package net.dontdrinkandroot.example.angularrestspringsecurity.rest.resources;
import java.io.IOException;
import java.util.List;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import net.dontdrinkandroot.example.angularrestspringsecurity.JsonViews;
import net.dontdrinkandroot.example.angularrestspringsecurity.dao.newsentry.NewsEntryDao;
import net.dontdrinkandroot.example.angularrestspringsecurity.entity.NewsEntry;
import org.codehaus.jackson.JsonGenerationException;
import org.codehaus.jackson.map.JsonMappingException;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.map.ObjectWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
@Component
@Path("/news")
public class NewsEntryResource
{
private final Logger logger = LoggerFactory.getLogger(this.getClass());
@Autowired
private NewsEntryDao newsEntryDao;
@Autowired
private ObjectMapper mapper;
@GET
@Produces(MediaType.APPLICATION_JSON)
public String list() throws JsonGenerationException, JsonMappingException, IOException
{
this.logger.info("list()");
ObjectWriter viewWriter;
if (this.isAdmin()) {
viewWriter = this.mapper.writerWithView(JsonViews.Admin.class);
} else {
viewWriter = this.mapper.writerWithView(JsonViews.User.class);
}
List<NewsEntry> allEntries = this.newsEntryDao.findAll();
return viewWriter.writeValueAsString(allEntries);
}
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
public NewsEntry read(@PathParam("id") Long id)
{
this.logger.info("read(id)");
NewsEntry newsEntry = this.newsEntryDao.find(id);
if (newsEntry == null) {
throw new WebApplicationException(404);
}
return newsEntry;
}
@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
public NewsEntry create(NewsEntry newsEntry)
{
this.logger.info("create(): " + newsEntry);
return this.newsEntryDao.save(newsEntry);
}
@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@Path("{id}")
public NewsEntry update(@PathParam("id") Long id, NewsEntry newsEntry)
{
this.logger.info("update(): " + newsEntry);
return this.newsEntryDao.save(newsEntry);
}
@DELETE
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
public void delete(@PathParam("id") Long id)
{
this.logger.info("delete(id)");
this.newsEntryDao.delete(id);
}
private boolean isAdmin()
{
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
Object principal = authentication.getPrincipal();
if (principal instanceof String && ((String) principal).equals("anonymousUser")) {
return false;
}
UserDetails userDetails = (UserDetails) principal;
for (GrantedAuthority authority : userDetails.getAuthorities()) {
if (authority.toString().equals("admin")) {
return true;
}
}
return false;
}
}