From 4c29a17c828bd5b8dee9f904a1de702f92853d5d Mon Sep 17 00:00:00 2001 From: harish Date: Thu, 24 Oct 2024 21:57:07 +0530 Subject: [PATCH] Fixed hub validation issue --- .../tendermanagement/dao/ApplicationDao.java | 12 +++---- .../gepafin/tendermanagement/dao/CallDao.java | 20 +++++------ .../tendermanagement/dao/CompanyDao.java | 5 +-- .../tendermanagement/dao/DashboardDao.java | 8 ++--- .../tendermanagement/dao/DelegationDao.java | 12 +++++-- .../gepafin/tendermanagement/dao/UserDao.java | 15 +++++--- .../model/request/CreateCallRequestStep1.java | 1 - .../repositories/CallRepository.java | 34 +++++++++++++------ .../tendermanagement/service/CallService.java | 4 +-- .../tendermanagement/service/UserService.java | 6 ++-- .../service/impl/ApplicationServiceImpl.java | 2 +- .../service/impl/AuthenticationService.java | 2 +- .../service/impl/CallServiceImpl.java | 8 +++-- .../service/impl/CompanyServiceImpl.java | 4 +-- .../service/impl/UserServiceImpl.java | 9 +++-- .../tendermanagement/util/Validator.java | 25 ++++++++------ .../web/rest/api/UserApi.java | 6 ++-- .../web/rest/api/impl/CallApiController.java | 2 +- .../web/rest/api/impl/UserApiController.java | 12 +++---- 19 files changed, 110 insertions(+), 77 deletions(-) diff --git a/src/main/java/net/gepafin/tendermanagement/dao/ApplicationDao.java b/src/main/java/net/gepafin/tendermanagement/dao/ApplicationDao.java index fe86a5c6..04eb8b95 100644 --- a/src/main/java/net/gepafin/tendermanagement/dao/ApplicationDao.java +++ b/src/main/java/net/gepafin/tendermanagement/dao/ApplicationDao.java @@ -139,7 +139,7 @@ public class ApplicationDao { } formService.validateFormField(applicationRequestBean.getFormFields(),applicationEntity,formEntity); ApplicationFormEntity applicationFormEntity = getApplicationFormOrCreate(formEntity, applicationEntity); - createOrUpdateMultipleFormFields(applicationRequestBean.getFormFields(), applicationFormEntity,formEntity); + createOrUpdateMultipleFormFields(applicationRequestBean.getFormFields(), applicationFormEntity, formEntity); return getApplicationById(applicationEntity.getId(),formEntity.getId()); } public void validateDelegation(UserEntity user, CompanyEntity company) { @@ -288,7 +288,7 @@ public class ApplicationDao { log.info("Fetching applications for RoleType: {}", userEntity.getRoleEntity().getRoleType()); - Specification spec = search(userEntity.getId(), callId, companyId,status); + Specification spec = search(userEntity, callId, companyId,status); List applicationEntities = applicationRepository.findAll(spec); @@ -298,12 +298,12 @@ public class ApplicationDao { } - private Specification search(Long userId, Long callId, Long companyId,String status) { + private Specification search(UserEntity userEntity, Long callId, Long companyId,String status) { return (root, query, builder) -> { Boolean isBeneficiary = validator.checkIsBeneficiary(); Predicate predicate = builder.isFalse(root.get("isDeleted")); if (isBeneficiary) { - predicate = builder.and(predicate, builder.equal(root.get("userId"), userId)); + predicate = builder.and(predicate, builder.equal(root.get("userId"), userEntity.getId())); } if (callId != null) { predicate = builder.and(predicate, builder.equal(root.get("call").get("id"), callId)); @@ -314,7 +314,7 @@ public class ApplicationDao { if (status != null) { predicate = builder.and(predicate, builder.equal(root.get("status"), status)); } - + predicate = builder.and(predicate, builder.equal(root.get("hubId"), userEntity.getHub().getId())); return predicate; }; } @@ -601,7 +601,7 @@ public class ApplicationDao { throw new CustomValidationException(Status.BAD_REQUEST,Translator.toLocale(GepafinConstant.APPLICATION_ALREADY_IN_PREVIOUS_STATUS)); } if (status.equals(ApplicationStatusTypeEnum.SUBMIT) && Boolean.TRUE.equals(applicationEntity.getStatus().equals(ApplicationStatusTypeEnum.READY.getValue()))) { - callService.validatePublishedCall(applicationEntity.getCall().getId()); + callService.validatePublishedCall(applicationEntity.getCall().getId(), userEntity.getHub().getId()); Long