From 5c8ce652cb4b62f615c500fb1bec70492a27b420 Mon Sep 17 00:00:00 2001 From: Pedro Henrique Da Cunha De Araujo Date: Mon, 3 Jul 2023 18:59:21 -0300 Subject: [PATCH] =?UTF-8?q?Cria=C3=A7=C3=A3o=20de=20EndPoint=20de=20Usuari?= =?UTF-8?q?o=20e=20Testes.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../minsait/api/controller/ApiController.java | 98 +++++++++++++++++++ .../minsait/api/controller/ApiSwagger.java | 43 ++++++++ .../api/controller/AuthController.java | 24 ++++- .../minsait/api/repository/UsuarioEntity.java | 14 +++ .../db/migration/V1_0__create_tables.sql | 5 +- 5 files changed, 180 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/minsait/api/controller/ApiController.java b/src/main/java/com/minsait/api/controller/ApiController.java index 88a78c0..767e202 100644 --- a/src/main/java/com/minsait/api/controller/ApiController.java +++ b/src/main/java/com/minsait/api/controller/ApiController.java @@ -3,8 +3,12 @@ import com.minsait.api.controller.dto.ClienteRequest; import com.minsait.api.controller.dto.ClienteResponse; import com.minsait.api.controller.dto.MessageResponse; +import com.minsait.api.controller.dto.UsuarioRequest; +import com.minsait.api.controller.dto.UsuarioResponse; import com.minsait.api.repository.ClienteEntity; import com.minsait.api.repository.ClienteRepository; +import com.minsait.api.repository.UsuarioEntity; +import com.minsait.api.repository.UsuarioRepository; import com.minsait.api.util.ObjectMapperUtil; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; @@ -15,6 +19,7 @@ import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PostAuthorize; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.web.bind.annotation.*; import java.time.LocalDateTime; @@ -27,6 +32,9 @@ public class ApiController implements ApiSwagger{ @Autowired private ClienteRepository clienteRepository; + @Autowired + private UsuarioRepository usuarioRepository; + @PreAuthorize("hasAuthority('LEITURA_CLIENTE')") @GetMapping("/cliente") public ResponseEntity> clienteFindAll(@RequestParam(required = false) String nome, @@ -104,4 +112,94 @@ public ResponseEntity findById(@PathVariable Long id){ return new ResponseEntity<>(clienteResponse, HttpStatus.OK); } + + @PreAuthorize("hasAuthority('LEITURA_USUARIO')") + @GetMapping("/usuario") + public ResponseEntity> usuarioFindAll(@RequestParam(required = false) String nome, + @RequestParam(required = false, defaultValue = "0") int page, + @RequestParam(required = false, defaultValue = "10") int pageSize) { + final var usuarioEntity = new UsuarioEntity(); + usuarioEntity.setLogin(nome); + Pageable pageable = PageRequest.of(page, pageSize); + + final Page usuarioEntityListPage = usuarioRepository.findAll(usuarioEntity.ususarioEntitySpecification(), pageable); + final Page usuarioResponseList = ObjectMapperUtil.mapAll(usuarioEntityListPage, UsuarioResponse.class); + return ResponseEntity.ok(usuarioResponseList); + } + + @PreAuthorize("hasAuthority('ESCRITA_USUARIO')") + @PostMapping("/usuario") + public ResponseEntity insertUser(@RequestBody UsuarioRequest request){ + + BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(); + String senha = encoder.encode(request.getSenha()); + final var usuarioEntity = ObjectMapperUtil.map(request, UsuarioEntity.class); + usuarioEntity.setSenha(senha); + final var usuarioInserted = usuarioRepository.save(usuarioEntity); + final var usuarioResponse = ObjectMapperUtil.map(usuarioInserted, UsuarioResponse.class); + + return new ResponseEntity<>(usuarioResponse, HttpStatus.CREATED); + } + + @PreAuthorize("hasAuthority('ESCRITA_USUARIO')") + @PutMapping("/usuario") + public ResponseEntity updateUser(@RequestBody UsuarioRequest request){ + final var usuarioEntityFound = usuarioRepository.findById(request.getId()); + if(usuarioEntityFound.isEmpty()){ + return new ResponseEntity<>(new UsuarioResponse(), HttpStatus.NOT_FOUND); + } + + final var usuarioEntity = ObjectMapperUtil.map(request, UsuarioEntity.class); + + BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(); + String senha = null; + if (request.getSenha() == null) { + senha = encoder.encode(usuarioEntityFound.get().getSenha()); + } else { + senha = encoder.encode(request.getSenha()); + } + + usuarioEntity.setSenha(senha); + + final var usuarioUpdated = usuarioRepository.save(usuarioEntity); + final var usuarioResponse = ObjectMapperUtil.map(usuarioUpdated, UsuarioResponse.class); + + return new ResponseEntity<>(usuarioResponse, HttpStatus.OK); + } + + @PreAuthorize("hasAuthority('ESCRITA_USUARIO')") + @DeleteMapping("/usuario/{id}") + public ResponseEntity deleteUser(@PathVariable Long id){ + final var usuarioEntityFound = usuarioRepository.findById(id); + if(usuarioEntityFound.isPresent()){ + usuarioRepository.delete(usuarioEntityFound.get()); + }else{ + return new ResponseEntity<>(MessageResponse.builder() + .message("Usuario não encontrado!") + .date(LocalDateTime.now()) + .error(false) + .build(), HttpStatus.NOT_FOUND); + } + + return new ResponseEntity<>(MessageResponse.builder() + .message("OK") + .date(LocalDateTime.now()) + .error(false) + .build(), HttpStatus.OK); + } + + @PreAuthorize("hasAuthority('LEITURA_USUARIO')") + @GetMapping("/usuario/{id}") + public ResponseEntity findUsuarioById(@PathVariable Long id){ + final var usuarioEntity = usuarioRepository.findById(id); + UsuarioResponse usuarioResponse = new UsuarioResponse(); + + if (usuarioEntity.isPresent()){ + usuarioResponse = ObjectMapperUtil.map(usuarioEntity.get(), UsuarioResponse.class); + }else{ + return new ResponseEntity<>(usuarioResponse, HttpStatus.NOT_FOUND); + } + + return new ResponseEntity<>(usuarioResponse, HttpStatus.OK); + } } \ No newline at end of file diff --git a/src/main/java/com/minsait/api/controller/ApiSwagger.java b/src/main/java/com/minsait/api/controller/ApiSwagger.java index 4eccc58..60aa57e 100644 --- a/src/main/java/com/minsait/api/controller/ApiSwagger.java +++ b/src/main/java/com/minsait/api/controller/ApiSwagger.java @@ -3,6 +3,8 @@ import com.minsait.api.controller.dto.ClienteRequest; import com.minsait.api.controller.dto.ClienteResponse; import com.minsait.api.controller.dto.MessageResponse; +import com.minsait.api.controller.dto.UsuarioRequest; +import com.minsait.api.controller.dto.UsuarioResponse; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.responses.ApiResponse; import io.swagger.v3.oas.annotations.tags.Tag; @@ -63,4 +65,45 @@ public interface ApiSwagger { } ) public ResponseEntity findById(Long id); + + @Operation(summary = "Busca todos os usuarios", + responses = { + @ApiResponse(responseCode = "200", description = "Dados do usuario retornados com sucesso"), + @ApiResponse(responseCode = "400", description = "Parâmetros inválidos"), + @ApiResponse(responseCode = "500", description = "Erro interno"), + @ApiResponse(responseCode = "403", description = "Acesso negado"), + } + ) + public ResponseEntity> usuarioFindAll(String nome, int page, int pagesize); + + @Operation(summary = "Insere um novo usuario", + responses = { + @ApiResponse(responseCode = "200", description = "Usuario inserido com sucesso"), + @ApiResponse(responseCode = "400", description = "Parâmetros inválidos"), + @ApiResponse(responseCode = "500", description = "Erro interno"), + @ApiResponse(responseCode = "403", description = "Acesso negado"), + } + ) + public ResponseEntity insertUser(UsuarioRequest request); + + @Operation(summary = "Atualiza um usuario", + responses = { + @ApiResponse(responseCode = "200", description = "Usuario atualizado com sucesso"), + @ApiResponse(responseCode = "400", description = "Parâmetros inválidos"), + @ApiResponse(responseCode = "500", description = "Erro interno"), + @ApiResponse(responseCode = "403", description = "Acesso negado"), + } + ) + public ResponseEntity updateUser(UsuarioRequest request); + + @Operation(summary = "Exclui um usuario", + responses = { + @ApiResponse(responseCode = "200", description = "Usuario excluído com sucesso"), + @ApiResponse(responseCode = "400", description = "Parâmetros inválidos"), + @ApiResponse(responseCode = "404", description = "Cliente não encontrado"), + @ApiResponse(responseCode = "500", description = "Erro interno"), + @ApiResponse(responseCode = "403", description = "Acesso negado"), + } + ) + public ResponseEntity deleteUser(Long id); } diff --git a/src/main/java/com/minsait/api/controller/AuthController.java b/src/main/java/com/minsait/api/controller/AuthController.java index e2bff0f..f8e4c24 100644 --- a/src/main/java/com/minsait/api/controller/AuthController.java +++ b/src/main/java/com/minsait/api/controller/AuthController.java @@ -2,6 +2,7 @@ import com.minsait.api.controller.dto.GetTokenRequest; import com.minsait.api.controller.dto.GetTokenResponse; +import