Newer
Older
package com.example.accessingdatamysql.request;
import com.example.accessingdatamysql.User;
import com.example.accessingdatamysql.UserRepository;
import com.example.accessingdatamysql.auth.AuthController;
import com.example.accessingdatamysql.myorg.MyOrgRosterRepository;
import com.example.accessingdatamysql.myorg.OrganizationRoster;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import java.lang.ref.ReferenceQueue;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
@CrossOrigin
@RestController // This means that this class is a Controller
@RequestMapping(path="/request") // This means URL's start with /request (after Application path)
public class RequestController {
@Autowired
private RequestRepository requestRepository;
@Autowired
private CustomRequestRepository customRequestRepository;
@Autowired
private UserRepository userRepository;
@Autowired
private MyOrgRosterRepository myOrgRosterRepository;
@GetMapping(path="/all")
public @ResponseBody Iterable<Request> getAll()
{
return requestRepository.findAll();
}
@GetMapping(path="/random")
public @ResponseBody Request getOne()
{
return requestRepository.findById(1).get();
}
@PostMapping(path="/user")
public @ResponseBody Map<String, Object> getUsersRequests(@RequestBody Map<String, Object> json)
{
System.out.println("in user");
Map<String, Object> response = new HashMap<>();
User found = new User();
AuthController au = new AuthController();
Map<String, String> res = au.verify(json); // if the jwt token could not be verified
if (res.containsKey("login") && res.get("login").equals("failed"))
{
response.put("result", "failed = bad token or bad request");
return response;
}
Optional<User> usr = userRepository.findById(res.get("user"));
if (!usr.isPresent())
{
response.put("result", "failed = user not found");
return response;
}
response.put("result", "success");
response.put("data", customRequestRepository.findUserRequests(res.get("user")));
return response;
}
@PostMapping(path = "/add") // Map ONLY POST Requests
@ResponseBody
public Request addJsonOrg(@RequestBody Request req) {
// @ResponseBody means the returned String is the response, not a view name
// @RequestParam means it is a parameter from the GET or POST request
requestRepository.save(req);
return req;
}
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
@PostMapping(path = "/user/requests")
public @ResponseBody Map<String, Object> getOrgRequest(@RequestBody Map<String, Object> json)
{
Map<String, Object> response = new HashMap<>();
if (!json.containsKey("jwt") || !json.containsKey("orgId"))
{
response.put("result", "failure - bad request");
return response;
}
Map<String, Object> map = getUserOrg(json);
if (map.get("result").equals("success"))
{
Integer orgId;
if (json.get("orgId") instanceof Integer)
orgId = (Integer) json.get("orgId");
else
orgId = Integer.parseInt((String)(json.get("orgId")));
if (map.get("type") == OrganizationRoster.Type.MEMBER)
{
response.put("result", "failure - not authorized members cannot view requests");
response.put("type", map.get("type"));
return response;
}
response.put("data", customRequestRepository.getRequests(orgId));
response.put("result", "success");
response.put("type", map.get("type"));
}
else
{
response.put("result", "failure - not authorized");
}
return response;
}
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
@PostMapping(path = "/user/request/update")
public @ResponseBody Map<String, Object> updateOrgRequest(@RequestBody Map<String, Object> json)
{
Map<String, Object> response = new HashMap<>();
if (!json.containsKey("jwt") || !json.containsKey("orgId") || !json.containsKey("status") || !json.containsKey("requestId"))
{
response.put("result", "failure - bad request");
return response;
}
Map<String, Object> map = getUserOrg(json);
if (map.get("result").equals("success"))
{
Integer orgId;
if (json.get("orgId") instanceof Integer)
orgId = (Integer) json.get("orgId");
else
orgId = Integer.parseInt((String)(json.get("orgId")));
if (map.get("type") == OrganizationRoster.Type.MEMBER)
{
response.put("result", "failure - not authorized members cannot view requests");
response.put("type", map.get("type"));
return response;
}
response.put("data", customRequestRepository.updateRequest(json));
response.put("result", "success");
response.put("type", map.get("type"));
}
else
{
response.put("result", "failure - not authorized");
}
return response;
}
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
/*
Private helper function to validate that the user is supposed to see this data
*/
private @ResponseBody Map<String, Object> getUserOrg(Map<String, Object> json)
{
Map<String, Object> response = new HashMap<>();
if (!json.containsKey("orgId") || !json.containsKey("jwt"))
{
response.put("result", "failed - bad request");
return response;
}
User found = new User();
AuthController au = new AuthController();
Map<String, String> res = au.verify(json); // if the jwt token could not be verified
if (res.containsKey("login") && res.get("login").equals("failed"))
{
response.put("result", "failed = bad token or bad request");
return response;
}
Optional<User> usr = userRepository.findById(res.get("user"));
if (!usr.isPresent())
{
response.put("result", "failed = user not found");
return response;
}
if (json.get("orgId") instanceof Integer)
return myOrgRosterRepository.findUserOrg(usr.get().getEmail(), (Integer) json.get("orgId"));
return myOrgRosterRepository.findUserOrg(usr.get().getEmail(), Integer.parseInt((String) json.get("orgId")));
}