Revision 57661
Added by Michele Artini over 4 years ago
UserController.java | ||
---|---|---|
1 | 1 |
package eu.dnetlib.organizations.controller; |
2 | 2 |
|
3 |
import java.util.ArrayList; |
|
4 |
import java.util.Arrays; |
|
3 | 5 |
import java.util.HashMap; |
4 | 6 |
import java.util.List; |
5 | 7 |
import java.util.Map; |
... | ... | |
29 | 31 |
@Autowired |
30 | 32 |
private DatabaseUtils dbUtils; |
31 | 33 |
|
32 |
@PostMapping(value = "/public_api/newUser")
|
|
34 |
@PostMapping(value = "/registration_api/newUser")
|
|
33 | 35 |
public Map<String, Integer> newUser(final @RequestBody List<String> countries, final Authentication authentication) { |
34 | 36 |
|
35 | 37 |
final String email = authentication.getName(); |
... | ... | |
46 | 48 |
} |
47 | 49 |
|
48 | 50 |
@GetMapping("/api/users") |
49 |
public Iterable<UserView> users() { |
|
50 |
return userViewRepository.findAll(); |
|
51 |
public Iterable<UserView> users(final Authentication authentication) { |
|
52 |
if (UserInfo.isSuperAdmin(authentication)) { |
|
53 |
return userViewRepository.findAll(); |
|
54 |
} else if (UserInfo.isNationalAdmin(authentication)) { |
|
55 |
|
|
56 |
// IMPORTANT: a national admin can manage ONLY the users where ALL the countries are under his control |
|
57 |
final List<UserView> res = new ArrayList<>(); |
|
58 |
final List<String> myCountries = dbUtils.listCountriesForUser(authentication.getName()); |
|
59 |
|
|
60 |
for (final UserView uw : userViewRepository.findAll()) { |
|
61 |
if (uw.getCountries() != null && uw.getCountries().length > 0 && myCountries.containsAll(Arrays.asList(uw.getCountries()))) { |
|
62 |
res.add(uw); |
|
63 |
} |
|
64 |
} |
|
65 |
return res; |
|
66 |
} else { |
|
67 |
return new ArrayList<>(); |
|
68 |
} |
|
51 | 69 |
} |
52 | 70 |
|
53 | 71 |
@PostMapping("/api/users") |
54 | 72 |
public Iterable<UserView> save(@RequestBody final UserView userView, final Authentication authentication) { |
55 | 73 |
if (authentication.getName().equals(userView.getEmail())) { throw new RuntimeException("You can't edit your own user"); } |
56 | 74 |
dbUtils.saveUser(userView); |
57 |
return users(); |
|
75 |
return users(authentication);
|
|
58 | 76 |
} |
59 | 77 |
|
60 | 78 |
@DeleteMapping("/api/users") |
61 | 79 |
public Iterable<UserView> delete(final @RequestParam String email, final Authentication authentication) { |
62 | 80 |
if (authentication.getName().equals(email)) { throw new RuntimeException("You can't delete your own user"); } |
63 | 81 |
dbUtils.deleteUser(email); |
64 |
return users(); |
|
82 |
return users(authentication);
|
|
65 | 83 |
} |
66 | 84 |
|
67 | 85 |
} |
Also available in: Unified diff
national admin management