Commit 474776a864ae6de0d1c5b2cefb76899a328207f5
1 parent
278d4ffc
Showing
10 changed files
with
158 additions
and
220 deletions
Show diff stats
api.raml
| ... | ... | @@ -46,14 +46,13 @@ version: v1 |
| 46 | 46 | } |
| 47 | 47 | 401: |
| 48 | 48 | description: Authentication échouée |
| 49 | - /{token}: | |
| 50 | - delete: | |
| 51 | - description: Se déconnecter | |
| 52 | - responses: | |
| 53 | - 204: | |
| 54 | - description: Déconnecté avec succès | |
| 55 | - 404: | |
| 56 | - description: Jeton non trouvé | |
| 49 | + delete: | |
| 50 | + description: Se déconnecter | |
| 51 | + responses: | |
| 52 | + 204: | |
| 53 | + description: Déconnecté avec succès | |
| 54 | + 404: | |
| 55 | + description: Jeton non trouvé | |
| 57 | 56 | /personne: |
| 58 | 57 | get: |
| 59 | 58 | description: Obtenir la liste des persones. Nécessite COMPTE_ADMIN |
| ... | ... | @@ -233,10 +232,9 @@ version: v1 |
| 233 | 232 | /{nomRole}: |
| 234 | 233 | uriParameters: |
| 235 | 234 | nomRole: |
| 236 | - type: number | |
| 235 | + type: string | |
| 237 | 236 | required: true |
| 238 | - description: ID du role | |
| 239 | - minimum: 0 | |
| 237 | + description: Nom du role | |
| 240 | 238 | delete: |
| 241 | 239 | description: Supprime un rôle. Nécessite ROLE_ADMIN |
| 242 | 240 | responses: | ... | ... |
src/main/java/etunicorn/Application.java
| ... | ... | @@ -44,6 +44,7 @@ public class Application { |
| 44 | 44 | permissionRepository.save(new Permission("PERSONNE_GET")); |
| 45 | 45 | permissionRepository.save(new Permission("PERSONNE_LIST")); |
| 46 | 46 | permissionRepository.save(new Permission("PERSONNE_REMOVE")); |
| 47 | + permissionRepository.save(new Permission("PERSONNE_ROLE")); | |
| 47 | 48 | permissionRepository.save(new Permission("ROLE_ADD")); |
| 48 | 49 | permissionRepository.save(new Permission("ROLE_DELETE")); |
| 49 | 50 | permissionRepository.save(new Permission("ROLE_PERMISSION_ADD")); | ... | ... |
src/main/java/etunicorn/SecurityInterceptor.java
| 1 | 1 | package etunicorn; |
| 2 | 2 | |
| 3 | +import etunicorn.controller.BaseController; | |
| 3 | 4 | import etunicorn.entity.Permission; |
| 4 | 5 | import etunicorn.entity.Session; |
| 5 | 6 | import etunicorn.repository.PermissionRepository; |
| 6 | 7 | import etunicorn.service.SessionService; |
| 7 | 8 | import org.springframework.beans.factory.annotation.Autowired; |
| 9 | +import org.springframework.http.HttpHeaders; | |
| 8 | 10 | import org.springframework.http.HttpStatus; |
| 11 | +import org.springframework.http.ResponseEntity; | |
| 9 | 12 | import org.springframework.transaction.annotation.Transactional; |
| 10 | 13 | import org.springframework.web.method.HandlerMethod; |
| 11 | 14 | import org.springframework.web.servlet.ModelAndView; |
| ... | ... | @@ -13,6 +16,7 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; |
| 13 | 16 | |
| 14 | 17 | import javax.servlet.http.HttpServletRequest; |
| 15 | 18 | import javax.servlet.http.HttpServletResponse; |
| 19 | +import java.io.IOException; | |
| 16 | 20 | |
| 17 | 21 | /** |
| 18 | 22 | * etunicorn-server |
| ... | ... | @@ -29,6 +33,16 @@ public class SecurityInterceptor extends HandlerInterceptorAdapter { |
| 29 | 33 | super(); |
| 30 | 34 | } |
| 31 | 35 | |
| 36 | + private void responseEntityToServletResponse(ResponseEntity responseEntity, HttpServletResponse response) throws IOException { | |
| 37 | + HttpHeaders httpHeaders = responseEntity.getHeaders(); | |
| 38 | + for (String header : httpHeaders.keySet()) { | |
| 39 | + for (String headerValue : httpHeaders.get(header)) { | |
| 40 | + response.setHeader(header, headerValue); | |
| 41 | + } | |
| 42 | + } | |
| 43 | + response.getWriter().write(responseEntity.getBody().toString()); | |
| 44 | + } | |
| 45 | + | |
| 32 | 46 | @Override |
| 33 | 47 | @Transactional |
| 34 | 48 | public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { |
| ... | ... | @@ -37,20 +51,26 @@ public class SecurityInterceptor extends HandlerInterceptorAdapter { |
| 37 | 51 | HandlerMethod method = (HandlerMethod) handler; |
| 38 | 52 | RestrictedTo annotation = method.getMethodAnnotation(RestrictedTo.class); |
| 39 | 53 | |
| 40 | - Permission requiredPermission = permissionRepository.findByNom(annotation.value()); | |
| 41 | - if (requiredPermission == null) { | |
