Added some privileges

Plugrol · Plugrol · commit f77a618dc1cf · 2025-03-09T23:48:21.000+01:00
diff --git a/EEDU-Backend/src/main/java/de/gaz/eedu/course/CourseController.java b/EEDU-Backend/src/main/java/de/gaz/eedu/course/CourseController.java
@@ -17,8 +17,6 @@
 
 import java.util.Set;
 
-//TODO manage access. Yes, I'll do it later
-
 @Slf4j
 @RestController
 @RequestMapping("/api/v1/course")
@@ -36,60 +34,65 @@ public class CourseController extends EntityController<Long, CourseService, Cour
     }
 
     @PostMapping("/{course}/attach")
+    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_ATTACH_USER.toString())")
     public @NotNull ResponseEntity<Void> attachUser(@PathVariable long course, @NotNull @RequestBody Long... users)
     {
         log.info("Received incoming request for attaching user(s) {} to course {}.", users, course);
         return empty(getService().attachUser(course, users) ? HttpStatus.OK : HttpStatus.BAD_REQUEST);
     }
 
     @GetMapping("{course}/detach")
+    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_DETACH_USER.toString())")
     public @NotNull ResponseEntity<Void> detachUser(@PathVariable long course, @NotNull @RequestBody Long... users)
     {
         log.info("Received incoming request for detaching user(s) {} from course {}.", users, course);
         return empty(getService().detachUser(course, users) ? HttpStatus.OK : HttpStatus.BAD_REQUEST);
     }
 
     @PostMapping("/create")
-    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_CREATE.toString())")
-    @Override public @NotNull ResponseEntity<CourseModel[]> create(@NotNull @RequestBody CourseCreateModel[] model)
+    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_CREATE.toString())") @Override
+    public @NotNull ResponseEntity<CourseModel[]> create(@NotNull @RequestBody CourseCreateModel[] model)
     {
         return super.create(model);
     }
 
     @DeleteMapping("/delete/{id}")
-    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_DELETE.toString())")
-    @Override public @NotNull ResponseEntity<Void> delete(@NotNull @PathVariable Long[] id)
+    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_DELETE.toString())") @Override
+    public @NotNull ResponseEntity<Void> delete(@NotNull @PathVariable Long[] id)
     {
         return super.delete(id);
     }
 
+    @GetMapping("/users/{course}")
+    public @NotNull ResponseEntity<ReducedUserModel[]> getUsers(@PathVariable long course)
+    {
+        return ResponseEntity.ok(getService().loadReducedModelsByCourse(course).toArray(new ReducedUserModel[0]));
+    }
+
     @GetMapping("/get/{id}")
-    @Override public @NotNull ResponseEntity<CourseModel> getData(@NotNull @PathVariable Long id)
+    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_GET.toString())") @Override
+    public @NotNull ResponseEntity<CourseModel> getData(@NotNull @PathVariable Long id)
     {
         return super.getData(id);
     }
 
-    @GetMapping("/get/courses/{user}")
-    public @NotNull ResponseEntity<CourseModel[]> getCourses(@PathVariable long user)
+    @GetMapping("/get/all")
+    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_GET.toString())") @Override
+    public @NotNull ResponseEntity<Set<CourseModel>> fetchAll()
     {
-        return ResponseEntity.ok(getService().getCourses(user));
+        return super.fetchAll();
     }
 
-    @GetMapping("/get")
+    @GetMapping("/get") @PreAuthorize("@verificationService.fullyAuthenticated()")
     public @NotNull ResponseEntity<CourseModel[]> getOwnCourses(@AuthenticationPrincipal long user)
     {
         return getCourses(user);
     }
 
-    @GetMapping("/get/all")
-    @Override public @NotNull ResponseEntity<Set<CourseModel>> fetchAll()
-    {
-        return super.fetchAll();
-    }
-
-    @GetMapping("/users/{course}")
-    public @NotNull ResponseEntity<ReducedUserModel[]> getUsers(@PathVariable long course)
+    @GetMapping("/get/courses/{user}")
+    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_GET.toString())")
+    public @NotNull ResponseEntity<CourseModel[]> getCourses(@PathVariable long user)
     {
-        return ResponseEntity.ok(getService().loadReducedModelsByCourse(course).toArray(new ReducedUserModel[0]));
+        return ResponseEntity.ok(getService().getCourses(user));
     }
 }
diff --git a/EEDU-Backend/src/main/java/de/gaz/eedu/course/classroom/ClassRoomController.java b/EEDU-Backend/src/main/java/de/gaz/eedu/course/classroom/ClassRoomController.java
@@ -1,6 +1,5 @@
 package de.gaz.eedu.course.classroom;
 
