Role assign logic

Author: rokeppen

src/main/kotlin/be/sgl/backend/config/DataLoader.kt

@@ -2,78 +2,61 @@ package be.sgl.backend.config
 
 import be.sgl.backend.entity.branch.Branch
 import be.sgl.backend.entity.branch.BranchStatus
-import be.sgl.backend.entity.user.Role
-import be.sgl.backend.entity.user.RoleLevel
-import be.sgl.backend.entity.user.User
-import be.sgl.backend.entity.user.UserRole
+import be.sgl.backend.entity.user.Role.Companion.adminRole
+import be.sgl.backend.entity.user.Role.Companion.memberRole
+import be.sgl.backend.entity.user.Role.Companion.staffRole
 import be.sgl.backend.repository.BranchRepository
 import be.sgl.backend.repository.RoleRepository
-import be.sgl.backend.repository.user.UserRepository
-import be.sgl.backend.repository.user.UserRoleRepository
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.beans.factory.annotation.Value
 import org.springframework.boot.CommandLineRunner
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
-import org.springframework.context.annotation.Profile
-import java.time.LocalDate
 
 @Configuration
-@Profile("local")
 class DataLoader {
 
     @Autowired
     private lateinit var branchRepository: BranchRepository
     @Autowired
     private lateinit var roleRepository: RoleRepository
-    @Autowired
-    private lateinit var userRepository: UserRepository
-    @Autowired
-    private lateinit var userRoleRepository: UserRoleRepository
+    @Value("\${organization.external.id}")
+    var externalOrganizationId: String? = null
 
     @Bean
     fun loadData() = CommandLineRunner {
+        // Suppose a clean first run only when no branches are configured
+        if (branchRepository.findAll().isNotEmpty()) {
+            return@CommandLineRunner
+        }
+
         val kapoenen = createBranch("Kapoenen", 7, 8)
         val welpen = createBranch("Welpen", 9, 11)
         val jonggivers = createBranch("Jonggivers", 12, 14)
         val givers = createBranch("Givers", 15, 17)
         val jins = createBranch("Jins", 18, 18)
         val staff = createBranch("Leiding", 19, null, BranchStatus.MEMBER)
-        if (branchRepository.findAll().isEmpty()) {
-            branchRepository.saveAll(listOf(kapoenen, welpen, jonggivers, givers, jins, staff))
-        }
-        var adminRole = createRole("VGA", "d5f75b320b812440010b812555970393", level = RoleLevel.ADMIN)
-        if (roleRepository.findAll().isEmpty()) {
-            adminRole = roleRepository.save(adminRole)
+        branchRepository.saveAll(listOf(kapoenen, welpen, jonggivers, givers, jins, staff))
+
+        val externalSync = externalOrganizationId != null
+        roleRepository.saveAll(listOf(
+            adminRole("Admin", "d5f75b320b812440010b812555970393".takeIf { externalSync }, "8a95af9385ad9b880185c035ee740010".takeIf { externalSync }),
+            staffRole("Kapoenenleiding", "d5f75b320b812440010b812555e603a4".takeIf { externalSync }, null, kapoenen, true),
+            staffRole("Welpenleiding", "d5f75b320b812440010b812555ec03a5".takeIf { externalSync }, null, welpen, true),
+            staffRole("Jonggiverleiding", "d5f75b320b812440010b812555cc039e".takeIf { externalSync }, null, jonggivers, true),
+            staffRole("Giverleiding", "d5f75b320b812440010b812555b50398".takeIf { externalSync }, null, givers, true),
+            staffRole("Jinleiding", "d5f75b320b812440010b812555d2039f".takeIf { externalSync }, null, jins, true),
+            staffRole("Groepsleiding", "d5f75b320b812440010b8125558e0391".takeIf { externalSync }, null, staff, true)
+        ))
+        if (externalSync) {
             roleRepository.saveAll(listOf(
-                createRole("AVGA", "8a95af9385ad9b880185c035ee740010", level = RoleLevel.ADMIN),
-                createRole("Kapoen", "d5f75b320b812440010b812555de03a2"),
-                createRole("Welp", "d5f75b320b812440010b8125567703cb"),
-                createRole("Jonggiver", "d5f75b320b812440010b812555d603a0"),
-                createRole("Giver", "d5f75b320b812440010b8125565203c1"),
-                createRole("Jin", "d5f75b320b812440010b812555c1039b"),
-                createRole("Kapoenenleiding", "d5f75b320b812440010b812555e603a4", kapoenen, RoleLevel.STAFF),
-                createRole("Welpenleiding", "d5f75b320b812440010b812555ec03a5", welpen, RoleLevel.STAFF),
-                createRole("Jonggiverleiding", "d5f75b320b812440010b812555cc039e", jonggivers, RoleLevel.STAFF),
-                createRole("Giverleiding", "d5f75b320b812440010b812555b50398", givers, RoleLevel.STAFF),
-                createRole("Jinleiding", "d5f75b320b812440010b812555d2039f", jins, RoleLevel.STAFF),
-                createRole("Groepsleiding", "d5f75b320b812440010b8125558e0391", staff, RoleLevel.STAFF)
+                memberRole("Kapoen", "d5f75b320b812440010b812555de03a2", null, kapoenen),
+                memberRole("Welp", "d5f75b320b812440010b8125567703cb", null, welpen),
+                memberRole("Jonggiver", "d5f75b320b812440010b812555d603a0", null, jonggivers),
+                memberRole("Giver", "d5f75b320b812440010b8125565203c1", null, givers),
+                memberRole("Jin", "d5f75b320b812440010b812555c1039b", null, jins)
             ))
         }
-        if (userRepository.findAll().isEmpty()) {
-            val rootUser = userRepository.save(User().apply {
-                firstName = "root"
-                name = "user"
-                username = "admin"
-            })
-            userRoleRepository.save(UserRole(rootUser, adminRole, LocalDate.now()))
-        }
-    }
-
-    private fun createRole(name: String, externalId: String, staffBranch: Branch? = null, level: RoleLevel = RoleLevel.GUEST) = Role().apply {
-        this.name = name
-        this.externalId = externalId
-        this.staffBranch = staffBranch
-        this.level = level
     }
 
