From df2a0f98780819d81797933f19fd0eaac33638b6 Mon Sep 17 00:00:00 2001 From: Guhapriya01 Date: Mon, 14 Oct 2024 18:37:33 +0530 Subject: [PATCH] feat: refactor security checks in BorrowingController, include username in MembersDto, and refactor MemberService for username integration --- .../borrowing/BorrowingController.java | 3 ++- .../com/libraryman_api/member/MemberService.java | 14 +++++++------- .../com/libraryman_api/member/MembersDto.java | 15 +++++++++++++-- .../resources/application-production.properties | 2 +- 4 files changed, 23 insertions(+), 11 deletions(-) diff --git a/src/main/java/com/libraryman_api/borrowing/BorrowingController.java b/src/main/java/com/libraryman_api/borrowing/BorrowingController.java index aae9d5b..2c36af8 100644 --- a/src/main/java/com/libraryman_api/borrowing/BorrowingController.java +++ b/src/main/java/com/libraryman_api/borrowing/BorrowingController.java @@ -67,6 +67,7 @@ public Page getAllBorrowings(@PageableDefault(page=0, size=5, sor * @return the saved {@link Borrowings} object representing the borrowing record. */ @PostMapping + @PreAuthorize("hasRole('LIBRARIAN') or hasRole('ADMIN') or (hasRole('USER') and #borrowingsDto.member.memberId == authentication.principal.memberId)") public BorrowingsDto borrowBook(@RequestBody BorrowingsDto borrowingsDto) { return borrowingService.borrowBook(borrowingsDto); } @@ -104,7 +105,7 @@ public String payFine(@PathVariable int id) { * The results are sorted by borrow date by default and limited to 5 members per page. */ @GetMapping("member/{memberId}") - @PreAuthorize("hasRole('LIBRARIAN') or hasRole('ADMIN')") + @PreAuthorize("hasRole('LIBRARIAN') or hasRole('ADMIN') or (hasRole('USER') and #memberId == authentication.principal.memberId)") public Page getAllBorrowingsOfAMember(@PathVariable int memberId, @PageableDefault(page=0, size=5, sort="borrowDate") Pageable pageable, @RequestParam(required = false) String sortBy, diff --git a/src/main/java/com/libraryman_api/member/MemberService.java b/src/main/java/com/libraryman_api/member/MemberService.java index 50262b8..2554db5 100644 --- a/src/main/java/com/libraryman_api/member/MemberService.java +++ b/src/main/java/com/libraryman_api/member/MemberService.java @@ -113,6 +113,7 @@ public MembersDto updateMember(int memberId, MembersDto membersDtoDetails) { Members member = memberRepository.findById(memberId) .orElseThrow(() -> new ResourceNotFoundException("Member not found")); member.setName(membersDtoDetails.getName()); + member.setUsername(membersDtoDetails.getUsername()); member.setEmail(membersDtoDetails.getEmail()); member.setPassword(membersDtoDetails.getPassword()); member.setRole(membersDtoDetails.getRole()); @@ -133,7 +134,6 @@ public MembersDto updateMember(int memberId, MembersDto membersDtoDetails) { * @param memberId the ID of the member to delete * @throws ResourceNotFoundException if the member is not found */ - @CacheEvict(value = "members", key = "#memberId") public void deleteMember(int memberId) { Members member = memberRepository.findById(memberId) @@ -145,45 +145,45 @@ public void deleteMember(int memberId) { notificationService.accountDeletionNotification(member); memberRepository.delete(member); } + /** * Converts a MembersDto object to a Members entity. * *

This method takes a MembersDto object and transforms it into a Members entity * to be used in database operations. It maps all relevant member details from - * the DTO, including member ID, role, name, email, password, and membership date.

+ * the DTO, including member ID, role, name, username, email, password, and membership date.

* * @param membersDto the DTO object containing member information * @return a Members entity with data populated from the DTO */ - - public Members DtoEntity(MembersDto membersDto){ Members members= new Members(); members.setMemberId(membersDto.getMemberId()); members.setRole(membersDto.getRole()); members.setName(membersDto.getName()); + members.setUsername(membersDto.getUsername()); members.setEmail(membersDto.getEmail()); members.setPassword(membersDto.getPassword()); members.setMembershipDate(membersDto.getMembershipDate()); return members; } + /** * Converts a Members entity to a MembersDto object. * *

This method takes a Members entity object and converts it into a MembersDto * object to be used for data transfer between layers. It maps all necessary - * member details, including member ID, name, role, email, password, and membership + * member details, including member ID, name, username, role, email, password, and membership * date, from the entity to the DTO.

* * @param members the entity object containing member information * @return a MembersDto object with data populated from the entity */ - - public MembersDto EntityToDto(Members members){ MembersDto membersDto= new MembersDto(); membersDto.setMemberId(members.getMemberId()); membersDto.setName(members.getName()); + membersDto.setUsername(members.getUsername()); membersDto.setRole(members.getRole()); membersDto.setEmail(members.getEmail()); membersDto.setPassword(members.getPassword()); diff --git a/src/main/java/com/libraryman_api/member/MembersDto.java b/src/main/java/com/libraryman_api/member/MembersDto.java index d4f67fe..93a7c73 100644 --- a/src/main/java/com/libraryman_api/member/MembersDto.java +++ b/src/main/java/com/libraryman_api/member/MembersDto.java @@ -4,10 +4,11 @@ public class MembersDto { - private int memberId; private String name; + + private String username; private String email; @@ -19,9 +20,10 @@ public class MembersDto { private Date membershipDate; - public MembersDto(int memberId, String name, String email, String password, Role role, Date membershipDate) { + public MembersDto(int memberId, String name, String username, String email, String password, Role role, Date membershipDate) { this.memberId = memberId; this.name = name; + this.username = username; this.email = email; this.password = password; this.role = role; @@ -42,10 +44,18 @@ public void setMemberId(int memberId) { public String getName() { return name; } + + public String getUsername() { + return username; + } public void setName(String name) { this.name = name; } + + public void setUsername(String username) { + this.username = username; + } public String getEmail() { return email; @@ -84,6 +94,7 @@ public String toString() { return "MembersDto{" + "memberId=" + memberId + ", name='" + name + '\'' + + ", username='" + username + '\'' + ", email='" + email + '\'' + ", password='" + password + '\'' + ", role=" + role + diff --git a/src/main/resources/application-production.properties b/src/main/resources/application-production.properties index 871f3b5..3e13ee0 100644 --- a/src/main/resources/application-production.properties +++ b/src/main/resources/application-production.properties @@ -19,4 +19,4 @@ spring.mail.properties.domain_name=${MAIL_SERVICE_DOMAIN_NAME} spring.security.oauth2.client.registration.google.client-name=google spring.security.oauth2.client.registration.google.client-id=${YOUR_CLIENT_ID} spring.security.oauth2.client.registration.google.client-secret=${YOUR_SECRET_KEY} -spring.security.oauth2.client.registration.google.scope=email,profile +spring.security.oauth2.client.registration.google.scope=email,profile \ No newline at end of file