-
Notifications
You must be signed in to change notification settings - Fork 10
/
CompanyController.java
executable file
·128 lines (114 loc) · 6.24 KB
/
CompanyController.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
package com.github.springboot.controller;
import java.net.URI;
import javax.validation.Valid;
import com.github.springboot.config.SpringSecurityAuditorAware;
import com.github.springboot.dto.CompanyDto;
import com.github.springboot.service.CompanyService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;
import springfox.documentation.annotations.ApiIgnore;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.server.ResponseStatusException;
/**
* Rest API for companies.
*/
@Slf4j
@RestController
@Api(value = "companies", description = "Methods for managing companies")
@RequestMapping("/api/companies")
@AllArgsConstructor
public class CompanyController {
private final CompanyService companyService;
private final SpringSecurityAuditorAware springSecurityAuditorAware;
@ApiOperation(value = "Api for return list of companies")
@GetMapping(produces = MediaType.TEXT_EVENT_STREAM_VALUE)
@PreAuthorize("hasAnyRole('ADMIN', 'COMPANY_READ', 'COMPANY_SAVE', 'COMPANY_DELETE', 'COMPANY_CREATE')")
public Flux<CompanyDto> findAll(@ApiIgnore @AuthenticationPrincipal Authentication authentication,
@RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize) {
log.debug("Hello({}) is authenticated? ({})", authentication.getName(), authentication.isAuthenticated());
if (hasRoleAdmin(authentication)) {
return companyService.findAllActiveCompanies(pageSize);
} else {
return companyService.findActiveCompaniesByUser(authentication.getName(), pageSize);
}
}
@ApiOperation(value = "Api for return a company by id")
@GetMapping(value = "/{id}", produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasAnyRole('ADMIN', 'COMPANY_READ', 'COMPANY_SAVE')")
public Mono<CompanyDto> findById(@ApiParam(required = true) @PathVariable String id,
@ApiIgnore @AuthenticationPrincipal Authentication authentication) {
log.debug("Hello({}) is authenticated? ({})", authentication.getName(), authentication.isAuthenticated());
return companyService.findById(id)
.flatMap(p -> {
if (hasRoleAdmin(authentication) || p.getCreatedByUser().equals(authentication.getName())) {
return Mono.just(p);
} else {
return Mono.error(new ResponseStatusException(HttpStatus.FORBIDDEN, String.format("User(%s) does not have access to this resource", authentication.getName())));
}
})
.switchIfEmpty(responseNotFound());
}
@ApiOperation(value = "Api for creating a company")
@PostMapping(produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasAnyRole('ADMIN', 'COMPANY_CREATE')")
public Mono<ResponseEntity<CompanyDto>> create(@RequestBody @ApiParam(required = true) @Valid CompanyDto companyDto,
@ApiIgnore @AuthenticationPrincipal Authentication authentication) {
springSecurityAuditorAware.setCurrentAuthenticatedUser(authentication);
return companyService.save(companyDto)
.map(p -> ResponseEntity.created(URI.create(String.format("/api/companies/%s", p.getId())))
.body(p));
}
@ApiOperation(value = "Api for updating a company")
@PutMapping(value = "/{id}", produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasAnyRole('ADMIN', 'COMPANY_SAVE')")
public Mono<CompanyDto> update(@RequestBody @ApiParam(required = true) @Valid CompanyDto companyDto,
@PathVariable @ApiParam(required = true) String id,
@ApiIgnore @AuthenticationPrincipal Authentication authentication) {
springSecurityAuditorAware.setCurrentAuthenticatedUser(authentication);
companyDto.setId(id);
return companyService.findById(id)
.switchIfEmpty(responseNotFound())
.flatMap(p -> companyService.save(companyDto));
}
@ApiOperation(value = "Api for deleting a company")
@DeleteMapping("/{id}")
@PreAuthorize("hasAnyRole('ADMIN', 'COMPANY_DELETE')")
public Mono<Void> delete(@PathVariable @ApiParam(required = true) String id,
@ApiIgnore @AuthenticationPrincipal Authentication authentication) {
return companyService.findById(id)
.switchIfEmpty(responseNotFound())
.flatMap(u -> {
if (hasRoleAdmin(authentication) || u.getCreatedByUser().equals(authentication.getName())) {
return companyService.deleteById(id);
} else {
return Mono.error(new ResponseStatusException(HttpStatus.FORBIDDEN, String.format("User(%s) does not have access to delete this resource", authentication.getName())));
}
});
}
private boolean hasRoleAdmin(Authentication authentication) {
return authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).anyMatch(a -> a.equals("ROLE_ADMIN"));
}
private Mono<CompanyDto> responseNotFound() {
return Mono.error(new ResponseStatusException(HttpStatus.NOT_FOUND));
}
}