     private fun createBranch(name: String, min: Int, max: Int?, status: BranchStatus = BranchStatus.ACTIVE) = Branch().apply {

src/main/kotlin/be/sgl/backend/controller/ActivityController.kt

@@ -155,7 +155,7 @@ class ActivityController {
         description = "Returns the registration identified with the given id.",
         responses = [
             ApiResponse(responseCode = "200", description = "Ok", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = ActivityRegistrationDTO::class))]),
-            ApiResponse(responseCode = "204", description = "Not found", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = ApiErrorResponse::class))])
+            ApiResponse(responseCode = "204", description = "Not found")
         ]
     )
     fun getRegistration(@PathVariable registrationId: Int): ResponseEntity<ActivityRegistrationDTO?> {

src/main/kotlin/be/sgl/backend/controller/EventController.kt

@@ -138,7 +138,7 @@ class EventController {
         description = "Returns the registration identified with the given id.",
         responses = [
             ApiResponse(responseCode = "200", description = "Ok", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(type = "array", implementation = EventRegistrationDTO::class))]),
-            ApiResponse(responseCode = "204", description = "Not found", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = ApiErrorResponse::class))])
+            ApiResponse(responseCode = "204", description = "Not found")
         ]
     )
     fun getRegistration(@PathVariable registrationId: Int): ResponseEntity<EventRegistrationDTO?> {

src/main/kotlin/be/sgl/backend/controller/MembershipController.kt

@@ -125,7 +125,7 @@ class MembershipController {
         description = "Returns the paid membership linked to the current period for the current user.",
         responses = [
             ApiResponse(responseCode = "200", description = "Ok", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = MembershipDTO::class))]),
-            ApiResponse(responseCode = "204", description = "Not found", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = ApiErrorResponse::class))])
+            ApiResponse(responseCode = "204", description = "Not found")
         ]
     )
     fun getCurrentMembershipsForCurrentUser(@AuthenticationPrincipal userDetails: CustomUserDetails): ResponseEntity<MembershipDTO?> {
@@ -168,7 +168,7 @@ class MembershipController {
         description = "Returns the membership identified with the given id.",
         responses = [
             ApiResponse(responseCode = "200", description = "Ok", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = MembershipDTO::class))]),
-            ApiResponse(responseCode = "204", description = "Not found", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = ApiErrorResponse::class))])
+            ApiResponse(responseCode = "204", description = "Not found")
         ]
     )
     fun getMembershipById(@PathVariable id: Int): ResponseEntity<MembershipDTO?> {

