Added endpoints depending on roles (Admin can ban, banned cannot vote)

b0cbdcd7 · Viacheslev Kabanovich · f83508ef · b0cbdcd7 · b0cbdcd7 · b0cbdcd7
Commit b0cbdcd7 authored Sep 24, 2020 by Viacheslev Kabanovich
6 changed files
--- a/src/main/java/com/microsocialnetwork/users/config/BatchConfig.java
+++ b/src/main/java/com/microsocialnetwork/users/config/BatchConfig.java
@@ -42,14 +42,9 @@ public class BatchConfig {
 	@Autowired
 	private AdminVoteService adminVoteService;
 	
-	@Bean
-	ResourcelessTransactionManager transactionManager1() {
-		return new ResourcelessTransactionManager();
-	}
-
 	@Bean
 	JobRepository jobRepository1() throws Exception {
-		MapJobRepositoryFactoryBean factory = new MapJobRepositoryFactoryBean(transactionManager1());
+		MapJobRepositoryFactoryBean factory = new MapJobRepositoryFactoryBean(new ResourcelessTransactionManager());
 		return factory.getObject();
 	}


--- a/src/main/java/com/microsocialnetwork/users/controller/FriendsController.java
+++ b/src/main/java/com/microsocialnetwork/users/controller/FriendsController.java
@@ -8,6 +8,7 @@ import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -23,32 +24,32 @@ public class FriendsController {
 	@Autowired
 	private FriendsService friendsService;
 	
-	@PostMapping(value = "/request", headers = "Authorization")
-	public ResponseEntity<String> request(@RequestParam String friendname, 
+	@PostMapping(value = "/request/{friendname}", headers = "Authorization")
+	public ResponseEntity<String> request(@PathVariable String friendname, 
 			@AuthenticationPrincipal UserDetails signedUser) {
 		return friendsService.request(friendname, signedUser);
 	}

-	@PostMapping(value = "/reject", headers = "Authorization")
-	public ResponseEntity<String> reject(@RequestParam String friendname, 
+	@PostMapping(value = "/reject/{friendname}", headers = "Authorization")
+	public ResponseEntity<String> reject(@PathVariable String friendname, 
 			@AuthenticationPrincipal UserDetails signedUser) {
 		return friendsService.reject(friendname, signedUser);
 	}

-	@PostMapping(value = "/accept", headers = "Authorization")
-	public ResponseEntity<String> accept(@RequestParam String friendname, 
+	@PostMapping(value = "/accept/{friendname}", headers = "Authorization")
+	public ResponseEntity<String> accept(@PathVariable String friendname, 
 			@AuthenticationPrincipal UserDetails signedUser) {
 		return friendsService.accept(friendname, signedUser);
 	}

-	@PostMapping(value = "/makeBest", headers = "Authorization")
-	public ResponseEntity<String> makeBest(@RequestParam String friendname, 
+	@PostMapping(value = "/{friendname}/makeBest", headers = "Authorization")
+	public ResponseEntity<String> makeBest(@PathVariable String friendname, 
 			@AuthenticationPrincipal UserDetails signedUser) {
 		return friendsService.makeBest(friendname, signedUser);
 	}

-	@PostMapping(value = "/undoBest", headers = "Authorization")
-	public ResponseEntity<String> undoBest(@RequestParam String friendname, 
+	@PostMapping(value = "/{friendname}/undoBest", headers = "Authorization")
+	public ResponseEntity<String> undoBest(@PathVariable String friendname, 
 			@AuthenticationPrincipal UserDetails signedUser) {
 		return friendsService.undoBest(friendname, signedUser);
 	}

--- a/src/main/java/com/microsocialnetwork/users/controller/UserController.java
+++ b/src/main/java/com/microsocialnetwork/users/controller/UserController.java
 package com.microsocialnetwork.users.controller;

+import java.util.Calendar;
+import java.util.Date;
 import java.util.List;
 import java.util.Locale;
 import java.util.stream.Collectors;
@@ -10,12 +12,14 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.support.DelegatingMessageSource;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.validation.BindingResult;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -56,20 +60,25 @@ public class UserController {
 			return ResponseEntity.status(HttpStatus.FORBIDDEN).body(message);
 		}
 		User user = new User(request.getUsername(),	request.getEmail(),
-				bCryptPasswordEncoder.encode(request.getPassword()));
+				bCryptPasswordEncoder.encode(request.getPassword()), new Date());
 		userRepository.save(user);
 		return new ResponseEntity<>("Signed up as " + request.getUsername(), HttpStatus.OK);
 	}

 	@GetMapping(headers = {"Authorization"})
-//	@ApiOperation(value = "", authorizations = { @Authorization(value="jwtToken") })
 	public Iterable<User> getUsers() {
 		return userRepository.findAll();
 	}

