@Secured(value = {"ROLE_ADMIN"}) @RequestMapping(method = RequestMethod.PUT, value = "user/promote") public @ResponseBody void promote(@RequestBody String email) throws IOException { PipUser user = PipUser.findPipUsersByEmailEquals(email).getSingleResult(); user.setRole(PipRole.MANAGER.getName()); user.merge(); }
@Secured(value = {"ROLE_USER", "ROLE_ADMIN", "ROLE_MANAGER"}) @RequestMapping(method = RequestMethod.GET, value = "profile-pic") public @ResponseBody FileSystemResource getFile( @RequestParam(required = false, value = "user") String userid, Principal principal, HttpSession session) throws IOException { if (documentFolder.exists()) { String uuid; if (userid != null) uuid = userid; else { PipUser user = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult(); uuid = user.getUuid(); } File folder = new File(documentFolder.getFile(), "user-data/" + uuid); File file; if (!uuid.isEmpty() && folder.exists() && folder.listFiles().length > 0) file = folder.listFiles()[0]; else { file = new ServletContextResource(session.getServletContext(), "/images/profile.jpg") .getFile(); } return new FileSystemResource(file); } return null; }
@Secured(value = {"ROLE_ADMIN", "ROLE_MANAGER"}) @RequestMapping(method = RequestMethod.POST) public @ResponseBody void createUser(@RequestBody UserDto dto, Principal principal) { PipUser user = new PipUser(); user.setEmail(dto.getEmail()); Set<OrganisazionDto> organizations = dto.getOrganizations(); if (organizations.isEmpty()) { PipUser currentUser = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult(); List<Organisazion> organisazions = currentUser.getOrganisazions(); if (!organisazions.isEmpty()) { user.getOrganisazions().add(organisazions.get(0)); } } else { Organisazion organisazion = Organisazion.findOrganisazionsByName( new ArrayList<OrganisazionDto>(organizations).get(0).getName()) .getSingleResult(); user.getOrganisazions().add(organisazion); } String randomPassword = RandomStringUtils.randomAlphanumeric(6); user.setPassword(encoder.encode(randomPassword)); user.setRole(PipRole.USER.getName()); user.persist(); mailingUtil.sendCreationMail(user, randomPassword); }
@Secured(value = {"ROLE_ADMIN", "ROLE_USER", "ROLE_MANAGER"}) @RequestMapping(method = RequestMethod.GET) public @ResponseBody ResponseEntity<UserDto> getUser( Principal principal, @RequestParam(value = "uuid", required = false) String uuid) { PipUser user; if (uuid != null) user = PipUser.findPipUsersByUuidEquals(uuid).getSingleResult(); else user = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult(); UserDto dto = DtoCastUtil.cast(user); return new ResponseEntity<UserDto>(dto, HttpStatus.OK); }
@Secured(value = {"ROLE_ADMIN"}) @RequestMapping(method = RequestMethod.PUT, value = "organization") public @ResponseBody void updateOrganisation(@RequestBody UserDto userDto) { PipUser user = PipUser.findPipUsersByEmailEquals(userDto.getEmail()).getSingleResult(); OrganisazionDto dto = new ArrayList<OrganisazionDto>(userDto.getOrganizations()).get(0); Organisazion organisazion = Organisazion.findOrganisazionsByName(dto.getName()).getSingleResult(); user.getOrganisazions().clear(); user.getOrganisazions().add(organisazion); user.merge(); }
@Secured(value = {"ROLE_ADMIN", "ROLE_MANAGER", "ROLE_USER"}) @RequestMapping(method = RequestMethod.GET, value = "reset-password") public @ResponseBody ResponseEntity<Object> resetPassword( Principal principal, @RequestParam("oldpw") String oldPassword, @RequestParam("newpw") String newPassword) { PipUser user = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult(); if (!encoder.matches(oldPassword, user.getPassword())) return new ResponseEntity<Object>(HttpStatus.FORBIDDEN); user.setPassword(encoder.encode(newPassword)); user.merge(); return new ResponseEntity<Object>(HttpStatus.OK); }
@RequestMapping(method = RequestMethod.GET, value = "request-new-pw") public String requestPassword(@RequestParam("email") String email, ModelMap model) { List<PipUser> resultList = PipUser.findPipUsersByEmailEquals(email).getResultList(); boolean userExists = !resultList.isEmpty(); if (!userExists) model.addAttribute("error", "User already exists"); else { PipUser user = resultList.get(0); String randomPassword = RandomStringUtils.randomAlphanumeric(6); user.setPassword(encoder.encode(randomPassword)); user.merge(); mailingUtil.sendCreationMail(user, randomPassword); } return "redirect:/"; }
