180 lines
6.6 KiB
Java
180 lines
6.6 KiB
Java
package com.goi.erp.controller;
|
|
|
|
import com.goi.erp.common.permission.PermissionChecker;
|
|
import com.goi.erp.common.permission.PermissionSet;
|
|
import com.goi.erp.dto.CustomerRequestDto;
|
|
import com.goi.erp.dto.CustomerResponseDto;
|
|
import com.goi.erp.service.CustomerService;
|
|
import com.goi.erp.token.PermissionAuthenticationToken;
|
|
|
|
import lombok.RequiredArgsConstructor;
|
|
|
|
import org.springframework.beans.factory.annotation.Value;
|
|
import org.springframework.data.domain.Page;
|
|
import org.springframework.http.HttpStatus;
|
|
import org.springframework.http.ResponseEntity;
|
|
import org.springframework.security.access.AccessDeniedException;
|
|
import org.springframework.security.core.context.SecurityContextHolder;
|
|
import org.springframework.web.bind.annotation.*;
|
|
|
|
import java.util.UUID;
|
|
|
|
@RestController
|
|
@RequestMapping("/customer")
|
|
@RequiredArgsConstructor
|
|
public class CustomerController {
|
|
@Value("${pagination.default-page:0}")
|
|
private int defaultPage;
|
|
|
|
@Value("${pagination.default-size:20}")
|
|
private int defaultSize;
|
|
|
|
@Value("${pagination.max-size:100}")
|
|
private int maxSize;
|
|
|
|
private final CustomerService customerService;
|
|
|
|
// CREATE
|
|
@PostMapping
|
|
public ResponseEntity<CustomerResponseDto> createCustomer(@RequestBody CustomerRequestDto requestDto) {
|
|
// 권한 체크
|
|
PermissionAuthenticationToken auth = (PermissionAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
|
|
|
if (auth == null || auth.getPermissionSet() == null) {
|
|
throw new AccessDeniedException("Permission information is missing");
|
|
}
|
|
|
|
PermissionSet permissionSet = auth.getPermissionSet();
|
|
if (!PermissionChecker.canCreateCRM(permissionSet)) {
|
|
throw new AccessDeniedException("You do not have permission to read all CRM data");
|
|
}
|
|
|
|
CustomerResponseDto responseDto = customerService.createCustomer(requestDto);
|
|
return new ResponseEntity<>(responseDto, HttpStatus.CREATED);
|
|
}
|
|
|
|
// READ ALL
|
|
@GetMapping
|
|
public ResponseEntity<Page<CustomerResponseDto>> getAllCustomers(
|
|
@RequestParam(required = false) Integer page,
|
|
@RequestParam(required = false) Integer size
|
|
) {
|
|
// 권한 체크
|
|
PermissionAuthenticationToken auth = (PermissionAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
|
|
|
if (auth == null || auth.getPermissionSet() == null) {
|
|
throw new AccessDeniedException("Permission information is missing");
|
|
}
|
|
|
|
PermissionSet permissionSet = auth.getPermissionSet();
|
|
if (!PermissionChecker.canReadCRMAll(permissionSet)) {
|
|
throw new AccessDeniedException("You do not have permission to read all CRM data");
|
|
}
|
|
|
|
//
|
|
int p = (page == null) ? defaultPage : page;
|
|
int s = (size == null) ? defaultSize : size;
|
|
if (s > maxSize) s = maxSize;
|
|
|
|
//
|
|
return ResponseEntity.ok(customerService.getAllCustomers(p, s));
|
|
}
|
|
|
|
// READ ONE
|
|
@GetMapping("/uuid/{uuid}")
|
|
public ResponseEntity<CustomerResponseDto> getCustomer(@PathVariable UUID uuid) {
|
|
// 권한 체크
|
|
PermissionAuthenticationToken auth = (PermissionAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
|
|
|
if (auth == null || auth.getPermissionSet() == null) {
|
|
