package com.fullteaching.backend.security; import java.util.Collection; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import com.fullteaching.backend.user.User; import com.fullteaching.backend.user.UserComponent; public class AuthorizationService { @Autowired private UserComponent user; // Checks if user logged public ResponseEntity<Object> checkBackendLogged(){ if (!user.isLoggedUser()) { System.out.println("Not user logged"); return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); } return null; } // Checks authorization of teacher public ResponseEntity<Object> checkAuthorization(Object o, User u){ if(o == null){ //The object does not exist return new ResponseEntity<>(HttpStatus.NOT_MODIFIED); } if(!this.user.getLoggedUser().equals(u)){ //The teacher is not authorized to edit it if he is not its owner return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); } return null; } // Checks authorization of participant public ResponseEntity<Object> checkAuthorizationUsers(Object o, Collection<User> users){ if(o == null){ //The object does not exist return new ResponseEntity<>(HttpStatus.BAD_REQUEST); } if(!users.contains(this.user.getLoggedUser())){ //The user is not authorized to edit if it is not an attender of the Course return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); } return null; } }