feat: refactor security checks in BorrowingController, include userna…

…me in MembersDto, and refactor MemberService for username integration

src/main/java/com/libraryman_api/borrowing/BorrowingController.java

@@ -67,6 +67,7 @@ public Page<BorrowingsDto> getAllBorrowings(@PageableDefault(page=0, size=5, sor
      * @return the saved {@link Borrowings} object representing the borrowing record.
      */
     @PostMapping
+    @PreAuthorize("hasRole('LIBRARIAN') or hasRole('ADMIN') or (hasRole('USER') and #borrowingsDto.member.memberId == authentication.principal.memberId)")
     public BorrowingsDto borrowBook(@RequestBody BorrowingsDto borrowingsDto) {
         return borrowingService.borrowBook(borrowingsDto);
     }
@@ -104,7 +105,7 @@ public String payFine(@PathVariable int id) {
      *         The results are sorted by borrow date by default and limited to 5 members per page.
      */
     @GetMapping("member/{memberId}")
-    @PreAuthorize("hasRole('LIBRARIAN') or hasRole('ADMIN')")
+    @PreAuthorize("hasRole('LIBRARIAN') or hasRole('ADMIN') or (hasRole('USER') and #memberId == authentication.principal.memberId)")
     public Page<BorrowingsDto> getAllBorrowingsOfAMember(@PathVariable int memberId,
     													@PageableDefault(page=0, size=5, sort="borrowDate") Pageable pageable,
     													@RequestParam(required = false) String sortBy,

src/main/java/com/libraryman_api/member/MemberService.java

@@ -113,6 +113,7 @@ public MembersDto updateMember(int memberId, MembersDto membersDtoDetails) {
         Members member = memberRepository.findById(memberId)
                 .orElseThrow(() -> new ResourceNotFoundException("Member not found"));
         member.setName(membersDtoDetails.getName());
+        member.setUsername(membersDtoDetails.getUsername());
         member.setEmail(membersDtoDetails.getEmail());
         member.setPassword(membersDtoDetails.getPassword());
         member.setRole(membersDtoDetails.getRole());
@@ -133,7 +134,6 @@ public MembersDto updateMember(int memberId, MembersDto membersDtoDetails) {
      * @param memberId the ID of the member to delete
      * @throws ResourceNotFoundException if the member is not found
      */
-
     @CacheEvict(value = "members", key = "#memberId")
     public void deleteMember(int memberId) {
         Members member = memberRepository.findById(memberId)
@@ -145,45 +145,45 @@ public void deleteMember(int memberId) {
         notificationService.accountDeletionNotification(member);
         memberRepository.delete(member);
     }
+
     /**
      * Converts a MembersDto object to a Members entity.
      *
      * <p>This method takes a MembersDto object and transforms it into a Members entity
      * to be used in database operations. It maps all relevant member details from
-     * the DTO, including member ID, role, name, email, password, and membership date.</p>
+     * the DTO, including member ID, role, name, username, email, password, and membership date.</p>
      *
      * @param membersDto the DTO object containing member information
      * @return a Members entity with data populated from the DTO
      */
-
-
     public Members DtoEntity(MembersDto membersDto){
         Members members= new Members();
         members.setMemberId(membersDto.getMemberId());
         members.setRole(membersDto.getRole());
         members.setName(membersDto.getName());
+        members.setUsername(membersDto.getUsername());
         members.setEmail(membersDto.getEmail());
         members.setPassword(membersDto.getPassword());
         members.setMembershipDate(membersDto.getMembershipDate());
         return members;
     }
+
     /**
      * Converts a Members entity to a MembersDto object.
      *
      * <p>This method takes a Members entity object and converts it into a MembersDto
      * object to be used for data transfer between layers. It maps all necessary
-     * member details, including member ID, name, role, email, password, and membership
+     * member details, including member ID, name, username, role, email, password, and membership
      * date, from the entity to the DTO.</p>
      *
      * @param members the entity object containing member information
      * @return a MembersDto object with data populated from the entity
      */
-
-
     public MembersDto EntityToDto(Members members){
         MembersDto  membersDto= new MembersDto();
         membersDto.setMemberId(members.getMemberId());
         membersDto.setName(members.getName());
+        membersDto.setUsername(members.getUsername());
         membersDto.setRole(members.getRole());
         membersDto.setEmail(members.getEmail());
         membersDto.setPassword(members.getPassword());

src/main/java/com/libraryman_api/member/MembersDto.java

@@ -4,10 +4,11 @@
 
 public class MembersDto {
 
-
     private int memberId;
 
     private String name;
+
+    private String username;
 
     private String email;
 
@@ -19,9 +20,10 @@ public class MembersDto {
 
     private Date membershipDate;
 
-    public MembersDto(int memberId, String name, String email, String password, Role role, Date membershipDate) {
+    public MembersDto(int memberId, String name, String username, String email, String password, Role role, Date membershipDate) {
         this.memberId = memberId;
         this.name = name;
+        this.username = username;
         this.email = email;
         this.password = password;
         this.role = role;
@@ -42,10 +44,18 @@ public void setMemberId(int memberId) {
     public String getName() {
         return name;
     }
+
+    public String getUsername() {
+        return username;
+    }
 
     public void setName(String name) {
         this.name = name;
     }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
 
     public String getEmail() {
         return email;
@@ -84,6 +94,7 @@ public String toString() {
         return "MembersDto{" +
                 "memberId=" + memberId +
                 ", name='" + name + '\'' +
+                ", username='" + username + '\'' +
                 ", email='" + email + '\'' +
                 ", password='" + password + '\'' +
                 ", role=" + role +

src/main/resources/application-production.properties

@@ -19,4 +19,4 @@ spring.mail.properties.domain_name=${MAIL_SERVICE_DOMAIN_NAME}
 spring.security.oauth2.client.registration.google.client-name=google
 spring.security.oauth2.client.registration.google.client-id=${YOUR_CLIENT_ID}
 spring.security.oauth2.client.registration.google.client-secret=${YOUR_SECRET_KEY}
-spring.security.oauth2.client.registration.google.scope=email,profile
+spring.security.oauth2.client.registration.google.scope=email,profile