Create home page

README.md

@@ -0,0 +1 @@
+# findwork.com

src/main/java/com/findwork/findwork/Controllers/CompanyController.java

@@ -1,10 +1,11 @@
 package com.findwork.findwork.Controllers;
 
+import com.findwork.findwork.Entities.Users.UserCompany;
 import com.findwork.findwork.Requests.EditCompanyRequest;
-import com.findwork.findwork.Services.OfferService;
 import com.findwork.findwork.Services.UserService;
 import com.findwork.findwork.Services.ValidationService;
 import lombok.AllArgsConstructor;
+import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -22,20 +23,6 @@ public class CompanyController {
 
     private final UserService userService;
     private final ValidationService validationService;
-    private final OfferService offerService;
-
-//    @GetMapping("/{id}/offers")
-//    public String getCompanyOffers(@PathVariable UUID id, Model model) {
-//        List<JobOffer> offers = new ArrayList<>();
-//        try {
-//            offers = offerService.getCompanyOffers(id);
-//        } catch (Exception e) {
-//            model.addAttribute("error", e.getMessage());
-//        }
-//        model.addAttribute("company", userService.loadUserCompanyById(id));
-//        model.addAttribute("offers", offers);
-//        return "company";
-//    }
 
     @GetMapping("/{id}")
     public String getCompanyPage(@PathVariable UUID id, Model model) {
@@ -44,20 +31,27 @@ public String getCompanyPage(@PathVariable UUID id, Model model) {
     }
 
     @GetMapping("/{id}/edit")
-    public String getEditPageCompany(@PathVariable UUID id, Model model) {
+    public String getEditPageCompany(@PathVariable UUID id, Model model, Authentication auth) {
+        if (!id.equals(((UserCompany) auth.getPrincipal()).getId()))
+            return "redirect:/company/" + id;
+
         model.addAttribute("company", userService.loadUserCompanyById(id));
         return "editCompany";
     }
 
     @PostMapping("/{id}")
-    public String editCompany(@PathVariable UUID id, EditCompanyRequest request, RedirectAttributes atrr) {
+    public String editCompany(@PathVariable UUID id, EditCompanyRequest request, RedirectAttributes atrr, Authentication auth) {
+        if (!id.equals(((UserCompany) auth.getPrincipal()).getId()))
+            return "redirect:/company/" + id;
+
         try {
             validationService.validateEditCompanyRequest(request);
             userService.editCompany(id, request);
         } catch (Exception e) {
             atrr.addFlashAttribute("error", e.getMessage());
             return "redirect:/company/" + id + "/edit";
         }
+
         return "redirect:/company/" + id;
     }
 

src/main/java/com/findwork/findwork/Controllers/JobOfferController.java

@@ -14,10 +14,7 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.*;
 import org.springframework.web.servlet.mvc.support.RedirectAttributes;
 
 import java.util.List;
@@ -31,8 +28,20 @@ public class JobOfferController {
     private final OfferService offerService;
 
     @GetMapping("/")
-    public String getAllOffers(Model model) {
-        List<JobOffer> offers = offerService.getAllOffers();
+    public String getAllOffers(Model model,
+                               @RequestParam(required = false) String search,
+                               @RequestParam(required = false) String jobCategory,
+                               @RequestParam(required = false) String jobLevel) {
+        List<JobOffer> offers;
+
+        if (jobCategory != null && jobCategory.equals("--Any--"))
+            jobCategory = null;
+
+        if (jobLevel != null && jobLevel.equals("--Any--"))
+            jobLevel = null;
+
+        offers = offerService.getOffers(search, jobCategory, jobLevel);
+
         model.addAttribute("offers", offers);
         model.addAttribute("levels", JobLevel.values());
         model.addAttribute("categories", Category.values());
@@ -60,24 +69,33 @@ public String createOffer(Authentication auth, CreateJobOfferRequest request, Re
             return "redirect:/offers/create";
         }
 
-        return "redirect:/offer/" + questionableOffer.getId();
+        return "redirect:/offers/" + questionableOffer.getId();
     }
 
     @PostMapping("/{id}/remove")
     public String removeOffer(@PathVariable UUID id, RedirectAttributes attr, Authentication auth) {
         UserCompany company = (UserCompany) auth.getPrincipal();
+        if (!offerService.loadOfferById(id).getCompany().getId().equals(company.getId()))
+            return "redirect:/offers/" + id;
+
         try {
-            offerService.removeOffer(company, id);
+            offerService.removeOffer(id);
         } catch (Exception e) {
             attr.addFlashAttribute("error", e.getMessage());
             return "redirect:/offers/" + id;
         }
+
         return "redirect:/company/" + company.getId();
     }
 