-import de.gaz.eedu.course.CourseService;
 import de.gaz.eedu.course.classroom.model.ClassRoomCreateModel;
 import de.gaz.eedu.course.classroom.model.ClassRoomModel;
 import de.gaz.eedu.course.model.CourseModel;
@@ -28,14 +27,17 @@ public class ClassRoomController extends EntityController<String, ClassRoomServi
     private final ClassRoomService service;
 
     @PostMapping("{course}/link/{classroom}")
+    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).CLASS_LINK_COURSE.toString())")
     public @NotNull ResponseEntity<Void> linkClass(@PathVariable long course, @PathVariable String classroom)
     {
         log.info("Received incoming request for linking the class {} to course {}.", classroom, course);
 
         return empty(getService().linkClass(course, classroom) ? HttpStatus.OK : HttpStatus.NOT_MODIFIED);
     }
 
-    @PostMapping("{course}/unlink") public @NotNull ResponseEntity<Void> unlinkClass(@PathVariable long course)
+    @PostMapping("{course}/unlink")
+    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).CLASS_UNLINK_CLASS.toString())")
+    public @NotNull ResponseEntity<Void> unlinkClass(@PathVariable long course)
     {
         log.info("Received incoming request for unlinking the current class from course {}.", course);
         return empty(getService().unlinkClass(course) ? HttpStatus.OK : HttpStatus.NOT_MODIFIED);
@@ -60,18 +62,24 @@ public class ClassRoomController extends EntityController<String, ClassRoomServi
     {
         return super.delete(id);
     }
-
     @GetMapping("/get/{id}")
-    @PreAuthorize("@verificationService.isFullyAuthenticated()")
+    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).CLASS_GET.toString())")
     @Override public @NotNull ResponseEntity<ClassRoomModel> getData(@NotNull @PathVariable String id)
     {
         return super.getData(id);
     }
 
     @GetMapping("/get/all")
-    @PreAuthorize("@verificationService.isFullyAuthenticated()")
+    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_GET.toString())")
     @Override public @NotNull ResponseEntity<Set<ClassRoomModel>> fetchAll()
     {
         return super.fetchAll();
     }
+
+    @GetMapping("/get")
+    @PreAuthorize("@verificationService.fullyAuthenticated()")
+    public @NotNull ResponseEntity<ClassRoomModel[]> getOwn(@AuthenticationPrincipal long user)
+    {
+        return ResponseEntity.ok(getService().loadClassesByUser(user).toArray(new ClassRoomModel[0]));
+    }
 }
diff --git a/EEDU-Backend/src/main/java/de/gaz/eedu/course/classroom/ClassRoomRepository.java b/EEDU-Backend/src/main/java/de/gaz/eedu/course/classroom/ClassRoomRepository.java
@@ -1,6 +1,6 @@
 package de.gaz.eedu.course.classroom;
 
-import de.gaz.eedu.course.model.CourseModel;
+import de.gaz.eedu.course.CourseEntity;
 import de.gaz.eedu.user.model.ReducedUserModel;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Unmodifiable;
@@ -22,8 +22,11 @@ public interface ClassRoomRepository extends JpaRepository<ClassRoomEntity, Stri
     @Query("SELECT COUNT(u) > 0 FROM CourseEntity c JOIN c.users u WHERE c.id = :courseId AND u.id = :userId")
     boolean existsUserInCourse(long userId, long courseId);
 
-    @Query("SELECT co FROM ClassRoomEntity c JOIN c.courses co WHERE c.id = :id")
-    @NotNull @Unmodifiable Set<CourseModel> findAllCoursesById(long id);
+    @Query("SELECT c FROM ClassRoomEntity c JOIN c.users u WHERE u.id = :id")
+    @NotNull @Unmodifiable Set<ClassRoomEntity> findAllByUserId(long id);
+
+    @Query("SELECT co FROM ClassRoomEntity c JOIN c.courses co WHERE co.id = :id")
+    @NotNull @Unmodifiable Set<CourseEntity> findAllCoursesById(long id);
 