-	@PostMapping(value = "/adminvote", headers = "Authorization")
-	public ResponseEntity<String> request(@RequestParam String adminname, 
+	/**
+	 * User can vote for admin. A job periodically grants the admin authority to the user who got most votes.
+	 * However, a banned user cannot vote until his ban is expired. 
+	 */
+	@PostMapping(value = "/adminvote/{adminname}", headers = "Authorization")
+	@PreAuthorize("!hasAuthority('BANNED')")
+	public ResponseEntity<String> request(@PathVariable String adminname, 
 			@AuthenticationPrincipal UserDetails signedUser) {
+		System.out.println(signedUser.getAuthorities());
 		return adminVoteService.vote(adminname, signedUser);
 	}

@@ -78,4 +87,14 @@ public class UserController {
 		return ResponseEntity.status(HttpStatus.OK).body(userService.getAdmins());
 	}

+	/**
+	 * Admin can ban a user for a given time in minutes.
+	 */
+	@PostMapping(value = "/ban/{username}", headers = "Authorization")
+	@PreAuthorize("hasAuthority('ADMIN')")
+	public ResponseEntity<String> ban(@PathVariable String username, 
+			@RequestParam(defaultValue = "1440") int minutes) {
+		return userService.ban(username, minutes);
+	}
+
 } 
--- a/src/main/java/com/microsocialnetwork/users/model/User.java
+++ b/src/main/java/com/microsocialnetwork/users/model/User.java
 package com.microsocialnetwork.users.model;

 import java.util.ArrayList;
+import java.util.Date;
 import java.util.List;
 import java.util.stream.Collectors;

@@ -14,6 +15,8 @@ import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.OneToMany;
 import javax.persistence.OneToOne;
+import javax.persistence.Temporal;
+import javax.persistence.TemporalType;

 @Entity
 public class User {
@@ -29,10 +32,16 @@ public class User {

 	@Column(unique = true)
 	private String email;
+	
+	@Temporal(TemporalType.TIMESTAMP)
+	private Date since; 

 	@Enumerated
 	private UserRoleEnum role;

+	@Temporal(TemporalType.TIMESTAMP)
+	private Date bannedUntil; 
+	
 	@OneToMany(mappedBy = "user", cascade = CascadeType.ALL, fetch = FetchType.LAZY, orphanRemoval = true)
 	private List<FriendLink> friendshipList;

@@ -45,11 +54,12 @@ public class User {
 	public User() {
 	}

-	public User(String username, String email, String password) {
+	public User(String username, String email, String password, Date userSince) {
 		this.username = username;
 		this.email = email;
 		this.password = password;
 		this.role = UserRoleEnum.USER;
+		this.since = userSince;
 	}

 	public Long getId() {
@@ -92,6 +102,18 @@ public class User {
 		this.role = role;
 	}

+	public Date getSince() {
+		return since;
+	}
+
+	public Date getBannedUntil() {
+		return bannedUntil;
+	}
+
+	public void setBannedUntil(Date bannedUntil) {
+		this.bannedUntil = bannedUntil;
+	}
+
 	public List<FriendLink> getFriendshipList() {
 		return friendshipList;
 	}

--- a/src/main/java/com/microsocialnetwork/users/security/CustomWebSecurity.java
+++ b/src/main/java/com/microsocialnetwork/users/security/CustomWebSecurity.java
@@ -3,6 +3,7 @@ package com.microsocialnetwork.users.security;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -15,6 +16,7 @@ import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

 @EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true) 
 public class CustomWebSecurity extends WebSecurityConfigurerAdapter {

 	@Autowired

--- a/src/main/java/com/microsocialnetwork/users/service/UserService.java
+++ b/src/main/java/com/microsocialnetwork/users/service/UserService.java
 package com.microsocialnetwork.users.service;

 import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Date;
 import java.util.List;

 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -31,6 +35,9 @@ public class UserService implements UserDetailsService {
 		if (user.getRole() == UserRoleEnum.ADMIN) {
 			permissions.add(new SimpleGrantedAuthority("ADMIN"));
 		}
+		if (user.getBannedUntil() != null && user.getBannedUntil().compareTo(new Date()) > 0) {
+			permissions.add(new SimpleGrantedAuthority("BANNED"));
+		}
 		return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), permissions);
 	}

@@ -44,4 +51,16 @@ public class UserService implements UserDetailsService {
 		return result;
 	}

+	public ResponseEntity<String> ban(String username, int minutes) {
+		User user = userRepository.findByUsername(username).orElse(null);
+		if (user == null) {
+			return new ResponseEntity<>("User " + username + " is not found.", HttpStatus.FORBIDDEN);
+		}
+		Calendar calendar = Calendar.getInstance();
+		calendar.setTime(new Date());
+		calendar.add(Calendar.MINUTE, minutes);
+		user.setBannedUntil(calendar.getTime());
+		userRepository.save(user);
+		return new ResponseEntity<>("User " + username + " is banned until " + calendar.getTime() + ".", HttpStatus.OK);
+	}
 }