| 42 | - response.setStatus(HttpStatus.NOT_IMPLEMENTED.value()); | |
| 43 | - return false; | |
| 44 | - } | |
| 45 | - | |
| 46 | - if (annotation.authentifie()) { | |
| 47 | - if (session == null) { | |
| 48 | - response.setStatus(HttpStatus.UNAUTHORIZED.value()); | |
| 54 | + if (annotation != null) { | |
| 55 | + Permission requiredPermission = permissionRepository.findByNom(annotation.value()); | |
| 56 | + if (requiredPermission == null) { | |
| 57 | + response.setStatus(HttpStatus.NOT_IMPLEMENTED.value()); | |
| 49 | 58 | return false; |
| 50 | - } else { | |
| 51 | - if (!session.hasPermission(requiredPermission)) { | |
| 52 | - response.setStatus(HttpStatus.FORBIDDEN.value()); | |
| 59 | + } | |
| 60 | + | |
| 61 | + if (annotation.authentifie()) { | |
| 62 | + BaseController baseController = new BaseController(); | |
| 63 | + baseController.setRequest(request); | |
| 64 | + if (session == null) { | |
| 65 | + ResponseEntity responseEntity = baseController.generateError(HttpStatus.UNAUTHORIZED); | |
| 66 | + responseEntityToServletResponse(responseEntity, response); | |
| 53 | 67 | return false; |
| 68 | + } else { | |
| 69 | + if (!session.hasPermission(requiredPermission)) { | |
| 70 | + ResponseEntity responseEntity = baseController.generateError(HttpStatus.FORBIDDEN); | |
| 71 | + responseEntityToServletResponse(responseEntity, response); | |
| 72 | + return false; | |
| 73 | + } | |
| 54 | 74 | } |
| 55 | 75 | } |
| 56 | 76 | } | ... | ... |
src/main/java/etunicorn/controller/BaseController.java
| 1 | 1 | package etunicorn.controller; |
| 2 | 2 | |
| 3 | -import com.fasterxml.jackson.annotation.JsonProperty; | |
| 4 | 3 | import etunicorn.entity.Permission; |
| 5 | 4 | import etunicorn.entity.Session; |
| 6 | -import etunicorn.exception.EntityRequestMismatchException; | |
| 7 | -import etunicorn.exception.NotEnoughDataException; | |
| 8 | -import etunicorn.exception.ObjectNotFoundException; | |
| 9 | 5 | import etunicorn.repository.PermissionRepository; |
| 10 | 6 | import etunicorn.service.SessionService; |
| 11 | 7 | import net.minidev.json.JSONObject; |
| ... | ... | @@ -15,12 +11,10 @@ import org.springframework.http.HttpStatus; |
| 15 | 11 | import org.springframework.http.ResponseEntity; |
| 16 | 12 | import org.springframework.web.bind.annotation.RestController; |
| 17 | 13 | |
| 18 | -import javax.persistence.Entity; | |
| 19 | 14 | import javax.servlet.http.HttpServletRequest; |
| 20 | -import java.lang.reflect.Constructor; | |
| 21 | -import java.lang.reflect.InvocationTargetException; | |
| 22 | -import java.lang.reflect.Method; | |
| 23 | -import java.util.LinkedHashMap; | |
| 15 | +import java.io.PrintWriter; | |
| 16 | +import java.io.StringWriter; | |
| 17 | +import java.util.Date; | |
| 24 | 18 | import java.util.Map; |
| 25 | 19 | |
| 26 | 20 | /** |
| ... | ... | @@ -42,6 +36,10 @@ public class BaseController { |
| 42 | 36 | @Autowired |
| 43 | 37 | private PermissionRepository permissionRepository; |
| 44 | 38 | |
| 39 | + public void setRequest(HttpServletRequest request) { | |
| 40 | + this.request = request; | |
| 41 | + } | |
| 42 | + | |
| 45 | 43 | protected boolean hasPermission(Permission permission) { |
| 46 | 44 | Session session = sessionService.getSession(request); |
| 47 | 45 | if (session == null || permission == null) { |
| ... | ... | @@ -56,97 +54,36 @@ public class BaseController { |
| 56 | 54 | } |
| 57 | 55 | |
| 58 | 56 | // Utilités pour générer des erreurs |
| 59 | - ResponseEntity generateError(HttpStatus status, String message) { | |
| 57 | + private JSONObject generateErrorJSON(HttpStatus status, String message) { | |
| 60 | 58 | JSONObject json = new JSONObject(); |
| 59 | + json.put("timestamp", new Date().getTime()); | |
| 61 | 60 | json.put("status", status.value()); |
| 62 | 61 | json.put("message", message); |
| 63 | - return new ResponseEntity(json, status); | |
| 64 | - } | |
| 62 | + json.put("path", request.getPathInfo()); | |
| 63 | + return json; | |
| 65 | 64 | |
| 66 | - ResponseEntity generateError(HttpStatus status) { | |
| 67 | - return generateError(status, String.format("Erreur de type %d", status.value())); | |
| 68 | 65 | } |
| 69 | 66 | |
| 70 | - ResponseEntity generateError(HttpStatus status, Exception exception, String message) { | |
