleteMapping(Paths.UNREGISTERED_CLIENT_DELETE) - public ResponseEntity<Void> deleteUnregisteredClient(@PathVariable Long id) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<Void> deleteUnregisteredClient(@PathVariable Long id, @RequestHeader String requestAuthorization) { boolean isRemoved = unregisteredClientService.deleteUnregisteredClientById(id); if (!isRemoved) { return new ResponseEntity<>(HttpStatus.NOT_FOUND); @@ -41,9 +47,11 @@ public class UnregisteredClientController { } @PostMapping(Paths.UNREGISTERED_CLIENT_ASSOCIATE) + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") public ResponseEntity<?> associateAndDeleteUnregisteredClient( @RequestParam Long unregisteredClientId, - @RequestParam Long newUserId) { + @RequestParam Long newUserId, + @RequestHeader String requestAuthorization) { try { unregisteredClientService.associateAndDeleteUnregisteredClient(unregisteredClientId, newUserId); @@ -52,12 +60,16 @@ public class UnregisteredClientController { return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Failed to associate and delete unregistered client"); } } + @PostMapping(Paths.UNREGISTERED_CLIENT_BY_IDS) - public ResponseEntity<List<LiveClientDTO>> getUnregisteredClientsByIds(@RequestBody List<Long> ids) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<List<LiveClientDTO>> getUnregisteredClientsByIds( + @RequestBody List<Long> ids, @RequestHeader String requestAuthorization) { List<LiveClientDTO> clients = unregisteredClientService.getUnregisteredClientsByIds(ids); if (clients.isEmpty()) { return ResponseEntity.noContent().build(); } return ResponseEntity.ok(clients); } + } diff --git a/src/main/java/com/marketingconfort/mydressin/controller/UserController.java b/src/main/java/com/marketingconfort/mydressin/controller/UserController.java index e0902642ba281d5b391deba1a7fe43e1f70f3123..0bf0ba41467d1d760c0e7ff9ae545525cc38f12f 100644 --- a/src/main/java/com/marketingconfort/mydressin/controller/UserController.java +++ b/src/main/java/com/marketingconfort/mydressin/controller/UserController.java @@ -2,7 +2,6 @@ package com.marketingconfort.mydressin.controller; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; -import com.marketingconfort.mydressin.common.user.enumerations.UserStatus; import com.marketingconfort.mydressin.constants.Paths; import com.marketingconfort.mydressin.dto.*; import com.marketingconfort.mydressin.error.BusinessException; @@ -15,14 +14,13 @@ import com.marketingconfort.starter.core.exceptions.FunctionalException; import com.marketingconfort.starter.core.exceptions.S3FunctionalException; import com.marketingconfort.starter.core.exceptions.TechnicalException; import com.marketingconfort.starter.core.services.AuthService; -import lombok.AllArgsConstructor; import lombok.RequiredArgsConstructor; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; -import java.io.IOException; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -36,29 +34,34 @@ public class UserController { @GetMapping(Paths.USER_ROOT) - public Map<String, Object> getAllUsers() { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public Map<String, Object> getAllUsers(@RequestHeader String requestAuthorization) { return userService.getAllUsers(); } @GetMapping(Paths.USER_BY_ID) - public Object getById(@PathVariable Long id) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public Object getById(@PathVariable Long id, @RequestHeader String requestAuthorization) { return userService.getUserById(id); } @GetMapping(Paths.USER_BY_EMAIL) - public UserDTO getUserByEmail(@PathVariable String email) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public UserDTO getUserByEmail(@PathVariable String email, @RequestHeader String requestAuthorization) { return userService.getUserByEmail(email); } @GetMapping(Paths.CLIENT_STATISTICS) - public ClientStats clientStatistics(@PathVariable String email) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ClientStats clientStatistics(@PathVariable String email, @RequestHeader String requestAuthorization) { return userService.clientStatistics(email); } @PostMapping(Paths.USER_ADD) - //@PreAuthorize("hasRole('ADMIN')") + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") public UserDTO saveUser(@RequestParam("user") String userdtoJson, - @RequestParam(value = "imageFile", required = false) MultipartFile imageFile) throws TechnicalException, FunctionalException, S3FunctionalException { + @RequestParam(value = "imageFile", required = false) MultipartFile imageFile, + @RequestHeader String requestAuthorization) throws TechnicalException, FunctionalException, S3FunctionalException { ObjectMapper objectMapper = new ObjectMapper(); SaveUserRequest saveUserRequest; try { @@ -68,8 +71,11 @@ public class UserController { } return userService.saveUser(saveUserRequest, imageFile); } + @PostMapping(path = Paths.UPLOAD, consumes = {"multipart/form-data"}) - public ResponseEntity<String> uploadImage(@RequestPart("imageFile") MultipartFile imageFile) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<String> uploadImage(@RequestPart("imageFile") MultipartFile imageFile, + @RequestHeader String requestAuthorization) { try { String imageUrl = userService.uploadImage(imageFile); return ResponseEntity.ok(imageUrl); @@ -77,9 +83,13 @@ public class UserController { return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(e.getMessage()); } } + @PutMapping(Paths.USER_UPDATE) -//@PreAuthorize("hasRole('ADMIN')") - public ResponseEntity<UserDTO> updateUser(@RequestParam(value = "imageFile", required = false) MultipartFile imageFile, @RequestParam("userDto") String userDtoJson) throws S3FunctionalException, TechnicalException, FunctionalException { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<UserDTO> updateUser( + @RequestParam(value = "imageFile", required = false) MultipartFile imageFile, + @RequestParam("userDto") String userDtoJson, + @RequestHeader String requestAuthorization) throws S3FunctionalException, TechnicalException, FunctionalException { ObjectMapper objectMapper = new ObjectMapper(); UserDTO userDTO; try { @@ -92,8 +102,11 @@ public class UserController { } @PutMapping(Paths.CLIENT_UPDATE_WITH_SPECIFIC_INFOS) -//@PreAuthorize("hasRole('ADMIN')") - public ResponseEntity<ClientDTO> updateClientWithSpInfo(@RequestParam(value = "imageFile", required = false) MultipartFile imageFile, @RequestParam("clientDto") String clientDtoJson) throws S3FunctionalException, TechnicalException, FunctionalException { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<ClientDTO> updateClientWithSpInfo( + @RequestParam(value = "imageFile", required = false) MultipartFile imageFile, + @RequestParam("clientDto") String clientDtoJson, + @RequestHeader String requestAuthorization) throws S3FunctionalException, TechnicalException, FunctionalException { ObjectMapper objectMapper = new ObjectMapper(); UpdateClientRequest updateClientRequest; try { @@ -104,72 +117,101 @@ public class UserController { ClientDTO updatedUser = userService.updateClientSpecificInfo(updateClientRequest, imageFile); return ResponseEntity.ok(updatedUser); } + @PutMapping(Paths.CLIENT_UPDATE) + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") public ResponseEntity<ClientDTO> updateClient( @RequestPart(value = "imageFile", required = false) MultipartFile imageFile, - @RequestPart("clientDTO") ClientDTO clientDTO) { + @RequestPart("clientDTO") ClientDTO clientDTO, + @RequestHeader String requestAuthorization) { return ResponseEntity.ok(userService.updateClient(clientDTO, imageFile)); } @DeleteMapping(Paths.USER_DELETE) - //@PreAuthorize("hasRole('ADMIN')") - public Boolean deleteUser(@PathVariable Long id){ + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public Boolean deleteUser(@PathVariable Long id, @RequestHeader String requestAuthorization){ return userService.deleteUser(id); } @GetMapping(Paths.USER_BY_UID) - public UserDTO getByUid(@PathVariable Long uid) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public UserDTO getByUid(@PathVariable Long uid, @RequestHeader String requestAuthorization) { return userService.getUserByUid(uid); } @PostMapping(Paths.CLIENT_REGISTER) - public ResponseEntity<ClientDTO> register (@RequestBody ClientDTO clientDTO) throws TechnicalException, FunctionalException { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<ClientDTO> register ( + @RequestBody ClientDTO clientDTO, + @RequestHeader String requestAuthorization) throws TechnicalException, FunctionalException { ClientDTO response = userService.saveClient(clientDTO); return ResponseEntity.ok(response); } + @PostMapping(Paths.UPDATE_CLIENT_PASSWORD) - public