ApiUserController.java

  1. package com.privacydashboard.application.data.apiController;

  3. import com.fasterxml.jackson.databind.ObjectMapper;
  4. import com.fasterxml.jackson.databind.node.ArrayNode;
  5. import com.fasterxml.jackson.databind.node.ObjectNode;
  6. import com.privacydashboard.application.data.GlobalVariables.Role;
  7. import com.privacydashboard.application.data.entity.IoTApp;
  8. import com.privacydashboard.application.data.entity.User;
  9. import com.privacydashboard.application.data.service.DataBaseService;
  10. import com.privacydashboard.application.security.UserDetailsServiceImpl;
  11. import org.springframework.beans.factory.annotation.Autowired;
  12. import org.springframework.http.ResponseEntity;
  13. import org.springframework.web.bind.MissingServletRequestParameterException;
  14. import org.springframework.web.bind.annotation.*;

  16. import java.io.IOException;
  17. import java.util.List;

  19. @RestController
  20. public class ApiUserController {
  21.     @Autowired
  22.     private DataBaseService dataBaseService;
  23.     @Autowired
  24.     private UserDetailsServiceImpl userDetailsServiceImpl;
  25.     @Autowired
  26.     private ApiGeneralController apiGeneralController;

  28.     /**
  29.      * Get information about a user
  30.      * RESTRICTIONS: NONE
  31.      * @param userId Id of the User to get information from
  32.      * @return Json object representing the User. Bad request if User with that Id does not exist
  33.      */
  34.     @GetMapping
  35.     @RequestMapping("api/user/get")
  36.     public ResponseEntity<?> get(@RequestParam() String userId){
  37.         try {
  38.             User user= apiGeneralController.getUserFromId(userId);
  39.             ObjectNode userJson = apiGeneralController.createJsonFromUser(user);
  40.             userJson.remove("mail");
  41.             userJson.remove("hashedPassword");
  42.             return ResponseEntity.ok(userJson);
  43.         }
  44.         catch (IllegalArgumentException e){
  45.             return ResponseEntity.badRequest().body(e.getMessage());
  46.         }
  47.     }

  49.     /**
  50.      * Get information about a user, including the mail
  51.      * RESTRICTIONS: The one calling the function MUST BE the user identified by the userId, a contact of him or userId is a Controller or DPO
  52.      * @param userId Id of the User to get information from
  53.      * @return Json object representing the User. Bad request if User with that Id does not exist or the one calling the function is not allowed to access these informations
  54.      */
  55.     @GetMapping
  56.     @RequestMapping("api/user/getDetailed")
  57.     public ResponseEntity<?> getDetailed(@RequestParam() String userId){
  58.         try {
  59.             User user= apiGeneralController.getUserFromId(userId);
  60.             if(!users1CanGetDetailOfUser2(apiGeneralController.getAuthenicatedUser(), user)){
  61.                 return ResponseEntity.badRequest().body("you must be the user identified by the userId");
  62.             }
  63.             ObjectNode userJson = apiGeneralController.createJsonFromUser(user);
  64.             userJson.remove("hashedPassword");
  65.             return ResponseEntity.ok(userJson);
  66.         }
  67.         catch (IllegalArgumentException e){
  68.             return ResponseEntity.badRequest().body(e.getMessage());
  69.         }
  70.     }

  72.     /**
  73.      * Get all the contacts of a user, excluding password
  74.      * RESTRICTIONS: The one calling the function MUST BE the user identified by the userId
  75.      * @param userId Id of the User to get information from
  76.      * @return Json object representing all the contacts. Bad request if User with that Id does not exist or the one calling the function is not the user identified by the userId
  77.      */
  78.     @GetMapping
  79.     @RequestMapping("api/user/getAllContacts")
  80.     public ResponseEntity<?> getAllContacts(@RequestParam() String userId){
  81.         try {
  82.             User user= apiGeneralController.getUserFromId(userId);
  83.             if(!apiGeneralController.isAuthenticatedUserId(userId)){
  84.                 return ResponseEntity.badRequest().body("you must be the user identified by the userId");
  85.             }
  86.             List<User> contacts= dataBaseService.getAllContactsFromUser(user);
  87.             ObjectMapper mapper = new ObjectMapper();
  88.             ObjectNode contactJson;
  89.             ArrayNode contactsArray = mapper.createArrayNode();
  90.             for(User contact : contacts){
  91.                 contactJson= apiGeneralController.createJsonFromUser(contact);
  92.                 contactJson.remove("hashedPassword");
  93.                 contactsArray.add(contactJson);
  94.             }

  96.             return ResponseEntity.ok(contactsArray);
  97.         }
  98.         catch (IllegalArgumentException e){
  99.             return ResponseEntity.badRequest().body(e.getMessage());
  100.         }
  101.     }