| 71 | - JSONObject json = new JSONObject(); | |
| 72 | - json.put("status", status.value()); | |
| 73 | - json.put("message", message); | |
| 74 | - json.put("errorMessage", exception.getLocalizedMessage()); | |
| 75 | - json.put("stacktrace", exception.getStackTrace().toString()); | |
| 67 | + public ResponseEntity generateError(HttpStatus status, String message) { | |
| 68 | + JSONObject json = generateErrorJSON(status, message); | |
| 76 | 69 | return new ResponseEntity(json, status); |
| 77 | 70 | } |
| 78 | 71 | |
| 79 | - ResponseEntity generateError(Exception exception) { | |
| 80 | - return generateError(HttpStatus.INTERNAL_SERVER_ERROR, exception, exception.getLocalizedMessage()); | |
| 72 | + public ResponseEntity generateError(HttpStatus status, Exception exception, String message) { | |
| 73 | + JSONObject json = generateErrorJSON(status, message); | |
| 74 | + json.put("error", exception.getMessage()); | |
| 75 | + // From http://stackoverflow.com/a/1149721 | |
| 76 | + StringWriter sw = new StringWriter(); | |
| 77 | + exception.printStackTrace(new PrintWriter(sw)); | |
| 78 | + json.put("stacktrace", sw.toString()); | |
| 79 | + return new ResponseEntity(json, status); | |
| 81 | 80 | } |
| 82 | 81 | |
| 83 | - protected Object getEntityFromObject(String className, LinkedHashMap object) throws NotEnoughDataException { | |
| 84 | - Object repository = repositories.get(className + "Repository"); | |
| 85 | - for (Method findMethod : repository.getClass().getMethods()) { | |
| 86 | - String findMethodName = findMethod.getName(); | |
| 87 | - if (findMethodName.startsWith("findBy")) { | |
| 88 | - String key = Character.toLowerCase(findMethodName.charAt(6)) + findMethodName.substring(7); | |
| 89 | - if (object.containsKey(key)) { | |
| 90 | - try { | |
| 91 | - Object data = object.get(key); | |
| 92 | - return findMethod.invoke(repository, data); | |
| 93 | - } catch (IllegalAccessException e) { | |
| 94 | - continue; | |
| 95 | - } catch (InvocationTargetException e) { | |
| 96 | - continue; | |
| 97 | - } | |
| 98 | - } else { | |
| 99 | - continue; | |
| 100 | - } | |
| 101 | - } | |
| 102 | - } | |
| 103 | - throw new NotEnoughDataException(); | |
| 82 | + public ResponseEntity generateError(HttpStatus status) { | |
| 83 | + return generateError(status, status.getReasonPhrase()); | |
| 104 | 84 | } |
| 105 | 85 | |
| 106 | - protected void mergeRequestInEntity(Object request, Object entity) throws EntityRequestMismatchException, NotEnoughDataException, ObjectNotFoundException { | |
| 107 | - for (Method getMethode : request.getClass().getMethods()) { | |
| 108 | - String getMethodName = getMethode.getName(); | |
| 109 | - JsonProperty annotation = getMethode.getAnnotation(JsonProperty.class); | |
| 110 | - if (getMethodName.startsWith("get") && annotation != null) { | |
| 111 | - String fieldName = annotation.value(); | |
| 112 | - String setMethodName = "s" + getMethodName.substring(1); | |
| 113 | - Method setMethode; | |
| 114 | - Class fieldClass; | |
| 115 | - try { | |
| 116 | - fieldClass = entity.getClass().getMethod(getMethodName).getReturnType(); | |
| 117 | - setMethode = entity.getClass().getMethod(setMethodName, fieldClass); | |
| 118 | - } catch (NoSuchMethodException e) { | |
| 119 | - throw new EntityRequestMismatchException(); | |
| 120 | - } | |
| 121 | - try { | |
| 122 | - if (getMethode.invoke(request) != null) { | |
| 123 | - Object data = getMethode.invoke(request); | |
| 124 | - if (data.getClass() != fieldClass) { | |
| 125 | - if (fieldClass.getAnnotation(Entity.class) != null) { | |
| 126 | - data = getEntityFromObject(fieldName, (LinkedHashMap) data); | |
| 127 | - if (data == null) { | |
| 128 | - throw new ObjectNotFoundException(); | |
| 129 | - } | |
| 130 | - } else { | |
| 131 | - Constructor constructor = fieldClass.getConstructor(data.getClass()); | |
| 132 | - if (constructor != null) { | |
| 133 | - data = constructor.newInstance(data); | |
| 134 | - } | |
| 135 | - } | |
| 136 | - } | |
| 137 | - setMethode.invoke(entity, data); | |
| 138 | - } | |
| 139 | - } catch (IllegalAccessException e) { | |
| 140 | - throw new EntityRequestMismatchException(); | |
| 141 | - } catch (InvocationTargetException e) { | |