     @GetMapping("/{id}/edit")
-    String getEditOfferPage(@PathVariable UUID id, Model model) {
+    String getEditOfferPage(@PathVariable UUID id, Model model, Authentication auth) {
         JobOffer offer = offerService.loadOfferById(id);
+
+        UserCompany company = (UserCompany) auth.getPrincipal();
+        if (!offer.getCompany().getId().equals(company.getId()))
+            return "redirect:/offers/" + id;
+
         model.addAttribute("offer", offer);
         model.addAttribute("levels", JobLevel.values());
         model.addAttribute("categories", Category.values());
@@ -99,7 +117,11 @@ String getOfferPage(@PathVariable UUID id, Model model, Authentication auth) {
     }
 
     @GetMapping("/{id}/applications")
-    public String getOfferApplications(@PathVariable UUID id, Model model) {
+    public String getOfferApplications(@PathVariable UUID id, Model model, Authentication auth) {
+        UserCompany company = (UserCompany) auth.getPrincipal();
+        if (!offerService.loadOfferById(id).getCompany().getId().equals(company.getId()))
+            return "redirect:/offers/" + id;
+
         List<JobApplication> applications = offerService.getOfferApplications(id);
 
         model.addAttribute("offer", offerService.loadOfferById(id));
@@ -108,14 +130,19 @@ public String getOfferApplications(@PathVariable UUID id, Model model) {
     }
 
     @PostMapping("/{id}")
-    public String editOffer(@PathVariable UUID id, EditJobOfferRequest request, Model model) {
+    public String editOffer(@PathVariable UUID id, EditJobOfferRequest request, Model model, Authentication auth) {
+        UserCompany company = (UserCompany) auth.getPrincipal();
+        if (!offerService.loadOfferById(id).getCompany().getId().equals(company.getId()))
+            return "redirect:/offers/" + id;
+
         try {
             validationService.validateEditJobOfferRequest(request);
             offerService.editOffer(id, request);
         } catch (Exception e) {
             model.addAttribute("error", e.getMessage());
             return "editOffer";
         }
+
         return "redirect:/offers/" + id;
     }
 

src/main/java/com/findwork/findwork/Controllers/UserController.java

@@ -1,9 +1,11 @@
 package com.findwork.findwork.Controllers;
 
+import com.findwork.findwork.Entities.Users.UserPerson;
 import com.findwork.findwork.Requests.EditPersonRequest;
 import com.findwork.findwork.Services.UserService;
 import com.findwork.findwork.Services.ValidationService;
 import lombok.AllArgsConstructor;
+import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -28,13 +30,25 @@ public String getPersonPage(@PathVariable UUID id, Model model) {
     }
 
     @GetMapping("/{id}/edit")
-    public String getEditPagePerson(@PathVariable UUID id, Model model) {
-        model.addAttribute("user", userService.loadUserById(id));
+    public String getEditPagePerson(@PathVariable UUID id, Model model, Authentication auth) {
+        UserPerson loggedIn = (UserPerson) auth.getPrincipal();
+        UserPerson user = userService.loadUserById(id);
+
+        if (!loggedIn.getId().equals(user.getId()))
+            return "redirect:/user/" + id;
+
+        model.addAttribute("user", user);
         return "editPerson";
     }
 
     @PostMapping("/{id}")
-    public String editPerson(@PathVariable UUID id, EditPersonRequest request, Model model) {
+    public String editPerson(@PathVariable UUID id, EditPersonRequest request, Model model, Authentication auth) {
+        UserPerson loggedIn = (UserPerson) auth.getPrincipal();
+        UserPerson user = userService.loadUserById(id);
+
+        if (!loggedIn.getId().equals(user.getId()))
+            return "redirect:/user/" + id;
+
         try {
             validationService.validateEditPersonRequest(request);
             userService.editPerson(id, request);

src/main/java/com/findwork/findwork/Repositories/JobOfferRepository.java

@@ -1,17 +1,11 @@
 package com.findwork.findwork.Repositories;
 
 import com.findwork.findwork.Entities.JobOffer;
-import com.findwork.findwork.Entities.Users.UserCompany;
 import org.springframework.data.jpa.repository.JpaRepository;
-import org.springframework.data.jpa.repository.Query;
 
-import java.util.List;
-import java.util.Set;
 import java.util.UUID;
 
 public interface JobOfferRepository extends JpaRepository<JobOffer, UUID> {
 
     JobOffer findJobOfferById(UUID id);
-
-    List<JobOffer> findJobOfferByCompany(UserCompany company);
 }

src/main/java/com/findwork/findwork/Security/config/WebSecurityConfig.java

@@ -3,6 +3,7 @@
 import com.findwork.findwork.Services.UserService;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
@@ -17,14 +18,23 @@ public class WebSecurityConfig {
     private final UserService userService;
     private final BCryptPasswordEncoder encoder;
 
