package com.plannaplan.controllers; import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.RestController; import java.io.IOException; import java.util.Date; import com.plannaplan.App; import com.plannaplan.entities.User; import com.plannaplan.models.ConfigData; import com.plannaplan.models.TourData; import com.plannaplan.security.cas.CasUserIdentity; import com.plannaplan.security.cas.CasValidationExcepiton; import com.plannaplan.security.cas.CasValidator; import com.plannaplan.security.cas.CustomUAMCasValidator; import com.plannaplan.security.cas.DefaultUAMCasValidator; import com.plannaplan.services.ConfiguratorService; import com.plannaplan.services.UserService; import com.plannaplan.types.UserRoles; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.format.annotation.DateTimeFormat; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.multipart.MultipartFile; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiParam; @RestController @CrossOrigin @RequestMapping("/api/" + App.API_VERSION + "/configurator") @EnableGlobalMethodSecurity(prePostEnabled = true) @Api(tags = { "ConfigController" }, value = "ConfigController", description = "All endpoints to configure an app") public class ConfigController { @Value("${plannaplan.frontendUrl}") private String serviceUrl; @Value("${plannaplan.dev}") private boolean isDev; @Autowired private ConfiguratorService contrl; @Autowired private UserService userService; @PostMapping(path = "/config", consumes = { "multipart/form-data" }) @PreAuthorize("hasRole('ROLE_ADMIN')") @ApiOperation("Imports data to system. To call you need to provide ADMIN token") public ResponseEntity configApp( @RequestParam("file") @ApiParam(value = "file .xlsx that contains courses and groups with apoinnted rules") MultipartFile file, @RequestParam("firstTourBegin") @DateTimeFormat(pattern = "dd.MM.yyyy") @ApiParam(value = "Date when first tour begin in format dd.MM.yyyy") Date firstTourBegin, @RequestParam("firstTourEnd") @DateTimeFormat(pattern = "dd.MM.yyyy") @ApiParam(value = "Date when first tour ends in format dd.MM.yyyy") Date firstTourEnd, @RequestParam("secondTourBegin") @DateTimeFormat(pattern = "dd.MM.yyyy") @ApiParam(value = "Date when second tour begin in format dd.MM.yyyy") Date secondTourBegin, @RequestParam("secondTourEnd") @DateTimeFormat(pattern = "dd.MM.yyyy") @ApiParam(value = "Date when second tour ends in format dd.MM.yyyy") Date secondTourEnd) { try { if (!(firstTourBegin.before(firstTourEnd) && (firstTourEnd.before(secondTourBegin) || firstTourEnd.equals(secondTourBegin)) && secondTourBegin.before(secondTourEnd))) { return new ResponseEntity<>("Bad dates", HttpStatus.BAD_REQUEST); } final TourData firstTour = new TourData(firstTourBegin, firstTourEnd); final TourData secondTour = new TourData(secondTourBegin, secondTourEnd); final ConfigData data = new ConfigData(firstTour, secondTour, file.getInputStream()); this.contrl.config(data); return new ResponseEntity<>("Sucess", HttpStatus.OK); } catch (IOException e) { return new ResponseEntity<>(e.getMessage(), HttpStatus.INTERNAL_SERVER_ERROR); } } @PostMapping(path = "/config/courses", consumes = { "multipart/form-data" }) @PreAuthorize("hasRole('ROLE_ADMIN')") @ApiOperation("Imports data to system. To call you need to provide ADMIN token") public ResponseEntity configAppChangeCources( @RequestParam("file") @ApiParam(value = "file .xlsx that contains courses and groups with apoinnted rules") MultipartFile file) { try { this.contrl.importCoursesStream(file.getInputStream()); return new ResponseEntity<>("Sucess", HttpStatus.OK); } catch (IOException e) { return new ResponseEntity<>(e.getMessage(), HttpStatus.INTERNAL_SERVER_ERROR); } } @PostMapping(path = "/admin/init") @ApiOperation("It can be run only in the initialization of the application. It will create admin user to manage the application.") public ResponseEntity initAdmin(@RequestParam("ticket") @ApiParam(value = "Ticket for validation.") String ticket){ if (this.userService.adminExists()){ return new ResponseEntity<>("Admin had been already created.", HttpStatus.FORBIDDEN); } final CasValidator validator = isDev ? new DefaultUAMCasValidator(serviceUrl, ticket) : new CustomUAMCasValidator(serviceUrl, ticket); try { final CasUserIdentity casUserIdentity = validator.validate(); final String usosId = casUserIdentity.getUsosId(); final String authority = casUserIdentity.getEmail(); this.userService.save(new User(null, null, authority, usosId, UserRoles.ADMIN)); return new ResponseEntity<>("Success", HttpStatus.OK); } catch (CasValidationExcepiton e) { return new ResponseEntity<>("CAS validation failed", HttpStatus.UNAUTHORIZED); } catch (Exception e) { return new ResponseEntity<>("Internal Server Error", HttpStatus.INTERNAL_SERVER_ERROR); } } }