Package de.trustable.ca3s.core.web.rest

Class UserResource

  • @RestController
@RequestMapping("/api")
public class UserResource
extends Object
    REST controller for managing users.

    This class accesses the User entity, and needs to fetch its collection of authorities.

    For a normal use-case, it would be better to have an eager relationship between User and Authority, and send everything to the client side: there would be no View Model and DTO, a lot less code, and an outer-join which would be good for performance.

    We use a View Model and a DTO for 3 reasons:

    • We want to keep a lazy association between the user and the authorities, because people will quite often do relationships with the user, and we don't want them to get the authorities all the time for nothing (for performance reasons). This is the #1 goal: we should not impact our users' application because of this use-case.
    • Not having an outer join causes n+1 requests to the database. This is not a real issue as we have by default a second-level cache. This means on the first HTTP call we do the n+1 requests, but then all authorities come from the cache, so in fact it's much better than doing an outer join (which will get lots of data from the database, for each HTTP call).
    • As this manages users, for security reasons, we'd rather have a DTO layer.

    Another option would be to have a specific JPA entity graph to handle this case.

    • Method Detail

      • createUser

        @PostMapping("/users")
@PreAuthorize("hasRole(\"ROLE_ADMIN\")")
@Transactional
public org.springframework.http.ResponseEntity<User> createUser​(@Valid @RequestBody
                                                                @Valid UserDTO userDTO)
                                                         throws URISyntaxException,
                                                                javax.mail.MessagingException
        POST /users : Creates a new user.

        Creates a new user if the login and email are not already used, and sends an mail with an activation link. The user needs to be activated on creation.

        Parameters:
        userDTO - the user to create.
        Returns:
        the ResponseEntity with status 201 (Created) and with body the new user, or with status 400 (Bad Request) if the login or email is already in use.
        Throws:
        URISyntaxException - if the Location URI syntax is incorrect.
        BadRequestAlertException - 400 (Bad Request) if the login or email is already in use.
        javax.mail.MessagingException

      • updateUser

        @PutMapping("/users")
@PreAuthorize("hasRole(\"ROLE_ADMIN\")")
@Transactional
public org.springframework.http.ResponseEntity<UserDTO> updateUser​(@Valid @RequestBody
                                                                   @Valid UserDTO userDTO)
        PUT /users : Updates an existing User.
        Parameters:
        userDTO - the user to update.
        Returns:
        the ResponseEntity with status 200 (OK) and with body the updated user.
        Throws:
        EmailAlreadyUsedException - 400 (Bad Request) if the email is already in use.
        LoginAlreadyUsedException - 400 (Bad Request) if the login is already in use.

      • getAllUsers

        @GetMapping("/users")
@PreAuthorize("hasRole(\"ROLE_ADMIN\")")
public org.springframework.http.ResponseEntity<List<UserDTO>> getAllUsers​(org.springframework.data.domain.Pageable pageable)
        GET /users : get all users.
        Parameters:
        pageable - the pagination information.
        Returns:
        the ResponseEntity with status 200 (OK) and with body all users.

      • getAuthorities

        @GetMapping("/users/authorities")
@PreAuthorize("hasRole(\"ROLE_ADMIN\")")
public List<String> getAuthorities()
        Gets a list of all roles.
        Returns:
        a string list of all roles.

      • getUser

        @GetMapping("/users/{login:^[_.@A-Za-z0-9-]*$}")
@Transactional(readOnly=true)
public org.springframework.http.ResponseEntity<UserDTO> getUser​(@PathVariable
                                                                String login)
        GET /users/:login : get the "login" user.
        Parameters:
        login - the login of the user to find.
        Returns:
        the ResponseEntity with status 200 (OK) and with body the "login" user, or with status 404 (Not Found).

      • getUsersByRole

        @GetMapping("/users/role/{role}")
@PreAuthorize("hasRole(\"ROLE_ADMIN\")")
@Transactional(readOnly=true)
public org.springframework.http.ResponseEntity<List<UserDTO>> getUsersByRole​(@PathVariable
                                                                             String role)
        GET /users/role/:role : get the user with a given role.
        Parameters:
        role - the role to be retrieved.
        Returns:
        the ResponseEntity with status 200 (OK) and with body the users of given role, or with status 404 (Not Found).

      • deleteUser

        @DeleteMapping("/users/{login:^[_.@A-Za-z0-9-]*$}")
@PreAuthorize("hasRole(\"ROLE_ADMIN\")")
@Transactional
public org.springframework.http.ResponseEntity<Void> deleteUser​(@PathVariable
                                                                String login)
        DELETE /users/:login : delete the "login" User.
        Parameters:
        login - the login of the user to delete.
        Returns:
        the ResponseEntity with status 204 (NO_CONTENT).