protocolNumber = getProtocolNumber(userEntity.getHub()); ProtocolEntity protocolEntity = createProtocolEntity(applicationEntity,protocolNumber, userEntity.getHub().getId()); applicationEntity.setProtocol(protocolEntity); diff --git a/src/main/java/net/gepafin/tendermanagement/dao/CallDao.java b/src/main/java/net/gepafin/tendermanagement/dao/CallDao.java index d8cd0a5c..b52aa97b 100644 --- a/src/main/java/net/gepafin/tendermanagement/dao/CallDao.java +++ b/src/main/java/net/gepafin/tendermanagement/dao/CallDao.java @@ -654,7 +654,7 @@ public class CallDao { if (Boolean.FALSE.equals(ROLE_SUPER_ADMIN.getValue().equals(type))) { callStatusList = List.of(CallStatusEnum.PUBLISH.getValue()); } - List calls = callRepository.findByStatusIn(callStatusList); + List calls = callRepository.findByStatusInAndHubId(callStatusList, user.getHub().getId()); return calls.stream() .map(this::convertToCallDetailsResponseBean) .collect(Collectors.toList()); @@ -672,13 +672,13 @@ public class CallDao { callResponseBean.setStatus(CallStatusEnum.valueOf(callEntity.getStatus())); return callResponseBean; } - public CallEntity getCallEntityById(Long id){ - CallEntity callEntity=callRepository.findByIdAndStatusNotIn(id,List.of(CallStatusEnum.PUBLISH.getValue())); - if(callEntity==null){ - throw new ResourceNotFoundException(Status.NOT_FOUND, Translator.toLocale(GepafinConstant.CALL_NOT_FOUND)); - } - return callEntity; - } +// public CallEntity getCallEntityById(Long id){ +// CallEntity callEntity=callRepository.findByIdAndStatusNotInAndHubId(id, List.of(CallStatusEnum.PUBLISH.getValue())); +// if(callEntity==null){ +// throw new ResourceNotFoundException(Status.NOT_FOUND, Translator.toLocale(GepafinConstant.CALL_NOT_FOUND)); +// } +// return callEntity; +// } public CallResponse updateCallStatus(CallEntity callEntity, CallStatusEnum statusReq) { CallStatusEnum currentStatus = CallStatusEnum.valueOf(callEntity.getStatus()); @@ -718,9 +718,9 @@ public class CallDao { } } - public CallEntity validatePublishedCall(Long callId) { + public CallEntity validatePublishedCall(Long callId, Long hubId) { CallEntity callEntity= callRepository - .findByIdAndStatus(callId, CallStatusEnum.PUBLISH.getValue()); + .findByIdAndStatusAndHubId(callId, CallStatusEnum.PUBLISH.getValue(), hubId); if(callEntity==null){ throw new ResourceNotFoundException( Status.NOT_FOUND, diff --git a/src/main/java/net/gepafin/tendermanagement/dao/CompanyDao.java b/src/main/java/net/gepafin/tendermanagement/dao/CompanyDao.java index 0f59fc08..84b01021 100644 --- a/src/main/java/net/gepafin/tendermanagement/dao/CompanyDao.java +++ b/src/main/java/net/gepafin/tendermanagement/dao/CompanyDao.java @@ -54,7 +54,7 @@ public class CompanyDao { return convertCompanyEntityToCompanyResponse(existingCompany, userWithCompanyEntity); } else { validateCompany(userEntity, companyRequest); - CompanyEntity companyEntity = convertCompanyRequestToCompanyEntity(companyRequest); + CompanyEntity companyEntity = convertCompanyRequestToCompanyEntity(userEntity, companyRequest); companyRepository.save(companyEntity); userWithCompanyEntity = createUserWithCompanyRelation(userEntity, companyEntity, companyRequest.getIsLegalRepresentant()); return convertCompanyEntityToCompanyResponse(companyEntity, userWithCompanyEntity); @@ -91,7 +91,7 @@ public class CompanyDao { return userWithCompanyRepository.save(userWithCompanyEntity); } - private CompanyEntity convertCompanyRequestToCompanyEntity(CompanyRequest request) { + private CompanyEntity convertCompanyRequestToCompanyEntity(UserEntity userEntity, CompanyRequest request) { CompanyEntity entity = new CompanyEntity(); entity.setCompanyName(request.getCompanyName()); entity.setVatNumber(request.getVatNumber()); @@ -108,6 +108,7 @@ public class CompanyDao { entity.setAnnualRevenue(request.getAnnualRevenue()); entity.setContactName(request.getContactName()); entity.setContactEmail(request.getContactEmail()); + entity.setHub(userEntity.getHub()); return entity; } diff --git a/src/main/java/net/gepafin/tendermanagement/dao/DashboardDao.java b/src/main/java/net/gepafin/tendermanagement/dao/DashboardDao.java index de20f607..c5afea4e 100644 --- a/src/main/java/net/gepafin/tendermanagement/dao/DashboardDao.java +++ b/src/main/java/net/gepafin/tendermanagement/dao/DashboardDao.java @@ -60,7 +60,7 @@ public class DashboardDao { } private void setActiveCalls(Widget1 widget1, UserEntity requestedUserEntity) { - Long activeCalls = callRepository.countByStatus(CallStatusEnum.PUBLISH.getValue()); + Long activeCalls = callRepository.countByStatusAndHubId(CallStatusEnum.PUBLISH.getValue(), requestedUserEntity.getHub().getId()); if (activeCalls != null) { widget1.setNumberOfActiveCalls(activeCalls); } @@ -74,8 +74,8 @@ public class DashboardDao { } } - private void setTotalActiveFinancing(Widget1 widget1, UserEntity requestedUserEntity) { - BigDecimal totalActiveFinancing = callRepository.findTotalAmountOfPublishedCalls(); + private void setTotalActiveFinancing(Widget1 widget1, UserEntity requestedUser) { + BigDecimal totalActiveFinancing = callRepository.findTotalAmountOfPublishedCallsAndHubId(requestedUser.getHub().getId()); widget1.setTotalActiveFinancing(totalActiveFinancing); } @@ -104,7 +104,7 @@ public class DashboardDao { CompanyEntity company) { BeneficiaryWidgetResponseBean beneficiaryWidgetResponseBean = BeneficiaryWidgetResponseBean.builder() .numberOfApplications(0L).numberOfCalls(0L).numberOfIntegratedDocuments(0L).build(); - Long activeCalls = callRepository.countByStatus(CallStatusEnum.PUBLISH.getValue()); + Long activeCalls = callRepository.countByStatusAndHubId(CallStatusEnum.PUBLISH.getValue(), userEntity.getHub().getId()); if (activeCalls != null) { beneficiaryWidgetResponseBean.setNumberOfCalls(activeCalls); } diff --git a/src/main/java/net/gepafin/tendermanagement/dao/DelegationDao.java b/src/main/java/net/gepafin/tendermanagement/dao/DelegationDao.java index f609086f..1d9e904a 100644 --- a/src/main/java/net/gepafin/tendermanagement/dao/DelegationDao.java +++ b/src/main/java/net/gepafin/tendermanagement/dao/DelegationDao.java @@ -14,6 +14,7 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; import org.springframework.web.multipart.MultipartFile; +import jakarta.servlet.http.HttpServletRequest; import net.gepafin.tendermanagement.config.Translator; import net.gepafin.tendermanagement.constants.GepafinConstant; import net.gepafin.tendermanagement.entities.CompanyEntity; @@ -31,6 +32,7 @@ import net.gepafin.tendermanagement.service.AmazonS3Service; import net.gepafin.tendermanagement.service.UserService; import net.gepafin.tendermanagement.util.DateTimeUtil; import net.gepafin.tendermanagement.util.Utils; +import net.gepafin.tendermanagement.util.Validator; import net.gepafin.tendermanagement.web.rest.api.errors.CustomValidationException; import net.gepafin.tendermanagement.web.rest.api.errors.ResourceNotFoundException; import net.gepafin.tendermanagement.web.rest.api.errors.Status; @@ -38,7 +40,7 @@ import net.gepafin.tendermanagement.web.rest.api.errors.Status; @Component public class DelegationDao { - private static final String DEFAULT_PLACEHOLDER = "____________________"; +// private static final String DEFAULT_PLACEHOLDER = "____________________"; @Autowired private UserService userService; @@ -57,6 +59,9 @@ public class DelegationDao { @Autowired private UserCompanyDelegationRepository userCompanyDelegationRepository; + + @Autowired + private Validator validator; public ByteArrayOutputStream generateDocument(Map placeholders, String templateName) { @@ -89,9 +94,10 @@ public class DelegationDao { return new XWPFDocument(templateStream); } - public ByteArrayOutputStream downloadCompanyDelegation(UserEntity