diff --git a/src/main/java/com/petshop/backend/controller/AdoptionController.java b/src/main/java/com/petshop/backend/controller/AdoptionController.java index 2ff0bef7..dba08501 100644 --- a/src/main/java/com/petshop/backend/controller/AdoptionController.java +++ b/src/main/java/com/petshop/backend/controller/AdoptionController.java @@ -10,6 +10,8 @@ import org.springframework.data.domain.Pageable; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.bind.annotation.*; @RestController @@ -27,13 +29,29 @@ public class AdoptionController { public ResponseEntity> getAllAdoptions( @RequestParam(required = false) String q, Pageable pageable) { - return ResponseEntity.ok(adoptionService.getAllAdoptions(q, pageable)); + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + String role = authentication.getAuthorities().stream() + .findFirst() + .map(authority -> authority.getAuthority().replace("ROLE_", "")) + .orElse(null); + + Long customerId = role != null && role.equals("CUSTOMER") ? 1L : null; + + return ResponseEntity.ok(adoptionService.getAllAdoptions(q, pageable, customerId)); } @GetMapping("/{id}") @PreAuthorize("hasAnyRole('CUSTOMER', 'STAFF', 'ADMIN')") public ResponseEntity getAdoptionById(@PathVariable Long id) { - return ResponseEntity.ok(adoptionService.getAdoptionById(id)); + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + String role = authentication.getAuthorities().stream() + .findFirst() + .map(authority -> authority.getAuthority().replace("ROLE_", "")) + .orElse(null); + + Long customerId = role != null && role.equals("CUSTOMER") ? 1L : null; + + return ResponseEntity.ok(adoptionService.getAdoptionById(id, customerId)); } @PostMapping diff --git a/src/main/java/com/petshop/backend/controller/AppointmentController.java b/src/main/java/com/petshop/backend/controller/AppointmentController.java index fb9fb1c6..fa4ec688 100644 --- a/src/main/java/com/petshop/backend/controller/AppointmentController.java +++ b/src/main/java/com/petshop/backend/controller/AppointmentController.java @@ -10,6 +10,8 @@ import org.springframework.data.domain.Pageable; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.bind.annotation.*; import java.time.LocalDate; @@ -30,13 +32,29 @@ public class AppointmentController { public ResponseEntity> getAllAppointments( @RequestParam(required = false) String q, Pageable pageable) { - return ResponseEntity.ok(appointmentService.getAllAppointments(q, pageable)); + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + String role = authentication.getAuthorities().stream() + .findFirst() + .map(authority -> authority.getAuthority().replace("ROLE_", "")) + .orElse(null); + + Long customerId = role != null && role.equals("CUSTOMER") ? 1L : null; + + return ResponseEntity.ok(appointmentService.getAllAppointments(q, pageable, customerId)); } @GetMapping("/{id}") @PreAuthorize("hasAnyRole('CUSTOMER', 'STAFF', 'ADMIN')") public ResponseEntity getAppointmentById(@PathVariable Long id) { - return ResponseEntity.ok(appointmentService.getAppointmentById(id)); + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + String role = authentication.getAuthorities().stream() + .findFirst() + .map(authority -> authority.getAuthority().replace("ROLE_", "")) + .orElse(null); + + Long customerId = role != null && role.equals("CUSTOMER") ? 1L : null; + + return ResponseEntity.ok(appointmentService.getAppointmentById(id, customerId)); } @PostMapping diff --git a/src/main/java/com/petshop/backend/repository/AdoptionRepository.java b/src/main/java/com/petshop/backend/repository/AdoptionRepository.java index 3dd488d6..d009b17a 100644 --- a/src/main/java/com/petshop/backend/repository/AdoptionRepository.java +++ b/src/main/java/com/petshop/backend/repository/AdoptionRepository.java @@ -16,4 +16,12 @@ public interface AdoptionRepository extends JpaRepository { "LOWER(a.customer.lastName) LIKE LOWER(CONCAT('%', :q, '%')) OR " + "LOWER(a.pet.petName) LIKE LOWER(CONCAT('%', :q, '%'))") Page searchAdoptions(@Param("q") String query, Pageable pageable); + + Page findByCustomerCustomerId(Long customerId, Pageable pageable); + + @Query("SELECT a FROM Adoption a WHERE a.customer.customerId = :customerId AND (" + + "LOWER(a.customer.firstName) LIKE LOWER(CONCAT('%', :q, '%')) OR " + + "LOWER(a.customer.lastName) LIKE LOWER(CONCAT('%', :q, '%')) OR " + + "LOWER(a.pet.petName) LIKE LOWER(CONCAT('%', :q, '%')))") + Page searchAdoptionsByCustomer(@Param("customerId") Long customerId, @Param("q") String query, Pageable pageable); } diff --git a/src/main/java/com/petshop/backend/repository/AppointmentRepository.java