| 142 | - throw new EntityRequestMismatchException(); | |
| 143 | - } catch (NoSuchMethodException e) { | |
| 144 | - throw new EntityRequestMismatchException(); | |
| 145 | - } catch (InstantiationException e) { | |
| 146 | - throw new EntityRequestMismatchException(); | |
| 147 | - } | |
| 148 | - } | |
| 149 | - | |
| 150 | - } | |
| 86 | + public ResponseEntity generateError(Exception exception) { | |
| 87 | + return generateError(HttpStatus.INTERNAL_SERVER_ERROR, exception, exception.getLocalizedMessage()); | |
| 151 | 88 | } |
| 152 | 89 | } | ... | ... |
src/main/java/etunicorn/controller/LoginController.java
| ... | ... | @@ -9,11 +9,10 @@ import etunicorn.service.SessionService; |
| 9 | 9 | import org.springframework.beans.factory.annotation.Autowired; |
| 10 | 10 | import org.springframework.http.HttpStatus; |
| 11 | 11 | import org.springframework.http.ResponseEntity; |
| 12 | -import org.springframework.web.bind.annotation.PathVariable; | |
| 13 | 12 | import org.springframework.web.bind.annotation.RequestBody; |
| 14 | -import org.springframework.web.bind.annotation.RequestParam; | |
| 15 | 13 | import org.springframework.web.bind.annotation.RestController; |
| 16 | 14 | |
| 15 | +import javax.servlet.http.HttpServletRequest; | |
| 17 | 16 | import javax.validation.Valid; |
| 18 | 17 | |
| 19 | 18 | /** |
| ... | ... | @@ -22,27 +21,25 @@ import javax.validation.Valid; |
| 22 | 21 | * Tous droits réservés |
| 23 | 22 | */ |
| 24 | 23 | @RestController |
| 25 | -public class LoginController implements etunicorn.generated.LoginController { | |
| 24 | +public class LoginController extends BaseController implements etunicorn.generated.LoginController { | |
| 25 | + @Autowired | |
| 26 | + HttpServletRequest request; | |
| 26 | 27 | @Autowired |
| 27 | 28 | private PersonneRepository personneRepository; |
| 28 | - | |
| 29 | 29 | @Autowired |
| 30 | 30 | private SessionService sessionService; |
| 31 | 31 | |
| 32 | 32 | @Override |
| 33 | 33 | @RestrictedTo(authentifie = false) |
| 34 | 34 | public ResponseEntity<?> updateLogin(@Valid @RequestBody UpdateLoginRequest updateLoginRequest) { |
| 35 | - return null; | |
| 36 | - } | |
| 37 | - public ResponseEntity<?> updateLogin(@RequestParam String login, @RequestParam String password) { | |
| 38 | - Personne personne = personneRepository.findByLogin(login); | |
| 35 | + Personne personne = personneRepository.findByLogin(updateLoginRequest.getLogin()); | |
| 39 | 36 | if (personne == null) { |
| 40 | - return new ResponseEntity<Object>(HttpStatus.UNAUTHORIZED); | |
| 37 | + return generateError(HttpStatus.UNAUTHORIZED); | |
| 41 | 38 | } |
| 42 | 39 | |
| 43 | 40 | // TODO Vraie vérification du mot de passe |
| 44 | - if (!password.equals("test")) { | |
| 45 | - return new ResponseEntity<Object>(HttpStatus.UNAUTHORIZED); | |
| 41 | + if (!updateLoginRequest.getPassword().equals("test")) { | |
| 42 | + return generateError(HttpStatus.UNAUTHORIZED); | |
| 46 | 43 | } |
| 47 | 44 | |
| 48 | 45 | Session session = sessionService.createSession(personne); |
| ... | ... | @@ -50,9 +47,15 @@ public class LoginController implements etunicorn.generated.LoginController { |
| 50 | 47 | return new ResponseEntity<Object>(session, HttpStatus.OK); |
| 51 | 48 | } |
| 52 | 49 | |
| 53 | - | |
| 54 | 50 | @Override |
| 55 | - public ResponseEntity<?> deleteLoginByToken(@PathVariable String token) { | |
| 56 | - return null; | |
| 51 | + @RestrictedTo(authentifie = false) | |
| 52 | + public ResponseEntity<?> deleteLogin() { | |
| 53 | + Session session = sessionService.getSession(request); | |
| 54 | + if (session != null) { | |
| 55 | + sessionService.deleteSession(session); | |
| 56 | + } | |
| 57 | + return new ResponseEntity<Object>(HttpStatus.NO_CONTENT); | |
| 57 | 58 | } |
| 59 | + | |
| 60 | + | |
| 58 | 61 | } | ... | ... |
src/main/java/etunicorn/controller/PersonneController.java
| ... | ... | @@ -3,9 +3,6 @@ package etunicorn.controller; |
| 3 | 3 | import etunicorn.RestrictedTo; |
| 4 | 4 | import etunicorn.entity.Personne; |
| 5 | 5 | import etunicorn.entity.Role; |
| 6 | -import etunicorn.exception.EntityRequestMismatchException; | |
| 7 | -import etunicorn.exception.NotEnoughDataException; | |
| 8 | -import etunicorn.exception.ObjectNotFoundException; | |
