Error handling for user.

TeamSevenWeb · Mar 19, 2024 · 65d5257 · 65d5257
1 parent 82699da
commit 65d5257
Show file tree

Hide file tree

Showing 3 changed files with 112 additions and 51 deletions.
diff --git a/src/main/java/com/telerikacademy/web/virtualwallet/controllers/mvc/UserMvcController.java b/src/main/java/com/telerikacademy/web/virtualwallet/controllers/mvc/UserMvcController.java
@@ -1,9 +1,6 @@
 package com.telerikacademy.web.virtualwallet.controllers.mvc;
 
-import com.telerikacademy.web.virtualwallet.exceptions.AuthenticationException;
-import com.telerikacademy.web.virtualwallet.exceptions.EntityNotFoundException;
-import com.telerikacademy.web.virtualwallet.exceptions.InvalidFileException;
-import com.telerikacademy.web.virtualwallet.exceptions.TransactionsNotFoundException;
+import com.telerikacademy.web.virtualwallet.exceptions.*;
 import com.telerikacademy.web.virtualwallet.filters.TransactionFilterOptions;
 import com.telerikacademy.web.virtualwallet.filters.UserFilterOptions;
 import com.telerikacademy.web.virtualwallet.filters.dtos.TransactionFilterDto;
@@ -30,6 +27,7 @@
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
+import org.springframework.web.servlet.mvc.support.RedirectAttributes;
 
 import java.io.IOException;
 import java.util.List;
@@ -38,6 +36,7 @@
 @RequestMapping("/users")
 public class UserMvcController {
 
+    public static final String AUTHORIZATION_ERR = "You are not authorized to perform this action.";
     private final ProfilePhotoMapper profilePhotoMapper;
     private final CloudinaryHelper cloudinaryHelper;
 
@@ -93,51 +92,97 @@ public String requestURI(final HttpServletRequest request) {
     @GetMapping
     public String showAllUsers(Model model
             , HttpSession session
-            , @ModelAttribute("userFilterOptionsDto") UserFilterOptionsDto filterDto) {
-        User user = authenticationHelper.tryGetCurrentUser(session);
-        UserFilterOptions userFilterOptions = userFilterOptionsMapper.fromDto(filterDto);
-        model.addAttribute("allUsers", userService.getAll(userFilterOptions, user));
-        return "UsersView";
+            , @ModelAttribute("userFilterOptionsDto") UserFilterOptionsDto filterDto
+            , RedirectAttributes redirectAttributes) {
+        try {
+            User user = authenticationHelper.tryGetCurrentUser(session);
+            UserFilterOptions userFilterOptions = userFilterOptionsMapper.fromDto(filterDto);
+            model.addAttribute("allUsers", userService.getAll(userFilterOptions, user));
+            return "UsersView";
+        } catch (AuthenticationException e) {
+            return "redirect:/auth/login";
+        }
+        catch (AuthorizationException e) {
+            redirectAttributes.addFlashAttribute("error", e.getMessage());
+            return "redirect:/";
+        }
     }
 
     @GetMapping("/{username}")
     public String showUserPage(@PathVariable String username, Model model, HttpSession session) {
-        User currentUser = authenticationHelper.tryGetCurrentUser(session);
-        User viewedUser = userService.getByUsername(username);
-        boolean isBlocked = userService.isBlocked(viewedUser);
-        List<JoinWallet> userJoinWallets = joinWalletService.getAllByUser(viewedUser);
-        model.addAttribute("isBlocked", isBlocked);
-        model.addAttribute("viewedUser", viewedUser);
-        model.addAttribute("userJoinWallets",userJoinWallets);
-        model.addAttribute("currentUser", currentUser);
-        return "UserView";
+        try {
+            User currentUser = authenticationHelper.tryGetCurrentUser(session);
+            User viewedUser = userService.getByUsername(username);
+            boolean isBlocked = userService.isBlocked(viewedUser);
+            List<JoinWallet> userJoinWallets = joinWalletService.getAllByUser(viewedUser);
+            model.addAttribute("isBlocked", isBlocked);
+            model.addAttribute("viewedUser", viewedUser);
+            model.addAttribute("userJoinWallets",userJoinWallets);
+            model.addAttribute("currentUser", currentUser);
+            return "UserView";
+        } catch (AuthenticationException e) {
+            return "redirect:/auth/login";
+        }
     }
 
