@Secured(value = {"ROLE_ADMIN", "ROLE_USER", "ROLE_MANAGER"}) @RequestMapping(method = RequestMethod.GET) public @ResponseBody ResponseEntity<UserDto> getUser( Principal principal, @RequestParam(value = "uuid", required = false) String uuid) { PipUser user; if (uuid != null) user = PipUser.findPipUsersByUuidEquals(uuid).getSingleResult(); else user = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult(); UserDto dto = DtoCastUtil.cast(user); return new ResponseEntity<UserDto>(dto, HttpStatus.OK); }
@Secured(value = {"ROLE_ADMIN", "ROLE_USER", "ROLE_MANAGER"}) @RequestMapping(method = RequestMethod.PUT) public @ResponseBody ResponseEntity<UserDto> updateUser( @RequestBody UserDto dto, Principal principal, @RequestParam(value = "user-id", required = false) String uuid) { PipUser user = PipUser.findPipUsersByUuidEquals(uuid).getSingleResult(); PipUser principalUser = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult(); if (user.getEmail().equals(principal.getName()) || PipRole.ADMIN.getName().equals(principalUser.getRole())) { user.setName(dto.getName()); user.setSurname(dto.getSurname()); user.setPreferredTopics(DALCastUtil.cast(dto.getTopics())); user.setPhone(dto.getPhone()); user.setLanguageSkills(dto.getLanguageSkills()); user.merge(); return new ResponseEntity<UserDto>(HttpStatus.OK); } else return new ResponseEntity<UserDto>(HttpStatus.FORBIDDEN); }
@Secured(value = {"ROLE_USER", "ROLE_ADMIN", "ROLE_MANAGER"}) @RequestMapping(method = RequestMethod.POST, value = "upload-profile-pic") public @ResponseBody ResponseEntity<ResponseObject> uploadProfilePic( @RequestParam("file") List<MultipartFile> files, Principal principal, @RequestParam(value = "userid", required = false) String userid) { if (documentFolder.exists()) { PipUser user; PipUser principalUser = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult(); if (userid != null) { user = PipUser.findPipUsersByUuidEquals(userid).getSingleResult(); if (!PipRole.ADMIN.getName().equals(principalUser.getRole()) && !principalUser.equals(user)) return new ResponseEntity<ResponseObject>(HttpStatus.FORBIDDEN); } else user = principalUser; File directory = new File(documentFolder.getPath() + "/user-data/" + user.getUuid()); directory.mkdirs(); for (File file : directory.listFiles()) { file.delete(); } for (MultipartFile multiPartfile : files) { File file = new File(directory, multiPartfile.getOriginalFilename()); try { multiPartfile.transferTo(file); } catch (IllegalStateException e) { e.printStackTrace(); return new ResponseEntity<ResponseObject>(HttpStatus.INTERNAL_SERVER_ERROR); } catch (IOException e) { e.printStackTrace(); return new ResponseEntity<ResponseObject>(HttpStatus.INTERNAL_SERVER_ERROR); } } return new ResponseEntity<ResponseObject>(HttpStatus.OK); } return new ResponseEntity<ResponseObject>(HttpStatus.INTERNAL_SERVER_ERROR); }