diff --git a/src/main/java/net/gepafin/tendermanagement/dao/AssignedApplicationsDao.java b/src/main/java/net/gepafin/tendermanagement/dao/AssignedApplicationsDao.java index bdf85b41..541fe218 100644 --- a/src/main/java/net/gepafin/tendermanagement/dao/AssignedApplicationsDao.java +++ b/src/main/java/net/gepafin/tendermanagement/dao/AssignedApplicationsDao.java @@ -1,5 +1,6 @@ package net.gepafin.tendermanagement.dao; import jakarta.persistence.criteria.Predicate; +import jakarta.servlet.http.HttpServletRequest; import net.gepafin.tendermanagement.config.Translator; import net.gepafin.tendermanagement.constants.GepafinConstant; import net.gepafin.tendermanagement.entities.ApplicationEntity; @@ -14,6 +15,7 @@ import net.gepafin.tendermanagement.repositories.AssignedApplicationsRepository; import net.gepafin.tendermanagement.service.ApplicationService; import net.gepafin.tendermanagement.service.UserService; import net.gepafin.tendermanagement.util.DateTimeUtil; +import net.gepafin.tendermanagement.util.Validator; import net.gepafin.tendermanagement.web.rest.api.errors.CustomValidationException; import net.gepafin.tendermanagement.web.rest.api.errors.ResourceNotFoundException; import net.gepafin.tendermanagement.web.rest.api.errors.Status; @@ -42,6 +44,9 @@ public class AssignedApplicationsDao { @Autowired private UserService userService; + + @Autowired + private Validator validator; public AssignedApplicationsResponse createAssignedApplications(Long applicationId, Long userId, UserEntity assignedByUser, AssignedApplicationsRequest assignedApplicationsRequest){ log.info("Assigning application to pre-Instructor with details: {}", applicationId,userId); @@ -137,38 +142,47 @@ public class AssignedApplicationsDao { return assignedApplication; } - public void deleteById(Long id) { + public void deleteById(HttpServletRequest request, Long id) { log.info("Deleting assigned application with ID: {}", id); AssignedApplicationsEntity assignedApplicationsEntity= validateAssignedApplication(id); + validator.validatePreInstructor(request, assignedApplicationsEntity.getUserId()); assignedApplicationsEntity.setIsDeleted(true); assignedApplicationsEntity= saveAssignedApplication(assignedApplicationsEntity); log.info("Assigned Application deleted with ID: {}", id); } - public List getAllAssignedApplications(Long userId){ - Specification spec = search(userId); + public List getAllAssignedApplications(HttpServletRequest request, Long userId) { + UserEntity user = validator.validateUser(request); + if(validator.checkIsPreInstructor() && userId == null) { + throw new CustomValidationException(Status.BAD_REQUEST, Translator.toLocale(GepafinConstant.USER_ID_NOT_NULL_MSG)); + } + if(userId != null) { + validator.validatePreInstructor(request, userId); + } + Specification spec = search(user.getHub().getId() ,userId); List assignedApplicationsEntityList = assignedApplicationsRepository.findAll(spec); return assignedApplicationsEntityList.stream() .map(entity -> convertEntityToResponse(entity)) .collect(Collectors.toList()); } - private Specification search(Long userId) { + private Specification search(Long hubId, Long userId) { return (root, query, builder) -> { Predicate predicate = builder.isFalse(root.get("isDeleted")); if (userId != null) { predicate = builder.and(predicate, builder.equal(root.get("userId"), userId)); } + predicate = builder.and(predicate, builder.equal(root.get("application").get("hubId"), userId)); return predicate; }; } - public AssignedApplicationsResponse updateAssignedApplication( - Long id, AssignedApplicationsRequest updateRequest, UserEntity updatedByUser) { - + public AssignedApplicationsResponse updateAssignedApplication(HttpServletRequest request, + Long id, AssignedApplicationsRequest updateRequest) { + UserEntity updatedByUser = validator.validateUser(request); log.info("Updating assigned application with ID: {}", id); AssignedApplicationsEntity existingAssignment = validateAssignedApplication(id); - + validator.validatePreInstructor(request, existingAssignment.getUserId()); setIfUpdated(existingAssignment::getNote, existingAssignment::setNote, updateRequest.getNote()); setIfUpdated(existingAssignment::getStatus, existingAssignment::setStatus, updateRequest.getStatus().name()); setIfUpdated(existingAssignment::getAssignedBy, existingAssignment::setAssignedBy, updatedByUser.getId()); @@ -181,9 +195,10 @@ public class AssignedApplicationsDao { return response; } - public AssignedApplicationsResponse getAssignedApplicationById(Long id) { + public AssignedApplicationsResponse getAssignedApplicationById(HttpServletRequest request, Long id) { log.info("Fetching assigned application with ID: {}", id); AssignedApplicationsEntity assignedApplication = validateAssignedApplication(id); + validator.validatePreInstructor(request, assignedApplication.getUserId()); AssignedApplicationsResponse response = convertEntityToResponse(assignedApplication); log.info("Assigned application fetched successfully: {}", response); return response; diff --git a/src/main/java/net/gepafin/tendermanagement/service/AssignedApplicationsService.java b/src/main/java/net/gepafin/tendermanagement/service/AssignedApplicationsService.java index 2e211916..166e9180 100644 --- a/src/main/java/net/gepafin/tendermanagement/service/AssignedApplicationsService.java +++ b/src/main/java/net/gepafin/tendermanagement/service/AssignedApplicationsService.java @@ -13,7 +13,7 @@ public interface AssignedApplicationsService { void deleteApplication(HttpServletRequest request, Long id); - List getAllAssignedApplications(Long userId); + List getAllAssignedApplications(HttpServletRequest request, Long userId); AssignedApplicationsResponse updateAssignedApplication(HttpServletRequest request, Long id, AssignedApplicationsRequest assignedApplicationsRequest); - AssignedApplicationsResponse getAssignedApplicationById(Long id); + AssignedApplicationsResponse getAssignedApplicationById(HttpServletRequest request, Long id); } diff --git a/src/main/java/net/gepafin/tendermanagement/service/impl/AssignedApplicationsServiceImpl.java b/src/main/java/net/gepafin/tendermanagement/service/impl/AssignedApplicationsServiceImpl.java index 00733f07..e0301dec 100644 --- a/src/main/java/net/gepafin/tendermanagement/service/impl/AssignedApplicationsServiceImpl.java +++ b/src/main/java/net/gepafin/tendermanagement/service/impl/AssignedApplicationsServiceImpl.java @@ -26,32 +26,32 @@ public class AssignedApplicationsServiceImpl implements AssignedApplicationsServ @Transactional(rollbackFor = Exception.class) public AssignedApplicationsResponse createAssignedApplications(HttpServletRequest request, Long applicationId, Long userId, AssignedApplicationsRequest assignedApplicationsRequest) { UserEntity assignedByUser= validator.validateUser(request); + validator.validatePreInstructor(request, userId); return assignedApplicationsDao.createAssignedApplications(applicationId,userId,assignedByUser, assignedApplicationsRequest); } @Override @Transactional(rollbackFor = Exception.class) public void deleteApplication(HttpServletRequest request, Long id) { - assignedApplicationsDao.deleteById(id); + assignedApplicationsDao.deleteById(request, id); } @Override @Transactional(readOnly = true) - public List getAllAssignedApplications(Long userId) { - return assignedApplicationsDao.getAllAssignedApplications(userId); + public List getAllAssignedApplications(HttpServletRequest request, Long userId) { + return assignedApplicationsDao.getAllAssignedApplications(request, userId); } @Override @Transactional(rollbackFor = Exception.class) - public AssignedApplicationsResponse updateAssignedApplication(HttpServletRequest request, Long id , AssignedApplicationsRequest updatedAssignedApplicationRequest) { - UserEntity updatedByUser= validator.validateUser(request); - return assignedApplicationsDao.updateAssignedApplication(id,updatedAssignedApplicationRequest,updatedByUser); + public AssignedApplicationsResponse updateAssignedApplication(HttpServletRequest request, Long id, AssignedApplicationsRequest updatedAssignedApplicationRequest) { + return assignedApplicationsDao.updateAssignedApplication(request, id, updatedAssignedApplicationRequest); } @Override @Transactional(readOnly = true) - public AssignedApplicationsResponse getAssignedApplicationById(Long id) { - return assignedApplicationsDao.getAssignedApplicationById(id); + public AssignedApplicationsResponse getAssignedApplicationById(HttpServletRequest request, Long id) { + return assignedApplicationsDao.getAssignedApplicationById(request, id); } } diff --git a/src/main/java/net/gepafin/tendermanagement/util/Validator.java b/src/main/java/net/gepafin/tendermanagement/util/Validator.java index ecf4b3ae..f4f2e2bd 100644 --- a/src/main/java/net/gepafin/tendermanagement/util/Validator.java +++ b/src/main/java/net/gepafin/tendermanagement/util/Validator.java @@ -64,6 +64,20 @@ public class Validator { } return false; } + + public Boolean checkIsPreInstructor() { + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + + if (authentication != null && authentication.isAuthenticated()) { + // Check if the user has the ROLE_SUPER_ADMIN authority + for (GrantedAuthority authority : authentication.getAuthorities()) { + if (RoleStatusEnum.ROLE_PRE_INSTRUCTOR.getValue().equals(authority.getAuthority())) { + return true; + } + } + } + return false; + } public void validateRequest(HttpServletRequest request,RoleStatusEnum role) { if (RoleStatusEnum.ROLE_SUPER_ADMIN.equals(role) && Boolean.FALSE.equals(checkIsSuperAdmin())) { @@ -138,5 +152,20 @@ public class Validator { String[] activeProfiles = environment.getActiveProfiles(); return Arrays.stream(activeProfiles).anyMatch("production"::equals); } + + public UserEntity