@Secured(value = {"ROLE_ADMIN"}) @RequestMapping(method = RequestMethod.PUT, value = "user/demote") public @ResponseBody void demote(@RequestBody String email) throws IOException { PipUser user = PipUser.findPipUsersByEmailEquals(email).getSingleResult(); if (user.getRole() != PipRole.ADMIN.getName()) { user.setRole(PipRole.USER.getName()); user.merge(); } }
@Secured(value = {"ROLE_ADMIN", "ROLE_MANAGER"}) @RequestMapping(method = RequestMethod.DELETE) public @ResponseBody ResponseEntity<Object> deleteUser( @RequestParam("email") String email, Principal principal) { PipUser user = PipUser.findPipUsersByEmailEquals(email).getSingleResult(); PipUser currentUser = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult(); if (PipRole.MANAGER.equals(currentUser.getRole()) && !currentUser.organisationMatches(user)) return new ResponseEntity<Object>(HttpStatus.FORBIDDEN); if (!PipRole.ADMIN.getName().equals(user.getRole())) user.remove(); return new ResponseEntity<Object>(HttpStatus.OK); }
@Secured(value = {"ROLE_ADMIN", "ROLE_MANAGER", "ROLE_MANAGER"}) @RequestMapping(method = RequestMethod.GET, value = "list") public @ResponseBody ResponseEntity<List<UserDto>> getUsers(Principal principal) { PipUser prince = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult(); List<UserDto> list = new ArrayList<UserDto>(); List<PipUser> users; if (PipRole.ADMIN.getName().equals(prince.getRole())) users = PipUser.findAllPipUsers("name", "asc"); else { users = PipUser.findPipUserByOrganisazionAndRole( prince.getOrganisazions().get(0), PipRole.USER.getName()); } list = DtoCastUtil.castUser(users); return new ResponseEntity<List<UserDto>>(list, HttpStatus.OK); }
@Secured(value = {"ROLE_ADMIN", "ROLE_USER", "ROLE_MANAGER"}) @RequestMapping(method = RequestMethod.PUT) public @ResponseBody ResponseEntity<UserDto> updateUser( @RequestBody UserDto dto, Principal principal, @RequestParam(value = "user-id", required = false) String uuid) { PipUser user = PipUser.findPipUsersByUuidEquals(uuid).getSingleResult(); PipUser principalUser = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult(); if (user.getEmail().equals(principal.getName()) || PipRole.ADMIN.getName().equals(principalUser.getRole())) { user.setName(dto.getName()); user.setSurname(dto.getSurname()); user.setPreferredTopics(DALCastUtil.cast(dto.getTopics())); user.setPhone(dto.getPhone()); user.setLanguageSkills(dto.getLanguageSkills()); user.merge(); return new ResponseEntity<UserDto>(HttpStatus.OK); } else return new ResponseEntity<UserDto>(HttpStatus.FORBIDDEN); }
@Secured(value = {"ROLE_USER", "ROLE_ADMIN", "ROLE_MANAGER"}) @RequestMapping(method = RequestMethod.POST, value = "upload-profile-pic") public @ResponseBody ResponseEntity<ResponseObject> uploadProfilePic( @RequestParam("file") List<MultipartFile> files, Principal principal, @RequestParam(value = "userid", required = false) String userid) { if (documentFolder.exists()) { PipUser user; PipUser principalUser = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult(); if (userid != null) { user = PipUser.findPipUsersByUuidEquals(userid).getSingleResult(); if (!PipRole.ADMIN.getName().equals(principalUser.getRole()) && !principalUser.equals(user)) return new ResponseEntity<ResponseObject>(HttpStatus.FORBIDDEN); } else user = principalUser; File directory = new File(documentFolder.getPath() + "/user-data/" + user.getUuid()); directory.mkdirs(); for (File file : directory.listFiles()) { file.delete(); } for (MultipartFile multiPartfile : files) { File file = new File(directory, multiPartfile.getOriginalFilename()); try { multiPartfile.transferTo(file); } catch (IllegalStateException e) { e.printStackTrace(); return new ResponseEntity<ResponseObject>(HttpStatus.INTERNAL_SERVER_ERROR); } catch (IOException e) { e.printStackTrace(); return new ResponseEntity<ResponseObject>(HttpStatus.INTERNAL_SERVER_ERROR); } } return new ResponseEntity<ResponseObject>(HttpStatus.OK); } return new ResponseEntity<ResponseObject>(HttpStatus.INTERNAL_SERVER_ERROR); }