userEntity, Long companyId, CompanyDelegationRequest companyDelegationRequest) { + public ByteArrayOutputStream downloadCompanyDelegation(HttpServletRequest request, Long companyId, CompanyDelegationRequest companyDelegationRequest) { Map placeholders = getDefaultPlaceholders(); - UserResponseBean user = userService.getUserById(userEntity.getId()); + UserEntity userEntity = validator.validateUser(request); + UserResponseBean user = userService.getUserById(request, userEntity.getId()); CompanyEntity companyEntity = companyDao.validateCompany(companyId); companyDao.getUserWithCompany(userEntity.getId(), companyId); updatePlaceholdersForDelegation(user, companyEntity, placeholders, companyDelegationRequest); diff --git a/src/main/java/net/gepafin/tendermanagement/dao/UserDao.java b/src/main/java/net/gepafin/tendermanagement/dao/UserDao.java index 6a776f07..33f235a2 100644 --- a/src/main/java/net/gepafin/tendermanagement/dao/UserDao.java +++ b/src/main/java/net/gepafin/tendermanagement/dao/UserDao.java @@ -125,11 +125,12 @@ public class UserDao { if (tempToken == null) { validator.validateRequest(request,RoleStatusEnum.ROLE_SUPER_ADMIN); + UserEntity userEntity = validator.validateUser(request); + userReq.setHubUuid(userEntity.getHub().getUniqueUuid()); }else { samlSuccessHandler.validateToken(tempToken, userReq.getCodiceFiscale(), userReq.getHubUuid()); } - RoleEntity role = roleService.validateRole(userReq.getRoleId()); if (Boolean.FALSE.equals(Utils.isValidEmail(userReq.getEmail()))) { throw new CustomValidationException(Status.VALIDATION_ERROR, Translator.toLocale(GepafinConstant.VALIDATE_EMAIL)); @@ -153,10 +154,14 @@ public class UserDao { if (tempToken != null) { userReq.setRoleId(null); } - if(tempToken == null && Boolean.TRUE.equals(RoleStatusEnum.ROLE_BENEFICIARY.getValue().equals(role.getRoleType()))){ - throw new CustomValidationException(Status.VALIDATION_ERROR, - Translator.toLocale(GepafinConstant.CANNOT_CREATE_BENEFICIARY_USER)); - } + + if (tempToken == null) { + RoleEntity role = roleService.validateRole(userReq.getRoleId()); + if (Boolean.TRUE.equals(RoleStatusEnum.ROLE_BENEFICIARY.getValue().equals(role.getRoleType()))) { + throw new CustomValidationException(Status.VALIDATION_ERROR, + Translator.toLocale(GepafinConstant.CANNOT_CREATE_BENEFICIARY_USER)); + } + } } private void validatePassword(String password, String confirmPassword, String tempToken) { diff --git a/src/main/java/net/gepafin/tendermanagement/model/request/CreateCallRequestStep1.java b/src/main/java/net/gepafin/tendermanagement/model/request/CreateCallRequestStep1.java index bdc0d015..6ca30e37 100644 --- a/src/main/java/net/gepafin/tendermanagement/model/request/CreateCallRequestStep1.java +++ b/src/main/java/net/gepafin/tendermanagement/model/request/CreateCallRequestStep1.java @@ -2,7 +2,6 @@ package net.gepafin.tendermanagement.model.request; import java.math.BigDecimal; import java.time.LocalDateTime; -import java.time.LocalTime; import java.util.List; import lombok.Data; diff --git a/src/main/java/net/gepafin/tendermanagement/repositories/CallRepository.java b/src/main/java/net/gepafin/tendermanagement/repositories/CallRepository.java index 4e651fe0..12934e36 100644 --- a/src/main/java/net/gepafin/tendermanagement/repositories/CallRepository.java +++ b/src/main/java/net/gepafin/tendermanagement/repositories/CallRepository.java @@ -1,8 +1,8 @@ package net.gepafin.tendermanagement.repositories; import net.gepafin.tendermanagement.entities.CallEntity; -import net.gepafin.tendermanagement.enums.CallStatusEnum; import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.data.jpa.repository.Query; +import org.springframework.data.repository.query.Param; import org.springframework.stereotype.Repository; import java.math.BigDecimal; @@ -11,18 +11,30 @@ import java.util.List; @Repository public interface CallRepository extends JpaRepository { - public CallEntity