     @Query(
             "SELECT new de.gaz.eedu.user.model.ReducedUserModel(u.id, u.firstName, u.lastName, u.accountType) " +
diff --git a/EEDU-Backend/src/main/java/de/gaz/eedu/course/classroom/ClassRoomService.java b/EEDU-Backend/src/main/java/de/gaz/eedu/course/classroom/ClassRoomService.java
@@ -22,15 +22,13 @@
 import org.jetbrains.annotations.Contract;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Unmodifiable;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Service;
 import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.server.ResponseStatusException;
 
 import java.util.*;
 import java.util.function.Function;
+import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
 /**
@@ -137,12 +135,19 @@ public class ClassRoomService extends EntityService<String, ClassRoomRepository,
     {
         if (hasRole("ADMINISTRATOR") || getRepository().existsUserInCourse(user, classroomId))
         {
-            return getRepository().findAllCoursesById(classroomId);
+            Stream<CourseEntity> courseEntities = getRepository().findAllCoursesById(classroomId).stream();
+            return courseEntities.map(CourseEntity::toModel).collect(Collectors.toUnmodifiableSet());
         }
 
         throw unauthorizedThrowable();
     }
 
+    public @NotNull @Unmodifiable Set<ClassRoomModel> loadClassesByUser(long user)
+    {
+        Stream<ClassRoomEntity> classRoomEntityStream = getRepository().findAllByUserId(user).stream();
+        return classRoomEntityStream.map(ClassRoomEntity::toModel).collect(Collectors.toUnmodifiableSet());
+    }
+
     /**
      * Fetches a {@link UserEntity} and validates that its account type is {@link AccountType#TEACHER}.
      * <p>
diff --git a/EEDU-Backend/src/main/java/de/gaz/eedu/course/room/RoomController.java b/EEDU-Backend/src/main/java/de/gaz/eedu/course/room/RoomController.java
@@ -23,20 +23,20 @@ public class RoomController extends EntityController<String, RoomService, RoomMo
     private final RoomService service;
 
     @PostMapping("/create")
-    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).ROOM_CREATE.toString())")
-    @Override
+    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).ROOM_CREATE.toString())") @Override
     public @NotNull ResponseEntity<RoomModel[]> create(@NotNull @RequestBody RoomCreateModel[] model) throws CreationException
     {
         return super.create(model);
     }
 
     @DeleteMapping("/delete/{id}")
-    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).ROOM_DELETE.toString())")
-    @Override public @NotNull ResponseEntity<Void> delete(@NotNull @PathVariable String[] id)
+    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).ROOM_DELETE.toString())") @Override
+    public @NotNull ResponseEntity<Void> delete(@NotNull @PathVariable String[] id)
     {
         return super.delete(id);
     }
 
     @GetMapping("/get/all")
-    @Override public @NotNull ResponseEntity<Set<RoomModel>> fetchAll() {return super.fetchAll();}
+    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).ROOM_GET.toString())") @Override
+    public @NotNull ResponseEntity<Set<RoomModel>> fetchAll() {return super.fetchAll();}
 }
diff --git a/EEDU-Backend/src/main/java/de/gaz/eedu/course/subject/SubjectController.java b/EEDU-Backend/src/main/java/de/gaz/eedu/course/subject/SubjectController.java
@@ -16,8 +16,6 @@
 
 import java.util.Set;
 
-//TODO manage access
-
 @Slf4j
 @RestController
 @RequestMapping("/api/v1/course/subject")
@@ -27,34 +25,36 @@ public class SubjectController extends EntityController<String, SubjectService,
     @Getter(AccessLevel.PROTECTED) private final SubjectService service;
 
     @PostMapping("/create")
-    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).SUBJECT_CREATE.toString())")
-    @Override public @NotNull ResponseEntity<SubjectModel[]> create(@NotNull @RequestBody SubjectCreateModel[] model) throws CreationException
+    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).SUBJECT_CREATE.toString())") @Override
+    public @NotNull ResponseEntity<SubjectModel[]> create(@NotNull @RequestBody SubjectCreateModel[] model) throws CreationException
     {
         return super.create(model);
     }
 
