Merge pull request #73 from insea-connect/drives

Drives

packages/insea-connect-backend/src/main/java/ma/insea/connect/config/security/SecurityConfig.java

@@ -47,6 +47,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                                 .requestMatchers(HttpMethod.POST, "/api/refreshToken").permitAll()
                                 .requestMatchers(HttpMethod.GET, "/ws/**").permitAll()
                                 .requestMatchers(HttpMethod.GET, "/swagger-ui/**").permitAll()
+                                .requestMatchers(HttpMethod.GET, "/uploads/**").permitAll()
                                 .requestMatchers(HttpMethod.GET, "/api/user/*").hasRole("ADMIN")
                                 .requestMatchers(HttpMethod.POST, "/user.addUser").hasRole("ADMIN")
                                 .anyRequest().authenticated()

packages/insea-connect-backend/src/main/java/ma/insea/connect/drive/controller/DriveItemController.java

@@ -3,17 +3,14 @@
 
 import lombok.RequiredArgsConstructor;
 import ma.insea.connect.drive.dto.DriveItemDto;
-import ma.insea.connect.drive.dto.FolderDto;
 import ma.insea.connect.drive.dto.DriveUserDto;
 import ma.insea.connect.drive.model.DriveItem;
 import ma.insea.connect.drive.model.File;
 import ma.insea.connect.drive.model.Folder;
-import ma.insea.connect.drive.service.DriveItemServiceImpl;
 import ma.insea.connect.user.DegreePath;
 import ma.insea.connect.user.User;
 import ma.insea.connect.utils.Functions;
 
-import org.apache.http.protocol.HTTP;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -24,6 +21,7 @@
 import java.time.LocalDateTime;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Optional;
 
 
 @RestController
@@ -127,5 +125,23 @@ public ResponseEntity<HttpStatus> handleFileUpload(@RequestParam("file") Multipa
     public List<DegreePath> getDegreePaths() {
         return degreePathRepository.findAll();
     }
+    @PreAuthorize("hasRole('ADMIN') or hasRole('CLASS_REP')")
+    @DeleteMapping("drive/items/{itemId}")
+    public ResponseEntity<HttpStatus> deleteDriveItem( @PathVariable Long itemId) {
+        User user = functions.getConnectedUser();
+        Optional<DriveItem> optionalDriveItem = driveItemRepository.findById(itemId);
+        if (!optionalDriveItem.isPresent()) {
+            return ResponseEntity.notFound().build();
+        }
+        DriveItem driveItem = optionalDriveItem.get();        if(!functions.checkPermission(user, driveItem.getDegreePath())){
+            return new ResponseEntity(HttpStatus.UNAUTHORIZED);
+        }
+        if(driveItem instanceof Folder){
+            folderService.deleteFolder(itemId);
+        }else{
+            fileRepository.deleteById(itemId);
+        }
+        return new ResponseEntity(HttpStatus.NO_CONTENT);
+    }
 
 }

packages/insea-connect-backend/src/main/java/ma/insea/connect/drive/controller/FileController.java

@@ -41,17 +41,4 @@ public ResponseEntity<File> updateFile(@PathVariable Long fileId, File file) {
         }
         return ResponseEntity.ok(fileService.updateFile(fileId, file));
     }
-
-    @PreAuthorize("hasRole('CLASS_REP')")
-    @DeleteMapping("/{fileId}")
-    public ResponseEntity<File> deleteFile(@PathVariable Long fileId) {
-        User user = functions.getConnectedUser();
-        if(!functions.checkPermission(user, fileService.getFileById(fileId).getDegreePath()))  {
-            return ResponseEntity.notFound().build();
-        }
-        if (!fileService.deleteFile(fileId)) {
-            return ResponseEntity.notFound().build();
-        }
-        return ResponseEntity.noContent().build();
-    }
 }

packages/insea-connect-backend/src/main/java/ma/insea/connect/drive/controller/FolderController.java

