crm-rest-api/src/main/java/com/goi/erp/controller/CustomerRegionController.java

103 lines
2.9 KiB
Java

package com.goi.erp.controller;
import com.goi.erp.common.permission.PermissionChecker;
import com.goi.erp.common.permission.PermissionSet;
import com.goi.erp.dto.CustomerRegionRequestDto;
import com.goi.erp.dto.CustomerRegionResponseDto;
import com.goi.erp.service.CustomerRegionService;
import com.goi.erp.token.PermissionAuthenticationToken;
import lombok.RequiredArgsConstructor;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import java.util.List;
@RestController
@RequestMapping("/customer-region")
@RequiredArgsConstructor
public class CustomerRegionController {
private final CustomerRegionService service;
private PermissionSet getPermission() {
PermissionAuthenticationToken auth =
(PermissionAuthenticationToken)
SecurityContextHolder.getContext().getAuthentication();
if (auth == null || auth.getPermissionSet() == null) {
throw new AccessDeniedException("Permission information is missing");
}
return auth.getPermissionSet();
}
@PostMapping
public ResponseEntity<CustomerRegionResponseDto> create(
@RequestBody CustomerRegionRequestDto dto
) {
if (!PermissionChecker.canCreateCRM(getPermission())) {
throw new AccessDeniedException("No permission");
}
return new ResponseEntity<>(
service.create(dto),
HttpStatus.CREATED
);
}
@GetMapping
public ResponseEntity<List<CustomerRegionResponseDto>> getAll() {
if (!PermissionChecker.canReadCRM(getPermission())) {
throw new AccessDeniedException("No permission");
}
return ResponseEntity.ok(service.getAll());
}
@GetMapping("/{id}")
public ResponseEntity<CustomerRegionResponseDto> getById(
@PathVariable Long id
) {
if (!PermissionChecker.canReadCRM(getPermission())) {
throw new AccessDeniedException("No permission");
}
return ResponseEntity.ok(service.getById(id));
}
@PatchMapping("/{id}")
public ResponseEntity<CustomerRegionResponseDto> update(
@PathVariable Long id,
@RequestBody CustomerRegionRequestDto dto
) {
if (!PermissionChecker.canUpdateCRM(getPermission())) {
throw new AccessDeniedException("No permission");
}
return ResponseEntity.ok(service.update(id, dto));
}
@DeleteMapping("/{id}")
public ResponseEntity<Void> delete(@PathVariable Long id) {
if (!PermissionChecker.canDeleteCRM(getPermission())) {
throw new AccessDeniedException("No permission");
}
service.delete(id);
return ResponseEntity.noContent().build();
}
}