103 lines
2.9 KiB
Java
103 lines
2.9 KiB
Java
package com.goi.erp.controller;
|
|
|
|
import com.goi.erp.common.permission.PermissionChecker;
|
|
import com.goi.erp.common.permission.PermissionSet;
|
|
import com.goi.erp.dto.CustomerRegionRequestDto;
|
|
import com.goi.erp.dto.CustomerRegionResponseDto;
|
|
import com.goi.erp.service.CustomerRegionService;
|
|
import com.goi.erp.token.PermissionAuthenticationToken;
|
|
|
|
import lombok.RequiredArgsConstructor;
|
|
|
|
import org.springframework.http.HttpStatus;
|
|
import org.springframework.http.ResponseEntity;
|
|
|
|
import org.springframework.security.access.AccessDeniedException;
|
|
import org.springframework.security.core.context.SecurityContextHolder;
|
|
|
|
import org.springframework.web.bind.annotation.*;
|
|
|
|
import java.util.List;
|
|
|
|
@RestController
|
|
@RequestMapping("/customer-region")
|
|
@RequiredArgsConstructor
|
|
public class CustomerRegionController {
|
|
|
|
private final CustomerRegionService service;
|
|
|
|
private PermissionSet getPermission() {
|
|
|
|
PermissionAuthenticationToken auth =
|
|
(PermissionAuthenticationToken)
|
|
SecurityContextHolder.getContext().getAuthentication();
|
|
|
|
if (auth == null || auth.getPermissionSet() == null) {
|
|
throw new AccessDeniedException("Permission information is missing");
|
|
}
|
|
|
|
return auth.getPermissionSet();
|
|
}
|
|
|
|
@PostMapping
|
|
public ResponseEntity<CustomerRegionResponseDto> create(
|
|
@RequestBody CustomerRegionRequestDto dto
|
|
) {
|
|
|
|
if (!PermissionChecker.canCreateCRM(getPermission())) {
|
|
throw new AccessDeniedException("No permission");
|
|
}
|
|
|
|
return new ResponseEntity<>(
|
|
service.create(dto),
|
|
HttpStatus.CREATED
|
|
);
|
|
}
|
|
|
|
@GetMapping
|
|
public ResponseEntity<List<CustomerRegionResponseDto>> getAll() {
|
|
|
|
if (!PermissionChecker.canReadCRM(getPermission())) {
|
|
throw new AccessDeniedException("No permission");
|
|
}
|
|
|
|
return ResponseEntity.ok(service.getAll());
|
|
}
|
|
|
|
@GetMapping("/{id}")
|
|
public ResponseEntity<CustomerRegionResponseDto> getById(
|
|
@PathVariable Long id
|
|
) {
|
|
|
|
if (!PermissionChecker.canReadCRM(getPermission())) {
|
|
throw new AccessDeniedException("No permission");
|
|
}
|
|
|
|
return ResponseEntity.ok(service.getById(id));
|
|
}
|
|
|
|
@PatchMapping("/{id}")
|
|
public ResponseEntity<CustomerRegionResponseDto> update(
|
|
@PathVariable Long id,
|
|
@RequestBody CustomerRegionRequestDto dto
|
|
) {
|
|
|
|
if (!PermissionChecker.canUpdateCRM(getPermission())) {
|
|
throw new AccessDeniedException("No permission");
|
|
}
|
|
|
|
return ResponseEntity.ok(service.update(id, dto));
|
|
}
|
|
|
|
@DeleteMapping("/{id}")
|
|
public ResponseEntity<Void> delete(@PathVariable Long id) {
|
|
|
|
if (!PermissionChecker.canDeleteCRM(getPermission())) {
|
|
throw new AccessDeniedException("No permission");
|
|
}
|
|
|
|
service.delete(id);
|
|
|
|
return ResponseEntity.noContent().build();
|
|
}
|
|
} |