src/main/kotlin/be/sgl/backend/controller/RoleController.kt

@@ -1,24 +1,25 @@
 package be.sgl.backend.controller
 
 import be.sgl.backend.config.security.OnlyAdmin
+import be.sgl.backend.config.security.Public
+import be.sgl.backend.dto.MemberRoleDTO
+import be.sgl.backend.dto.StaffRoleDTO
 import be.sgl.backend.dto.ExternalFunction
 import be.sgl.backend.dto.RoleDTO
-import be.sgl.backend.dto.UserDTO
-import be.sgl.backend.dto.UserRoleDTO
-import be.sgl.backend.entity.user.RoleLevel
 import be.sgl.backend.service.RoleService
+import io.github.wimdeblauwe.errorhandlingspringbootstarter.ApiErrorResponse
 import io.swagger.v3.oas.annotations.Operation
 import io.swagger.v3.oas.annotations.media.Content
 import io.swagger.v3.oas.annotations.media.Schema
 import io.swagger.v3.oas.annotations.responses.ApiResponse
 import io.swagger.v3.oas.annotations.tags.Tag
+import jakarta.validation.Valid
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.http.HttpStatus
 import org.springframework.http.MediaType.APPLICATION_JSON_VALUE
 import org.springframework.http.ResponseEntity
 import org.springframework.stereotype.Controller
-import org.springframework.web.bind.annotation.GetMapping
-import org.springframework.web.bind.annotation.PathVariable
-import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.*
 
 @Controller
 @RequestMapping("/roles")
@@ -41,6 +42,20 @@ class RoleController {
         return ResponseEntity.ok(roleService.getAllRoles())
     }
 
+    @GetMapping("/admin")
+    @Public
+    @Operation(
+        summary = "Get the admin role",
+        description = "Returns the single admin role.",
+        responses = [
+            ApiResponse(responseCode = "200", description = "Ok", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = RoleDTO::class))]),
+            ApiResponse(responseCode = "500", description = "No admin role configured", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = ApiErrorResponse::class))])
+        ]
+    )
+    fun getAdminRole(): ResponseEntity<RoleDTO> {
+        return ResponseEntity.ok(roleService.getAdminRole())
+    }
+
     @GetMapping("/functions")
     @OnlyAdmin
     @Operation(
@@ -67,16 +82,111 @@ class RoleController {
         return ResponseEntity.ok(roleService.getPaidExternalFunctions())
     }
 