findByIdAndStatusNotIn(Long id, List status); - List findByStatusIn(List callStatus); +// public CallEntity findByIdAndStatusNotIn(Long id, List status); + +// List findByStatusIn(List callStatus); - public CallEntity findByIdAndStatus(Long id,String status); +// public CallEntity findByIdAndStatus(Long id,String status); - public Long countByStatus(String status); +// public Long countByStatus(String status); - @Query("SELECT COALESCE(SUM(c.amount), 0) FROM CallEntity c WHERE c.status = 'PUBLISH'") - BigDecimal findTotalAmountOfPublishedCalls(); +// @Query("SELECT COALESCE(SUM(c.amount), 0) FROM CallEntity c WHERE c.status = 'PUBLISH'") +// BigDecimal findTotalAmountOfPublishedCalls(); - @Query("SELECT c.name, COUNT(a.id) " + - "FROM CallEntity c LEFT JOIN ApplicationEntity a ON c.id = a.call.id " + - "GROUP BY c.name") - List findApplicationsPerCall(); +// @Query("SELECT c.name, COUNT(a.id) " + +// "FROM CallEntity c LEFT JOIN ApplicationEntity a ON c.id = a.call.id " + +// "GROUP BY c.name") +// List findApplicationsPerCall(); + + public List findByStatusInAndHubId(List callStatus, Long hubId); + + public CallEntity findByIdAndStatusAndHubId(Long id, String status, Long hubId); + + public Long countByStatusAndHubId(String status, Long hubId); + + public CallEntity findByIdAndStatusNotInAndHubId(Long id, List status, Long hubId); + + @Query("SELECT COALESCE(SUM(c.amount), 0) FROM CallEntity c WHERE c.status = 'PUBLISH' And c.hub.id = :hubId") + BigDecimal findTotalAmountOfPublishedCallsAndHubId(@Param("hubId") Long hubId); } diff --git a/src/main/java/net/gepafin/tendermanagement/service/CallService.java b/src/main/java/net/gepafin/tendermanagement/service/CallService.java index 8abe4cb5..92a62f02 100644 --- a/src/main/java/net/gepafin/tendermanagement/service/CallService.java +++ b/src/main/java/net/gepafin/tendermanagement/service/CallService.java @@ -29,6 +29,6 @@ public interface CallService { CallEntity validateCall(Long callId); - CallEntity validatePublishedCall(Long callId); - byte[] downloadCallDocumentsAsZip(Long callId); + CallEntity validatePublishedCall(Long callId, Long hubId); + byte[] downloadCallDocumentsAsZip(HttpServletRequest request, Long callId); } diff --git a/src/main/java/net/gepafin/tendermanagement/service/UserService.java b/src/main/java/net/gepafin/tendermanagement/service/UserService.java index 9a1bdf9a..21109a5e 100644 --- a/src/main/java/net/gepafin/tendermanagement/service/UserService.java +++ b/src/main/java/net/gepafin/tendermanagement/service/UserService.java @@ -17,11 +17,11 @@ import java.util.List; public interface UserService { JWTToken createUser(HttpServletRequest request, String tempToken, UserReq userReq); - UserResponseBean updateUser(Long userId, UpdateUserReq userReq); + UserResponseBean updateUser(HttpServletRequest request, Long userId, UpdateUserReq userReq); - UserResponseBean getUserById(Long userId); + UserResponseBean getUserById(HttpServletRequest request, Long userId); - void deleteUser(Long userId); + void deleteUser(HttpServletRequest request, Long userId); JWTToken login(LoginReq loginReq,HttpServletRequest request); diff --git a/src/main/java/net/gepafin/tendermanagement/service/impl/ApplicationServiceImpl.java b/src/main/java/net/gepafin/tendermanagement/service/impl/ApplicationServiceImpl.java index e8e8f1f4..779a3d09 100644 --- a/src/main/java/net/gepafin/tendermanagement/service/impl/ApplicationServiceImpl.java +++ b/src/main/java/net/gepafin/tendermanagement/service/impl/ApplicationServiceImpl.java @@ -65,6 +65,7 @@ public class ApplicationServiceImpl implements ApplicationService { public ApplicationResponse createApplication(HttpServletRequest request, Long companyId, ApplicationRequest applicationRequest, Long callId) { UserEntity userEntity = validator.validateUser(request); CompanyEntity companyEntity = validator.validateUserWithCompany(request, companyId); + validator.validateUserWithCall(userEntity, callId); return