validatePreInstructor(HttpServletRequest request, Long preInstructorUserId) { + UserEntity preInstructorUser = userService.validateUser(preInstructorUserId); + if (checkIsSuperAdmin()) { + if (preInstructorUserId != null) { + validateHubId(request, preInstructorUser.getHub().getId()); + } + return preInstructorUser; + } else if (checkIsPreInstructor()) { + return validateUserId(request, preInstructorUserId); + } else { + throw new ForbiddenAccessException(Status.FORBIDDEN, + Translator.toLocale(GepafinConstant.PERMISSION_DENIED)); + } + } } diff --git a/src/main/java/net/gepafin/tendermanagement/web/rest/api/AssignedApplicationsApi.java b/src/main/java/net/gepafin/tendermanagement/web/rest/api/AssignedApplicationsApi.java index dfbbfc37..1cfbb5c9 100644 --- a/src/main/java/net/gepafin/tendermanagement/web/rest/api/AssignedApplicationsApi.java +++ b/src/main/java/net/gepafin/tendermanagement/web/rest/api/AssignedApplicationsApi.java @@ -6,9 +6,7 @@ import io.swagger.v3.oas.annotations.media.ExampleObject; import io.swagger.v3.oas.annotations.responses.ApiResponse; import jakarta.servlet.http.HttpServletRequest; import jakarta.validation.Valid; -import net.gepafin.tendermanagement.enums.AssignedApplicationEnum; import net.gepafin.tendermanagement.model.request.AssignedApplicationsRequest; -import net.gepafin.tendermanagement.model.response.ApplicationGetResponseBean; import net.gepafin.tendermanagement.model.response.AssignedApplicationsResponse; import net.gepafin.tendermanagement.model.util.Response; import net.gepafin.tendermanagement.web.rest.api.errors.ErrorConstants; @@ -66,7 +64,8 @@ public interface AssignedApplicationsApi { @ApiResponse(responseCode = "400", description = "Bad Request", content = @Content(mediaType = MediaType.APPLICATION_JSON_VALUE, examples = { @ExampleObject(value = ErrorConstants.BADREQUEST_ERROR_EXAMPLE) })) }) @GetMapping(value = "", produces = "application/json") - ResponseEntity>> getAllAssignedApplications(@Parameter(description = "The User ID", required = false) @RequestParam(value = "userId",required = false) Long userId); + ResponseEntity>> getAllAssignedApplications(HttpServletRequest request, + @Parameter(description = "The User ID", required = false) @RequestParam(value = "userId",required = false) Long userId); @Operation(summary = "Api to update assigned application", responses = { @@ -94,7 +93,9 @@ public interface AssignedApplicationsApi { @ApiResponse(responseCode = "400", description = "Bad Request", content = @Content(mediaType = MediaType.APPLICATION_JSON_VALUE, examples = { @ExampleObject(value = ErrorConstants.BADREQUEST_ERROR_EXAMPLE) })) }) @GetMapping(value = "/{id}", produces = "application/json") - ResponseEntity> getAssignedApplicationById(@Parameter(description = "The assigned application id", required = true) @PathVariable(value = "id", required = true) Long id); + ResponseEntity> getAssignedApplicationById(HttpServletRequest request, + @Parameter(description = "The assigned application id", required = true) @PathVariable(value = "id", required = true) Long id); + diff --git a/src/main/java/net/gepafin/tendermanagement/web/rest/api/impl/AssignedApplicationsController.java b/src/main/java/net/gepafin/tendermanagement/web/rest/api/impl/AssignedApplicationsController.java index 9c4f0ad4..90f989de 100644 --- a/src/main/java/net/gepafin/tendermanagement/web/rest/api/impl/AssignedApplicationsController.java +++ b/src/main/java/net/gepafin/tendermanagement/web/rest/api/impl/AssignedApplicationsController.java @@ -43,9 +43,9 @@ public class AssignedApplicationsController implements AssignedApplicationsApi { } @Override - public ResponseEntity>> getAllAssignedApplications(Long userId) { + public ResponseEntity>> getAllAssignedApplications(HttpServletRequest request, Long userId) { log.info("Get All Assigned Applications"); - List applications = assignedApplicationsService.getAllAssignedApplications(userId); + List applications = assignedApplicationsService.getAllAssignedApplications(request, userId); return ResponseEntity.status(HttpStatus.OK) .body(new Response<>(applications, Status.SUCCESS, Translator.toLocale(GepafinConstant.GET_ASSIGNED_APPLICATION_SUCCESS_MSG))); } @@ -59,9 +59,9 @@ public class AssignedApplicationsController implements AssignedApplicationsApi { } @Override - public ResponseEntity> getAssignedApplicationById(Long id) { + public ResponseEntity> getAssignedApplicationById(HttpServletRequest request, Long id) { log.info("Get Assigned Applications By Id"); - AssignedApplicationsResponse application = assignedApplicationsService.getAssignedApplicationById(id); + AssignedApplicationsResponse application = assignedApplicationsService.getAssignedApplicationById(request, id); return ResponseEntity.status(HttpStatus.OK) .body(new Response<>(application, Status.SUCCESS, Translator.toLocale(GepafinConstant.GET_ASSIGNED_APPLICATION_SUCCESS_MSG))); }