diff options
author | 2016-11-28 13:09:34 +0300 | |
---|---|---|
committer | 2016-11-28 13:09:34 +0300 | |
commit | 1679b35661297fd9a6693b03cadcdbc1ab5a4203 (patch) | |
tree | ec2457286fcf93f1c227da369c0c39c98aa853df /juick-api/src/main/java/com/juick/api/controllers/Users.java | |
parent | bc23d2d2125d2086847397e85335f29a70668f6b (diff) |
juick-api: all controllers are using spring-security and @RequestParam
Diffstat (limited to 'juick-api/src/main/java/com/juick/api/controllers/Users.java')
-rw-r--r-- | juick-api/src/main/java/com/juick/api/controllers/Users.java | 61 |
1 files changed, 17 insertions, 44 deletions
diff --git a/juick-api/src/main/java/com/juick/api/controllers/Users.java b/juick-api/src/main/java/com/juick/api/controllers/Users.java index 8b1bc6cd..75dea5f5 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Users.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Users.java @@ -9,10 +9,11 @@ import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import javax.inject.Inject; -import javax.servlet.http.HttpServletRequest; +import java.security.Principal; import java.util.ArrayList; import java.util.Arrays; import java.util.Iterator; @@ -30,22 +31,11 @@ public class Users { UserService userService; @RequestMapping(value = "/users", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public List<User> doGetUsers(HttpServletRequest request) { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } + public List<User> doGetUsers( + @RequestParam(value = "uname", required = false) String[] punames, + @RequestParam(value = "jid", required = false) String[] pjids) { List<com.juick.User> users = new ArrayList<>(); - String punames[] = request.getParameterValues("uname"); if (punames != null) { ArrayList<String> unames = new ArrayList<>(Arrays.asList(punames)); Iterator<String> i = unames.iterator(); @@ -59,7 +49,6 @@ public class Users { } } - String pjids[] = request.getParameterValues("jid"); if (pjids != null) { List<String> jids = new ArrayList<>(Arrays.asList(pjids)); Iterator<String> ii = jids.iterator(); @@ -80,24 +69,16 @@ public class Users { } @RequestMapping(value = "/users/read", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public List<User> doGetUserRead(HttpServletRequest request) { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } + public List<User> doGetUserRead( + Principal principal, + @RequestParam String uname) { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); } int uid = 0; - String uname = request.getParameter("uname"); if (uname == null) { uid = vuid; } else { @@ -122,24 +103,16 @@ public class Users { } @RequestMapping(value = "/users/readers", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public List<User> doGetUserReaders(HttpServletRequest request) { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } + public List<User> doGetUserReaders( + Principal principal, + @RequestParam String uname) { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); } int uid = 0; - String uname = request.getParameter("uname"); if (uname == null) { uid = vuid; } else { |