package controllers;
import be.objectify.deadbolt.java.actions.SubjectNotPresent;
import be.objectify.deadbolt.java.actions.SubjectPresent;
import com.fasterxml.jackson.databind.node.ObjectNode;
import dao.DataAccessException;
import models.DaoManager;
import models.dto.UserDto;
import models.entities.Order;
import models.entities.User;
import play.Logger;
import play.data.Form;
import play.data.validation.Constraints;
import play.db.jpa.Transactional;
import play.libs.Json;
import play.mvc.Controller;
import play.mvc.Http;
import play.mvc.Result;
import utils.Utilities;
public class SecurityController extends Controller {
public final static String AUTH_TOKEN_HEADER = "X-AUTH-TOKEN";
public static final String AUTH_TOKEN = "authToken";
public static User getUser() {
return (User) Http.Context.current().args.get("user");
}
public static boolean hasAccessToOrder(Order order) {
String currentUserRole = getUser().getRole().getName();
Integer currentUserId = getUser().getId();
return ((currentUserRole.equalsIgnoreCase("manager") && currentUserId.equals(order.getCreator().getId()))
|| (currentUserRole.equalsIgnoreCase("executor") && currentUserId.equals(order.getExecutor().getId()))
|| (currentUserRole.equalsIgnoreCase("deliveryManager") && currentUserId.equals(order.getDeliveryManager().getId()))
|| (currentUserRole.equalsIgnoreCase("supervisor")));
}
// returns an authToken
@Transactional
@SubjectNotPresent
public static Result login() {
if (request().body().asJson() == null) {
return badRequest();
}
Form<Login> loginForm = Form.form(Login.class).bind(request().body().asJson());
if (loginForm.hasErrors()) {
return badRequest(loginForm.errorsAsJson());
}
Login login = loginForm.get();
User user = DaoManager.getUserDao().findByLoginAndPassword(login.login, login.password);
if (user == null) {
return unauthorized();
} else {
Logger.debug("User login " + user.getLogin() + " and pass " + user.getPassword());
user.setAuthToken(Utilities.createToken());
try {
DaoManager.getUserDao().persist(user);
} catch (DataAccessException e) {
Logger.error("failed to persist user after token creation", e);
return internalServerError();
}
ObjectNode authTokenJson = Json.newObject();
authTokenJson.put(AUTH_TOKEN, user.getAuthToken());
response().setCookie(AUTH_TOKEN, user.getAuthToken());
return ok(authTokenJson);
}
}
@Transactional
@SubjectPresent
public static Result logout() {
response().discardCookie(AUTH_TOKEN);
getUser().setAuthToken(null);
try {
DaoManager.getUserDao().persist(getUser());
} catch (DataAccessException e) {
Logger.error("failed to persist user after token removal", e);
return internalServerError();
}
return redirect(routes.Application.index());
}
@Transactional
@SubjectPresent
public static Result getUserJson() {
return ok(Json.toJson(UserDto.createFrom(getUser())));
}
public static class Login {
@Constraints.Required
private String login;
@Constraints.Required
private String password;
public String getLogin() {
return login;
}
public void setLogin(String login) {
this.login = login;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
}