1
|
package eu.dnetlib.organizations.controller;
|
2
|
|
3
|
import java.util.ArrayList;
|
4
|
import java.util.Arrays;
|
5
|
import java.util.HashMap;
|
6
|
import java.util.List;
|
7
|
import java.util.Map;
|
8
|
|
9
|
import org.springframework.beans.factory.annotation.Autowired;
|
10
|
import org.springframework.security.core.Authentication;
|
11
|
import org.springframework.web.bind.annotation.DeleteMapping;
|
12
|
import org.springframework.web.bind.annotation.GetMapping;
|
13
|
import org.springframework.web.bind.annotation.PostMapping;
|
14
|
import org.springframework.web.bind.annotation.RequestBody;
|
15
|
import org.springframework.web.bind.annotation.RequestParam;
|
16
|
import org.springframework.web.bind.annotation.RestController;
|
17
|
|
18
|
import eu.dnetlib.organizations.model.view.UserView;
|
19
|
import eu.dnetlib.organizations.repository.UserRepository;
|
20
|
import eu.dnetlib.organizations.repository.readonly.UserViewRepository;
|
21
|
import eu.dnetlib.organizations.utils.DatabaseUtils;
|
22
|
|
23
|
@RestController
|
24
|
public class UserController {
|
25
|
|
26
|
@Autowired
|
27
|
private UserRepository userRepository;
|
28
|
|
29
|
@Autowired
|
30
|
private UserViewRepository userViewRepository;
|
31
|
@Autowired
|
32
|
private DatabaseUtils dbUtils;
|
33
|
|
34
|
@PostMapping(value = "/registration_api/newUser")
|
35
|
public Map<String, Integer> newUser(final @RequestBody List<String> countries, final Authentication authentication) {
|
36
|
|
37
|
final String email = authentication.getName();
|
38
|
|
39
|
final Map<String, Integer> res = new HashMap<>();
|
40
|
|
41
|
if (!UserInfo.isNotAuthorized(authentication) || userRepository.existsById(email)) {
|
42
|
res.put("status", 2);
|
43
|
} else {
|
44
|
dbUtils.newUser(email, countries);
|
45
|
res.put("status", 1);
|
46
|
}
|
47
|
return res;
|
48
|
}
|
49
|
|
50
|
@GetMapping("/api/users")
|
51
|
public Iterable<UserView> users(final Authentication authentication) {
|
52
|
if (UserInfo.isSuperAdmin(authentication)) {
|
53
|
return userViewRepository.findAll();
|
54
|
} else if (UserInfo.isNationalAdmin(authentication)) {
|
55
|
|
56
|
// IMPORTANT: a national admin can manage ONLY the users where ALL the countries are under his control
|
57
|
final List<UserView> res = new ArrayList<>();
|
58
|
final List<String> myCountries = dbUtils.listCountriesForUser(authentication.getName());
|
59
|
|
60
|
for (final UserView uw : userViewRepository.findAll()) {
|
61
|
if (uw.getCountries() != null && uw.getCountries().length > 0 && myCountries.containsAll(Arrays.asList(uw.getCountries()))) {
|
62
|
res.add(uw);
|
63
|
}
|
64
|
}
|
65
|
return res;
|
66
|
} else {
|
67
|
return new ArrayList<>();
|
68
|
}
|
69
|
}
|
70
|
|
71
|
@PostMapping("/api/users")
|
72
|
public Iterable<UserView> save(@RequestBody final UserView userView, final Authentication authentication) {
|
73
|
if (authentication.getName().equals(userView.getEmail())) { throw new RuntimeException("You can't edit your own user"); }
|
74
|
dbUtils.saveUser(userView);
|
75
|
return users(authentication);
|
76
|
}
|
77
|
|
78
|
@DeleteMapping("/api/users")
|
79
|
public Iterable<UserView> delete(final @RequestParam String email, final Authentication authentication) {
|
80
|
if (authentication.getName().equals(email)) { throw new RuntimeException("You can't delete your own user"); }
|
81
|
dbUtils.deleteUser(email);
|
82
|
return users(authentication);
|
83
|
}
|
84
|
|
85
|
}
|