Skip to content

Commit

Permalink
[#33] Add updateUserInstitution in OidcUserController
Browse files Browse the repository at this point in the history
  • Loading branch information
kostobog committed Dec 13, 2023
1 parent 6b3511f commit e16bea5
Showing 1 changed file with 37 additions and 5 deletions.
42 changes: 37 additions & 5 deletions src/main/java/cz/cvut/kbss/study/rest/OidcUserController.java
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,21 @@
import cz.cvut.kbss.study.exception.NotFoundException;
import cz.cvut.kbss.study.model.Institution;
import cz.cvut.kbss.study.model.User;
import cz.cvut.kbss.study.rest.exception.BadRequestException;
import cz.cvut.kbss.study.security.SecurityConstants;
import cz.cvut.kbss.study.service.InstitutionService;
import cz.cvut.kbss.study.service.UserService;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.*;

import java.net.URI;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;

/**
* API for getting basic user info.
Expand Down Expand Up @@ -61,6 +63,36 @@ public List<User> getUsers(@RequestParam(value = "institution", required = false
return institutionKey != null ? getByInstitution(institutionKey) : userService.findAll();
}

@PreAuthorize("hasRole('" + SecurityConstants.ROLE_ADMIN + "') or #username == authentication.name")
@PutMapping(value = "/{username}", consumes = MediaType.APPLICATION_JSON_VALUE)
@ResponseStatus(HttpStatus.NO_CONTENT)
public void updateUserInstitution(@PathVariable("username") String username, @RequestBody User user,
@RequestParam(value = "email", defaultValue = "true") boolean sendEmail) {
if (!username.equals(user.getUsername())) {
throw new BadRequestException("The passed user's username is different from the specified one.");
}
final User original = getByUsername(username);

assert original != null;

// validate institution update is valid
List<URI> institutionURIs = Arrays.asList(user.getInstitution(), original.getInstitution())
.stream().map(i -> i != null ? i.getUri() : null).collect(Collectors.toList());
if (Objects.equals(institutionURIs.get(0), institutionURIs.get(1))){
LOG.warn("Ignoring attempt to add user {} to institution {} because it is already in institution {}.", user, institutionURIs.get(0), institutionURIs.get(1));
return;
}

// make sure only institution is updated
Institution newInstitution = user.getInstitution();
user = original.copy();
user.setInstitution(newInstitution);
userService.update(user, sendEmail, "profileUpdate");
if (LOG.isTraceEnabled()) {
LOG.trace("Added user {} to institution {} successfully.", user, user.getInstitution());
}
}

private List<User> getByInstitution(String institutionKey) {
assert institutionKey != null;
final Institution institution = institutionService.findByKey(institutionKey);
Expand Down

0 comments on commit e16bea5

Please sign in to comment.