@RequestMapping("listOrders")
public String listOrders(Model model) {
UserDetails userDetails =
(UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
String username = userDetails.getUsername();
List<Order> orderList = orderService.getOrdersByUsername(username);
model.addAttribute("orderList", orderList);
return "order/ListOrders";
}
@RequestMapping("newOrderForm")
public String newOrderForm(OrderForm orderForm, Model model) {
UserDetails userDetails =
(UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
Account account = userDetails.getAccount();
Order order = new Order();
order.initOrder(account, cart);
beanMapper.map(order, orderForm);
model.addAttribute(order);
return "order/NewOrderForm";
}
@RequestMapping("viewOrder")
public String viewOrder(@RequestParam("orderId") int orderId, Model model) {
Order order = orderService.getOrder(orderId);
UserDetails userDetails =
(UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
Account account = userDetails.getAccount();
if (account.getUsername().equals(order.getUsername())) {
model.addAttribute(order);
return "order/ViewOrder";
} else {
// TODO
model.addAttribute("You may only view your own orders.");
return "common/Error";
}
}