     @DeleteMapping("/delete/{id}")
-    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).SUBJECT_DELETE.toString())")
-    @Override public @NotNull ResponseEntity<Void> delete(@NotNull @PathVariable String[] id)
+    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).SUBJECT_DELETE.toString())") @Override
+    public @NotNull ResponseEntity<Void> delete(@NotNull @PathVariable String[] id)
     {
         return super.delete(id);
     }
 
-    //@PreAuthorize("isAuthenticated()")
-
     @GetMapping("/get/{id}")
-    @Override public @NotNull ResponseEntity<SubjectModel> getData(@NotNull @PathVariable String id)
+    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).SUBJECT_GET.toString())") @Override
+    public @NotNull ResponseEntity<SubjectModel> getData(@NotNull @PathVariable String id)
     {
         return super.getData(id);
     }
+
     @GetMapping("/get/all")
-    @Override public @NotNull ResponseEntity<Set<SubjectModel>> fetchAll()
+    @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).SUBJECT_GET.toString())") @Override
+    public @NotNull ResponseEntity<Set<SubjectModel>> fetchAll()
     {
         return super.fetchAll();
     }
 
-    @GetMapping("/courses/{subjects}")
-    public @NotNull ResponseEntity<CourseModel[]> getCourses(@NotNull @PathVariable String[] subjects)
+    @GetMapping("/courses/{subjects}") @PreAuthorize(
+            "hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).SUBJECT_GET.toString()) and hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_GET.toString())"
+    ) public @NotNull ResponseEntity<CourseModel[]> getCourses(@NotNull @PathVariable String[] subjects)
     {
         return ResponseEntity.ok(getService().loadCourses(subjects));
     }
diff --git a/EEDU-Backend/src/main/java/de/gaz/eedu/user/privileges/SystemPrivileges.java b/EEDU-Backend/src/main/java/de/gaz/eedu/user/privileges/SystemPrivileges.java
@@ -10,6 +10,10 @@
 public enum SystemPrivileges
 {
     CLASS_CREATE,
+    CLASS_ATTACH_USER,
+    CLASS_DETACH_USER,
+    CLASS_LINK_COURSE,
+    CLASS_UNLINK_CLASS,
     CLASS_DELETE,
     CLASS_GET,
 