  103.     /**
  104.      * Get all the apps of a user if user=controller/dpo. Get only the app you have if user=subject
  105.      * RESTRICTIONS: user MUST be controller/DPO OR You must be controller/dpo of some apps of the user
  106.      * @param userId ID of the user to get apps from
  107.      * @return JSON representing all the apps. Bad request if user does not exist or not authorized
  108.      */
  109.     @GetMapping
  110.     @RequestMapping("api/user/getApps")
  111.     public  ResponseEntity<?> getApps(@RequestParam() String userId){
  112.         try{
  113.             User user= apiGeneralController.getUserFromId(userId);
  114.             List<IoTApp> appList;
  115.             User authenticatedUser= apiGeneralController.getAuthenicatedUser();
  116.             if(user.getRole().equals(Role.CONTROLLER) || user.getRole().equals(Role.DPO)) {
  117.                 appList = dataBaseService.getUserApps(user);
  118.             }
  119.             else if(authenticatedUser.getRole().equals(Role.CONTROLLER) || authenticatedUser.getRole().equals(Role.DPO)){
  120.                 appList= dataBaseService.getAppsFrom2Users(user, authenticatedUser);
  121.             }
  122.             else{
  123.                 return ResponseEntity.badRequest().body("User must be Controller/DPO or you must be associated with that user");
  124.             }
  125.             ArrayNode appsArray= new ObjectMapper().createArrayNode();
  126.             for(IoTApp app : appList){
  127.                 appsArray.add(apiGeneralController.createJsonFromApp(app));
  128.             }
  129.             return ResponseEntity.ok(appsArray);
  130.         } catch (IllegalArgumentException e){
  131.             return ResponseEntity.badRequest().body(e.getMessage());
  132.         }
  133.     }

  135.     /**
  136.      * Create a new user
  137.      * RESTRICTIONS: NONE
  138.      * @param body a JSON with the information about the user. It MUST include the NAME, ROLE, PASSWORD
  139.      * @return OK If user successfully added. Bad Request if Json is invalid, ID is invalid, there is already a user with that ID
  140.      */
  141.     @PostMapping
  142.     @RequestMapping("api/user/add")
  143.     public ResponseEntity<?> add(@RequestBody String body){
  144.         try {
  145.             User user=apiGeneralController.getUserFromJsonString(true, body);
  146.             if(user.getId()!=null && dataBaseService.getApp(user.getId()).isPresent()){
  147.                 return ResponseEntity.badRequest().body("cannot create this user");
  148.             }
  149.             dataBaseService.addUser(user);
  150.             return ResponseEntity.ok("user created successfully");
  151.         }
  152.         catch (IllegalArgumentException e){
  153.             return ResponseEntity.badRequest().body(e.getMessage());
  154.         } catch (IOException e){
  155.             return ResponseEntity.badRequest().body("invalid JSON");
  156.         }
  157.     }

  159.     /**
  160.      * Delete the user identified by the userId
  161.      * RESTRICTIONS: The one calling the function MUST BE the user identified by the userId
  162.      * @param userId Id of the user to be deleted
  163.      * @return Ok if successfully deleted. BadRequest if ID not valid, or the one calling the function is not the user identified by the userId
  164.      */
  165.     @DeleteMapping
  166.     @RequestMapping("api/user/delete")
  167.     public ResponseEntity<?> delete(@RequestParam() String userId){
  168.         try {
  169.             User user= apiGeneralController.getUserFromId(userId);
  170.             if(apiGeneralController.isAuthenticatedUserId(userId)){
  171.                 dataBaseService.deleteUser(user.getId());
  172.                 return ResponseEntity.ok("app deleted successfully");
  173.             }
  174.             else{
  175.                 return ResponseEntity.badRequest().body("you must be the user to be deleted");
  176.             }
  177.         }
  178.         catch (IllegalArgumentException e){
  179.             return ResponseEntity.badRequest().body(e.getMessage());
  180.         }
  181.     }

  183.     /**
  184.      * Update some values of the user identified by the userID
  185.      * RESTRICTIONS: The one calling the function MUST BE the user identified by the userId
  186.      * @param userId Id of the user to be updated
  187.      * @param body JSON with values to be updated
  188.      * @return Ok if successfully updated, BadRequest if JSON invalid, ID does not exist, User performing the action is not the one with that ID
  189.      */
  190.     @PutMapping
  191.     @RequestMapping("api/user/update")
  192.     public ResponseEntity<?> update(@RequestParam String userId, @RequestBody String body){
  193.         try{
  194.             User user1= apiGeneralController.getUserFromId(userId);
  195.             if(!apiGeneralController.isAuthenticatedUserId(userId)){
  196.                 return ResponseEntity.badRequest().body("you must be the user to be updated");
  197.             }
  198.             User user2= apiGeneralController.getUserFromJsonString(false, body);
  199.             dataBaseService.changeValuesForUser(user1, user2.getName(), user2.getHashedPassword(), user2.getMail());
  200.             return ResponseEntity.ok("user updated successfully");
  201.         }
  202.         catch (IllegalArgumentException e){
  203.             return ResponseEntity.badRequest().body(e.getMessage());
  204.         } catch (IOException e){
  205.             return ResponseEntity.badRequest().body("invalid JSON");
  206.         }
  207.     }

  209.     private boolean users1CanGetDetailOfUser2(User user1, User user2){
  210.         if(user1.equals(user2)){
  211.             return true;
  212.         }
  213.         if(dataBaseService.getAllContactsFromUser(user1).contains(user2)){
  214.             return true;
  215.         }
  216.         return user2.getRole().equals(Role.CONTROLLER) || user2.getRole().equals(Role.DPO);
  217.     }

  219.     @ExceptionHandler(MissingServletRequestParameterException.class)
  220.     public ResponseEntity<?> handleMissingParams(MissingServletRequestParameterException ex) {
  221.         return ResponseEntity.badRequest().body(ex.getParameterName() + " parameter is missing");
  222.     }
  223. }
Created with JaCoCo 0.8.5.201910111838