com.minsait.api.repository.UsuarioEntity; import com.minsait.api.repository.UsuarioRepository; import com.minsait.api.sicurity.util.JWTUtil; import org.springframework.beans.factory.annotation.Autowired; @@ -32,15 +33,32 @@ public class AuthController { public ResponseEntity getToken(@RequestBody GetTokenRequest request){ if(request.getPassword().equals("12345") && request.getUserName().equals("root")){ final ArrayList permissions = new ArrayList<>(); - permissions.add("LEITURA_CLIENTE"); - permissions.add("ESCRITA_CLIENTE"); + permissions.add("LEITURA_USUARIO"); + permissions.add("ESCRITA_USUARIO"); + + UsuarioEntity usuarioEncontrado = usuarioRepository.findByLogin(request.getUserName()); final var token =jwtUtil.generateToken("admin", permissions, 5); + BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(); + encoder.matches(request.getPassword(), usuarioEncontrado.getSenha()); return new ResponseEntity<>(GetTokenResponse.builder() .accessToken(token) .build(), HttpStatus.OK); }else{ - return new ResponseEntity<>(GetTokenResponse.builder().build(), HttpStatus.UNAUTHORIZED); + UsuarioEntity usuarioEncontrado = usuarioRepository.findByLogin(request.getUserName()); + + final var usuarioEntityFound = usuarioRepository.findById(usuarioEncontrado.getId()); + if(usuarioEntityFound.isEmpty()){ + return new ResponseEntity<>(GetTokenResponse.builder().build(), HttpStatus.NOT_FOUND); + } + final ArrayList permissions = new ArrayList<>(List.of(usuarioEncontrado.getPermissoes().split(","))); + + final var token =jwtUtil.generateToken(usuarioEncontrado.getLogin(), permissions, Math.toIntExact(usuarioEncontrado.getId())); + BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(); + encoder.matches(request.getPassword(), usuarioEncontrado.getSenha()); + return new ResponseEntity<>(GetTokenResponse.builder() + .accessToken(token) + .build(), HttpStatus.OK); } } } diff --git a/src/main/java/com/minsait/api/repository/UsuarioEntity.java b/src/main/java/com/minsait/api/repository/UsuarioEntity.java index c6e2ada..4d01f0c 100644 --- a/src/main/java/com/minsait/api/repository/UsuarioEntity.java +++ b/src/main/java/com/minsait/api/repository/UsuarioEntity.java @@ -37,4 +37,18 @@ public class UsuarioEntity { @Column(name = "PERMISSOES") private String permissoes; + public Specification ususarioEntitySpecification() { + + return (root, query, criteriaBuilder) -> { + + List predicates = new ArrayList<>(); + + if (this.getNome() != null) { + + predicates.add(criteriaBuilder.like(criteriaBuilder.lower(root.get("nome")), + "%" + this.getNome().trim().toLowerCase() + "%")); + } + return criteriaBuilder.and(predicates.toArray(new Predicate[0])); + }; + } } diff --git a/src/main/resources/db/migration/V1_0__create_tables.sql b/src/main/resources/db/migration/V1_0__create_tables.sql index a13b393..17d213f 100644 --- a/src/main/resources/db/migration/V1_0__create_tables.sql +++ b/src/main/resources/db/migration/V1_0__create_tables.sql @@ -33,4 +33,7 @@ INSERT INTO API.CLIENTE (ID_CLIENTE, NOME, ENDERECO, EMAIL, TELEFONE) VALUES (AP INSERT INTO API.CLIENTE (ID_CLIENTE, NOME, ENDERECO, EMAIL, TELEFONE) VALUES (API.SQ_ID_CLIENTE.nextval,'Jão','Rua H, 343','jose14@outlook.com','53 988098432'); INSERT INTO API.CLIENTE (ID_CLIENTE, NOME, ENDERECO, EMAIL, TELEFONE) VALUES (API.SQ_ID_CLIENTE.nextval,'Manolo','Rua M, 342','jose14@outlook.com','53 98098234'); INSERT INTO API.CLIENTE (ID_CLIENTE, NOME, ENDERECO, EMAIL, TELEFONE) VALUES (API.SQ_ID_CLIENTE.nextval,'Wlisses','Rua N, 341','jose14@outlook.com','53 98098234'); -INSERT INTO API.CLIENTE (ID_CLIENTE, NOME, ENDERECO, EMAIL, TELEFONE) VALUES (API.SQ_ID_CLIENTE.nextval,'Leonardo','Rua O, 320','jose14@outlook.com','53 980928347'); \ No newline at end of file +INSERT INTO API.CLIENTE (ID_CLIENTE, NOME, ENDERECO, EMAIL, TELEFONE) VALUES (API.SQ_ID_CLIENTE.nextval,'Leonardo','Rua O, 320','jose14@outlook.com','53 980928347'); + +INSERT INTO API.USUARIO (ID_USUARIO, NOME, LOGIN, SENHA, EMAIL, PERMISSOES) VALUES (API.SQ_ID_USUARIO.nextval,'Pedro','root', '12345','peedroo.heenrique.ph@gmail.com','ESCRITA_USUARIO, LEITURA_USUARIO'); +INSERT INTO API.USUARIO (ID_USUARIO, NOME, LOGIN, SENHA, EMAIL, PERMISSOES) VALUES (API.SQ_ID_USUARIO.nextval,'Henrique','exclusao', '12345','jose14@outlook.com','ESCRITA_USUARIO, LEITURA_USUARIO'); \ No newline at end of file