@@ -22,6 +26,8 @@ public enum SystemPrivileges
     ROOM_GET,
 
     COURSE_CREATE,
+    COURSE_ATTACH_USER,
+    COURSE_DETACH_USER,
     COURSE_DELETE,
     COURSE_GET,
 

Original file line number	Diff line number	Diff line change
`@@ -17,8 +17,6 @@`
`17`	`17`
`18`	`18`	`import java.util.Set;`
`19`	`19`
`20`		`-//TODO manage access. Yes, I'll do it later`
`21`		`-`
`22`	`20`	`@Slf4j`
`23`	`21`	`@RestController`
`24`	`22`	`@RequestMapping("/api/v1/course")`
`@@ -36,60 +34,65 @@ public class CourseController extends EntityController<Long, CourseService, Cour`
`36`	`34`	`}`
`37`	`35`
`38`	`36`	`@PostMapping("/{course}/attach")`
	`37`	`+ @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_ATTACH_USER.toString())")`
`39`	`38`	`public @NotNull ResponseEntity<Void> attachUser(@PathVariable long course, @NotNull @RequestBody Long... users)`
`40`	`39`	`{`
`41`	`40`	`log.info("Received incoming request for attaching user(s) {} to course {}.", users, course);`
`42`	`41`	`return empty(getService().attachUser(course, users) ? HttpStatus.OK : HttpStatus.BAD_REQUEST);`
`43`	`42`	`}`
`44`	`43`
`45`	`44`	`@GetMapping("{course}/detach")`
	`45`	`+ @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_DETACH_USER.toString())")`
`46`	`46`	`public @NotNull ResponseEntity<Void> detachUser(@PathVariable long course, @NotNull @RequestBody Long... users)`
`47`	`47`	`{`
`48`	`48`	`log.info("Received incoming request for detaching user(s) {} from course {}.", users, course);`
`49`	`49`	`return empty(getService().detachUser(course, users) ? HttpStatus.OK : HttpStatus.BAD_REQUEST);`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`@PostMapping("/create")`
`53`		`- @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_CREATE.toString())")`
`54`		`- @Override public @NotNull ResponseEntity<CourseModel[]> create(@NotNull @RequestBody CourseCreateModel[] model)`
	`53`	`+ @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_CREATE.toString())") @Override`
	`54`	`+ public @NotNull ResponseEntity<CourseModel[]> create(@NotNull @RequestBody CourseCreateModel[] model)`
`55`	`55`	`{`
`56`	`56`	`return super.create(model);`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`@DeleteMapping("/delete/{id}")`
`60`		`- @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_DELETE.toString())")`
`61`		`- @Override public @NotNull ResponseEntity<Void> delete(@NotNull @PathVariable Long[] id)`
	`60`	`+ @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_DELETE.toString())") @Override`
	`61`	`+ public @NotNull ResponseEntity<Void> delete(@NotNull @PathVariable Long[] id)`
`62`	`62`	`{`
`63`	`63`	`return super.delete(id);`
`64`	`64`	`}`
`65`	`65`
	`66`	`+ @GetMapping("/users/{course}")`
	`67`	`+ public @NotNull ResponseEntity<ReducedUserModel[]> getUsers(@PathVariable long course)`
	`68`	`+ {`
	`69`	`+ return ResponseEntity.ok(getService().loadReducedModelsByCourse(course).toArray(new ReducedUserModel[0]));`
	`70`	`+ }`
	`71`	`+`
`66`	`72`	`@GetMapping("/get/{id}")`
`67`		`- @Override public @NotNull ResponseEntity<CourseModel> getData(@NotNull @PathVariable Long id)`
	`73`	`+ @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_GET.toString())") @Override`
	`74`	`+ public @NotNull ResponseEntity<CourseModel> getData(@NotNull @PathVariable Long id)`
`68`	`75`	`{`
`69`	`76`	`return super.getData(id);`
`70`	`77`	`}`
`71`	`78`
`72`		`- @GetMapping("/get/courses/{user}")`
`73`		`- public @NotNull ResponseEntity<CourseModel[]> getCourses(@PathVariable long user)`
	`79`	`+ @GetMapping("/get/all")`
	`80`	`+ @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_GET.toString())") @Override`
	`81`	`+ public @NotNull ResponseEntity<Set<CourseModel>> fetchAll()`
`74`	`82`	`{`
`75`		`- return ResponseEntity.ok(getService().getCourses(user));`
	`83`	`+ return super.fetchAll();`
`76`	`84`	`}`
`77`	`85`
`78`		`- @GetMapping("/get")`
	`86`	`+ @GetMapping("/get") @PreAuthorize("@verificationService.fullyAuthenticated()")`
`79`	`87`	`public @NotNull ResponseEntity<CourseModel[]> getOwnCourses(@AuthenticationPrincipal long user)`
`80`	`88`	`{`
`81`	`89`	`return getCourses(user);`
`82`	`90`	`}`