     @GetMapping("/{username}/update")
-    public String showUpdatePage(@PathVariable String username, Model model, HttpSession session) {
-        User loggedInUser = authenticationHelper.tryGetCurrentUser(session);
-        User userToBeUpdated = userService.getByUsername(username);
-        UserUpdateDto userDto = userUpdateMapper.toDto(userToBeUpdated);
-        model.addAttribute("userUpdateDto", userDto);
-        return "UserUpdateView";
+    public String showUpdatePage(@PathVariable String username, Model model, HttpSession session, RedirectAttributes redirectAttributes) {
+        try {
+            User loggedInUser = authenticationHelper.tryGetCurrentUser(session);
+            User userToBeUpdated = userService.getByUsername(username);
+            if (!loggedInUser.equals(userToBeUpdated)){
+                throw new AuthorizationException(AUTHORIZATION_ERR);
+            }
+            UserUpdateDto userDto = userUpdateMapper.toDto(userToBeUpdated);
+            model.addAttribute("userUpdateDto", userDto);
+            return "UserUpdateView";
+        } catch (AuthenticationException e) {
+            return "redirect:/auth/login";
+        }
+        catch (AuthorizationException e) {
+            redirectAttributes.addFlashAttribute("error", e.getMessage());
+            return "redirect:/";
+        }
     }
 
     @GetMapping("/{username}/changeProfilePhoto")
-    public String showChangeProfilePhoto(@PathVariable String username, Model model, HttpSession session) {
-        User loggedInUser = authenticationHelper.tryGetCurrentUser(session);
-        User userToBeUpdated = userService.getByUsername(username);
-        UserProfilePhotoDto userProfilePhotoDto = new UserProfilePhotoDto();
-        model.addAttribute("userProfilePhotoDto", userProfilePhotoDto);
-        return "UserProfilePhotoUpdateView";
+    public String showChangeProfilePhoto(@PathVariable String username, Model model, HttpSession session,RedirectAttributes redirectAttributes) {
+        try {
+            User loggedInUser = authenticationHelper.tryGetCurrentUser(session);
+            User userToBeUpdated = userService.getByUsername(username);
+            if (!loggedInUser.equals(userToBeUpdated)){
+                throw new AuthorizationException(AUTHORIZATION_ERR);
+            }
+            UserProfilePhotoDto userProfilePhotoDto = new UserProfilePhotoDto();
+            model.addAttribute("userProfilePhotoDto", userProfilePhotoDto);
+            return "UserProfilePhotoUpdateView";
+        } catch (AuthenticationException e) {
+            return "redirect:/auth/login";
+        }
+        catch (AuthorizationException e) {
+            redirectAttributes.addFlashAttribute("error", e.getMessage());
+            return "redirect:/";
+        }
     }
 
     @GetMapping("/{username}/changePassword")
-    public String showChangePassword(@PathVariable String username, Model model, HttpSession session) {
-        User loggedInUser = authenticationHelper.tryGetCurrentUser(session);
-        User userToBeUpdated = userService.getByUsername(username);
-        UserPasswordDto userPasswordDto = new UserPasswordDto();
-        model.addAttribute("userPasswordDto", userPasswordDto);
-        return "UserPasswordUpdateView";
+    public String showChangePassword(@PathVariable String username, Model model, HttpSession session, RedirectAttributes redirectAttributes) {
+        try {
+            User loggedInUser = authenticationHelper.tryGetCurrentUser(session);
+            User userToBeUpdated = userService.getByUsername(username);
+            if (!loggedInUser.equals(userToBeUpdated)){
+                throw new AuthorizationException(AUTHORIZATION_ERR);
+            }
+            UserPasswordDto userPasswordDto = new UserPasswordDto();
+            model.addAttribute("userPasswordDto", userPasswordDto);
+            return "UserPasswordUpdateView";
+        } catch (AuthenticationException e) {
+            return "redirect:/auth/login";
+        }
+        catch (AuthorizationException e) {
+            redirectAttributes.addFlashAttribute("error", e.getMessage());
+            return "redirect:/";
+        }
     }
 
     @PostMapping("/{username}/update")
@@ -225,22 +270,40 @@ public String get(@ModelAttribute("transactionFilterOptions") TransactionFilterD
     @GetMapping("/{username}/block")
     public String block(@PathVariable String username
             , HttpSession session
+            ,RedirectAttributes redirectAttributes
 
