UserProfileController.java

/*
 * Copyright 2025 Global Crop Diversity Trust
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.genesys.server.api.v2.impl.admin;

import org.genesys.blocks.security.UserException;
import org.genesys.server.api.ApiBaseController;
import org.genesys.server.api.v2.facade.UserApiService;
import org.genesys.server.api.v2.model.impl.UserDTO;
import org.genesys.server.exception.NotFoundElement;
import org.genesys.server.model.UserRole;
import org.genesys.server.mvc.BaseController;
import org.genesys.server.service.EMailVerificationService;
import org.genesys.server.service.TokenVerificationService.NoSuchVerificationTokenException;
import org.genesys.server.service.TokenVerificationService.TokenExpiredException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageRequest;
import org.springframework.data.domain.Sort;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import java.util.List;
import java.util.Set;
import java.util.UUID;

@RestController("adminUsersControllerV2")
@RequestMapping(UserProfileController.CONTROLLER_URL)
@PreAuthorize("hasRole('ADMINISTRATOR')")
public class UserProfileController extends BaseController {

	/** The Constant CONTROLLER_URL. */
	public static final String CONTROLLER_URL = ApiBaseController.APIv2_BASE + "/admin/users/";

	@Autowired
	private UserApiService userService;

	@Autowired
	private EMailVerificationService emailVerificationService;

	@GetMapping(value = "", produces = { MediaType.APPLICATION_JSON_VALUE })
	public Page<UserDTO> list(@RequestParam(value = "page", defaultValue = "1") int page) {
		return userService.listUsers(PageRequest.of(page - 1, 50, Sort.by("fullName")));
	}

	@PostMapping("/{uuid:.+}/vetted-user")
	public void addRoleVettedUser(@PathVariable("uuid") UUID uuid) {
		userService.addVettedUserRole(uuid);
	}

	@GetMapping(value = "/{uuid:.+}", produces = { MediaType.APPLICATION_JSON_VALUE })
	public UserDTO someProfile(@PathVariable("uuid") UUID uuid) {
		final UserDTO user = userService.getUser(uuid);
		if (user == null) {
			throw new NotFoundElement();
		}

		return user;
	}

	@GetMapping(value = "/roles", produces = { MediaType.APPLICATION_JSON_VALUE })
	public List<UserRole> getAvailableRoles() {
		return userService.listAvailableRoles();
	}

	@PostMapping(value = "/{uuid}/send")
	public void sendEmail(@PathVariable("uuid") UUID uuid) {
		userService.sendEmail(uuid);
	}

	@PostMapping(value = "/{tokenUuid:.+}/cancel")
	public void cancelValidation(@PathVariable("tokenUuid") String tokenUuid) throws Exception {
		emailVerificationService.cancelValidation(tokenUuid);
	}

	@PostMapping(value = "/{tokenUuid:.+}/validate")
	public void validateEmail2(@PathVariable("tokenUuid") String tokenUuid, @RequestParam(value = "key", required = true) String key) throws NoSuchVerificationTokenException, TokenExpiredException {
		emailVerificationService.validateEMail(tokenUuid, key);
	}

	@PostMapping(value = "/password/reset")
	public void resetPassword(@RequestParam("email") String email) {
		userService.adminResetPassword(email);
	}

	@PostMapping(value = "/{tokenUuid:.+}/pwdreset")
	public void updatePassword(@PathVariable("tokenUuid") String tokenUuid, @RequestParam(value = "key") String key, @RequestParam("password") String password)
			throws UserException, NoSuchVerificationTokenException, TokenExpiredException {
		emailVerificationService.changePassword(tokenUuid, key, password);
	}

	@PostMapping(value = "/{uuid:.+}/update")
	public void update(@PathVariable("uuid") final UUID uuid, @RequestBody UserDTO updatedUser, @RequestParam("pwd1") String pwd1) throws UserException {
		userService.update(uuid, updatedUser, pwd1);
		
	}

	@DeleteMapping(value = "/{uuid:.+}")
	public void delete(@PathVariable("uuid") UUID uuid) throws UserException {
		userService.delete(uuid);
	}

	@PostMapping(value = "/{uuid:.+}/update-roles")
	public void updateRoles(@PathVariable("uuid") UUID uuid, @RequestParam("role") Set<UserRole> selectedRoles) {
		userService.updateRoles(uuid, selectedRoles);
	}
}