Added named native query

Check for unique logins

server/src/main/java/com/vpr/server/controller/EventController.java

@@ -8,15 +8,15 @@ import com.vpr.server.repository.UserEventRepository;
 import com.vpr.server.repository.UserRepository;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.*;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.server.ResponseStatusException;
 
 import java.sql.Time;
 import java.text.SimpleDateFormat;
+import java.util.List;
+import java.util.Optional;
 
 @Controller
 @RequestMapping(path = "/event")
@@ -34,7 +34,7 @@ public class EventController {
 
     @PostMapping(path = "/add")
     public @ResponseBody
-    String addEvent(
+    ResponseEntity<String> addEvent(
             @RequestParam Integer userId,
             @RequestParam String date,
             @RequestParam String name,
@@ -53,7 +53,7 @@ public class EventController {
             event.setName(name);
         } else {
             System.out.println("NAME IST ZU KURZ");
-            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Format nicht korrekt");
+            return new ResponseEntity<>("Der Name ist zu kurz", HttpStatus.BAD_REQUEST);
         }
 
         try {
@@ -84,7 +84,7 @@ public class EventController {
             userEvent.setDate(new java.sql.Date(simpleDateFormat.parse(date).getTime()));
         } catch (Exception e) {
             System.out.println("DATE FORMAT NOT CORRECT");
-            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Format nicht korrekt");
+            return new ResponseEntity<>("Datumformat nicht korrekt", HttpStatus.BAD_REQUEST);
         }
 
         userEvent.setEvent(event);
@@ -97,21 +97,57 @@ public class EventController {
 
         eventRepository.save(event);
         userEventRepository.save(userEvent);
-        return "";
+        return new ResponseEntity<>("", HttpStatus.OK);
     }
 
     @PostMapping(path = "/del")
     public @ResponseBody
-    String addEvent(@RequestParam Integer eventId) {
+    ResponseEntity<String> delEvent(
-        eventRepository.deleteUserEventsById(Long.valueOf(eventId));
+            @RequestHeader("Authorization") String authorizationHeader,
-        eventRepository.deleteById(Long.valueOf(eventId));
+            @RequestParam long eventId,
-        return "Deleted";
+            @RequestParam long userId,
+            @RequestParam String date
+    ) {
+        System.out.println("authorizationHeader " + authorizationHeader);
+        User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]);
+        if(authUser == null || (!authUser.isAdmin() && authUser.getId() != userId)){
+            return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED);
+        }
+
+        EventRepository.UserEventInterface userEvent = eventRepository.findUserEventByEventIdUserIdAndDate(eventId, authUser.getId(), date);
+
+        //Optional<Event> event = eventRepository.findById(eventId);
+
+        if (userEvent == null){
+            return new ResponseEntity<>( "Der Termin exestiert nicht", HttpStatus.BAD_REQUEST);
+        }
+        return new ResponseEntity<>( "Der Termin exestiert", HttpStatus.OK);
+
+/*
+        eventRepository.deleteUserEventsById(eventId);
+        eventRepository.deleteById(eventId);
+        return new ResponseEntity<>("", HttpStatus.OK);
+ */
     }
 
     @PostMapping(path = "/all")
     public @ResponseBody
-    Object[] getAllEvents(@RequestParam long userId) {
+    List<Event> getAllEvents(
-        return eventRepository.findAllVisibleByUserId(userId);
+            @RequestParam long userId,
+            @RequestParam String startDate,
+            @RequestParam String endDate
+    ) {
+        return eventRepository.findEventsInDateRange(userId, startDate, endDate);
     }
 
+    @PostMapping(path = "/edit")
+    public @ResponseBody
+    String editEvent(
+            @RequestParam Long eventId,
+            @RequestParam Long userId,
+            @RequestParam String date
+    ) {
+        EventRepository.UserEventInterface userEvent = eventRepository.findUserEventByEventIdUserIdAndDate(eventId, userId, date);
+        return "Length: " + userEvent.getDate();
+    }
 }

server/src/main/java/com/vpr/server/controller/MainController.java

@@ -33,4 +33,10 @@ public class MainController {
     public String statusTest(){
         throw new ResponseStatusException(HttpStatus.I_AM_A_TEAPOT, "TestTestTest");
     }
+
+    @PostMapping(path = "/header-test")
+    public ResponseEntity<String> headerTest(@RequestHeader("Authorization") String authorizationHeader){
+        System.out.println("authorizationHeader: " + authorizationHeader);
+        return new ResponseEntity<>(authorizationHeader, HttpStatus.OK);
+    }
 }

server/src/main/java/com/vpr/server/controller/UserController.java

@@ -6,6 +6,7 @@ import com.vpr.server.security.Hasher;
 import com.vpr.server.security.Token;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.server.ResponseStatusException;
@@ -26,47 +27,57 @@ public class UserController {
 