applicationDao.createApplicationByCallId(companyEntity, applicationRequest, callId, userEntity); } @@ -114,7 +115,6 @@ public class ApplicationServiceImpl implements ApplicationService { @Transactional(rollbackFor = Exception.class) public ApplicationResponse validateApplication(HttpServletRequest request, Long applicationId) { return applicationDao.validateApplication(request, applicationId); - } diff --git a/src/main/java/net/gepafin/tendermanagement/service/impl/AuthenticationService.java b/src/main/java/net/gepafin/tendermanagement/service/impl/AuthenticationService.java index 0d3dab12..5a2d9ded 100644 --- a/src/main/java/net/gepafin/tendermanagement/service/impl/AuthenticationService.java +++ b/src/main/java/net/gepafin/tendermanagement/service/impl/AuthenticationService.java @@ -77,7 +77,7 @@ public class AuthenticationService { public JWTToken login(LoginReq loginReq, HttpServletRequest request) { UserEntity user=null; - + LoginAttemptEntity loginAttemptEntity = prepareLoginAttemptEntity(loginReq, request); log.info("Attempting login for email: {}", loginReq.getEmail()); String emailWithHubId = loginReq.getEmail()+":"+loginReq.getHubUuid(); diff --git a/src/main/java/net/gepafin/tendermanagement/service/impl/CallServiceImpl.java b/src/main/java/net/gepafin/tendermanagement/service/impl/CallServiceImpl.java index 281b33b1..8004008b 100644 --- a/src/main/java/net/gepafin/tendermanagement/service/impl/CallServiceImpl.java +++ b/src/main/java/net/gepafin/tendermanagement/service/impl/CallServiceImpl.java @@ -91,13 +91,15 @@ public class CallServiceImpl implements CallService { } @Override - public CallEntity validatePublishedCall(Long callId) { - return callDao.validatePublishedCall(callId); + public CallEntity validatePublishedCall(Long callId, Long hubId) { + return callDao.validatePublishedCall(callId, hubId); } @Override @Transactional(readOnly = true) - public byte[] downloadCallDocumentsAsZip(Long callId) { + public byte[] downloadCallDocumentsAsZip(HttpServletRequest request, Long callId) { + UserEntity user = validator.validateUser(request); + validator.validateUserWithCall(user, callId); return callDao.downloadCallDocumentsAsZip(callId); } diff --git a/src/main/java/net/gepafin/tendermanagement/service/impl/CompanyServiceImpl.java b/src/main/java/net/gepafin/tendermanagement/service/impl/CompanyServiceImpl.java index 47656b4d..5ab99b13 100644 --- a/src/main/java/net/gepafin/tendermanagement/service/impl/CompanyServiceImpl.java +++ b/src/main/java/net/gepafin/tendermanagement/service/impl/CompanyServiceImpl.java @@ -49,6 +49,7 @@ public class CompanyServiceImpl implements CompanyService { @Transactional(rollbackFor = Exception.class) public CompanyResponse updateCompany(HttpServletRequest request, Long companyId, CompanyRequest companyRequest) { UserEntity userEntity =validator.validateUser(request); + validator.validateUserWithCompany(request, companyId); return companyDao.updateCompany(userEntity, companyId, companyRequest); } @@ -93,8 +94,7 @@ public class CompanyServiceImpl implements CompanyService { @Override @Transactional(readOnly = true) public ByteArrayOutputStream downloadCompanyDelegation(HttpServletRequest request, Long companyId, CompanyDelegationRequest companyDelegationRequest) { - UserEntity userEntity =validator.validateUser(request); - return delegationDao.downloadCompanyDelegation(userEntity, companyId, companyDelegationRequest); + return delegationDao.downloadCompanyDelegation(request, companyId, companyDelegationRequest); } @Override diff --git a/src/main/java/net/gepafin/tendermanagement/service/impl/UserServiceImpl.java b/src/main/java/net/gepafin/tendermanagement/service/impl/UserServiceImpl.java index 3f325320..5d3640f9 100644 --- a/src/main/java/net/gepafin/tendermanagement/service/impl/UserServiceImpl.java +++ b/src/main/java/net/gepafin/tendermanagement/service/impl/UserServiceImpl.java @@ -40,19 +40,22 @@ public class UserServiceImpl implements UserService { @Override @Transactional(rollbackFor = Exception.class) - public UserResponseBean updateUser(Long userId, UpdateUserReq userReq) { + public UserResponseBean updateUser(HttpServletRequest request, Long userId, UpdateUserReq userReq) { + validator.validateUserId(request, userId); return userDao.updateUser(userId, userReq); } @Override @Transactional(readOnly = true) - public UserResponseBean getUserById(Long userId) { + public UserResponseBean getUserById(HttpServletRequest request, Long userId) { + validator.validateUserId(request, userId); return userDao.getUserById(userId); } @Override @Transactional(rollbackFor = Exception.class) - public void deleteUser(Long userId) { + public void deleteUser(HttpServletRequest request, Long userId) { + validator.validateUserId(request, userId); userDao.deleteUser(userId); } diff --git a/src/main/java/net/gepafin/tendermanagement/util/Validator.java b/src/main/java/net/gepafin/tendermanagement/util/Validator.java index 785ad3b9..ecf4b3ae 100644 --- a/src/main/java/net/gepafin/tendermanagement/util/Validator.java +++ b/src/main/java/net/gepafin/tendermanagement/util/Validator.java @@ -72,12 +72,8 @@ public class Validator { } public CompanyEntity validateUserWithCompany(HttpServletRequest request, Long companyId) { - UserEntity user = validateUser(request); CompanyEntity companyEntity = companyService.validateCompany(companyId); - if (Boolean.FALSE.equals(user.getHub().getId().equals(companyEntity.getHub().getId()))) { - throw new ForbiddenAccessException(Status.FORBIDDEN, - Translator.toLocale(GepafinConstant.PERMISSION_DENIED)); - } + validateHubId(request, companyEntity.getHub().getId()); if (checkIsSuperAdmin()) { return companyEntity; } @@ -85,6 +81,15 @@ public class Validator { companyService.validateUserWithCompny(getUserId(userInfo), companyId); return companyService.validateCompany(companyId); } + + public void validateHubId(HttpServletRequest request, Long hubId) { + UserEntity user = validateUser(request); + Long hubIdFromHttpRequest = user.getHub().getId(); + if (Boolean.FALSE.equals(hubIdFromHttpRequest.equals(hubId))) { + throw new ForbiddenAccessException(Status.FORBIDDEN, + Translator.toLocale(GepafinConstant.PERMISSION_DENIED)); + } + } private Long getUserId(Map userInfo) { return Long.parseLong(userInfo.get("userId").toString()); @@ -107,11 +112,11 @@ public class Validator { UserEntity user = validateUser(request); UserEntity requestedUser = userService.validateUser(userId); - if(Boolean.FALSE.equals(requestedUser.getHub().getId().equals(user.getHub().getId()))) { - throw new ForbiddenAccessException(Status.FORBIDDEN, Translator.toLocale(GepafinConstant.PERMISSION_DENIED)); - } - if(user.getRoleEntity().getRoleType().equals(RoleStatusEnum.ROLE_BENEFICIARY.getValue()) && Boolean.FALSE.equals(user.getId().equals(userId))) { - throw new ForbiddenAccessException(Status.FORBIDDEN, Translator.toLocale(GepafinConstant.PERMISSION_DENIED)); + validateHubId(request, requestedUser.getHub().getId()); + if (Boolean.FALSE.equals(user.getRoleEntity().getRoleType().equals(RoleStatusEnum.ROLE_SUPER_ADMIN.getValue())) + && Boolean.FALSE.equals(user.getId().equals(userId))) { + throw new ForbiddenAccessException(Status.FORBIDDEN, + Translator.toLocale(GepafinConstant.PERMISSION_DENIED)); } return requestedUser; } diff --git a/src/main/java/net/gepafin/tendermanagement/web/rest/api/UserApi.java b/src/main/java/net/gepafin/tendermanagement/web/rest/api/UserApi.java index 8982e45e..c7b8e530 100644 --- a/src/main/java/net/gepafin/tendermanagement/web/rest/api/UserApi.java +++ b/src/main/java/net/gepafin/tendermanagement/web/rest/api/UserApi.java @@ -59,7 +59,7 @@ public interface UserApi { @RequestMapping(value = "/{userId}", produces = {"application/json"}, method = RequestMethod.PUT) - default ResponseEntity> updateUser( + default