Maxime/Clyde
1
0
Fork 0
forked from PGL/Clyde
Code Pull Requests Activity

GET /users doesn't return Admins if the poster isn't an admin

Browse Source
This commit is contained in:
Bartha Maxime
2024-03-17 16:26:30 +01:00
parent 37f8a3ac4e
commit 76f5a39a8f
3 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java
View File

@ -9,6 +9,8 @@ import ovh.herisson.Clyde.Services.ProtectionService;
import ovh.herisson.Clyde.Services.UserService;
import ovh.herisson.Clyde.Tables.Role;
import ovh.herisson.Clyde.Tables.User;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
@ -53,7 +55,15 @@ public class UserController {
if (authServ.isNotIn(new Role[]{Role.Admin,Role.Secretary},token))
return new UnauthorizedResponse<>(null);
Iterable<User> users = userService.getAll();
Role posterRole = authServ.getUserFromToken(token).getRole();
Iterable<User> users = new ArrayList<>();
if (posterRole == Role.Admin)
users = userService.getAll();
else if (posterRole == Role.Secretary)
users = userService.getAllExceptAdmins();
return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(users), HttpStatus.OK);
}