-    @GetMapping("/{level}/users")
+    @GetMapping("/branch/{branchId}")
+    @Public
+    @Operation(
+        summary = "Get the role linked to the specified branch",
+        description = "Returns the single role that is assigned when a user engages in a membership for the given branch, if one.",
+        responses = [
+            ApiResponse(responseCode = "200", description = "Ok", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = RoleDTO::class))]),
+            ApiResponse(responseCode = "204", description = "Not found"),
+            ApiResponse(responseCode = "404", description = "Invalid id", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = ApiErrorResponse::class))])
+        ]
+    )
+    fun getRoleToSyncByBranch(@PathVariable branchId: Int): ResponseEntity<RoleDTO?> {
+        val memberRole = roleService.getRoleToSyncByBranch(branchId)
+        return memberRole?.let { ResponseEntity.ok(it) } ?: ResponseEntity.noContent().build()
+    }
+
+    @GetMapping("/staff-branch/{branchId}")
+    @Public
+    @Operation(
+        summary = "Get the role linked to the specified staff branch",
+        description = "Returns the single staff role that is assigned when a user is marked as staff of the given branch, if one.",
+        responses = [
+            ApiResponse(responseCode = "200", description = "Ok", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = RoleDTO::class))]),
+            ApiResponse(responseCode = "204", description = "Not found"),
+            ApiResponse(responseCode = "404", description = "Invalid id", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = ApiErrorResponse::class))])
+        ]
+    )
+    fun getStaffRoleToSyncByBranch(@PathVariable branchId: Int): ResponseEntity<RoleDTO?> {
+        val staffRole = roleService.getStaffRoleToSyncByBranch(branchId)
+        return staffRole?.let { ResponseEntity.ok(it) } ?: ResponseEntity.noContent().build()
+    }
+
+    @PostMapping("/branch/{branchId}")
+    @OnlyAdmin
+    @Operation(
+        summary = "Create a member role",
+        description = "Creates a member role with the provided request body and returns it.",
+        responses = [
+            ApiResponse(responseCode = "201", description = "Role created", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = RoleDTO::class))]),
+            ApiResponse(responseCode = "400", description = "Bad role format", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = ApiErrorResponse::class))]),
+            ApiResponse(responseCode = "404", description = "Invalid id", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = ApiErrorResponse::class))])
+
+        ]
+    )
+    fun createMemberRole(@PathVariable branchId: Int, @Valid @RequestBody roleDto: MemberRoleDTO): ResponseEntity<RoleDTO> {
+        return ResponseEntity(roleService.createMemberRole(branchId, roleDto), HttpStatus.CREATED)
+    }
+
+    @PostMapping("/staff-branch/{branchId}")
+    @OnlyAdmin
+    @Operation(
+        summary = "Create a staff role",
+        description = "Creates a staff role with the provided request body and returns it.",
+        responses = [
+            ApiResponse(responseCode = "201", description = "Role created", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = RoleDTO::class))]),
+            ApiResponse(responseCode = "400", description = "Bad role format", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = ApiErrorResponse::class))]),
+            ApiResponse(responseCode = "404", description = "Invalid id", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = ApiErrorResponse::class))])
+        ]
+    )
+    fun createStaffRole(@PathVariable branchId: Int, @Valid @RequestBody roleDto: StaffRoleDTO): ResponseEntity<RoleDTO> {
+        return ResponseEntity(roleService.createStaffRole(branchId, roleDto), HttpStatus.CREATED)
+    }
+
+    @PutMapping("/branch/{id}")
+    @OnlyAdmin
+    @Operation(
+        summary = "Update an existing member role",
+        description = "Updates a member role, identified with the given id, with the provided request body and returns it.",
+        responses = [
+            ApiResponse(responseCode = "200", description = "Role updated", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = RoleDTO::class))]),
+            ApiResponse(responseCode = "400", description = "Bad role format", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = ApiErrorResponse::class))]),
+            ApiResponse(responseCode = "404", description = "Invalid id", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = ApiErrorResponse::class))])
+        ]
+    )
+    fun updateMemberRole(@PathVariable id: Int, @Valid @RequestBody roleDTO: MemberRoleDTO): ResponseEntity<RoleDTO> {
+        return ResponseEntity.ok(roleService.mergeMemberRoleDTOChanges(id, roleDTO))
+    }
+
+    @PutMapping("/staff-branch/{id}")
+    @OnlyAdmin
+    @Operation(
+        summary = "Update an existing staff role",
+        description = "Updates a staff role, identified with the given id, with the provided request body and returns it.",
+        responses = [
+            ApiResponse(responseCode = "200", description = "Role updated", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = RoleDTO::class))]),
+            ApiResponse(responseCode = "400", description = "Bad role format", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = ApiErrorResponse::class))]),
+            ApiResponse(responseCode = "404", description = "Invalid id", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = ApiErrorResponse::class))])
+        ]
+    )
+    fun updateStaffRole(@PathVariable id: Int, @Valid @RequestBody roleDTO: StaffRoleDTO): ResponseEntity<RoleDTO> {
+        return ResponseEntity.ok(roleService.mergeStaffRoleDTOChanges(id, roleDTO))
+    }
+
+    @DeleteMapping("/{id}")
     @OnlyAdmin
     @Operation(
-        summary = "Get all users with a role of the specified level",
-        description = "Returns a list of all users roles, filtered by their current role level.",
+        summary = "Delete an existing role",
+        description = "Deletes a role, identified with the given id. All linked user roles are also deleted.",
         responses = [
-            ApiResponse(responseCode = "200", description = "Ok", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(type = "array", implementation = UserDTO::class))])
+            ApiResponse(responseCode = "200", description = "Role deleted"),
+            ApiResponse(responseCode = "404", description = "Invalid id", content = [Content(mediaType = APPLICATION_JSON_VALUE, schema = Schema(implementation = ApiErrorResponse::class))])
         ]
     )
-    fun getAllUsers(@PathVariable level: RoleLevel): ResponseEntity<List<UserRoleDTO>> {
-        return ResponseEntity.ok(roleService.getUserRoles(level))
+    fun deleteRole(@PathVariable id: Int): ResponseEntity<Unit> {
+        roleService.deleteRole(id)
+        return ResponseEntity.ok().build()
     }
 }