     @PostMapping(path = "/add")
     public @ResponseBody
-    String addNewUser(
+    ResponseEntity<String> addNewUser(
+            @RequestHeader("Authorization") String authorizationHeader,
             @RequestParam String name,
             @RequestParam String forename,
             @RequestParam String login,
             @RequestParam String password,
-            @RequestParam String isAdmin
+            @RequestParam Boolean isAdmin
     ) {
+        User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]);
+        if(authUser == null || authUser.isAdmin()){
+            return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED);
+        }
+
+        if(userRepository.findByLogin(login) != null){
+            return new ResponseEntity<>( "Login exestiert bereits", HttpStatus.BAD_REQUEST);
+        }
+
         byte[] salt = Hasher.GenerateSalt();
         byte[] hash;
         try {
             hash = Hasher.HashPassword(password, salt);
         } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
             e.printStackTrace();
-            throw new ResponseStatusException(HttpStatus.INTERNAL_SERVER_ERROR, "Fehler beim hashen");
+            return new ResponseEntity<>( "Fehler beim hashen", HttpStatus.INTERNAL_SERVER_ERROR);
         }
 
         User user = new User();
 
-        // TODO set correct token and password
         user.setName(name);
         user.setForename(forename);
         user.setLogin(login);
         user.setPassword(hash);
         user.setSalt(salt);
-        user.setToken("test");
+        user.setToken("");
-        user.setAdmin(isAdmin.equals("1"));
+        user.setAdmin(isAdmin);
 
         userRepository.save(user);
-        return "" + user.getId();
+        return new ResponseEntity<>( "" + user.getId(), HttpStatus.OK);
     }
 
     @PostMapping(path = "/login")
     public @ResponseBody
-    String login(
+    ResponseEntity<String> login(
             @RequestParam String login,
             @RequestParam String password
     ) {
-        System.out.println("LOGIN");
+        System.out.println(login + " tries to login.");
         User user = userRepository.findByLogin(login);
         if (user == null) {
-            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Falscher login");
+            System.out.println("Login for " + login + " failed.");
+            return new ResponseEntity<>( "Falscher login", HttpStatus.UNAUTHORIZED);
         }
 
         byte[] salt = user.getSalt();
@@ -75,26 +86,37 @@ public class UserController {
             hash = Hasher.HashPassword(password, salt);
         } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
             e.printStackTrace();
-            throw new ResponseStatusException(HttpStatus.INTERNAL_SERVER_ERROR, "Fehler beim hashen");
+            return new ResponseEntity<>( "Fehler beim hashen", HttpStatus.INTERNAL_SERVER_ERROR);
         }
 
         if (Arrays.equals(user.getPassword(), hash)) {
+            String token = Token.Generate(user.getLogin());
+            user.setToken(token);
+            userRepository.save(user);
+
             System.out.println(user.getLogin() + " is now logged in.");
-            System.out.println(Token.Generate(user.getLogin()));
             System.out.println(Token.Verify(Token.Generate(user.getLogin()), user.getLogin()));
-            return "" + user.getId();
+
+            return new ResponseEntity<>( token + " " + user.getId(), HttpStatus.OK);
         }
         System.out.println(user.getLogin() + " failed to logged in.");
         System.out.println("entered : " + javax.xml.bind.DatatypeConverter.printHexBinary(hash));
         System.out.println("required: " + javax.xml.bind.DatatypeConverter.printHexBinary(user.getPassword()));
 
-        throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Falscher login");
+        return new ResponseEntity<>( "Falscher login", HttpStatus.UNAUTHORIZED);
     }
 
     @PostMapping(path = "/del")
-    public @ResponseBody String deleteUser(@RequestParam Integer userId) {
+    public @ResponseBody ResponseEntity<String> deleteUser(
+            @RequestHeader("Authorization") String authorizationHeader,
+            @RequestParam Integer userId
+    ) {
+        User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]);
+        if(authUser == null || authUser.isAdmin()){
+            return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED);
+        }
         userRepository.deleteById(Long.valueOf(userId));
-        return "Deleted";
+        return new ResponseEntity<>( "", HttpStatus.OK);
     }
 
     /*****************

server/src/main/java/com/vpr/server/data/Event.java

@@ -4,30 +4,53 @@ import javax.persistence.*;
 import java.sql.Time;
 import java.util.List;
 
-// @Entity creates a table out of this class with Hibernate
+@NamedNativeQuery(name = "Event.findEventsInDateRange",
-@Entity(name = "Event")
+    query = "SELECT e.id as id, e.name as name, e.priority as priority, e.is_full_day as isFullDay, " +
+            "is_private as isPrivate, e.start as start, e.end as end " +
+            "FROM event e " +
+            "INNER JOIN user_event ue " +
+            "ON e.id = ue.event_id " +
+            "WHERE (ue.user_id = :userId OR e.is_private = 0) " +
+            "AND ue.date > :startDate " +
+            "AND ue.date < :endDate",
+    resultSetMapping = "Mapping.Event"
+)
+@SqlResultSetMapping(name = "Mapping.Event",
+    classes = @ConstructorResult(targetClass = Event.class,
+        columns = {
+            @ColumnResult(name = "id"),
+            @ColumnResult(name = "name"),
+            @ColumnResult(name = "priority"),
+            @ColumnResult(name = "isFullDay"),
+            @ColumnResult(name = "isPrivate"),
+            @ColumnResult(name = "start"),
+            @ColumnResult(name = "end")
+        }
+    )
+)
+@Entity(name = "Event") // @Entity creates a table out of this class with Hibernate
 public class Event {
     // Generate the primary key
     @Id
-    @GeneratedValue(strategy=GenerationType.IDENTITY)
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
     private long id;
 