| 9 | 6 | import etunicorn.generated.model.UpdatePersonneByIdRequest; |
| 10 | 7 | import etunicorn.generated.model.UpdatePersonneRequest; |
| 11 | 8 | import etunicorn.repository.PersonneRepository; |
| ... | ... | @@ -16,12 +13,12 @@ import org.springframework.http.HttpStatus; |
| 16 | 13 | import org.springframework.http.ResponseEntity; |
| 17 | 14 | import org.springframework.web.bind.annotation.PathVariable; |
| 18 | 15 | import org.springframework.web.bind.annotation.RequestBody; |
| 19 | -import org.springframework.web.bind.annotation.RequestParam; | |
| 20 | 16 | import org.springframework.web.bind.annotation.RestController; |
| 21 | 17 | |
| 22 | 18 | import javax.validation.Valid; |
| 23 | 19 | import java.math.BigDecimal; |
| 24 | 20 | import java.util.Date; |
| 21 | +import java.util.LinkedHashMap; | |
| 25 | 22 | import java.util.List; |
| 26 | 23 | |
| 27 | 24 | /** |
| ... | ... | @@ -44,26 +41,32 @@ public class PersonneController extends BaseController implements etunicorn.gene |
| 44 | 41 | return new ResponseEntity<List>((List) this.personneRepository.findAll(), HttpStatus.OK); |
| 45 | 42 | } |
| 46 | 43 | |
| 47 | - private ResponseEntity<?> mergePersonne(Personne personne, String carte, Date naissance, String login, String role) { | |
| 48 | - if (carte != null) { | |
| 49 | - personne.setCarte(carte); | |
| 44 | + private ResponseEntity<?> mergePersonne(Personne personne, UpdatePersonneRequest updatePersonneRequest) { | |
| 45 | + if (updatePersonneRequest.getNaissance() != null) { | |
| 46 | + personne.setNaissance(new Date(updatePersonneRequest.getNaissance())); | |
| 50 | 47 | } |
| 51 | - if (naissance != null) { | |
| 52 | - personne.setNaissance(naissance); | |
| 48 | + if (updatePersonneRequest.getCarte() != null) { | |
| 49 | + personne.setCarte(updatePersonneRequest.getCarte()); | |
| 53 | 50 | } |
| 54 | - if (login != null) { | |
| 55 | - personne.setLogin(login); | |
| 51 | + if (updatePersonneRequest.getLogin() != null) { | |
| 52 | + personne.setLogin(updatePersonneRequest.getLogin()); | |
| 56 | 53 | } |
| 57 | - // TODO Il faut que login ou carte soient mis | |
| 58 | - if (role != null) { | |
| 59 | - if (hasPermission("PERSONNE_ROLE")) { | |
| 60 | - Role roleObj = roleRepository.findByNom(role); | |
| 61 | - personne.setRole(roleObj); | |
| 62 | - if (roleObj == null) { | |
| 63 | - return new ResponseEntity<Object>("Rôle inconnu", HttpStatus.NOT_FOUND); | |
| 54 | + if (personne.getCarte() == null && personne.getLogin() == null) { | |
| 55 | + return generateError(HttpStatus.BAD_REQUEST, "La date ou la carte doivent être au moins renseignés."); | |
| 56 | + } | |
| 57 | + if (updatePersonneRequest.getRole() != null) { | |
| 58 | + System.out.println("HELLO"); | |
| 59 | + LinkedHashMap<String, String> roleMap = (LinkedHashMap<String, String>) updatePersonneRequest.getRole(); | |
| 60 | + Role role = roleRepository.findByNom(roleMap.get("nom")); | |
| 61 | + if (role == null) { | |
| 62 | + return generateError(HttpStatus.NOT_FOUND, "Rôle inconnu"); | |
| 63 | + } | |
| 64 | + if (personne.getRole() != role) { | |
| 65 | + if (hasPermission("PERSONNE_ROLE")) { | |
| 66 | + personne.setRole(role); | |
| 67 | + } else { | |
| 68 | + return generateError(HttpStatus.FORBIDDEN, "Vous ne pouvez pas changer le rôle"); | |
| 64 | 69 | } |
| 65 | - } else { | |
| 66 | - return new ResponseEntity<Object>(HttpStatus.FORBIDDEN); | |
| 67 | 70 | } |
| 68 | 71 | } |
| 69 | 72 | try { |
| ... | ... | @@ -78,20 +81,7 @@ public class PersonneController extends BaseController implements etunicorn.gene |
| 78 | 81 | @RestrictedTo("PERSONNE_ADD") |
| 79 | 82 | public ResponseEntity<?> updatePersonne(@Valid @RequestBody UpdatePersonneRequest updatePersonneRequest) { |
| 80 | 83 | Personne personne = new Personne(); |
| 81 | - try { | |
| 82 | - mergeRequestInEntity(updatePersonneRequest, personne); | |
| 83 | - } catch (EntityRequestMismatchException e) { | |
| 84 | - return generateError(e); | |
| 85 | - } catch (NotEnoughDataException e) { | |
| 86 | - return generateError(HttpStatus.BAD_REQUEST, e, "Il n'y a pas suffisament de données pour identifier un sous-objet"); | |
| 87 | - } catch (ObjectNotFoundException e) { | |
| 88 | - return generateError(HttpStatus.NOT_FOUND, e, "Sous-objet non trouvé"); | |