ResponseEntity <Boolean> confirmUserPassword(@RequestBody UserPasswordCreationRequest userPasswordCreationRequest) throws TechnicalException, FunctionalException { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity <Boolean> confirmUserPassword( + @RequestBody UserPasswordCreationRequest userPasswordCreationRequest, + @RequestHeader String requestAuthorization) throws TechnicalException, FunctionalException { Boolean response = userService.confirmUserPassword(userPasswordCreationRequest); return ResponseEntity.ok(response); } @GetMapping(Paths.AUTHENTICATED) - public Boolean isAuthenticated(@PathVariable String email) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public Boolean isAuthenticated(@PathVariable String email, @RequestHeader String requestAuthorization) { return userService.isAuthenticated(email,true); } @PostMapping (Paths.CHANGE_LOGIN_ACTIVITY) - public UserDTO ChangeLoginActivity(@RequestBody RequestLoginActivity requestLoginActivity) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public UserDTO ChangeLoginActivity( + @RequestBody RequestLoginActivity requestLoginActivity, @RequestHeader String requestAuthorization) { return userService.changeLoginActivity(requestLoginActivity); } + @PostMapping (Paths.CHANGE_USER_STATUS) - public UserDTO changeUserStatus(@RequestBody RequestChangeStatus status) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public UserDTO changeUserStatus(@RequestBody RequestChangeStatus status, @RequestHeader String requestAuthorization) { return userService.changeUserStatus(status); } @PostMapping (Paths.SEND_RESET_PASSWORD) - public UserOperationHashResponse sendResetPassword(@RequestBody SendingEmailRequest sendingEmailRequest) throws TechnicalException, FunctionalException { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public UserOperationHashResponse sendResetPassword( + @RequestBody SendingEmailRequest sendingEmailRequest, + @RequestHeader String requestAuthorization) throws TechnicalException, FunctionalException { return userService.sendingResetPassword(sendingEmailRequest); } @GetMapping(Paths.IS_NOT_AUTHENTICATED) - public Boolean isNotAuthenticated(@PathVariable String email) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public Boolean isNotAuthenticated(@PathVariable String email, @RequestHeader String requestAuthorization) { return userService.isAuthenticated(email,false); } + @PostMapping(Paths.UPDATE_PASSWORD) - public UserDTO updateUserPassword(@RequestBody UpdatePasswordRequest updatePasswordRequest) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public UserDTO updateUserPassword( + @RequestBody UpdatePasswordRequest updatePasswordRequest, + @RequestHeader String requestAuthorization) { return userService.updateUserPassword(updatePasswordRequest); } + @PostMapping(Paths.SEND_VERIFICATION_CODE) + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") public ResponseEntity<Boolean> sendVerificationCode( - @RequestBody UserConfirmationRequestOtp userConfirmationRequestOtp) throws TechnicalException, FunctionalException { + @RequestBody UserConfirmationRequestOtp userConfirmationRequestOtp, + @RequestHeader String requestAuthorization) throws TechnicalException, FunctionalException { Boolean isOtpValid = userService.sendVerificationCode(userConfirmationRequestOtp); return ResponseEntity.ok(isOtpValid); - } + @PostMapping(Paths.CLIENT_LOGIN) - public ResponseEntity<?> clientLogin(@RequestBody AuthenticationRequest authenticationRequest) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<?> clientLogin( + @RequestBody AuthenticationRequest authenticationRequest, @RequestHeader String requestAuthorization) { try { AuthenticationResponse response = userService.clientLogin(authenticationRequest); return ResponseEntity.ok(response); @@ -183,7 +225,9 @@ public class UserController { } @PostMapping(Paths.BACKOFFICE_LOGIN) - public ResponseEntity<?> backOfficeLogin(@RequestBody AuthenticationRequest authenticationRequest) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<?