-    @Column(name="name", nullable=false)
+    @Column(name = "name", nullable = false)
     private String name;
 
-    @Column(name="priority", nullable=false)
+    @Column(name = "priority", nullable = false)
     private Integer priority;
 
-    @Column(name="is_full_day", nullable=false)
+    @Column(name = "is_full_day", nullable = false)
     private boolean isFullDay;
 
-    @Column(name="is_private", nullable=false)
+    @Column(name = "is_private", nullable = false)
     private boolean isPrivate;
 
-    @Column(name="start")
+    @Column(name = "start")
     private Time start;
 
-    @Column(name="end")
+    @Column(name = "end")
     private Time end;
 
     @OneToMany(mappedBy = "event")

server/src/main/java/com/vpr/server/entries/EventEntry.java

@@ -0,0 +1,9 @@
+package com.vpr.server.entries;
+
+import com.vpr.server.data.Event;
+
+import javax.persistence.*;
+
+public class EventEntry {
+
+}

server/src/main/java/com/vpr/server/repository/EventRepository.java

@@ -1,17 +1,25 @@
 package com.vpr.server.repository;
 
 import com.vpr.server.data.Event;
+import com.vpr.server.data.UserEvent;
 import org.springframework.data.jpa.repository.Modifying;
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.CrudRepository;
 
+import javax.persistence.ColumnResult;
+import javax.persistence.ConstructorResult;
+import javax.persistence.NamedNativeQuery;
+import javax.persistence.SqlResultSetMapping;
 import javax.transaction.Transactional;
+import java.util.List;
+import java.util.Optional;
 
 // This will be AUTO IMPLEMENTED by Spring into a Bean called eventRepository
 // CRUD refers Create, Read, Update, Delete
 
 public interface EventRepository extends CrudRepository<Event, Integer> {
-    @Query(value = "SELECT e.id AS eid, e.name AS ename, e.start, e.end, e.priority , e.is_full_day, " +
+    @Query(
+            value = "SELECT e.id AS eid, e.name AS ename, e.start, e.end, e.priority , e.is_full_day, " +
             "ue.date, " +
             "u.id AS uid, u.forename, u.name AS uname " +
             "FROM event e " +
@@ -21,27 +29,59 @@ public interface EventRepository extends CrudRepository<Event, Integer> {
             "ON ue.user_id = u.id " +
             "WHERE u.id = ?1 " +
             "OR e.is_private = 0",
-            nativeQuery = true)
+            nativeQuery = true
+    )
     Object[] findAllVisibleByUserId(long id);
 
-    @Query(value = "SELECT * " +
+    @Query(
+            value = "SELECT * " +
             "FROM event e " +
             "INNER JOIN user_event ue " +
             "ON e.id = ue.event_id " +
             "WHERE ue.user_id = ?1",
-            nativeQuery = true)
+            nativeQuery = true
+    )
     Object[] findAllByUserId(long id);
 
+
+    @Query(
+            value = "SELECT ue.user_id as userId, ue.event_id as eventId, ue.date as date " +
+                    "FROM event e " +
+                    "INNER JOIN user_event ue " +
+                    "ON e.id = ue.event_id " +
+                    "WHERE ue.event_id = ?1 " +
+                    "AND ue.user_id = ?2 " +
+                    "AND ue.date = ?3",
+            nativeQuery = true
+    )
+    UserEventInterface findUserEventByEventIdUserIdAndDate(long eventId, long userId, String date);
+
+    public interface UserEventInterface{
+        long getEventId();
+        long getUserId();
+        long getDate();
+    }
+
     @Modifying
     @Transactional
-    @Query(value = "DELETE ue FROM user_event ue WHERE ue.event_id = ?1",
+    @Query(
-    nativeQuery = true)
+            value = "DELETE ue FROM user_event ue WHERE ue.event_id = ?1",
+            nativeQuery = true
+    )
     void deleteUserEventsById(long id);
 
 
     @Modifying
     @Transactional
-    @Query(value = "DELETE e FROM event e WHERE e.id = ?1",
+    @Query(
-            nativeQuery = true)
+            value = "DELETE e FROM event e WHERE e.id = ?1",
+            nativeQuery = true
+    )
     void deleteById(long id);
+
+
+    @Query(nativeQuery = true)
+    List<Event> findEventsInDateRange(Long userId, String startDate, String endDate);
+
+
 }

server/src/main/java/com/vpr/server/repository/UserRepository.java

@@ -20,4 +20,6 @@ public interface UserRepository extends CrudRepository<User, Integer> {
     User findByLoginAndPassword(String login, byte[] password);
 
     void deleteById(long id);
+
+    User findByToken(String token);
 }