| 89 | - } | |
| 90 | - return new ResponseEntity<Object>(personne, HttpStatus.CREATED); | |
| 91 | - } | |
| 92 | - public ResponseEntity<?> updatePersonne(@RequestParam(required = false) String carte, @RequestParam(required = false) Date naissance, @RequestParam(required = false) String login, @RequestParam(required = false) String role) { | |
| 93 | - Personne personne = new Personne(); | |
| 94 | - return mergePersonne(personne, carte, naissance, login, role); | |
| 84 | + return mergePersonne(personne, updatePersonneRequest); | |
| 95 | 85 | } |
| 96 | 86 | |
| 97 | 87 | @Override |
| ... | ... | @@ -107,15 +97,16 @@ public class PersonneController extends BaseController implements etunicorn.gene |
| 107 | 97 | @Override |
| 108 | 98 | @RestrictedTo("PERSONNE_EDIT") |
| 109 | 99 | public ResponseEntity<?> updatePersonneById(@PathVariable BigDecimal idPersonne, @Valid @RequestBody UpdatePersonneByIdRequest updatePersonneByIdRequest) { |
| 110 | - return null; | |
| 111 | - } | |
| 112 | - | |
| 113 | - public ResponseEntity<?> updatePersonneById(@PathVariable BigDecimal idPersonne, @RequestParam(required = false) String carte, @RequestParam(required = false) Date naissance, @RequestParam(required = false) String login, @RequestParam(required = false) String role) { | |
| 114 | 100 | Personne personne = personneRepository.findById(idPersonne.intValueExact()); |
| 115 | 101 | if (personne == null) { |
| 116 | - return new ResponseEntity<Object>(HttpStatus.NOT_FOUND); | |
| 102 | + return generateError(HttpStatus.NOT_FOUND, "Personne introuvable"); | |
| 117 | 103 | } |
| 118 | - return mergePersonne(personne, carte, naissance, login, role); | |
| 104 | + UpdatePersonneRequest updatePersonneRequest = new UpdatePersonneRequest(); | |
| 105 | + updatePersonneRequest.setCarte(updatePersonneByIdRequest.getCarte()); | |
| 106 | + updatePersonneRequest.setNaissance(updatePersonneByIdRequest.getNaissance()); | |
| 107 | + updatePersonneRequest.setLogin(updatePersonneByIdRequest.getLogin()); | |
| 108 | + updatePersonneRequest.setRole(updatePersonneByIdRequest.getRole()); | |
| 109 | + return mergePersonne(personne, updatePersonneRequest); | |
| 119 | 110 | } |
| 120 | 111 | |
| 121 | 112 | @Override | ... | ... |
src/main/java/etunicorn/controller/RoleController.java
| ... | ... | @@ -14,11 +14,9 @@ import org.springframework.http.HttpStatus; |
| 14 | 14 | import org.springframework.http.ResponseEntity; |
| 15 | 15 | import org.springframework.web.bind.annotation.PathVariable; |
| 16 | 16 | import org.springframework.web.bind.annotation.RequestBody; |
| 17 | -import org.springframework.web.bind.annotation.RequestParam; | |
| 18 | 17 | import org.springframework.web.bind.annotation.RestController; |
| 19 | 18 | |
| 20 | 19 | import javax.validation.Valid; |
| 21 | -import java.math.BigDecimal; | |
| 22 | 20 | import java.util.List; |
| 23 | 21 | |
| 24 | 22 | /** |
| ... | ... | @@ -42,32 +40,26 @@ public class RoleController extends BaseController implements etunicorn.generate |
| 42 | 40 | @Override |
| 43 | 41 | @RestrictedTo("ROLE_ADD") |
| 44 | 42 | public ResponseEntity<?> updateRole(@Valid @RequestBody UpdateRoleRequest updateRoleRequest) { |
| 45 | - return null; | |
| 46 | - } | |
| 47 | - public ResponseEntity<?> updateRole(@RequestParam String nom) { | |
| 48 | - Role oldRole = roleRepository.findByNom(nom); | |
| 43 | + Role oldRole = roleRepository.findByNom(updateRoleRequest.getNom()); | |
| 49 | 44 | if (oldRole != null) { |
| 50 | - return new ResponseEntity<Object>(HttpStatus.CONFLICT); | |
| 45 | + return generateError(HttpStatus.CONFLICT, "Un rôle avec le même nom existe déjà"); | |
| 51 | 46 | } |
| 52 | 47 | Role role = new Role(); |
| 53 | - role.setNom(nom); | |
| 48 | + role.setNom(updateRoleRequest.getNom()); | |
| 54 | 49 | try { |
| 55 | 50 | roleRepository.save(role); |
| 56 | 51 | } catch (DataIntegrityViolationException e) { |
| 57 | - return new ResponseEntity<Object>(HttpStatus.CONFLICT); | |
| 52 | + return generateError(HttpStatus.CONFLICT, "Un rôle avec le même nom existe déjà"); | |
| 58 | 53 | } |
| 59 | 54 | return new ResponseEntity<Object>(role, HttpStatus.CREATED); |
| 60 | 55 | } |
| 61 | 56 | |
| 62 | 57 | @Override |
| 63 | 58 | @RestrictedTo("ROLE_DELETE") |