+    public WebSecurityConfig(UserService userService, BCryptPasswordEncoder encoder) {
+        this.userService = userService;
+        this.encoder = encoder;
+    }
+
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
                 .csrf()
                 .disable()
                 .authorizeRequests()
-                .antMatchers("/**")
-                .permitAll()
+                .antMatchers("/offers/{id}/edit", "/offers/{id}/remove", "/offers/create", "/offers/{id}/applications", "/company/{id}/edit").hasAuthority("Company")
+                .antMatchers(HttpMethod.POST, "/offers/{id}", "/company/{id}").hasAuthority("Company")
+                .antMatchers("/login", "/register/**", "/offers/", "/offers/{id}", "/", "/company/{id}").permitAll()
+                .antMatchers("/offers/{id}/**", "/user/{id}/edit").hasAuthority("User")
+                .antMatchers(HttpMethod.POST, "/user/{id}").hasAuthority("User")
+                .antMatchers("user/{id}").authenticated()
                 .and()
                 .formLogin()
                 .loginPage("/login")
@@ -50,9 +60,4 @@ public DaoAuthenticationProvider daoAuthenticationProvider() {
         provider.setUserDetailsService(userService);
         return provider;
     }
-
-    public WebSecurityConfig(UserService userService, BCryptPasswordEncoder encoder) {
-        this.userService = userService;
-        this.encoder = encoder;
-    }
 }

src/main/java/com/findwork/findwork/Services/OfferService.java

@@ -9,23 +9,28 @@
 import com.findwork.findwork.Enums.JobLevel;
 import com.findwork.findwork.Repositories.JobApplicationRepository;
 import com.findwork.findwork.Repositories.JobOfferRepository;
-import com.findwork.findwork.Repositories.UserCompanyRepository;
 import com.findwork.findwork.Repositories.UserSavedOfferRepository;
 import com.findwork.findwork.Requests.CreateJobOfferRequest;
 import com.findwork.findwork.Requests.EditJobOfferRequest;
 import lombok.AllArgsConstructor;
 import org.springframework.stereotype.Service;
 
+import javax.persistence.EntityManager;
+import javax.persistence.Query;
+import javax.persistence.criteria.CriteriaBuilder;
+import javax.persistence.criteria.CriteriaQuery;
+import javax.persistence.criteria.Predicate;
+import javax.persistence.criteria.Root;
 import java.util.List;
 import java.util.UUID;
 
 @Service
 @AllArgsConstructor
 public class OfferService {
     private final JobOfferRepository jobRepo;
-    private final UserCompanyRepository companyRepo;
     private final JobApplicationRepository applicationRepo;
     private final UserSavedOfferRepository savedOffersRepo;
+    private final EntityManager entityManager;
 
     public JobOffer loadOfferById(UUID id) {
         return jobRepo.findJobOfferById(id);
@@ -37,20 +42,57 @@ public JobOffer createOffer(CreateJobOfferRequest r, UserCompany company) {
         return offer;
     }
 
-    public List<JobOffer> getAllOffers() {
-        List<JobOffer> offers = jobRepo.findAll();
-        return offers;
+    public List<JobOffer> getOffers(String search, String category, String level) {
+        if (search == null && category == null && level == null)
+            return jobRepo.findAll();
+
+        Category jobCategory = null;
+        JobLevel jobLevel = null;
+
+        if (category != null && !category.equals("--Any--"))
+            jobCategory = Category.valueOf(category);
+        if (level != null && !level.equals("--Any--"))
+            jobLevel = JobLevel.valueOf(level);
+
+        CriteriaBuilder cb = entityManager.getCriteriaBuilder();
+        CriteriaQuery<JobOffer> cq = cb.createQuery(JobOffer.class);
+        Root<JobOffer> offer = cq.from(JobOffer.class);
+        cq.select(offer);
+
+        Predicate currentPredicate = null;
+        Predicate newPredicate;
+        if (search != null) {
+            newPredicate = cb.like(cb.upper(offer.get("title")), "%" + search.toUpperCase() + "%");
+            currentPredicate = newPredicate;
+        }
+
+        if (jobCategory != null) {
+            newPredicate = cb.equal(offer.get("jobCategory"), jobCategory);
+
+            if (currentPredicate != null)
+                currentPredicate = cb.and(currentPredicate, newPredicate);
+            else {
+                currentPredicate = newPredicate;
+            }
+        }
+
+        if (jobLevel != null) {
+            newPredicate = cb.equal(offer.get("jobLevel"), jobLevel);
+
+            if (currentPredicate != null)
+                currentPredicate = cb.and(currentPredicate, newPredicate);
+            else {
+                currentPredicate = newPredicate;
+            }
+        }
+
+        cq.where(currentPredicate);
+        Query query = entityManager.createQuery(cq);
+
+        return query.getResultList();
     }
 
-    public List<JobOffer> getCompanyOffers(UUID id) throws Exception {
-        UserCompany questionableCompany = companyRepo.findUserCompanyById(id);
-        if (questionableCompany == null)
-            throw new Exception("Such company does not exist.");
-        List<JobOffer> offers = jobRepo.findJobOfferByCompany(questionableCompany);
-        return offers;
-    }
-
-    public void removeOffer(UserCompany company, UUID id) throws Exception {
+    public void removeOffer(UUID id) throws Exception {
         JobOffer questionableOffer = jobRepo.findJobOfferById(id);
 
         if (questionableOffer == null)