diff --git a/00-backend/src/main/java/de/htwsaar/webshop/config/ParameterConfig.java b/00-backend/src/main/java/de/htwsaar/webshop/config/ParameterConfig.java index 85dd7e8..799273d 100644 --- a/00-backend/src/main/java/de/htwsaar/webshop/config/ParameterConfig.java +++ b/00-backend/src/main/java/de/htwsaar/webshop/config/ParameterConfig.java @@ -14,4 +14,5 @@ public class ParameterConfig { public static final String PARAM_STATUS = "status"; public static final String PARAM_STANDARD = "standard"; public static final String PARAM_SESSION = "session"; + public static final String PARAM_ADMIN = "session"; } diff --git a/00-backend/src/main/java/de/htwsaar/webshop/controller/AccountController.java b/00-backend/src/main/java/de/htwsaar/webshop/controller/AccountController.java index 4bd80c6..4362ea4 100644 --- a/00-backend/src/main/java/de/htwsaar/webshop/controller/AccountController.java +++ b/00-backend/src/main/java/de/htwsaar/webshop/controller/AccountController.java @@ -153,4 +153,18 @@ public class AccountController { return ResponseEntity.ok(saved); } + @RequestMapping(path = ACCOUNT_ADMIN, method = RequestMethod.POST, produces = "application/json") + public ResponseEntity setAdmin(HttpServletRequest request, + @RequestParam(PARAM_EMAIL) String email, + @RequestParam(PARAM_PASSWORD) UUID token, + @RequestParam(PARAM_ID) Long accountId, + @RequestParam(PARAM_ADMIN) Boolean admin) { + logRequest(request); + if (!sessionService.isAdmin(token, email)) { + log.warn("Invalid session requesting Admin {}", token); + return ResponseEntity.status(403).build(); + } + return ResponseEntity.ok(accountService.setAdmin(accountId, admin)); + } + } diff --git a/00-backend/src/main/java/de/htwsaar/webshop/service/AccountService.java b/00-backend/src/main/java/de/htwsaar/webshop/service/AccountService.java index dafa148..f6b3e94 100644 --- a/00-backend/src/main/java/de/htwsaar/webshop/service/AccountService.java +++ b/00-backend/src/main/java/de/htwsaar/webshop/service/AccountService.java @@ -18,4 +18,6 @@ public interface AccountService { Account isValidLogin(String email, String password); boolean existsWithEmail(String email); + + boolean setAdmin(Long id, boolean admin); } \ No newline at end of file diff --git a/00-backend/src/main/java/de/htwsaar/webshop/service/impl/AccountServiceImpl.java b/00-backend/src/main/java/de/htwsaar/webshop/service/impl/AccountServiceImpl.java index 28123fb..0849979 100644 --- a/00-backend/src/main/java/de/htwsaar/webshop/service/impl/AccountServiceImpl.java +++ b/00-backend/src/main/java/de/htwsaar/webshop/service/impl/AccountServiceImpl.java @@ -77,5 +77,17 @@ public class AccountServiceImpl implements AccountService { return accountRepository.existsAccountByEmail(email); } - + @Override + public boolean setAdmin(Long id, boolean admin) { + if (id == null) { + return false; + } + Account acc = accountRepository.getAccountById(id); + if (acc == null) { + return false; + } + acc.setAdmin(admin); + accountRepository.save(acc); + return true; + } }