> backOfficeLogin( + @RequestBody AuthenticationRequest authenticationRequest, @RequestHeader String requestAuthorization) { try { AuthenticationResponse response = userService.backOfficeLogin(authenticationRequest); return ResponseEntity.ok(response); @@ -195,8 +239,12 @@ public class UserController { throw new RuntimeException("Information incorrecte, veuillez réessayer"); } } + @PostMapping(Paths.CONFIRM_REGISTRATION ) - public ResponseEntity<String> confirmClientRegistration(@RequestBody ClientConfirmRegistration clientConfirmRegistration) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<String> confirmClientRegistration( + @RequestBody ClientConfirmRegistration clientConfirmRegistration, + @RequestHeader String requestAuthorization) { try { userService.confirmClientRegistration(clientConfirmRegistration); return ResponseEntity.ok("Client registration confirmed successfully."); @@ -208,7 +256,10 @@ public class UserController { } @PostMapping(Paths.SEND_EMAIL_TO_CONFIRM_REGISTRATION) - public ResponseEntity<UserOperationHashResponse> sendOtpEmail(@RequestBody UserForgotPasswordOtpRequest request) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<UserOperationHashResponse> sendOtpEmail( + @RequestBody UserForgotPasswordOtpRequest request, + @RequestHeader String requestAuthorization) { try { String emailTemplateNameKey = "registrationConfirmation"; UserOperationHashResponse response = authService.sendOtpEmail(request, emailTemplateNameKey,"Confirmation d'inscription"); @@ -219,21 +270,27 @@ public class UserController { } @PostMapping(Paths.CONFIRM_VERIFICATION_CODE) + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") public ResponseEntity<Boolean> sendVerificationCodeOtp( - @RequestBody UserOtpConfirmationRequest userOtpConfirmationRequest) throws TechnicalException, FunctionalException { + @RequestBody UserOtpConfirmationRequest userOtpConfirmationRequest, + @RequestHeader String requestAuthorization) throws TechnicalException, FunctionalException { UserOtpConfirmationResponse userOtpConfirmationResponse = authService.confirmAccountCreationOtp(userOtpConfirmationRequest); return ResponseEntity.ok(userOtpConfirmationResponse.isOtpValid()); } @GetMapping(Paths.RETRIEVE_CLIENTS_BY_IDS) - public ResponseEntity<List<ClientDTO>> getAllClientsByIDs(@RequestParam List<Long> clientsIDs) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<List<ClientDTO>> getAllClientsByIDs( + @RequestParam List<Long> clientsIDs, @RequestHeader String requestAuthorization) { List<ClientDTO> clientDTOList = userService.getClientsByIds(clientsIDs); return ResponseEntity.ok(clientDTOList); } @GetMapping(Paths.RETRIEVE_USERS_BY_IDS) - public ResponseEntity<List<UserDTO>> getAllUsersByIDs(@RequestParam List<Long> usersIDs) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<List<UserDTO>> getAllUsersByIDs( + @RequestParam List<Long> usersIDs, @RequestHeader String requestAuthorization) { List<UserDTO> userDTOList = userService.getUsersByIds(usersIDs); return ResponseEntity.ok(userDTOList); } diff --git a/src/main/java/com/marketingconfort/mydressin/controller/UserImportController.java b/src/main/java/com/marketingconfort/mydressin/controller/UserImportController.java index c3dc42b8569534093c2c5db28d445e6898951bf0..36175e2815ca0fb6ae7f94896e16efcd7df3f99b 100644 --- a/src/main/java/com/marketingconfort/mydressin/controller/UserImportController.java +++ b/src/main/java/com/marketingconfort/mydressin/controller/UserImportController.java @@ -1,18 +1,17 @@ package com.marketingconfort.mydressin.controller; -import com.marketingconfort.mydressin.dto.ClientDTO; import com.marketingconfort.mydressin.dto.ImportUserResponseResult; import com.marketingconfort.mydressin.service.UserImportService; import lombok.RequiredArgsConstructor; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; import java.io.IOException; import java.io.InputStream; -import java.util.List; -import java.util.Map; + @RestController @RequiredArgsConstructor @@ -21,8 +20,11 @@ public class UserImportController { private final UserImportService userImportService; + @PostMapping("/users") - public ResponseEntity<ImportUserResponseResult> importUsers(@RequestParam("file") MultipartFile file) { + @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)") + public ResponseEntity<ImportUserResponseResult> importUsers( + @RequestParam("file") MultipartFile file, @RequestHeader String requestAuthorization) { if (file == null || file.isEmpty()) { ImportUserResponseResult errorResponse = new ImportUserResponseResult(); return ResponseEntity.badRequest().body(errorResponse);