Commit 8999effb authored by Franz Reischl's avatar Franz Reischl
Browse files

Get user details (Admin or logged in)

parent edc706d2
......@@ -27,7 +27,9 @@ public interface StudentDao {
public void removeInscription(int matrNr, int studyId);
public User getUser(String username);
public User getUser(int userId);
public List<User> getAllUsers();
public List<H2StudentDao.UserName> getAllUserNames();
......
......@@ -450,44 +450,94 @@ public class H2StudentDao implements StudentDao {
public User getUser(String username) {
List<User> user=new ArrayList<User>();
try {
// STEP 1: Register JDBC driver
Class.forName(DaoParam.DRIVER);
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
//STEP 3: Execute a query
String sql = "SELECT id, username, password, role FROM user WHERE username =?";
prStmt = con.prepareStatement(sql);
prStmt.setString(1, username);
rs=prStmt.executeQuery();
while (rs.next()) {
user.add(new User(rs.getInt(1),rs.getString(2),rs.getString(3),rs.getString(4)));
}
// STEP 1: Register JDBC driver
Class.forName(DaoParam.DRIVER);
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
//STEP 3: Execute a query
String sql = "SELECT id, username, password, role FROM user WHERE username =?";
prStmt = con.prepareStatement(sql);
prStmt.setString(1, username);
rs=prStmt.executeQuery();
while (rs.next()) {
user.add(new User(rs.getInt(1),rs.getString(2),rs.getString(3),rs.getString(4)));
}
// STEP 4: Clean-up environment
prStmt.close();
con.close();
} catch(SQLException se) {
//Handle errors for JDBC
se.printStackTrace();
throw new RuntimeException();
} catch(Exception e) {
//Handle errors for Class.forName
e.printStackTrace();
} finally {
//finally block used to close resources
try{
if(prStmt!=null) prStmt.close();
} catch(SQLException se2) {
} // nothing we can do
try {
if(con!=null) con.close();
} catch(SQLException se){
se.printStackTrace();
} //end finally try
rs=null;
//end try
}
if (user.size()==1) {return user.get(0);}
else {
if (user.size()<1) {throw new NotFoundException();}
else throw new RuntimeException();
}
}
// STEP 4: Clean-up environment
prStmt.close();
con.close();
} catch(SQLException se) {
//Handle errors for JDBC
se.printStackTrace();
throw new RuntimeException();
} catch(Exception e) {
//Handle errors for Class.forName
e.printStackTrace();
} finally {
//finally block used to close resources
try{
if(prStmt!=null) prStmt.close();
} catch(SQLException se2) {
} // nothing we can do
try {
if(con!=null) con.close();
} catch(SQLException se){
se.printStackTrace();
} //end finally try
rs=null;
//end try
@Override
public User getUser(int userId) {
List<User> user=new ArrayList<User>();
try {
// STEP 1: Register JDBC driver
Class.forName(DaoParam.DRIVER);
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
//STEP 3: Execute a query
String sql = "SELECT id, username, password, role FROM user WHERE id =?";
prStmt = con.prepareStatement(sql);
prStmt.setInt(1, userId);
rs=prStmt.executeQuery();
while (rs.next()) {
user.add(new User(rs.getInt(1),rs.getString(2),rs.getString(3),rs.getString(4)));
}
// STEP 4: Clean-up environment
prStmt.close();
con.close();
} catch(SQLException se) {
//Handle errors for JDBC
se.printStackTrace();
throw new RuntimeException();
} catch(Exception e) {
//Handle errors for Class.forName
e.printStackTrace();
} finally {
//finally block used to close resources
try{
if(prStmt!=null) prStmt.close();
} catch(SQLException se2) {
} // nothing we can do
try {
if(con!=null) con.close();
} catch(SQLException se){
se.printStackTrace();
} //end finally try
rs=null;
//end try
}
if (user.size()==1) {return user.get(0);}
else {
......@@ -566,8 +616,6 @@ public class H2StudentDao implements StudentDao {
// STEP 1: Register JDBC driver
Class.forName(DaoParam.DRIVER);
System.out.println("adsf");
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
......
package university.at.jku.ce.resource;
import university.at.jku.ce.authentication.BasicAuthenticationUtil;
import university.at.jku.ce.dao.StudentDao;
import university.at.jku.ce.dao.h2dao.H2StudentDao;
import university.at.jku.ce.exception.ExceptionParam;
import university.at.jku.ce.model.User;
import javax.annotation.security.PermitAll;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.*;
import javax.ws.rs.core.*;
import java.util.List;
@Path("/users")
public class UserResource {
StudentDao dao =new H2StudentDao();
private static final String AUTHORIZATION_PROPERTY = "Authorization";
@PermitAll
@GET
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
public Response getUsers(@Context HttpHeaders headers) {
System.out.println("Roles requested");
ExceptionParam.setMediaType(headers.getMediaType());
List<H2StudentDao.UserName>list =
dao.getAllUserNames();
GenericEntity<List<H2StudentDao.UserName>> entity=new GenericEntity<List<H2StudentDao.UserName>>(list) {};
return Response.ok(entity).build();
}
StudentDao dao = new H2StudentDao();
/**
* Get a list of registered usernames and their corresponding user IDs
* @param headers Framework headers
* @return List of usernames
*/
@PermitAll
@GET
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
public Response getUsers(@Context HttpHeaders headers) {
ExceptionParam.setMediaType(headers.getMediaType());
List<H2StudentDao.UserName> list = dao.getAllUserNames();
GenericEntity<List<H2StudentDao.UserName>> entity = new GenericEntity<List<H2StudentDao.UserName>>(list) {
};
return Response.ok(entity).build();
}
/**
* Get the detailed user information of a specific user
* @param userId ID of specified user
* @param headers Framework headers
* @return User details
*/
@RolesAllowed({"STUDENT", "ADMIN"})
@GET
@Path("/{userId}")
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
public Response getUserDetails(@PathParam("userId") int userId, @Context HttpHeaders headers) {
ExceptionParam.setMediaType(headers.getMediaType());
List<String> authorization = headers.getRequestHeader(AUTHORIZATION_PROPERTY);
BasicAuthenticationUtil.AuthInfo authInfo = BasicAuthenticationUtil.authorize(authorization);
String username = authInfo.getUser();
// Get the User object to be compared with login credentials
User userByName = dao.getUser(username);
if (userByName.getRole().equals("STUDENT") && !userByName.getId().equals(userId)) throw new ForbiddenException();
if (userId <= 0) throw new BadRequestException();
// Get the requested User object that will be returned (Can be different in case of admin)
User userById = dao.getUser(userId);
GenericEntity<User> entity = new GenericEntity<User>(userById) {
};
return Response.ok(entity).build();
}
}
......@@ -16,7 +16,6 @@ public class VersionResource {
@GET
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
public Response getUsers(@Context HttpHeaders headers) {
System.out.println("Version requested");
ExceptionParam.setMediaType(headers.getMediaType());
HashMap<String, String> versionNumber = new HashMap<>();
versionNumber.put("version", "2.0");
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment