UserController.java

package edu.rit.coopeval.controller;

import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

import edu.rit.coopeval.dao.*;
import edu.rit.coopeval.model.*;
import edu.rit.coopeval.security.SecurityUser;
import edu.rit.coopeval.viewmodel.user.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.web.bind.annotation.*;

@RestController
@RequestMapping(value = "/services/UserService")
public class UserController {

    @Autowired
    private AdministrationUserRepository adminRepo;
    @Autowired
    private UserRepository userRepo;
    @Autowired
    private DepartmentUserJoinRepository deptUserRepo;
    @Autowired
    private DepartmentRepository departmentRepo;


    @RequestMapping(value = "/getUserType", method = RequestMethod.GET)
    public UserTypeViewModel getUserType(@AuthenticationPrincipal SecurityUser principal) {
        UserTypeViewModel userTypeViewModel = new UserTypeViewModel("None");
        User currentUser = principal.user();
        if (currentUser != null) {
            userTypeViewModel = new UserTypeViewModel(currentUser.getRoles().stream()
                                                                 .findFirst()
                                                                 .orElse(new UserRole("None"))
                                                                 .getRole()
            );
        }
        return userTypeViewModel;
    }

    @RequestMapping(value = "/getAdminUsers", method = RequestMethod.GET)
    public List<AdministrationUserViewModel> getAdministrationUserOverview() {
        List<AdministrationUserViewModel> results = new ArrayList<>();
        for (AdministrationUser adminUser : adminRepo.findAll()) {
            results.add(new AdministrationUserViewModel(adminUser));
        }
        return results;
    }

    @RequestMapping(value = "/addAdminUser", method = RequestMethod.PUT)
    public AdministrationUserViewModel addAdminUser(@RequestBody AdministrationUserViewModel adminUserModel) {
        AdministrationUser adminUser = new AdministrationUser();
        if (adminRepo.getAdminUser(adminUserModel.getUserName()) == null) {
            adminUser.setUserName(adminUserModel.getUserName());
            adminUser.setName(adminUserModel.getName());
            adminUser = adminRepo.save(adminUser);
        }
        return new AdministrationUserViewModel(adminUser);
    }

    @RequestMapping(value = "/deleteAdminUser", method = RequestMethod.DELETE)
    public AdministrationUserViewModel removeAdminUser(@RequestParam Long adminId,
                                                       HttpServletResponse res) throws IllegalArgumentException {
        HttpServletResponse response = res;
        AdministrationUserViewModel adminModel = new AdministrationUserViewModel();
        if (adminRepo.getAdminUserById(adminId) != null) {
            adminModel.setName(adminRepo.getAdminUserById(adminId).getName());
            adminModel.setUserName(adminRepo.getAdminUserById(adminId).getUserName());
            adminRepo.delete(adminRepo.getAdminUserById(adminId));
        } else {
            throw new IllegalArgumentException("Invalid Delete Request");
        }
        return adminModel;
    }

    @RequestMapping(value = "/getDepartmentUsers", method = RequestMethod.GET)
    public List<DepartmentUserViewModel> getDepartmentUserOverview(@RequestParam Long departmentId) {
        List<DepartmentUserViewModel> results = new ArrayList<>();
        for (DepartmentUserJoin departmentUserJoin : deptUserRepo.findDepartmentUsersByDepartmentId(departmentId)) {
            results.add(new DepartmentUserViewModel(departmentUserJoin.getEvaluator()));
        }
        return results;
    }

    @RequestMapping(value = "/addDepartmentUser", method = RequestMethod.POST)
    public DepartmentUserViewModel addDepartmentUser(@RequestBody DepartmentUserViewModel deptUserVM,
                                                     @RequestParam Long departmentId) {

        User deptUser = userRepo.findFirstByUsername(deptUserVM.getUserName());
        if (deptUserRepo.findFirstByDepartmentDepartmentIdAndEvaluatorUsername(
                departmentId, deptUserVM.getUserName()) == null) {

            if (deptUser == null) {
                throw new IllegalArgumentException("The user does not exist");
            }

            DepartmentUserJoin departmentUserJoin = new DepartmentUserJoin();
            departmentUserJoin.setEvaluator(userRepo.findFirstByUsername(deptUserVM.getUserName()));
            departmentUserJoin.setDepartment(departmentRepo.findByDepartmentId(departmentId));
            deptUserRepo.save(departmentUserJoin);
        }
        return new DepartmentUserViewModel(deptUser);
    }

    @RequestMapping(value = "/deleteDepartmentUser", method = RequestMethod.DELETE)
    public DepartmentUserViewModel removeDepartmentUser(@RequestParam Long departmentId,
                                                        @RequestParam Long deptUserID)
            throws IllegalArgumentException {

        User deptUser = userRepo.findFirstById(deptUserID);
        if (deptUser == null) {
            throw new IllegalArgumentException("The user does not exist");
        }

        List<DepartmentUserJoin> relationship = deptUserRepo.findByDepartmentDepartmentIdAndEvaluatorUsername(
                departmentId, deptUser.getUsername());
        if (relationship.isEmpty()) {
            throw new IllegalArgumentException("The user does not belong in the specified department");
        }

        // actually remove the join link
        deptUserRepo.delete(relationship);

        return new DepartmentUserViewModel(deptUser);
    }

    @ExceptionHandler({IllegalArgumentException.class})
    void handleBadRequests(HttpServletResponse response) throws IOException {
        response.sendError(HttpStatus.FORBIDDEN.value());
    }
}