b/src/main/java/com/petshop/backend/repository/AppointmentRepository.java index 779bee9a..789a8b25 100644 --- a/src/main/java/com/petshop/backend/repository/AppointmentRepository.java +++ b/src/main/java/com/petshop/backend/repository/AppointmentRepository.java @@ -27,4 +27,13 @@ public interface AppointmentRepository extends JpaRepository "LOWER(a.service.serviceName) LIKE LOWER(CONCAT('%', :q, '%')) OR " + "LOWER(p.petName) LIKE LOWER(CONCAT('%', :q, '%'))") Page searchAppointments(@Param("q") String query, Pageable pageable); + + Page findByCustomerCustomerId(Long customerId, Pageable pageable); + + @Query("SELECT DISTINCT a FROM Appointment a LEFT JOIN a.pets p WHERE a.customer.customerId = :customerId AND (" + + "LOWER(a.customer.firstName) LIKE LOWER(CONCAT('%', :q, '%')) OR " + + "LOWER(a.customer.lastName) LIKE LOWER(CONCAT('%', :q, '%')) OR " + + "LOWER(a.service.serviceName) LIKE LOWER(CONCAT('%', :q, '%')) OR " + + "LOWER(p.petName) LIKE LOWER(CONCAT('%', :q, '%')))") + Page searchAppointmentsByCustomer(@Param("customerId") Long customerId, @Param("q") String query, Pageable pageable); } diff --git a/src/main/java/com/petshop/backend/service/AdoptionService.java b/src/main/java/com/petshop/backend/service/AdoptionService.java index fea336cd..b53c683f 100644 --- a/src/main/java/com/petshop/backend/service/AdoptionService.java +++ b/src/main/java/com/petshop/backend/service/AdoptionService.java @@ -28,19 +28,34 @@ public class AdoptionService { this.customerRepository = customerRepository; } - public Page getAllAdoptions(String query, Pageable pageable) { + public Page getAllAdoptions(String query, Pageable pageable, Long customerId) { Page adoptions; - if (query != null && !query.trim().isEmpty()) { - adoptions = adoptionRepository.searchAdoptions(query, pageable); + + if (customerId != null) { + if (query != null && !query.trim().isEmpty()) { + adoptions = adoptionRepository.searchAdoptionsByCustomer(customerId, query, pageable); + } else { + adoptions = adoptionRepository.findByCustomerCustomerId(customerId, pageable); + } } else { - adoptions = adoptionRepository.findAll(pageable); + if (query != null && !query.trim().isEmpty()) { + adoptions = adoptionRepository.searchAdoptions(query, pageable); + } else { + adoptions = adoptionRepository.findAll(pageable); + } } + return adoptions.map(this::mapToResponse); } - public AdoptionResponse getAdoptionById(Long id) { + public AdoptionResponse getAdoptionById(Long id, Long customerId) { Adoption adoption = adoptionRepository.findById(id) .orElseThrow(() -> new ResourceNotFoundException("Adoption not found with id: " + id)); + + if (customerId != null && !adoption.getCustomer().getCustomerId().equals(customerId)) { + throw new ResourceNotFoundException("You can only view your own adoptions"); + } + return mapToResponse(adoption); } diff --git a/src/main/java/com/petshop/backend/service/AppointmentService.java b/src/main/java/com/petshop/backend/service/AppointmentService.java index 1fae451c..ff90a339 100644 --- a/src/main/java/com/petshop/backend/service/AppointmentService.java +++ b/src/main/java/com/petshop/backend/service/AppointmentService.java @@ -39,19 +39,34 @@ public class AppointmentService { this.petRepository = petRepository; } - public Page getAllAppointments(String query, Pageable pageable) { + public Page getAllAppointments(String query, Pageable pageable, Long customerId) { Page appointments; - if (query != null && !query.trim().isEmpty()) { - appointments = appointmentRepository.searchAppointments(query, pageable); + + if (customerId != null) { + if (query != null && !query.trim().isEmpty()) { + appointments = appointmentRepository.searchAppointmentsByCustomer(customerId, query, pageable); + } else { + appointments = appointmentRepository.findByCustomerCustomerId(customerId, pageable); + } } else { - appointments = appointmentRepository.findAll(pageable); + if (query != null && !query.trim().isEmpty()) { + appointments = appointmentRepository.searchAppointments(query, pageable); + } else { + appointments = appointmentRepository.findAll(pageable); + } } + return appointments.map(this::mapToResponse); } - public AppointmentResponse getAppointmentById(Long id) { + public AppointmentResponse getAppointmentById(Long id, Long customerId) { Appointment appointment = appointmentRepository.findById(id) .orElseThrow(() -> new ResourceNotFoundException("Appointment not found with id: " + id)); + + if (customerId != null && !appointment.getCustomer().getCustomerId().equals(customerId)) { + throw new ResourceNotFoundException("You can only view your own appointments"); + } + return mapToResponse(appointment); }