Added logic so non-admin users only see their own data

robmelfi · Oct 14, 2018 · 0c440a2 · 0c440a2
1 parent ac05397
commit 0c440a2
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 11 deletions.
diff --git a/src/main/java/com/robmelfi/health/service/PointsService.java b/src/main/java/com/robmelfi/health/service/PointsService.java
@@ -1,8 +1,12 @@
 package com.robmelfi.health.service;
 
 import com.robmelfi.health.domain.Points;
+import com.robmelfi.health.domain.User;
 import com.robmelfi.health.repository.PointsRepository;
+import com.robmelfi.health.repository.UserRepository;
 import com.robmelfi.health.repository.search.PointsSearchRepository;
+import com.robmelfi.health.security.AuthoritiesConstants;
+import com.robmelfi.health.security.SecurityUtils;
 import com.robmelfi.health.service.dto.PointsDTO;
 import com.robmelfi.health.service.mapper.PointsMapper;
 import org.slf4j.Logger;
@@ -32,10 +36,13 @@ public class PointsService {
 
     private final PointsSearchRepository pointsSearchRepository;
 
-    public PointsService(PointsRepository pointsRepository, PointsMapper pointsMapper, PointsSearchRepository pointsSearchRepository) {
+    private final UserRepository userRepository;
+
+    public PointsService(PointsRepository pointsRepository, PointsMapper pointsMapper, PointsSearchRepository pointsSearchRepository, UserRepository userRepository) {
         this.pointsRepository = pointsRepository;
         this.pointsMapper = pointsMapper;
         this.pointsSearchRepository = pointsSearchRepository;
+        this.userRepository = userRepository;
     }
 
     /**
@@ -48,6 +55,10 @@ public PointsDTO save(PointsDTO pointsDTO) {
         log.debug("Request to save Points : {}", pointsDTO);
 
         Points points = pointsMapper.toEntity(pointsDTO);
+        if (!SecurityUtils.isCurrentUserInRole(AuthoritiesConstants.ADMIN)) {
+            log.debug("No user passed in, using current user: {}", SecurityUtils.getCurrentUserLogin());
+            points.setUser(userRepository.findOneByLogin(SecurityUtils.getCurrentUserLogin().get()).get());
+        }
         points = pointsRepository.save(points);
         PointsDTO result = pointsMapper.toDto(points);
         pointsSearchRepository.save(points);

diff --git a/src/main/webapp/app/entities/points/points-update.tsx b/src/main/webapp/app/entities/points/points-update.tsx
@@ -17,6 +17,8 @@ import { IPoints } from 'app/shared/model/points.model';
 // tslint:disable-next-line:no-unused-variable
 import { convertDateTimeFromServer } from 'app/shared/util/date-utils';
 import { mapIdList } from 'app/shared/util/entity-utils';
+import { hasAnyAuthority } from 'app/shared/auth/private-route';
+import { AUTHORITIES } from 'app/config/constants';
 
 export interface IPointsUpdateProps extends StateProps, DispatchProps, RouteComponentProps<{ id: string }> {}
 
@@ -69,7 +71,7 @@ export class PointsUpdate extends React.Component<IPointsUpdateProps, IPointsUpd
   };
 
   render() {
-    const { pointsEntity, users, loading, updating } = this.props;
+    const { pointsEntity, users, loading, updating, isAdmin } = this.props;
     const { isNew } = this.state;
 
     return (
@@ -130,18 +132,20 @@ export class PointsUpdate extends React.Component<IPointsUpdateProps, IPointsUpd
                     }}
                   />
                 </AvGroup>
-                <AvGroup>
-                  <Label for="user.login">User</Label>
-                  <AvInput id="points-user" type="select" className="form-control" name="userId">
-                    {users
-                      ? users.map(otherEntity => (
+                {isAdmin &&
+                  <AvGroup>
+                    <Label for="user.login">User</Label>
+                    <AvInput id="points-user" type="select" className="form-control" name="userId">
+                      {users
+                        ? users.map(otherEntity => (
                           <option value={otherEntity.id} key={otherEntity.id}>
                             {otherEntity.login}
                           </option>
                         ))
-                      : null}
-                  </AvInput>
-                </AvGroup>
+                        : null}
+                    </AvInput>
+                  </AvGroup>
+                }
                 <Button tag={Link} id="cancel-save" to="/entity/points" replace color="info">
                   <FontAwesomeIcon icon="arrow-left" />&nbsp;
                   <span className="d-none d-md-inline">Back</span>
@@ -163,7 +167,8 @@ const mapStateToProps = (storeState: IRootState) => ({
   users: storeState.userManagement.users,
   pointsEntity: storeState.points.entity,
   loading: storeState.points.loading,
-  updating: storeState.points.updating
+  updating: storeState.points.updating,
+  isAdmin: hasAnyAuthority(storeState.authentication.account.authorities, [AUTHORITIES.ADMIN]),
 });
 
 const mapDispatchToProps = {