Backend: Added "change_status" endpoint which checks the role before doing any action. DB: Added 3 dummy users with the 3 different roles.

2025-06-08 13:40:50 +02:00 · 2024-12-23 00:01:47 +01:00 · 2024-12-23 00:01:47 +01:00 · 42c3bb15f6
commit 42c3bb15f6
parent f051f41701
4 changed files with 103 additions and 18 deletions
--- a/README.md
+++ b/README.md
@ -20,9 +20,9 @@ Course Exercice : Application to help others

 - [X] `Rest` Create user
 - [X] `Rest` Login with user and password
- [ ] `Rest` Make sure admin can do everything and users don't
- [ ] `Rest` Create a Help Request
- [ ] `Rest` Modify the Help Request status
+- [X] `Rest` Make sure admin can do everything and users don't
+- [X] `Rest` Create a Help Request
+- [X] `Rest` Modify the Help Request status
 - [ ] `Rest` Create a User Feedback
 - [ ] `Rest` Gather User Feedbacks

--- a/backend/database-manager/src/main/java/insa/application/helpapp/rest/StatusEnum.java
+++ b/backend/database-manager/src/main/java/insa/application/helpapp/rest/StatusEnum.java
@ -0,0 +1,21 @@
+package insa.application.helpapp.rest;
+
+public enum StatusEnum {
+    WAITING(1),
+    VALIDATED(2),
+    REJECTED(3),
+    SELECTED(4),
+    FINISHED(5);
+
+    private final int value;
+
+    // Constructor
+    StatusEnum(int value) {
+        this.value = value;
+    }
+
+    // Getter
+    public int getValue() {
+        return value;
+    }
+}
--- a/backend/request-service/src/main/java/insa/application/helpapp/rest/RequestServiceApplication.java
+++ b/backend/request-service/src/main/java/insa/application/helpapp/rest/RequestServiceApplication.java
@ -20,6 +20,7 @@ public class RequestServiceApplication {
    private AdministrationService administrationService;
    @Autowired
    private RequestRepository requestRepository;
+
    public static void main(String[] args) {
        SpringApplication.run(RequestServiceApplication.class, args);
    }
@ -31,32 +32,89 @@ public class RequestServiceApplication {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                registry.addMapping("/**").allowedOrigins("*")
-                        .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+                        .allowedMethods("POST", "PUT", "DELETE")
                        .allowedHeaders("*");
            }
        };
    }

-    @PostMapping("/post_request")
-    public ResponseEntity<?> postMessage(@RequestParam int idUser,@RequestParam String token, @RequestParam String message) {
-        if(!administrationService.checkToken(idUser, token)) {
+    // Post should be : /create_request?idUser=1&message=string&token=?
+    // Response if success: the request
+    @PostMapping("/create_request")
+    public ResponseEntity<?> CreateRequest(@RequestParam int idUser, @RequestParam String token,
+            @RequestParam String message) {
+        if (!administrationService.checkToken(idUser, token)) {
            return ResponseEntity.status(HttpStatus.FORBIDDEN).body("User or token invalid.");
-        };
-        Optional<Integer> idRoleOption = administrationService.getRole(idUser);
-        if(!idRoleOption.isPresent()) {
-            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("User invalid.");
-        };
-        int idRole = idRoleOption.get();
-        if(idRole == RoleEnum.VOLUNTEER.getValue()) {
+        }
+
+        int idRole = administrationService.getRole(idUser).get();
+        if (idRole == RoleEnum.VOLUNTEER.getValue()) {
            return ResponseEntity.status(HttpStatus.FORBIDDEN).body("Volunteers cannot post a request.");
        }

        Request request = new Request();
-        // id_status = 1 means waiting. it is always set to 1 when created.
-        request.setIdStatus(1);
+        request.setIdStatus(StatusEnum.WAITING.getValue());
        request.setIdUser(idUser);
        request.setCreatedAt(LocalDateTime.now());
        request.setMessage(message);
        return ResponseEntity.ok(requestRepository.save(request));
    }
+
+    // Put should be : /change_status?idUser=1&idMessage=1&status=1&token=?
+    // Response if success: the request with the changed status
+    @PutMapping("/change_status")
+    public ResponseEntity<?> changeStatus(@RequestParam int idUser, @RequestParam String token,
+            @RequestParam int idMessage, @RequestParam int status) {
+        if (!administrationService.checkToken(idUser, token)) {
+            return ResponseEntity.status(HttpStatus.FORBIDDEN).body("User or token invalid.");
+        }
+        Optional<Request> requestOption = requestRepository.findById(idMessage);
+        if (!requestOption.isPresent()) {
+            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("No message found with the following ID.");
+        }
+        Request request = requestOption.get();
+
+        int idRole = administrationService.getRole(idUser).get();
+        if (status > StatusEnum.values().length) {
+            return ResponseEntity.status(HttpStatus.BAD_REQUEST)
+                    .body("The status of a request cannot exceed " + StatusEnum.values().length + ".");
+        }
+        // The admin can do anything
+        else if (idRole == RoleEnum.ADMIN.getValue()) {
+            request.setIdStatus(status);
+            requestRepository.save(request);
+            return ResponseEntity.ok(request);
+        }
+        // If the message is VALIDATED/SELECTED, the Volunteer can change its value
+        else if (idRole == RoleEnum.VOLUNTEER.getValue()) {
+            System.out.printf("Status: %d\tActual: %d%n", status, request.getIdStatus());
+            if ((status == StatusEnum.VALIDATED.getValue() || status == StatusEnum.SELECTED.getValue())
+                    && (request.getIdStatus() == StatusEnum.VALIDATED.getValue()
+                            || request.getIdStatus() == StatusEnum.SELECTED.getValue())) {
+                request.setIdStatus(status);
+                requestRepository.save(request);
+                return ResponseEntity.ok(request);
+            } else {
+                return ResponseEntity.status(HttpStatus.FORBIDDEN)
+                        .body("Volunteers can only change the status of a request to SELECTED/VALIDATED.");
+            }
+        }
+        // The USER can only put the status to FINISHED after it is SELECTED
+        else if (idRole == RoleEnum.USER.getValue()) {
+            if ((status == StatusEnum.FINISHED.getValue())
+                    && (request.getIdStatus() == StatusEnum.SELECTED.getValue())) {
+                request.setIdStatus(status);
+                requestRepository.save(request);
+                return ResponseEntity.ok(request);
+            } else {
+                return ResponseEntity.status(HttpStatus.FORBIDDEN)
+                        .body("Users can only change the status of a request from SELECTED to FINISHED.");
+            }
+        }
+
+        return ResponseEntity.status(HttpStatus.FORBIDDEN)
+                .body("Only Admins can perform this action.");
+    }
+
+
 }
--- a/db/init.sql
+++ b/db/init.sql
@ -9,5 +9,11 @@ VALUES
    (1, 'Waiting'),
    (2, 'Validated'),
    (3, 'Rejected'),
-    (4, 'Chosen'),
+    (4, 'Selected'),
    (5, 'Finished');
+
+INSERT INTO `service-architecture`.users (id, id_role, username, password)
+VALUES
+    (1, 1, 'toto', 'toto'),
+    (2, 2, 'helper', '1234'),
+    (3, 3, 'admin', 'admin');