`83`	`91`
`84`		`- @GetMapping("/get/all")`
`85`		`- @Override public @NotNull ResponseEntity<Set<CourseModel>> fetchAll()`
`86`		`- {`
`87`		`- return super.fetchAll();`
`88`		`- }`
`89`		`-`
`90`		`- @GetMapping("/users/{course}")`
`91`		`- public @NotNull ResponseEntity<ReducedUserModel[]> getUsers(@PathVariable long course)`
	`92`	`+ @GetMapping("/get/courses/{user}")`
	`93`	`+ @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_GET.toString())")`
	`94`	`+ public @NotNull ResponseEntity<CourseModel[]> getCourses(@PathVariable long user)`
`92`	`95`	`{`
`93`		`- return ResponseEntity.ok(getService().loadReducedModelsByCourse(course).toArray(new ReducedUserModel[0]));`
	`96`	`+ return ResponseEntity.ok(getService().getCourses(user));`
`94`	`97`	`}`
`95`	`98`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,5 @@`
`1`	`1`	`package de.gaz.eedu.course.classroom;`
`2`	`2`
`3`		`-import de.gaz.eedu.course.CourseService;`
`4`	`3`	`import de.gaz.eedu.course.classroom.model.ClassRoomCreateModel;`
`5`	`4`	`import de.gaz.eedu.course.classroom.model.ClassRoomModel;`
`6`	`5`	`import de.gaz.eedu.course.model.CourseModel;`
`@@ -28,14 +27,17 @@ public class ClassRoomController extends EntityController<String, ClassRoomServi`
`28`	`27`	`private final ClassRoomService service;`
`29`	`28`
`30`	`29`	`@PostMapping("{course}/link/{classroom}")`
	`30`	`+ @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).CLASS_LINK_COURSE.toString())")`
`31`	`31`	`public @NotNull ResponseEntity<Void> linkClass(@PathVariable long course, @PathVariable String classroom)`
`32`	`32`	`{`
`33`	`33`	`log.info("Received incoming request for linking the class {} to course {}.", classroom, course);`
`34`	`34`
`35`	`35`	`return empty(getService().linkClass(course, classroom) ? HttpStatus.OK : HttpStatus.NOT_MODIFIED);`
`36`	`36`	`}`
`37`	`37`
`38`		`- @PostMapping("{course}/unlink") public @NotNull ResponseEntity<Void> unlinkClass(@PathVariable long course)`
	`38`	`+ @PostMapping("{course}/unlink")`
	`39`	`+ @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).CLASS_UNLINK_CLASS.toString())")`
	`40`	`+ public @NotNull ResponseEntity<Void> unlinkClass(@PathVariable long course)`
`39`	`41`	`{`
`40`	`42`	`log.info("Received incoming request for unlinking the current class from course {}.", course);`
`41`	`43`	`return empty(getService().unlinkClass(course) ? HttpStatus.OK : HttpStatus.NOT_MODIFIED);`
`@@ -60,18 +62,24 @@ public class ClassRoomController extends EntityController<String, ClassRoomServi`
`60`	`62`	`{`
`61`	`63`	`return super.delete(id);`
`62`	`64`	`}`
`63`		`-`
`64`	`65`	`@GetMapping("/get/{id}")`
`65`		`- @PreAuthorize("@verificationService.isFullyAuthenticated()")`
	`66`	`+ @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).CLASS_GET.toString())")`
`66`	`67`	`@Override public @NotNull ResponseEntity<ClassRoomModel> getData(@NotNull @PathVariable String id)`
`67`	`68`	`{`
`68`	`69`	`return super.getData(id);`
`69`	`70`	`}`
`70`	`71`
`71`	`72`	`@GetMapping("/get/all")`
`72`		`- @PreAuthorize("@verificationService.isFullyAuthenticated()")`
	`73`	`+ @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_GET.toString())")`
`73`	`74`	`@Override public @NotNull ResponseEntity<Set<ClassRoomModel>> fetchAll()`
`74`	`75`	`{`
`75`	`76`	`return super.fetchAll();`
`76`	`77`	`}`
	`78`	`+`
	`79`	`+ @GetMapping("/get")`
	`80`	`+ @PreAuthorize("@verificationService.fullyAuthenticated()")`
	`81`	`+ public @NotNull ResponseEntity<ClassRoomModel[]> getOwn(@AuthenticationPrincipal long user)`
	`82`	`+ {`
	`83`	`+ return ResponseEntity.ok(getService().loadClassesByUser(user).toArray(new ClassRoomModel[0]));`
	`84`	`+ }`
`77`	`85`	`}`
Original file line number	Diff line number	Diff line change
`@@ -23,20 +23,20 @@ public class RoomController extends EntityController<String, RoomService, RoomMo`
`23`	`23`	`private final RoomService service;`
`24`	`24`
`25`	`25`	`@PostMapping("/create")`
`26`		`- @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).ROOM_CREATE.toString())")`
`27`		`- @Override`
	`26`	`+ @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).ROOM_CREATE.toString())") @Override`
