Change User Roles (#1153)

* Modify user service and controller * Modify Template * Add messages * Fix Username output * Add tooltip * Change Role Modify logic * Add Roles from database to existing users * Add default select Fillers * Indent JS * Add Change Role Related Translations * Remove unnecessary Whitespace and imports
2024-05-02 14:52:50 -06:00
parent c622ee915b
commit d7afc574a6
33 changed files with 213 additions and 0 deletions
--- a/src/main/java/stirling/software/SPDF/controller/api/UserController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/UserController.java
@@ -227,6 +227,45 @@ public class UserController {
        return new RedirectView("/addUsers"); // Redirect to account page after adding the user
    }

+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    @PostMapping("/admin/changeRole")
+    public RedirectView changeRole(
+            @RequestParam(name = "username") String username,
+            @RequestParam(name = "role") String role,
+            Authentication authentication) {
+
+        Optional<User> userOpt = userService.findByUsernameIgnoreCase(username);
+
+        if (!userOpt.isPresent()) {
+            return new RedirectView("/addUsers?messageType=userNotFound");
+        }
+        if (!userService.usernameExistsIgnoreCase(username)) {
+            return new RedirectView("/addUsers?messageType=userNotFound");
+        }
+        // Get the currently authenticated username
+        String currentUsername = authentication.getName();
+
+        // Check if the provided username matches the current session's username
+        if (currentUsername.equalsIgnoreCase(username)) {
+            return new RedirectView("/addUsers?messageType=downgradeCurrentUser");
+        }
+        try {
+            // Validate the role
+            Role roleEnum = Role.fromString(role);
+            if (roleEnum == Role.INTERNAL_API_USER) {
+                // If the role is INTERNAL_API_USER, reject the request
+                return new RedirectView("/addUsers?messageType=invalidRole");
+            }
+        } catch (IllegalArgumentException e) {
+            // If the role ID is not valid, redirect with an error message
+            return new RedirectView("/addUsers?messageType=invalidRole");
+        }
+        User user = userOpt.get();
+
+        userService.changeRole(user, role);
+        return new RedirectView("/addUsers"); // Redirect to account page after adding the user
+    }
+
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @PostMapping("/admin/deleteUser/{username}")
    public RedirectView deleteUser(