@Secured(value = {"ROLE_ADMIN", "ROLE_MANAGER", "ROLE_USER"}) @RequestMapping(method = RequestMethod.GET, value = "user-by-topics") public @ResponseBody ResponseEntity<List<UserDto>> getUserByTopics() { List<PipUser> user = PipUser.findAllPipUsers(); List<UserDto> userDtos = DtoCastUtil.castUser(user); return new ResponseEntity<List<UserDto>>(userDtos, HttpStatus.OK); }
@Secured(value = {"ROLE_ADMIN", "ROLE_MANAGER"}) @RequestMapping(method = RequestMethod.GET, value = "activate") public @ResponseBody ResponseEntity<Object> activateUser( @RequestParam("email") String email, Principal principal) { PipUser user = PipUser.findPipUsersByEmailEquals(email).getSingleResult(); PipUser currentUser = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult(); if (PipRole.MANAGER.equals(currentUser.getRole()) && !currentUser.organisationMatches(user)) return new ResponseEntity<Object>(HttpStatus.FORBIDDEN); if (!PipRole.ADMIN.getName().equals(user.getRole())) { user.setActive(true); user.merge(); } return new ResponseEntity<Object>(HttpStatus.OK); }
@Secured(value = {"ROLE_ADMIN", "ROLE_MANAGER", "ROLE_USER"}) @RequestMapping(method = RequestMethod.GET, value = "like") public @ResponseBody void toggleLike(Principal principal, @RequestParam("comment") String uuid) { Comment comment = Comment.findCommentsByUuid(uuid).getSingleResult(); PipUser user = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult(); if (comment.getLiker().contains(user)) comment.getLiker().remove(user); else comment.getLiker().add(user); comment.merge(); }
@Secured(value = {"ROLE_ADMIN", "ROLE_MANAGER", "ROLE_MANAGER"}) @RequestMapping(method = RequestMethod.GET, value = "list") public @ResponseBody ResponseEntity<List<UserDto>> getUsers(Principal principal) { PipUser prince = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult(); List<UserDto> list = new ArrayList<UserDto>(); List<PipUser> users; if (PipRole.ADMIN.getName().equals(prince.getRole())) users = PipUser.findAllPipUsers("name", "asc"); else { users = PipUser.findPipUserByOrganisazionAndRole( prince.getOrganisazions().get(0), PipRole.USER.getName()); } list = DtoCastUtil.castUser(users); return new ResponseEntity<List<UserDto>>(list, HttpStatus.OK); }
@Secured(value = {"ROLE_USER", "ROLE_ADMIN", "ROLE_MANAGER"}) @RequestMapping(method = RequestMethod.POST, value = "upload-profile-pic") public @ResponseBody ResponseEntity<ResponseObject> uploadProfilePic( @RequestParam("file") List<MultipartFile> files, Principal principal, @RequestParam(value = "userid", required = false) String userid) { if (documentFolder.exists()) { PipUser user; PipUser principalUser = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult(); if (userid != null) { user = PipUser.findPipUsersByUuidEquals(userid).getSingleResult(); if (!PipRole.ADMIN.getName().equals(principalUser.getRole()) && !principalUser.equals(user)) return new ResponseEntity<ResponseObject>(HttpStatus.FORBIDDEN); } else user = principalUser; File directory = new File(documentFolder.getPath() + "/user-data/" + user.getUuid()); directory.mkdirs(); for (File file : directory.listFiles()) { file.delete(); } for (MultipartFile multiPartfile : files) { File file = new File(directory, multiPartfile.getOriginalFilename()); try { multiPartfile.transferTo(file); } catch (IllegalStateException e) { e.printStackTrace(); return new ResponseEntity<ResponseObject>(HttpStatus.INTERNAL_SERVER_ERROR); } catch (IOException e) { e.printStackTrace(); return new ResponseEntity<ResponseObject>(HttpStatus.INTERNAL_SERVER_ERROR); } } return new ResponseEntity<ResponseObject>(HttpStatus.OK); } return new ResponseEntity<ResponseObject>(HttpStatus.INTERNAL_SERVER_ERROR); }
@Secured(value = {"ROLE_ADMIN", "ROLE_USER", "ROLE_MANAGER"}) @RequestMapping(method = RequestMethod.PUT) public @ResponseBody ResponseEntity<UserDto> updateUser( @RequestBody UserDto dto, Principal principal, @RequestParam(value = "user-id", required = false) String uuid) { PipUser user = PipUser.findPipUsersByUuidEquals(uuid).getSingleResult(); PipUser principalUser = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult(); if (user.getEmail().equals(principal.getName()) || PipRole.ADMIN.getName().equals(principalUser.getRole())) { user.setName(dto.getName()); user.setSurname(dto.getSurname()); user.setPreferredTopics(DALCastUtil.cast(dto.getTopics())); user.setPhone(dto.getPhone()); user.setLanguageSkills(dto.getLanguageSkills()); user.merge(); return new ResponseEntity<UserDto>(HttpStatus.OK); } else return new ResponseEntity<UserDto>(HttpStatus.FORBIDDEN); }