`28`	`27`	`public @NotNull ResponseEntity<RoomModel[]> create(@NotNull @RequestBody RoomCreateModel[] model) throws CreationException`
`29`	`28`	`{`
`30`	`29`	`return super.create(model);`
`31`	`30`	`}`
`32`	`31`
`33`	`32`	`@DeleteMapping("/delete/{id}")`
`34`		`- @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).ROOM_DELETE.toString())")`
`35`		`- @Override public @NotNull ResponseEntity<Void> delete(@NotNull @PathVariable String[] id)`
	`33`	`+ @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).ROOM_DELETE.toString())") @Override`
	`34`	`+ public @NotNull ResponseEntity<Void> delete(@NotNull @PathVariable String[] id)`
`36`	`35`	`{`
`37`	`36`	`return super.delete(id);`
`38`	`37`	`}`
`39`	`38`
`40`	`39`	`@GetMapping("/get/all")`
`41`		`- @Override public @NotNull ResponseEntity<Set<RoomModel>> fetchAll() {return super.fetchAll();}`
	`40`	`+ @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).ROOM_GET.toString())") @Override`
	`41`	`+ public @NotNull ResponseEntity<Set<RoomModel>> fetchAll() {return super.fetchAll();}`
`42`	`42`	`}`
Original file line number	Diff line number	Diff line change
`@@ -16,8 +16,6 @@`
`16`	`16`
`17`	`17`	`import java.util.Set;`
`18`	`18`
`19`		`-//TODO manage access`
`20`		`-`
`21`	`19`	`@Slf4j`
`22`	`20`	`@RestController`
`23`	`21`	`@RequestMapping("/api/v1/course/subject")`
`@@ -27,34 +25,36 @@ public class SubjectController extends EntityController<String, SubjectService,`
`27`	`25`	`@Getter(AccessLevel.PROTECTED) private final SubjectService service;`
`28`	`26`
`29`	`27`	`@PostMapping("/create")`
`30`		`- @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).SUBJECT_CREATE.toString())")`
`31`		`- @Override public @NotNull ResponseEntity<SubjectModel[]> create(@NotNull @RequestBody SubjectCreateModel[] model) throws CreationException`
	`28`	`+ @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).SUBJECT_CREATE.toString())") @Override`
	`29`	`+ public @NotNull ResponseEntity<SubjectModel[]> create(@NotNull @RequestBody SubjectCreateModel[] model) throws CreationException`
`32`	`30`	`{`
`33`	`31`	`return super.create(model);`
`34`	`32`	`}`
`35`	`33`
`36`	`34`	`@DeleteMapping("/delete/{id}")`
`37`		`- @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).SUBJECT_DELETE.toString())")`
`38`		`- @Override public @NotNull ResponseEntity<Void> delete(@NotNull @PathVariable String[] id)`
	`35`	`+ @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).SUBJECT_DELETE.toString())") @Override`
	`36`	`+ public @NotNull ResponseEntity<Void> delete(@NotNull @PathVariable String[] id)`
`39`	`37`	`{`
`40`	`38`	`return super.delete(id);`
`41`	`39`	`}`
`42`	`40`
`43`		`- //@PreAuthorize("isAuthenticated()")`
`44`		`-`
`45`	`41`	`@GetMapping("/get/{id}")`
`46`		`- @Override public @NotNull ResponseEntity<SubjectModel> getData(@NotNull @PathVariable String id)`
	`42`	`+ @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).SUBJECT_GET.toString())") @Override`
	`43`	`+ public @NotNull ResponseEntity<SubjectModel> getData(@NotNull @PathVariable String id)`
`47`	`44`	`{`
`48`	`45`	`return super.getData(id);`
`49`	`46`	`}`
	`47`	`+`
`50`	`48`	`@GetMapping("/get/all")`
`51`		`- @Override public @NotNull ResponseEntity<Set<SubjectModel>> fetchAll()`
	`49`	`+ @PreAuthorize("hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).SUBJECT_GET.toString())") @Override`
	`50`	`+ public @NotNull ResponseEntity<Set<SubjectModel>> fetchAll()`
`52`	`51`	`{`
`53`	`52`	`return super.fetchAll();`
`54`	`53`	`}`
`55`	`54`
`56`		`- @GetMapping("/courses/{subjects}")`
`57`		`- public @NotNull ResponseEntity<CourseModel[]> getCourses(@NotNull @PathVariable String[] subjects)`
	`55`	`+ @GetMapping("/courses/{subjects}") @PreAuthorize(`
	`56`	`+ "hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).SUBJECT_GET.toString()) and hasAuthority(T(de.gaz.eedu.user.privileges.SystemPrivileges).COURSE_GET.toString())"`
	`57`	`+ ) public @NotNull ResponseEntity<CourseModel[]> getCourses(@NotNull @PathVariable String[] subjects)`
`58`	`58`	`{`
`59`	`59`	`return ResponseEntity.ok(getService().loadCourses(subjects));`
`60`	`60`	`}`