MAM/VPR-Backend
3
2
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added auth to the /event/del endpoint

Browse Source
This commit is contained in:
Marc Beyer
2022-01-17 05:57:44 +01:00
parent e05faab31e
commit 3796afb712
2 changed files with 31 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/src/main/java/com/vpr/server/controller/EventController.java
View File

@@ -15,6 +15,7 @@ import org.springframework.web.server.ResponseStatusException;
import java.sql.Time; import java.sql.Time;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.Optional;
@Controller @Controller
@RequestMapping(path = "/event") @RequestMapping(path = "/event")
@@ -109,6 +110,13 @@ public class EventController {
return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED); return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED);
} }
Optional<Event> event = eventRepository.findById(eventId);
if (event.isEmpty()){
return new ResponseEntity<>( "Der Termin exestiert nicht", HttpStatus.BAD_REQUEST);
}
eventRepository.deleteUserEventsById(Long.valueOf(eventId)); eventRepository.deleteUserEventsById(Long.valueOf(eventId));
eventRepository.deleteById(Long.valueOf(eventId)); eventRepository.deleteById(Long.valueOf(eventId));
return new ResponseEntity<>("", HttpStatus.OK); return new ResponseEntity<>("", HttpStatus.OK);

31
server/src/main/java/com/vpr/server/repository/EventRepository.java
View File

@@ -11,7 +11,8 @@ import javax.transaction.Transactional;
// CRUD refers Create, Read, Update, Delete // CRUD refers Create, Read, Update, Delete
public interface EventRepository extends CrudRepository<Event, Integer> { public interface EventRepository extends CrudRepository<Event, Integer> {
@Query(value = "SELECT e.id AS eid, e.name AS ename, e.start, e.end, e.priority , e.is_full_day, " + @Query(
value = "SELECT e.id AS eid, e.name AS ename, e.start, e.end, e.priority , e.is_full_day, " +
"ue.date, " + "ue.date, " +
"u.id AS uid, u.forename, u.name AS uname " + "u.id AS uid, u.forename, u.name AS uname " +
"FROM event e " + "FROM event e " +
@@ -21,27 +22,41 @@ public interface EventRepository extends CrudRepository<Event, Integer> {
"ON ue.user_id = u.id " + "ON ue.user_id = u.id " +
"WHERE u.id = ?1 " + "WHERE u.id = ?1 " +
"OR e.is_private = 0", "OR e.is_private = 0",
nativeQuery = true) nativeQuery = true
)
Object[] findAllVisibleByUserId(long id); Object[] findAllVisibleByUserId(long id);
@Query(value = "SELECT * " + @Query(
value = "SELECT * " +
"FROM event e " + "FROM event e " +
"INNER JOIN user_event ue " + "INNER JOIN user_event ue " +
"ON e.id = ue.event_id " + "ON e.id = ue.event_id " +
"WHERE ue.user_id = ?1", "WHERE ue.user_id = ?1",
nativeQuery = true) nativeQuery = true
)
Object[] findAllByUserId(long id); Object[] findAllByUserId(long id);
@Query(
value = "DELETE ue FROM user_event ue WHERE ue.event_id = ?1",
nativeQuery = true
)
Object[] findUserIdByEventId(long id);
@Modifying @Modifying
@Transactional @Transactional
@Query(value = "DELETE ue FROM user_event ue WHERE ue.event_id = ?1", @Query(
nativeQuery = true) value = "DELETE ue FROM user_event ue WHERE ue.event_id = ?1",
nativeQuery = true
)
void deleteUserEventsById(long id); void deleteUserEventsById(long id);
@Modifying @Modifying
@Transactional @Transactional
@Query(value = "DELETE e FROM event e WHERE e.id = ?1", @Query(
nativeQuery = true) value = "DELETE e FROM event e WHERE e.id = ?1",
nativeQuery = true
)
void deleteById(long id); void deleteById(long id);
} }