throw new AccessDeniedException("Permission information is missing");
|
|
}
|
|
|
|
PermissionSet permissionSet = auth.getPermissionSet();
|
|
if (!PermissionChecker.canReadCRM(permissionSet)) {
|
|
throw new AccessDeniedException("You do not have permission to read all CRM data");
|
|
}
|
|
|
|
return ResponseEntity.ok(customerService.getCustomerByUuid(uuid));
|
|
}
|
|
|
|
// UPDATE
|
|
@PatchMapping("/uuid/{uuid}")
|
|
public ResponseEntity<CustomerResponseDto> updateCustomer(
|
|
@PathVariable UUID uuid,
|
|
@RequestBody CustomerRequestDto requestDto) {
|
|
// 권한 체크
|
|
PermissionAuthenticationToken auth = (PermissionAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
|
|
|
if (auth == null || auth.getPermissionSet() == null) {
|
|
throw new AccessDeniedException("Permission information is missing");
|
|
}
|
|
|
|
PermissionSet permissionSet = auth.getPermissionSet();
|
|
if (!PermissionChecker.canUpdateCRM(permissionSet)) {
|
|
throw new AccessDeniedException("You do not have permission to read all CRM data");
|
|
}
|
|
|
|
return ResponseEntity.ok(customerService.updateCustomer(uuid, requestDto));
|
|
}
|
|
|
|
// DELETE
|
|
@DeleteMapping("/uuid/{uuid}")
|
|
public ResponseEntity<Void> deleteCustomer(@PathVariable UUID uuid) {
|
|
// 권한 체크
|
|
PermissionAuthenticationToken auth = (PermissionAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
|
|
|
if (auth == null || auth.getPermissionSet() == null) {
|
|
throw new AccessDeniedException("Permission information is missing");
|
|
}
|
|
|
|
PermissionSet permissionSet = auth.getPermissionSet();
|
|
if (!PermissionChecker.canDeleteCRM(permissionSet)) {
|
|
throw new AccessDeniedException("You do not have permission to read all CRM data");
|
|
}
|
|
|
|
customerService.deleteCustomer(uuid);
|
|
return ResponseEntity.noContent().build();
|
|
}
|
|
|
|
// from MIS
|
|
@GetMapping("/no/{cusNo}")
|
|
public ResponseEntity<CustomerResponseDto> getCustomer(@PathVariable String cusNo) {
|
|
// 권한 체크
|
|
PermissionAuthenticationToken auth = (PermissionAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
|
|
|
if (auth == null || auth.getPermissionSet() == null) {
|
|
throw new AccessDeniedException("Permission information is missing");
|
|
}
|
|
|
|
PermissionSet permissionSet = auth.getPermissionSet();
|
|
if (!PermissionChecker.canDeleteCRM(permissionSet)) {
|
|
throw new AccessDeniedException("You do not have permission to read all CRM data");
|
|
}
|
|
|
|
//
|
|
CustomerResponseDto customer = customerService.getCustomerByNo(cusNo);
|
|
return ResponseEntity.ok(customer);
|
|
}
|
|
|
|
@PatchMapping("/no/{cusNo}")
|
|
public ResponseEntity<CustomerResponseDto> updateCustomer(@PathVariable String cusNo,
|
|
@RequestBody CustomerRequestDto dto) {
|
|
// 권한 체크
|
|
PermissionAuthenticationToken auth = (PermissionAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
|
|
|
if (auth == null || auth.getPermissionSet() == null) {
|
|
throw new AccessDeniedException("Permission information is missing");
|
|
}
|
|
|
|
PermissionSet permissionSet = auth.getPermissionSet();
|
|
if (!PermissionChecker.canDeleteCRM(permissionSet)) {
|
|
throw new AccessDeniedException("You do not have permission to read all CRM data");
|
|
}
|
|
|
|
//
|
|
CustomerResponseDto updated = customerService.updateCustomerByNo(cusNo, dto);
|
|
return ResponseEntity.ok(updated);
|
|
}
|
|
}
|