| 64 | - public ResponseEntity<?> deleteRoleById(@PathVariable BigDecimal nomRole) { | |
| 65 | - return null; | |
| 66 | - } | |
| 67 | 59 | public ResponseEntity<?> deleteRoleById(@PathVariable String nomRole) { |
| 68 | 60 | Role role = roleRepository.findByNom(nomRole); |
| 69 | 61 | if (role == null) { |
| 70 | - return new ResponseEntity<Object>("Rôle inconnu", HttpStatus.NOT_FOUND); | |
| 62 | + return generateError(HttpStatus.NOT_FOUND, "Rôle introuvable"); | |
| 71 | 63 | } |
| 72 | 64 | roleRepository.delete(role); |
| 73 | 65 | return new ResponseEntity<Object>(HttpStatus.NO_CONTENT); |
| ... | ... | @@ -75,17 +67,14 @@ public class RoleController extends BaseController implements etunicorn.generate |
| 75 | 67 | |
| 76 | 68 | @Override |
| 77 | 69 | @RestrictedTo("ROLE_PERMISSION_ADD") |
| 78 | - public ResponseEntity<?> updateRoleById(@PathVariable BigDecimal nomRole, @Valid @RequestBody UpdateRoleByIdRequest updateRoleByIdRequest) { | |
| 79 | - return null; | |
| 80 | - } | |
| 81 | - public ResponseEntity<?> updateRoleById(@PathVariable String nomRole, @RequestParam String nom) { | |
| 70 | + public ResponseEntity<?> updateRoleById(@PathVariable String nomRole, @Valid @RequestBody UpdateRoleByIdRequest updateRoleByIdRequest) { | |
| 82 | 71 | Role role = roleRepository.findByNom(nomRole); |
| 83 | 72 | if (role == null) { |
| 84 | - return new ResponseEntity<Object>("Rôle inconnu", HttpStatus.NOT_FOUND); | |
| 73 | + return generateError(HttpStatus.NOT_FOUND, "Rôle introuvable"); | |
| 85 | 74 | } |
| 86 | - Permission permission = permissionRepository.findByNom(nom); | |
| 75 | + Permission permission = permissionRepository.findByNom(updateRoleByIdRequest.getNom()); | |
| 87 | 76 | if (permission == null) { |
| 88 | - return new ResponseEntity<Object>("Permission inconnue", HttpStatus.NOT_FOUND); | |
| 77 | + return generateError(HttpStatus.NOT_FOUND, "Permission introuvable"); | |
| 89 | 78 | } |
| 90 | 79 | role.addPermission(permission); |
| 91 | 80 | try { |
| ... | ... | @@ -98,13 +87,10 @@ public class RoleController extends BaseController implements etunicorn.generate |
| 98 | 87 | |
| 99 | 88 | @Override |
| 100 | 89 | @RestrictedTo("ROLE_PERMISSION_REMOVE") |
| 101 | - public ResponseEntity<?> deleteRoleByNomPermission(@PathVariable String nomPermission, @PathVariable BigDecimal nomRole) { | |
| 102 | - return null; | |
| 103 | - } | |
| 104 | 90 | public ResponseEntity<?> deleteRoleByNomPermission(@PathVariable String nomPermission, @PathVariable String nomRole) { |
| 105 | 91 | Role role = roleRepository.findByNom(nomRole); |
| 106 | 92 | if (role == null) { |
| 107 | - return new ResponseEntity<Object>("Rôle inconnu", HttpStatus.NOT_FOUND); | |
| 93 | + return generateError(HttpStatus.NOT_FOUND, "Rôle introuvable"); | |
| 108 | 94 | } |
| 109 | 95 | Permission permission = permissionRepository.findByNom(nomPermission); |
| 110 | 96 | if (permission == null) { | ... | ... |
src/main/java/etunicorn/generated/LoginController.java
| 1 | 1 | |
| 2 | 2 | package etunicorn.generated; |
| 3 | 3 | |
| 4 | -import javax.validation.Valid; | |
| 5 | 4 | import etunicorn.generated.model.UpdateLoginRequest; |
| 6 | 5 | import org.springframework.http.ResponseEntity; |
| 7 | -import org.springframework.web.bind.annotation.PathVariable; | |
| 8 | 6 | import org.springframework.web.bind.annotation.RequestBody; |
| 9 | 7 | import org.springframework.web.bind.annotation.RequestMapping; |
| 10 | 8 | import org.springframework.web.bind.annotation.RequestMethod; |
| 11 | 9 | import org.springframework.web.bind.annotation.RestController; |
| 12 | 10 | |
| 11 | +import javax.validation.Valid; | |
| 12 | + | |
| 13 | 13 | |
| 14 | 14 | /** |
| 15 | 15 | * No description |
| ... | ... | @@ -26,18 +26,16 @@ public interface LoginController { |
| 26 | 26 | * |
| 27 | 27 | */ |
| 28 | 28 | @RequestMapping(value = "", method = RequestMethod.POST) |
| 29 | - public ResponseEntity<?> updateLogin( | |
| 30 | - @Valid | |
| 31 | - @RequestBody | |
| 32 | - UpdateLoginRequest updateLoginRequest); | |
| 29 | + ResponseEntity<?> updateLogin( | |
| 30 | + @Valid | |
| 31 | + @RequestBody | |
| 32 | + UpdateLoginRequest updateLoginRequest); | |
| 33 | 33 | |
| 34 | 34 | /** |
| 35 | 35 | * Se déconnecter |