     ) {
-        User loggedInUser = authenticationHelper.tryGetCurrentUser(session);
-        User viewedUser = userService.getByUsername(username);
-        userService.block(viewedUser.getId(),loggedInUser);
-        return "redirect:/users";
+        try {
+            User loggedInUser = authenticationHelper.tryGetCurrentUser(session);
+            User viewedUser = userService.getByUsername(username);
+            userService.block(viewedUser.getId(),loggedInUser);
+            return "redirect:/users";
+        } catch (AuthenticationException e) {
+            return "redirect:/auth/login";
+        }
+        catch (AuthorizationException e) {
+            redirectAttributes.addFlashAttribute("error", e.getMessage());
+            return "redirect:/";
+        }
     }
 
     @GetMapping("/{username}/unblock")
     public String unblock(@PathVariable String username
             , HttpSession session
+            , RedirectAttributes redirectAttributes
 
     ) {
-        User loggedInUser = authenticationHelper.tryGetCurrentUser(session);
-        User viewedUser = userService.getByUsername(username);
-        userService.unblock(viewedUser.getId(),loggedInUser);
-        return "redirect:/users";
+        try {
+            User loggedInUser = authenticationHelper.tryGetCurrentUser(session);
+            User viewedUser = userService.getByUsername(username);
+            userService.unblock(viewedUser.getId(),loggedInUser);
+            return "redirect:/users";
+        } catch (AuthenticationException e) {
+            return "redirect:/auth/login";
+        }
+        catch (AuthorizationException e) {
+            redirectAttributes.addFlashAttribute("error", e.getMessage());
+            return "redirect:/";
+        }
     }
 }
diff --git a/src/main/java/com/telerikacademy/web/virtualwallet/services/UserServiceImpl.java b/src/main/java/com/telerikacademy/web/virtualwallet/services/UserServiceImpl.java
@@ -22,9 +22,7 @@
 @Service
 public class UserServiceImpl implements UserService {
 
-    private static final String MODIFY_USER_ERROR_MESSAGE = "Only admin or account holder can modify a user.";
-    public static final String BLOCK_UNBLOCK_PERMISSIONS_ERR = "Only admins are allowed to block or unblock users.";
-    public static final String GETALL_AUTH_ERR = "Only admins are allowed to view all users.";
+    private static final String MODIFY_USER_ERROR_MESSAGE = "You are not authorized to perform this action";
     public static final String DEFAULT_PROFILE_SRC_PATH = "./src/main/resources/static/images/default_profile.jpg";
     private final UserRepository userRepository;
     private final ProfilePhotoRepository profilePhotoRepository;
@@ -77,7 +75,7 @@ public User getByPhoneNumber(String phoneNumber) {
     @Override
     public List<User> getAll(UserFilterOptions userFilterOptions,User user) {
         if (!isAdmin(user)){
-            throw new AuthorizationException(GETALL_AUTH_ERR);
+            throw new AuthorizationException(MODIFY_USER_ERROR_MESSAGE);
         }
         return userRepository.getAllUsersFiltered(userFilterOptions);
     }
@@ -119,7 +117,7 @@ public void delete(int id, User user) {
 
     @Override
     public void block(int userId, User admin) {
-        checkAdmin(admin,BLOCK_UNBLOCK_PERMISSIONS_ERR);
+        checkAdmin(admin,MODIFY_USER_ERROR_MESSAGE);
         User userToBeBlocked = userRepository.getById(userId);
         userToBeBlocked.getUserRoles().add(roleRepository.getByField("roleType", UserRole.blocked.toString()));
         userRepository.update(userToBeBlocked);
@@ -128,7 +126,7 @@ public void block(int userId, User admin) {
 
     @Override
     public void unblock(int userId, User admin) {
-        checkAdmin(admin,BLOCK_UNBLOCK_PERMISSIONS_ERR);
+        checkAdmin(admin,MODIFY_USER_ERROR_MESSAGE);
         User userToBeUnBlocked = userRepository.getById(userId);
         userToBeUnBlocked.getUserRoles().remove(roleRepository.getByField("roleType", UserRole.blocked.toString()));
         userRepository.update(userToBeUnBlocked);

diff --git a/src/main/java/com/telerikacademy/web/virtualwallet/utils/AuthenticationHelper.java b/src/main/java/com/telerikacademy/web/virtualwallet/utils/AuthenticationHelper.java
@@ -12,7 +12,7 @@
 @Component
 public class AuthenticationHelper {
     private static final String AUTHENTICATION_HEADER_NAME = "Authentication";
-    private static final String INVALID_AUTHENTICATION_ERROR = "Invalid authentication.";
+    private static final String INVALID_AUTHENTICATION_ERROR = "Invalid username or password.";
     private final HttpHeaders headers = new HttpHeaders();
 
     private final UserService userService;