package com.goi.erp.controller; import com.goi.erp.common.permission.PermissionChecker; import com.goi.erp.common.permission.PermissionSet; import com.goi.erp.dto.CustomerRequestDto; import com.goi.erp.dto.CustomerResponseDto; import com.goi.erp.service.CustomerService; import com.goi.erp.token.PermissionAuthenticationToken; import lombok.RequiredArgsConstructor; import org.springframework.beans.factory.annotation.Value; import org.springframework.data.domain.Page; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.bind.annotation.*; import java.util.UUID; @RestController @RequestMapping("/customer") @RequiredArgsConstructor public class CustomerController { @Value("${pagination.default-page:0}") private int defaultPage; @Value("${pagination.default-size:20}") private int defaultSize; @Value("${pagination.max-size:100}") private int maxSize; private final CustomerService customerService; // CREATE @PostMapping public ResponseEntity createCustomer(@RequestBody CustomerRequestDto requestDto) { // 권한 체크 PermissionAuthenticationToken auth = (PermissionAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); if (auth == null || auth.getPermissionSet() == null) { throw new AccessDeniedException("Permission information is missing"); } PermissionSet permissionSet = auth.getPermissionSet(); if (!PermissionChecker.canCreateCRM(permissionSet)) { throw new AccessDeniedException("You do not have permission to read all CRM data"); } CustomerResponseDto responseDto = customerService.createCustomer(requestDto); return new ResponseEntity<>(responseDto, HttpStatus.CREATED); } // READ ALL @GetMapping public ResponseEntity> getAllCustomers( @RequestParam(required = false) Integer page, @RequestParam(required = false) Integer size ) { // 권한 체크 PermissionAuthenticationToken auth = (PermissionAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); if (auth == null || auth.getPermissionSet() == null) { throw new AccessDeniedException("Permission information is missing"); } PermissionSet permissionSet = auth.getPermissionSet(); if (!PermissionChecker.canReadCRMAll(permissionSet)) { throw new AccessDeniedException("You do not have permission to read all CRM data"); } // int p = (page == null) ? defaultPage : page; int s = (size == null) ? defaultSize : size; if (s > maxSize) s = maxSize; // return ResponseEntity.ok(customerService.getAllCustomers(p, s)); } // READ ONE @GetMapping("/uuid/{uuid}") public ResponseEntity getCustomer(@PathVariable UUID uuid) { // 권한 체크 PermissionAuthenticationToken auth = (PermissionAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); if (auth == null || auth.getPermissionSet() == null) { throw new AccessDeniedException("Permission information is missing"); } PermissionSet permissionSet = auth.getPermissionSet(); if (!PermissionChecker.canReadCRM(permissionSet)) { throw new AccessDeniedException("You do not have permission to read all CRM data"); } return ResponseEntity.ok(customerService.getCustomerByUuid(uuid)); } // UPDATE @PatchMapping("/uuid/{uuid}") public ResponseEntity updateCustomer( @PathVariable UUID uuid, @RequestBody CustomerRequestDto requestDto) { // 권한 체크 PermissionAuthenticationToken auth = (PermissionAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); if (auth == null || auth.getPermissionSet() == null) { throw new AccessDeniedException("Permission information is missing"); } PermissionSet permissionSet = auth.getPermissionSet(); if (!PermissionChecker.canUpdateCRM(permissionSet)) { throw new AccessDeniedException("You do not have permission to read all CRM data"); } return ResponseEntity.ok(customerService.updateCustomer(uuid, requestDto)); } // DELETE @DeleteMapping("/uuid/{uuid}") public ResponseEntity deleteCustomer(@PathVariable UUID uuid) { // 권한 체크 PermissionAuthenticationToken auth = (PermissionAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); if (auth == null || auth.getPermissionSet() == null) { throw new AccessDeniedException("Permission information is missing"); } PermissionSet permissionSet = auth.getPermissionSet(); if (!PermissionChecker.canDeleteCRM(permissionSet)) { throw new AccessDeniedException("You do not have permission to read all CRM data"); } customerService.deleteCustomer(uuid); return ResponseEntity.noContent().build(); } // from MIS @GetMapping("/no/{cusNo}") public ResponseEntity getCustomer(@PathVariable String cusNo) { // 권한 체크 PermissionAuthenticationToken auth = (PermissionAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); if (auth == null || auth.getPermissionSet() == null) { throw new AccessDeniedException("Permission information is missing"); } PermissionSet permissionSet = auth.getPermissionSet(); if (!PermissionChecker.canDeleteCRM(permissionSet)) { throw new AccessDeniedException("You do not have permission to read all CRM data"); } // CustomerResponseDto customer = customerService.getCustomerByNo(cusNo); return ResponseEntity.ok(customer); } @PatchMapping("/no/{cusNo}") public ResponseEntity updateCustomer(@PathVariable String cusNo, @RequestBody CustomerRequestDto dto) { // 권한 체크 PermissionAuthenticationToken auth = (PermissionAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); if (auth == null || auth.getPermissionSet() == null) { throw new AccessDeniedException("Permission information is missing"); } PermissionSet permissionSet = auth.getPermissionSet(); if (!PermissionChecker.canDeleteCRM(permissionSet)) { throw new AccessDeniedException("You do not have permission to read all CRM data"); } // CustomerResponseDto updated = customerService.updateCustomerByNo(cusNo, dto); return ResponseEntity.ok(updated); } }