login route and professor preAuthorize

ailtonbsj · Sep 4, 2022 · 3e1ae05 · 3e1ae05
1 parent 96d34b1
commit 3e1ae05
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 2 deletions.
diff --git a/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/ProfessorController.java b/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/ProfessorController.java
@@ -6,6 +6,7 @@
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -30,17 +31,20 @@ public class ProfessorController {
     @Autowired
     private ProfessorRepository rep;
 
+    @PreAuthorize("hasRole('editor')")
     @PostMapping
     public Long save(@RequestBody Professor professor) {
         return rep.save(professor).getId();
     }
 
+    @PreAuthorize("hasRole('viewer')")
     @GetMapping("{id}")
     public Professor findById(@PathVariable Long id) {
         return rep.findById(id).orElseThrow(
                 () -> new ResponseStatusException(HttpStatus.NOT_FOUND));
     }
 
+    @PreAuthorize("hasRole('viewer')")
     @GetMapping
     public Iterable<Professor> index(@RequestParam Optional<String> q) {
         if (q.isEmpty())
@@ -49,6 +53,7 @@ public Iterable<Professor> index(@RequestParam Optional<String> q) {
             return rep.findByNomeContainingIgnoreCase(q.get());
     }
 
+    @PreAuthorize("hasRole('editor')")
     @PatchMapping
     public Long update(@RequestBody Professor professor) {
         Professor ent = rep.findById(professor.getId()).orElseThrow(
@@ -59,6 +64,7 @@ public Long update(@RequestBody Professor professor) {
         return rep.save(ent).getId();
     }
 
+    @PreAuthorize("hasRole('admin')")
     @DeleteMapping("{id}")
     public void deleteById(@PathVariable Long id) {
         rep.deleteById(id);

diff --git a/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/UserController.java b/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/UserController.java
@@ -1,6 +1,7 @@
 package ailtonbsj.sauteweb.sauteapi.controllers;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -13,13 +14,19 @@
 
 @RestController
 @RequestMapping("/api/users")
+@CrossOrigin("http://localhost:4200")
 public class UserController {
     @Autowired
     UserService userService;
 
     @Autowired
     RoleService roleService;
 
+    @PostMapping("/login")
+    public User login(@RequestBody User user) {
+        return userService.doLogin(user);
+    }
+
     @PostMapping("/create")
     public User create(@RequestBody User user) {
         return userService.createUser(user);

diff --git a/src/main/java/ailtonbsj/sauteweb/sauteapi/entities/Endereco.java b/src/main/java/ailtonbsj/sauteweb/sauteapi/entities/Endereco.java
@@ -9,7 +9,7 @@
 @Getter
 @Setter
 public class Endereco {
-    @Column(nullable = false)
+    @Column(nullable = true)
     String cep;
 
     @Column(nullable = false)

diff --git a/src/main/java/ailtonbsj/sauteweb/sauteapi/services/UserService.java b/src/main/java/ailtonbsj/sauteweb/sauteapi/services/UserService.java
@@ -1,8 +1,10 @@
 package ailtonbsj.sauteweb.sauteapi.services;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
+import org.springframework.web.server.ResponseStatusException;
 
 import ailtonbsj.sauteweb.sauteapi.entities.User;
 import ailtonbsj.sauteweb.sauteapi.repositories.UserRepository;
@@ -19,8 +21,19 @@ private BCryptPasswordEncoder passEncoder() {
 
     public User createUser(User user) {
         User existUser = userRepository.findByUsername(user.getUsername());
-        if(existUser != null) throw new Error("User already exists!");
+        if (existUser != null)
+            throw new Error("User already exists.");
         user.setPassword(passEncoder().encode(user.getPassword()));
         return userRepository.save(user);
     }
+
+    public User doLogin(User user) {
+        User existUser = userRepository.findByUsername(user.getUsername());
+        if (existUser == null)
+            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED);
+        if (passEncoder().matches(user.getPassword(), existUser.getPassword()))
+            return existUser;
+        else
+            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED);
+    }
 }