ResponseEntity> updateUser(HttpServletRequest request, @Parameter(description = "The user id", required = true) @PathVariable("userId") Long userId, @Parameter(description = "User request object", required = true) @Valid @RequestBody UpdateUserReq userReq) { return new ResponseEntity<>(HttpStatus.NOT_IMPLEMENTED); @@ -77,7 +77,7 @@ public interface UserApi { @RequestMapping(value = "/{userId}", produces = {"application/json"}, method = RequestMethod.GET) - default ResponseEntity> getUserById( + default ResponseEntity> getUserById(HttpServletRequest request, @Parameter(description = "The user id", required = true) @PathVariable("userId") Long userId) { return new ResponseEntity<>(HttpStatus.NOT_IMPLEMENTED); } @@ -93,7 +93,7 @@ public interface UserApi { @ExampleObject(value = ErrorConstants.BADREQUEST_ERROR_EXAMPLE)}))}) @RequestMapping(value = "/{userId}", method = RequestMethod.DELETE) - default ResponseEntity> deleteUser( + default ResponseEntity> deleteUser(HttpServletRequest request, @Parameter(description = "The user id", required = true) @PathVariable("userId") Long userId) { return new ResponseEntity<>(HttpStatus.NOT_IMPLEMENTED); } diff --git a/src/main/java/net/gepafin/tendermanagement/web/rest/api/impl/CallApiController.java b/src/main/java/net/gepafin/tendermanagement/web/rest/api/impl/CallApiController.java index b06380e4..69154098 100644 --- a/src/main/java/net/gepafin/tendermanagement/web/rest/api/impl/CallApiController.java +++ b/src/main/java/net/gepafin/tendermanagement/web/rest/api/impl/CallApiController.java @@ -88,7 +88,7 @@ public class CallApiController implements CallApi { } @Override public ResponseEntity downloadCallDocumentsAsZip(HttpServletRequest request, Long callId) { - byte[] zipFile = callService.downloadCallDocumentsAsZip(callId); + byte[] zipFile = callService.downloadCallDocumentsAsZip(request, callId); HttpHeaders headers = new HttpHeaders(); headers.setContentType(MediaType.APPLICATION_OCTET_STREAM); diff --git a/src/main/java/net/gepafin/tendermanagement/web/rest/api/impl/UserApiController.java b/src/main/java/net/gepafin/tendermanagement/web/rest/api/impl/UserApiController.java index 413feaac..1a3040c1 100644 --- a/src/main/java/net/gepafin/tendermanagement/web/rest/api/impl/UserApiController.java +++ b/src/main/java/net/gepafin/tendermanagement/web/rest/api/impl/UserApiController.java @@ -44,29 +44,29 @@ public class UserApiController implements UserApi { } @Override - public ResponseEntity> updateUser( + public ResponseEntity> updateUser(HttpServletRequest request, @PathVariable("userId") Long userId, @Valid @RequestBody UpdateUserReq userReq) { log.info("Update User - User ID: {}, Request Body: {}", userId, userReq); - UserResponseBean updatedUser = userService.updateUser(userId, userReq); + UserResponseBean updatedUser = userService.updateUser(request, userId, userReq); return ResponseEntity.status(HttpStatus.OK) .body(new Response<>(updatedUser, Status.SUCCESS, Translator.toLocale(GepafinConstant.USER_UPDATED_SUCCESS_MSG))); } @Override - public ResponseEntity> getUserById( + public ResponseEntity> getUserById(HttpServletRequest request, @PathVariable("userId") Long userId) { log.info("Get User by ID - User ID: {}", userId); - UserResponseBean user = userService.getUserById(userId); + UserResponseBean user = userService.getUserById(request, userId); return ResponseEntity.status(HttpStatus.OK) .body(new Response<>(user, Status.SUCCESS, Translator.toLocale(GepafinConstant.GET_USER_SUCCESS_MSG))); } @Override - public ResponseEntity> deleteUser( + public ResponseEntity> deleteUser(HttpServletRequest request, @PathVariable("userId") Long userId) { log.info("Delete User - User ID: {}", userId); - userService.deleteUser(userId); + userService.deleteUser(request, userId); return ResponseEntity.status(HttpStatus.OK) .body(new Response<>(null, Status.SUCCESS, Translator.toLocale(GepafinConstant.USER_DELETED_SUCCESS_MSG))); }