diff --git a/.gitignore b/.gitignore index 41c11c4..95fc025 100755 --- a/.gitignore +++ b/.gitignore @@ -33,4 +33,7 @@ build/ ### Python ### __pycache__ -.pytest_cache \ No newline at end of file +.pytest_cache + +### Parser ### +parser/ \ No newline at end of file diff --git a/buisnesslogic/src/main/java/com/plannaplan/repositories/UserRepository.java b/buisnesslogic/src/main/java/com/plannaplan/repositories/UserRepository.java index debf7ab..cd389d7 100755 --- a/buisnesslogic/src/main/java/com/plannaplan/repositories/UserRepository.java +++ b/buisnesslogic/src/main/java/com/plannaplan/repositories/UserRepository.java @@ -35,9 +35,12 @@ import org.springframework.stereotype.Repository; @Repository public interface UserRepository extends JpaRepository { - @Query("FROM User WHERE email = ?1") + @Query("FROM User WHERE email = ?1 OR usosId = ?1") Optional getByAuthority(@Param("authority") String authority); + @Query("FROM User WHERE email = ?1") + Optional getByEmail(@Param("authority") String authority); + @Query("FROM User WHERE refreshToken = ?1") Optional getByRefreshToken(@Param("refreshToken") String refreshToken); diff --git a/buisnesslogic/src/main/java/com/plannaplan/services/UserService.java b/buisnesslogic/src/main/java/com/plannaplan/services/UserService.java index 8c66268..4cbc924 100755 --- a/buisnesslogic/src/main/java/com/plannaplan/services/UserService.java +++ b/buisnesslogic/src/main/java/com/plannaplan/services/UserService.java @@ -30,7 +30,7 @@ public class UserService { public User checkForUser(String email, String usosId, UserRoles roleIfNotExist) { if (usosId == null) { - Optional user = this.repo.getByAuthority(email.replace("\n", "").trim()); + Optional user = this.repo.getByEmail(email.replace("\n", "").trim()); if (user.isPresent()) { return user.get(); } else { @@ -64,11 +64,15 @@ public class UserService { } public User getUserByEmail(String email) throws UserNotFoundException { - return this.repo.getByAuthority(email.replace("\n", "").trim()) + return this.repo.getByEmail(email.replace("\n", "").trim()) .orElseThrow(() -> new UserNotFoundException("Cannot find user with given authority")); } + public Optional getByAuthority(String authority) { + return this.repo.getByAuthority(authority); + } + public Optional getByToken(String token) { return this.repo.getByToken(token); } diff --git a/buisnesslogic/src/test/java/com/plannaplan/repositories/UserRepositoryTest.java b/buisnesslogic/src/test/java/com/plannaplan/repositories/UserRepositoryTest.java new file mode 100644 index 0000000..76a2c2b --- /dev/null +++ b/buisnesslogic/src/test/java/com/plannaplan/repositories/UserRepositoryTest.java @@ -0,0 +1,52 @@ +package com.plannaplan.repositories; + +import static org.junit.Assert.assertTrue; + +import java.util.Optional; + +import com.plannaplan.entities.User; +import com.plannaplan.services.UserService; +import com.plannaplan.types.UserRoles; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringRunner; + +@RunWith(SpringRunner.class) +@SpringBootTest +@ContextConfiguration +public class UserRepositoryTest { + + @Autowired + private UserService userService; + + @Autowired + private UserRepository userRepository; + + @Test + public void shouldReturnByAuthorityWithGivenEmail(){ + final String email = "shouldReturnByAuthorityWithGivenEmail@UserRepository.Test"; + final String usosId = "45678"; + final User user = this.userService.save(new User("shouldReturnByAuthority", "WithGivenEmail", email, usosId, UserRoles.TEST_USER)); + + final Optional response = this.userRepository.getByAuthority(email); + assertTrue(response.get().getEmail().equals(email)); + assertTrue(response.get().getUsosId().equals(usosId)); + assertTrue(response.get().getId().equals(user.getId())); + } + + @Test + public void shouldReturnByAuthorityWithUsosId(){ + final String email = "shouldReturnByAuthorityWithUsosId@UserRepository.Test"; + final String usosId = "45678"; + final User user = this.userService.save(new User("shouldReturnByAuthority", "WithGivenEmail", email, usosId, UserRoles.TEST_USER)); + + final Optional response = this.userRepository.getByAuthority(usosId); + assertTrue(response.get().getEmail().equals(email)); + assertTrue(response.get().getUsosId().equals(usosId)); + assertTrue(response.get().getId().equals(user.getId())); + } +} diff --git a/restservice/src/main/java/com/plannaplan/controllers/UsersController.java b/restservice/src/main/java/com/plannaplan/controllers/UsersController.java index 52900f8..7d3614a 100755 --- a/restservice/src/main/java/com/plannaplan/controllers/UsersController.java +++ b/restservice/src/main/java/com/plannaplan/controllers/UsersController.java @@ -1,12 +1,14 @@ package com.plannaplan.controllers; import java.util.List; +import java.util.Optional; import com.plannaplan.App; import com.plannaplan.entities.User; import com.plannaplan.responses.mappers.UserResponseMappers; import com.plannaplan.responses.models.UserResponse; import com.plannaplan.services.UserService; +import com.plannaplan.types.UserRoles; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; @@ -21,6 +23,7 @@ import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiParam; import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; @@ -51,4 +54,26 @@ public class UsersController { final List response = UserResponseMappers.mapToDefaultResponse(searches); return new ResponseEntity<>(response, HttpStatus.OK); } -} + + @PostMapping(path = "/admin") + @PreAuthorize("hasRole('ROLE_ADMIN')") + @ApiOperation(value = "Adds new admin user.") + public ResponseEntity addAdmin(@RequestParam("authority") @ApiParam(value = "USOS ID or E-mail. If user does not exist it should be USOS ID") String authority) { + final Optional userResponse = this.userService.getByAuthority(authority); + final User user = userResponse.orElseGet(() -> new User(null, null, null, authority, UserRoles.ADMIN)); + user.setRole(UserRoles.ADMIN); + this.userService.save(user); + return new ResponseEntity<>("Success", HttpStatus.OK); + } + + @PostMapping(path = "/deanery") + @PreAuthorize("hasRole('ROLE_ADMIN')") + @ApiOperation(value = "Adds new deanery user.") + public ResponseEntity addDeanery(@RequestParam("authority") @ApiParam(value = "USOS ID or E-mail. If user does not exist it should be USOS ID") String authority) { + final Optional userResponse = this.userService.getByAuthority(authority); + final User user = userResponse.orElseGet(() -> new User(null, null, null, authority, UserRoles.DEANERY)); + user.setRole(UserRoles.DEANERY); + this.userService.save(user); + return new ResponseEntity<>("Success", HttpStatus.OK); + } +} \ No newline at end of file diff --git a/restservice/src/test/java/com/plannaplan/controllers/UsersControllerTest.java b/restservice/src/test/java/com/plannaplan/controllers/UsersControllerTest.java index 6c31338..939dab6 100755 --- a/restservice/src/test/java/com/plannaplan/controllers/UsersControllerTest.java +++ b/restservice/src/test/java/com/plannaplan/controllers/UsersControllerTest.java @@ -14,9 +14,13 @@ import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.setup.MockMvcBuilders; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; +import static org.junit.Assert.assertTrue; import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.*; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; +import java.util.Optional; + @RunWith(SpringRunner.class) @SpringBootTest @ContextConfiguration @@ -24,6 +28,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. public class UsersControllerTest extends AbstractControllerTest { private static final String SEARCH_ENDPOINT = "/api/v1/users/student/search"; private static final String ALL_USERS_ENDPOINT = "/api/v1/users/students"; + private static final String ADD_ADMIN_ENDPOINT = "/api/v1/users/admin"; + private static final String ADD_DEANERY_ENDPOINT = "/api/v1/users/deanery"; @Autowired private UserService service; @@ -87,4 +93,117 @@ public class UsersControllerTest extends AbstractControllerTest { .andExpect(status().is4xxClientError()); } + @Test + public void shouldDenyNewAdminWithWrongRole() throws Exception { + final String email = "shouldDenyNewAdminWithWrongRole@shouldDenyAllStudentsTryByStudent.test"; + final User user = this.service.save(new User(null, null, email, UserRoles.TEST_USER)); + final String token = this.service.login(user).getToken(); + + MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext).apply(springSecurity()).build(); + mockMvc.perform(post(ADD_ADMIN_ENDPOINT).param("authority","45611").header("Authorization", "Bearer " + token)) + .andExpect(status().is4xxClientError()); + } + + @Test + public void shouldDenyNewAdminWithNoParams() throws Exception { + final String email = "shouldDenyNewAdminWithNoParams@shouldDenyAllStudentsTryByStudent.test"; + final User user = this.service.save(new User(null, null, email, UserRoles.ADMIN)); + final String token = this.service.login(user).getToken(); + + MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext).apply(springSecurity()).build(); + mockMvc.perform(post(ADD_ADMIN_ENDPOINT).header("Authorization", "Bearer " + token)) + .andExpect(status().is4xxClientError()); + } + + @Test + public void shouldCreateNewAdmin() throws Exception { + final String email = "shouldCreateNewAdmin@shouldDenyAllStudentsTryByStudent.test"; + final String usosId = "121321"; + final User user = this.service.save(new User(null, null, email, UserRoles.ADMIN)); + final String token = this.service.login(user).getToken(); + + MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext).apply(springSecurity()).build(); + mockMvc.perform(post(ADD_ADMIN_ENDPOINT).param("authority",usosId).header("Authorization", "Bearer " + token)) + .andExpect(status().isOk()); + + final Optional reponse = this.service.getByAuthority(usosId); + assertTrue(reponse.get().getUsosId().equals(usosId)); + } + + @Test + public void shouldChangeExistingUserIntoAdmin() throws Exception { + final String email = "shouldChangeExistingUserIntoAdmin@shouldDenyAllStudentsTryByStudent.test"; + final String email2 = "shouldChangeExistingUserIntoAdmin2@shouldDenyAllStudentsTryByStudent.test"; + final String usosId = "121327"; + final User user = this.service.save(new User(null, null, email, UserRoles.ADMIN)); + + this.service.save(new User(null, null, email2, usosId, UserRoles.TEST_USER)); + + final String token = this.service.login(user).getToken(); + + MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext).apply(springSecurity()).build(); + mockMvc.perform(post(ADD_ADMIN_ENDPOINT).param("authority",usosId).header("Authorization", "Bearer " + token)) + .andExpect(status().isOk()); + + final Optional reponse = this.service.getByAuthority(usosId); + assertTrue(reponse.get().getUsosId().equals(usosId)); + assertTrue(reponse.get().getRole().equals(UserRoles.ADMIN)); + } + + @Test + public void shouldDenyNewDeaneryWithWrongRole() throws Exception { + final String email = "shouldDenyNewDeaneryWithWrongRole@shouldDenyAllStudentsTryByStudent.test"; + final User user = this.service.save(new User(null, null, email, UserRoles.TEST_USER)); + final String token = this.service.login(user).getToken(); + + MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext).apply(springSecurity()).build(); + mockMvc.perform(post(ADD_DEANERY_ENDPOINT).param("authority","45611").header("Authorization", "Bearer " + token)) + .andExpect(status().is4xxClientError()); + } + + @Test + public void shouldDenyNewDeaneryWithNoParams() throws Exception { + final String email = "shouldDenyNewDeaneryWithNoParams@shouldDenyAllStudentsTryByStudent.test"; + final User user = this.service.save(new User(null, null, email, UserRoles.ADMIN)); + final String token = this.service.login(user).getToken(); + + MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext).apply(springSecurity()).build(); + mockMvc.perform(post(ADD_DEANERY_ENDPOINT).header("Authorization", "Bearer " + token)) + .andExpect(status().is4xxClientError()); + } + + @Test + public void shouldCreateNewDeanery() throws Exception { + final String email = "shouldCreateNewDeanery@shouldDenyAllStudentsTryByStudent.test"; + final String usosId = "121322"; + final User user = this.service.save(new User(null, null, email, UserRoles.ADMIN)); + final String token = this.service.login(user).getToken(); + + MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext).apply(springSecurity()).build(); + mockMvc.perform(post(ADD_DEANERY_ENDPOINT).param("authority",usosId).header("Authorization", "Bearer " + token)) + .andExpect(status().isOk()); + + final Optional reponse = this.service.getByAuthority(usosId); + assertTrue(reponse.get().getUsosId().equals(usosId)); + } + + @Test + public void shouldChangeExistingUserIntoDeanery() throws Exception { + final String email = "shouldChangeExistingUserIntoDeanery@shouldDenyAllStudentsTryByStudent.test"; + final String email2 = "shouldChangeExistingUserIntoDeanery2@shouldDenyAllStudentsTryByStudent.test"; + final String usosId = "121328"; + final User user = this.service.save(new User(null, null, email, UserRoles.ADMIN)); + + this.service.save(new User(null, null, email2, usosId, UserRoles.TEST_USER)); + + final String token = this.service.login(user).getToken(); + + MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext).apply(springSecurity()).build(); + mockMvc.perform(post(ADD_DEANERY_ENDPOINT).param("authority",usosId).header("Authorization", "Bearer " + token)) + .andExpect(status().isOk()); + + final Optional reponse = this.service.getByAuthority(usosId); + assertTrue(reponse.get().getUsosId().equals(usosId)); + assertTrue(reponse.get().getRole().equals(UserRoles.DEANERY)); + } }