| 36 | 36 | * |
| 37 | 37 | */ |
| 38 | - @RequestMapping(value = "/{token}", method = RequestMethod.DELETE) | |
| 39 | - public ResponseEntity<?> deleteLoginByToken( | |
| 40 | - @PathVariable | |
| 41 | - String token); | |
| 38 | + @RequestMapping(value = "", method = RequestMethod.DELETE) | |
| 39 | + ResponseEntity<?> deleteLogin(); | |
| 42 | 40 | |
| 43 | 41 | } | ... | ... |
src/main/java/etunicorn/generated/RoleController.java
| 1 | 1 | |
| 2 | 2 | package etunicorn.generated; |
| 3 | 3 | |
| 4 | -import java.math.BigDecimal; | |
| 5 | 4 | import etunicorn.generated.model.UpdateRoleByIdRequest; |
| 6 | 5 | import etunicorn.generated.model.UpdateRoleRequest; |
| 7 | 6 | import org.springframework.http.ResponseEntity; |
| ... | ... | @@ -26,55 +25,55 @@ public interface RoleController { |
| 26 | 25 | * |
| 27 | 26 | */ |
| 28 | 27 | @RequestMapping(value = "", method = RequestMethod.GET) |
| 29 | - public ResponseEntity<?> getRole(); | |
| 28 | + ResponseEntity<?> getRole(); | |
| 30 | 29 | |
| 31 | 30 | /** |
| 32 | 31 | * Ajoute un nouveau rôle. Nécessite ROLE_ADMIN |
| 33 | 32 | * |
| 34 | 33 | */ |
| 35 | 34 | @RequestMapping(value = "", method = RequestMethod.POST) |
| 36 | - public ResponseEntity<?> updateRole( | |
| 37 | - @javax.validation.Valid | |
| 38 | - @org.springframework.web.bind.annotation.RequestBody | |
| 39 | - UpdateRoleRequest updateRoleRequest); | |
| 35 | + ResponseEntity<?> updateRole( | |
| 36 | + @javax.validation.Valid | |
| 37 | + @org.springframework.web.bind.annotation.RequestBody | |
| 38 | + UpdateRoleRequest updateRoleRequest); | |
| 40 | 39 | |
| 41 | 40 | /** |
| 42 | 41 | * Supprime un rôle. Nécessite ROLE_ADMIN |
| 43 | 42 | * |
| 44 | 43 | */ |
| 45 | 44 | @RequestMapping(value = "/{nomRole}", method = RequestMethod.DELETE) |
| 46 | - public ResponseEntity<?> deleteRoleById( | |
| 47 | - @PathVariable | |
| 48 | - BigDecimal nomRole); | |
| 45 | + ResponseEntity<?> deleteRoleById( | |
| 46 | + @PathVariable | |
| 47 | + String nomRole); | |
| 49 | 48 | |
| 50 | 49 | /** |
| 51 | 50 | * Ajoute une permission à un rôle. Nécessite ROLE_ADMIN |
| 52 | 51 | * |
| 53 | 52 | */ |
| 54 | 53 | @RequestMapping(value = "/{nomRole}", method = RequestMethod.POST) |
| 55 | - public ResponseEntity<?> updateRoleById( | |
| 56 | - @PathVariable | |
| 57 | - BigDecimal nomRole, | |
| 58 | - @javax.validation.Valid | |
| 59 | - @org.springframework.web.bind.annotation.RequestBody | |
| 60 | - UpdateRoleByIdRequest updateRoleByIdRequest); | |
| 54 | + ResponseEntity<?> updateRoleById( | |
| 55 | + @PathVariable | |
| 56 | + String nomRole, | |
| 57 | + @javax.validation.Valid | |
| 58 | + @org.springframework.web.bind.annotation.RequestBody | |
| 59 | + UpdateRoleByIdRequest updateRoleByIdRequest); | |
| 61 | 60 | |
| 62 | 61 | /** |
| 63 | 62 | * Enlève la permission du rôle. Nécessite ROLE_ADMIN |
| 64 | 63 | * |
| 65 | 64 | */ |
| 66 | 65 | @RequestMapping(value = "/{nomRole}/{nomPermission}", method = RequestMethod.DELETE) |
| 67 | - public ResponseEntity<?> deleteRoleByNomPermission( | |
| 68 | - @PathVariable | |
| 69 | - String nomPermission, | |
| 70 | - @PathVariable | |
| 71 | - BigDecimal nomRole); | |
| 66 | + ResponseEntity<?> deleteRoleByNomPermission( | |
| 67 | + @PathVariable | |
| 68 | + String nomPermission, | |
| 69 | + @PathVariable | |
| 70 | + String nomRole); | |
| 72 | 71 | |
| 73 | 72 | /** |
| 74 | 73 | * Liste les permissions. Nécessite ROLE_ADMIN |
| 75 | 74 | * |
| 76 | 75 | */ |
| 77 | 76 | @RequestMapping(value = "/permission", method = RequestMethod.GET) |
| 78 | - public ResponseEntity<?> getPermission(); | |
| 77 | + ResponseEntity<?> getPermission(); | |
| 79 | 78 | |
| 80 | 79 | } | ... | ... |
src/main/java/etunicorn/service/SessionService.java
| ... | ... | @@ -53,10 +53,15 @@ public class SessionService { |
| 53 | 53 | } |
| 54 | 54 | } |
| 55 | 55 | |
| 56 | + public void deleteSession(Session session) { | |
| 57 | + sessionRepository.delete(session); | |
| 58 | + } | |
| 59 | + | |
| 56 | 60 | public Session createSession(Personne personne) { |
| 57 | 61 | Session session = new Session(personne); |
| 58 | 62 | sessionRepository.save(session); |
| 59 | 63 | return session; |
| 60 | 64 | } |
| 61 | 65 | |
| 66 | + | |
| 62 | 67 | } | ... | ... |