Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package it.inaf.ia2.gms.controller;
import it.inaf.ia2.gms.authn.SessionData;
import it.inaf.ia2.gms.exception.UnauthorizedException;
import it.inaf.ia2.gms.model.MemberRequest;
import it.inaf.ia2.gms.model.PaginatedData;
import it.inaf.ia2.gms.model.Permission;
import it.inaf.ia2.gms.model.RapUser;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.service.GroupsService;
import it.inaf.ia2.gms.service.MembersService;
import it.inaf.ia2.gms.service.PermissionsService;
import java.util.List;
import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class MembersController {
@Autowired
private SessionData session;
@Autowired
private GroupsService groupsService;
@Autowired
private PermissionsService permissionsService;
@Autowired
private MembersService membersService;
@PostMapping(value = "/member", consumes = MediaType.APPLICATION_JSON_UTF8_VALUE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public ResponseEntity<PaginatedData<RapUser>> addMember(@Valid @RequestBody MemberRequest request) {
GroupEntity group = groupsService.getGroupById(request.getGroupId());
verifyCurrentUserCanManageMembers(group);
membersService.addMember(request.getGroupId(), request.getUserId());
return new ResponseEntity<>(getMembersPanel(request), HttpStatus.CREATED);
}
@DeleteMapping(value = "/member", produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public ResponseEntity<PaginatedData<RapUser>> removeMember(@Valid MemberRequest request) {
GroupEntity group = groupsService.getGroupById(request.getGroupId());
verifyCurrentUserCanManageMembers(group);
membersService.removeMember(group.getId(), request.getUserId());
return ResponseEntity.ok(getMembersPanel(request));
}
private void verifyCurrentUserCanManageMembers(GroupEntity group) {
Permission currentNodePermission = permissionsService.getUserPermissionForGroup(group, session.getUserId());
if (currentNodePermission != Permission.ADMIN && currentNodePermission != Permission.MANAGE_MEMBERS) {
throw new UnauthorizedException("Missing admin or manage members permissions");
}
}
private PaginatedData<RapUser> getMembersPanel(MemberRequest request) {
List<RapUser> members = membersService.getMembers(request.getGroupId());
return new PaginatedData<>(members, request.getPaginatorPage(), request.getPaginatorPageSize());
}
}