This repository was archived by the owner on Jul 6, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathOrderController.java
More file actions
128 lines (105 loc) · 5.67 KB
/
OrderController.java
File metadata and controls
128 lines (105 loc) · 5.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
package com.zenfulcode.commercify.api.order;
import com.zenfulcode.commercify.api.order.dto.request.CreateOrderRequest;
import com.zenfulcode.commercify.api.order.dto.response.CreateOrderResponse;
import com.zenfulcode.commercify.api.order.dto.response.OrderDetailsResponse;
import com.zenfulcode.commercify.api.order.dto.response.PagedOrderResponse;
import com.zenfulcode.commercify.api.order.mapper.OrderDtoMapper;
import com.zenfulcode.commercify.auth.domain.model.AuthenticatedUser;
import com.zenfulcode.commercify.order.application.command.CancelOrderCommand;
import com.zenfulcode.commercify.order.application.command.CreateOrderCommand;
import com.zenfulcode.commercify.order.application.command.GetOrderByIdCommand;
import com.zenfulcode.commercify.order.application.dto.OrderDetailsDTO;
import com.zenfulcode.commercify.order.application.query.FindAllOrdersQuery;
import com.zenfulcode.commercify.order.application.query.FindOrdersByUserIdQuery;
import com.zenfulcode.commercify.order.application.service.OrderApplicationService;
import com.zenfulcode.commercify.order.domain.exception.UnauthorizedOrderCreationException;
import com.zenfulcode.commercify.order.domain.exception.UnauthorizedOrderFetchingException;
import com.zenfulcode.commercify.order.domain.model.Order;
import com.zenfulcode.commercify.order.domain.valueobject.OrderId;
import com.zenfulcode.commercify.shared.interfaces.ApiResponse;
import com.zenfulcode.commercify.user.domain.valueobject.UserId;
import lombok.RequiredArgsConstructor;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageRequest;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.*;
@RestController
@RequestMapping("/api/v2/orders")
@RequiredArgsConstructor
public class OrderController {
private final OrderApplicationService orderApplicationService;
private final OrderDtoMapper orderDtoMapper;
@PostMapping
public ResponseEntity<ApiResponse<CreateOrderResponse>> createOrder(
@RequestBody CreateOrderRequest request,
Authentication authentication) {
AuthenticatedUser user = (AuthenticatedUser) authentication.getPrincipal();
if (isNotUserAuthorized(user, request.getUserId().getId())) {
throw new UnauthorizedOrderCreationException(request.getUserId());
}
// Convert request to command
CreateOrderCommand command = orderDtoMapper.toCommand(request);
// Create order through application service
OrderId orderId = orderApplicationService.createOrder(command);
// Create and return response
CreateOrderResponse response = new CreateOrderResponse(
orderId.toString(),
"Order created successfully"
);
return ResponseEntity.ok(ApiResponse.success(response));
}
// TODO: SUPER NOT SECURE AND NOT GOOD
@GetMapping("/{orderId}")
public ResponseEntity<ApiResponse<OrderDetailsResponse>> getOrder(
@PathVariable String orderId,
Authentication authentication) {
GetOrderByIdCommand command = orderDtoMapper.toCommand(orderId);
OrderDetailsDTO order = orderApplicationService.getOrderDetailsById(command);
AuthenticatedUser user = (AuthenticatedUser) authentication.getPrincipal();
if (isNotUserAuthorized(user, order.userId().getId())) {
throw new UnauthorizedOrderFetchingException(user.getUserId().getId());
}
OrderDetailsResponse response = orderDtoMapper.toResponse(order);
return ResponseEntity.ok(ApiResponse.success(response));
}
@GetMapping("/user/{userId}")
public ResponseEntity<ApiResponse<PagedOrderResponse>> getOrdersByUserId(
@PathVariable String userId,
@RequestParam(defaultValue = "0") int page,
@RequestParam(defaultValue = "10") int size,
Authentication authentication) {
AuthenticatedUser user = (AuthenticatedUser) authentication.getPrincipal();
if (isNotUserAuthorized(user, userId)) {
throw new UnauthorizedOrderFetchingException(userId);
}
FindOrdersByUserIdQuery query = new FindOrdersByUserIdQuery(
UserId.of(userId),
PageRequest.of(page, size)
);
Page<Order> orders = orderApplicationService.findOrdersByUserId(query);
PagedOrderResponse response = orderDtoMapper.toPagedResponse(orders);
return ResponseEntity.ok(ApiResponse.success(response));
}
@GetMapping
@PreAuthorize("hasRole('ADMIN')")
public ResponseEntity<ApiResponse<PagedOrderResponse>> getAllOrders(
@RequestParam(defaultValue = "0") int page,
@RequestParam(defaultValue = "10") int size) {
FindAllOrdersQuery query = new FindAllOrdersQuery(PageRequest.of(page, size));
Page<Order> orders = orderApplicationService.findAllOrders(query);
PagedOrderResponse response = orderDtoMapper.toPagedResponse(orders);
return ResponseEntity.ok(ApiResponse.success(response));
}
@DeleteMapping("/{orderId}")
@PreAuthorize("hasRole('ADMIN')")
public ResponseEntity<ApiResponse<String>> cancelOrder(@PathVariable String orderId) {
CancelOrderCommand command = new CancelOrderCommand(OrderId.of(orderId));
orderApplicationService.cancelOrder(command);
return ResponseEntity.ok(ApiResponse.success("Order cancelled successfully"));
}
private boolean isNotUserAuthorized(AuthenticatedUser user, String userId) {
return !user.getUserId().getId().equals(userId) && !user.isAdmin();
}
}