@Secured(value = {"ROLE_ADMIN"})
@RequestMapping(method = RequestMethod.PUT, value = "user/demote")
public @ResponseBody void demote(@RequestBody String email) throws IOException {
PipUser user = PipUser.findPipUsersByEmailEquals(email).getSingleResult();
if (user.getRole() != PipRole.ADMIN.getName()) {
user.setRole(PipRole.USER.getName());
user.merge();
}
}
@Secured(value = {"ROLE_ADMIN", "ROLE_MANAGER"})
@RequestMapping(method = RequestMethod.DELETE)
public @ResponseBody ResponseEntity<Object> deleteUser(
@RequestParam("email") String email, Principal principal) {
PipUser user = PipUser.findPipUsersByEmailEquals(email).getSingleResult();
PipUser currentUser = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult();
if (PipRole.MANAGER.equals(currentUser.getRole()) && !currentUser.organisationMatches(user))
return new ResponseEntity<Object>(HttpStatus.FORBIDDEN);
if (!PipRole.ADMIN.getName().equals(user.getRole())) user.remove();
return new ResponseEntity<Object>(HttpStatus.OK);
}
@Secured(value = {"ROLE_ADMIN", "ROLE_MANAGER", "ROLE_MANAGER"})
@RequestMapping(method = RequestMethod.GET, value = "list")
public @ResponseBody ResponseEntity<List<UserDto>> getUsers(Principal principal) {
PipUser prince = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult();
List<UserDto> list = new ArrayList<UserDto>();
List<PipUser> users;
if (PipRole.ADMIN.getName().equals(prince.getRole()))
users = PipUser.findAllPipUsers("name", "asc");
else {
users =
PipUser.findPipUserByOrganisazionAndRole(
prince.getOrganisazions().get(0), PipRole.USER.getName());
}
list = DtoCastUtil.castUser(users);
return new ResponseEntity<List<UserDto>>(list, HttpStatus.OK);
}
@Secured(value = {"ROLE_ADMIN", "ROLE_USER", "ROLE_MANAGER"})
@RequestMapping(method = RequestMethod.PUT)
public @ResponseBody ResponseEntity<UserDto> updateUser(
@RequestBody UserDto dto,
Principal principal,
@RequestParam(value = "user-id", required = false) String uuid) {
PipUser user = PipUser.findPipUsersByUuidEquals(uuid).getSingleResult();
PipUser principalUser =
PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult();
if (user.getEmail().equals(principal.getName())
|| PipRole.ADMIN.getName().equals(principalUser.getRole())) {
user.setName(dto.getName());
user.setSurname(dto.getSurname());
user.setPreferredTopics(DALCastUtil.cast(dto.getTopics()));
user.setPhone(dto.getPhone());
user.setLanguageSkills(dto.getLanguageSkills());
user.merge();
return new ResponseEntity<UserDto>(HttpStatus.OK);
} else return new ResponseEntity<UserDto>(HttpStatus.FORBIDDEN);
}
@Secured(value = {"ROLE_USER", "ROLE_ADMIN", "ROLE_MANAGER"})
@RequestMapping(method = RequestMethod.POST, value = "upload-profile-pic")
public @ResponseBody ResponseEntity<ResponseObject> uploadProfilePic(
@RequestParam("file") List<MultipartFile> files,
Principal principal,
@RequestParam(value = "userid", required = false) String userid) {
if (documentFolder.exists()) {
PipUser user;
PipUser principalUser =
PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult();
if (userid != null) {
user = PipUser.findPipUsersByUuidEquals(userid).getSingleResult();
if (!PipRole.ADMIN.getName().equals(principalUser.getRole()) && !principalUser.equals(user))
return new ResponseEntity<ResponseObject>(HttpStatus.FORBIDDEN);
} else user = principalUser;
File directory = new File(documentFolder.getPath() + "/user-data/" + user.getUuid());
directory.mkdirs();
for (File file : directory.listFiles()) {
file.delete();
}
for (MultipartFile multiPartfile : files) {
File file = new File(directory, multiPartfile.getOriginalFilename());
try {
multiPartfile.transferTo(file);
} catch (IllegalStateException e) {
e.printStackTrace();
return new ResponseEntity<ResponseObject>(HttpStatus.INTERNAL_SERVER_ERROR);
} catch (IOException e) {
e.printStackTrace();
return new ResponseEntity<ResponseObject>(HttpStatus.INTERNAL_SERVER_ERROR);
}
}
return new ResponseEntity<ResponseObject>(HttpStatus.OK);
}
return new ResponseEntity<ResponseObject>(HttpStatus.INTERNAL_SERVER_ERROR);
}
