use of com.ncedu.fooddelivery.api.v1.errors.security.CustomAccessDeniedException in project 2021-msk-food-delivery by netcracker-edu.
the class ProductPositionController method acceptSupply.
@PostMapping(path = "/api/v1/productPosition")
@PreAuthorize("hasAnyAuthority('ADMIN', 'MODERATOR')")
public isCreatedDTO acceptSupply(@AuthenticationPrincipal User user, @Valid @RequestBody AcceptSupplyDTO acceptSupplyDTO) {
if (Role.isMODERATOR(user.getRole().toString())) {
if (!user.getModerator().getWarehouseId().equals(acceptSupplyDTO.getWarehouseId())) {
throw new CustomAccessDeniedException();
}
}
Long id = productPositionService.acceptSupply(acceptSupplyDTO);
isCreatedDTO isCreated = new isCreatedDTO();
isCreated.setId(id);
return isCreated;
}
use of com.ncedu.fooddelivery.api.v1.errors.security.CustomAccessDeniedException in project 2021-msk-food-delivery by netcracker-edu.
the class ProductPositionController method findFiltered.
@GetMapping("/api/v1/productPositions")
@PreAuthorize("hasAnyAuthority('ADMIN', 'MODERATOR')")
public ResponseEntity<List<ProductPositionInfoDTO>> findFiltered(@AuthenticationPrincipal User user, @Valid ProductPositionFilterDTO filterDTO, Pageable pageable) {
List<ProductPositionInfoDTO> filteredPositions;
if (user.getRole() == Role.MODERATOR) {
Long moderatorWarehouseId = user.getModerator().getWarehouseId();
if (filterDTO.getWarehouseId() != null) {
if (!filterDTO.getWarehouseId().equals(moderatorWarehouseId))
throw new CustomAccessDeniedException();
}
filterDTO.setWarehouseId(moderatorWarehouseId);
Specification<ProductPositionNotHierarchical> spec = ProductPositionSpecifications.getFilterSpecification(filterDTO);
filteredPositions = productPositionService.findFiltered(spec, pageable);
} else {
Specification<ProductPositionNotHierarchical> spec = ProductPositionSpecifications.getFilterSpecification(filterDTO);
filteredPositions = productPositionService.findFiltered(spec, pageable);
}
return ResponseEntity.status(HttpStatus.OK).body(filteredPositions);
}
use of com.ncedu.fooddelivery.api.v1.errors.security.CustomAccessDeniedException in project 2021-msk-food-delivery by netcracker-edu.
the class OrderServiceImpl1 method changeOrderStatus.
@Override
public void changeOrderStatus(Order order, User user, ChangeOrderStatusDTO dto) {
if (user.getRole() == Role.MODERATOR) {
if (!order.getWarehouse().getId().equals(user.getModerator().getWarehouseId()))
throw new CustomAccessDeniedException();
} else if (user.getRole() == Role.COURIER) {
if (!order.getCourier().getId().equals(user.getCourier().getId()))
throw new CustomAccessDeniedException();
} else if (user.getRole() == Role.CLIENT) {
if (!order.getClient().getId().equals(user.getClient().getId()))
throw new CustomAccessDeniedException();
}
OrderStatus oldStatus = order.getStatus();
OrderStatus newStatus = dto.getNewStatus();
if (oldStatus == OrderStatus.CANCELLED || oldStatus == OrderStatus.DELIVERED || (oldStatus.ordinal() > newStatus.ordinal()))
throw new OrderStatusChangeException(order.getId());
order.setStatus(newStatus);
orderRepo.save(order);
}
use of com.ncedu.fooddelivery.api.v1.errors.security.CustomAccessDeniedException in project 2021-msk-food-delivery by netcracker-edu.
the class OrderServiceImpl1 method changeDeliveryRating.
@Override
public void changeDeliveryRating(Order order, ChangeRatingDTO dto, User user) {
if (order.getCourier() == null)
throw new CourierNotSetException();
if (!user.getId().equals(order.getClient().getId()))
throw new CustomAccessDeniedException();
order.setDeliveryRating(dto.getRating());
orderRepo.save(order);
}
use of com.ncedu.fooddelivery.api.v1.errors.security.CustomAccessDeniedException in project 2021-msk-food-delivery by netcracker-edu.
the class OrderServiceImpl1 method findFiltered.
@Override
public List<OrderInfoDTO> findFiltered(User user, OrderFilterDTO dto, Pageable pageable) {
Specification<Order> spec;
if (user.getRole() == Role.MODERATOR) {
Long moderatorWarehouseId = user.getModerator().getWarehouseId();
if (dto.getWarehouseId() != null) {
if (!dto.getWarehouseId().equals(moderatorWarehouseId))
throw new CustomAccessDeniedException();
}
}
spec = OrderSpecifications.getFilterSpecification(dto);
return orderRepo.findAll(spec, pageable).stream().map(order -> convertToOrderInfoDTO(order)).collect(Collectors.toList());
}
Aggregations