@@ -1,12 +1,7 @@
 package ma.insea.connect.drive.controller;
 
-import ma.insea.connect.chat.group.GroupRepository;
-import ma.insea.connect.drive.dto.DriveItemDto;
 import ma.insea.connect.drive.dto.DriveUserDto;
 import ma.insea.connect.drive.dto.FolderDto;
-import ma.insea.connect.drive.model.File;
-import ma.insea.connect.drive.service.DriveItemService;
-import ma.insea.connect.drive.service.FolderService;
 import ma.insea.connect.user.DegreePath;
 import ma.insea.connect.user.User;
 import ma.insea.connect.utils.Functions;
@@ -15,23 +10,17 @@
 import lombok.RequiredArgsConstructor;
 
 
-import ma.insea.connect.drive.model.DriveItem;
 import ma.insea.connect.drive.model.Folder;
 import ma.insea.connect.drive.repository.DegreePathRepository;
-import ma.insea.connect.drive.repository.FileRepository;
 import ma.insea.connect.drive.repository.FolderRepository;
 import ma.insea.connect.drive.service.FolderServiceImpl;
 
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.web.multipart.MultipartFile;
 
 
 import java.time.LocalDateTime;
-import java.util.ArrayList;
-import java.util.List;
 
 @RestController
 @RequestMapping("/api/v1")
@@ -44,7 +33,7 @@ public class FolderController {
     private final DegreePathRepository degreePathRepository;
     private final FolderRepository folderRepository;
 
-    @PreAuthorize("hasRole('CLASS_REP')")
+    @PreAuthorize("hasRole('ADMIN') or hasRole('CLASS_REP')")
     @PostMapping("drive/{degreePathId}/folders/{parentId}/items")
     public ResponseEntity<FolderDto> createItem(@PathVariable Long degreePathId, @PathVariable Long parentId, @RequestBody FolderDto folderDto) {
         User user = functions.getConnectedUser();
@@ -128,18 +117,4 @@ public ResponseEntity<Folder> updateFolder(@PathVariable Long folderId, Folder f
         }
         return ResponseEntity.ok(folderService.updateFolder(folderId, folder));
     }
-
-    @PreAuthorize("hasRole('CLASS_REP')")
-    @DeleteMapping("/{folderId}")
-    public ResponseEntity<Boolean> deleteFolder(@PathVariable Long folderId, Folder folder) {
-        User user = functions.getConnectedUser();
-        if(!functions.checkPermission(user, folder.getDegreePath())){
-            return ResponseEntity.notFound().build();
-        }
-        if (!folderService.deleteFolder(folderId)) {
-            return ResponseEntity.notFound().build();
-        }
-        return ResponseEntity.noContent().build();
-    }
-
 }

packages/insea-connect-backend/src/main/java/ma/insea/connect/utils/Functions.java

@@ -6,6 +6,8 @@
 import java.nio.file.Paths;
 
 import ma.insea.connect.user.DegreePath;
+
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
@@ -16,10 +18,12 @@
 import ma.insea.connect.user.User;
 import ma.insea.connect.user.UserRepository;
 
+
 @Component
 @RequiredArgsConstructor
 public class Functions {
-    private static final String UPLOAD_DIR = "packages\\insea-connect-backend\\src\\main\\resources\\static\\uploads";
+    @Value("${UPLOAD_DIR}")
+    private String UPLOAD_DIR;
 
     private final UserRepository userRepository;
     public User getConnectedUser() {

packages/insea-connect-backend/src/main/resources/application-dev.properties.sample

@@ -16,4 +16,5 @@ spring.security.oauth2.client.registration.keycloak.client-secret=**********
 spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8088/realms/INSEA-CONNECT
 allowedserver = http://localhost:3000
 spring.servlet.multipart.max-file-size=50MB
-spring.servlet.multipart.max-request-size=50MB
+spring.servlet.multipart.max-request-size=50MB
+UPLOAD_DIR = src\\main\\resources\\static\\uploads