java-jabki-final-project-api/src/main/java/bookShop/service/UserService.java at b5e5a34780da81276c28d4777f653af937d47a8d · andreikuzn/java-jabki-final-project-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
package bookShop.service;

import bookShop.model.*;
import bookShop.repository.AppUserRepository;
import bookShop.repository.LoanRepository;
import bookShop.exception.*;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import bookShop.model.response.UserResponse;
import javax.validation.Validation;
import javax.validation.Validator;
import java.util.List;
import java.util.stream.Collectors;
import bookShop.model.request.RegisterRequest;

@Slf4j
@Service
@RequiredArgsConstructor
public class UserService {

    private static final int MAX_ADMIN_COUNT = 3;

    private final AppUserRepository userRepository;
    private final LoanRepository loanRepository;
    private final PasswordEncoder passwordEncoder;
    private final Validator validator = Validation.buildDefaultValidatorFactory().getValidator(); // мне кажется лучше инжектить эту зависимость через конструктор, чтобы она потом закрылась автоматически

    public List<UserResponse> getAllUsers() {
        List<AppUser> users = userRepository.findAll();
        if (users.isEmpty()) {
            throw new UserNotFoundException("Пользователи не найдены");
        }
        return users.stream()
                .map(this::toUserResponseWithActiveLoans)
                .collect(Collectors.toList());
    }

    public UserResponse getUserById(Long id) {
        AppUser user = findUserByIdOrThrow(id);
        return toUserResponseWithActiveLoans(user);
    }

    public List<UserResponse> getUsersByUsername(String username) {
        username = (username != null) ? username.trim() : null;
        List<AppUser> users = userRepository.findByUsernameIgnoreCaseLike(username);
        if (users.isEmpty()) {
            throw new UserNotFoundException("Пользователи с таким username не найдены");
        }
        return users.stream().map(this::toUserResponseWithActiveLoans).collect(Collectors.toList());
    }

    public UserResponse getUserByUsername(String username) {
        username = (username != null) ? username.trim() : null;
        AppUser user = userRepository.findByUsernameIgnoreCase(username)
                .orElseThrow(() -> new UserNotFoundException("Пользователь с таким username не найден"));
        return toUserResponseWithActiveLoans(user);
    }

    public void deleteUser(Long id) {
        log.warn("Попытка удаления админом пользователя [{}]", id); //такая же история как в BookService, два запроса в бд вместо одного
        if (!userRepository.existsById(id)) {
            throw new UserNotFoundException();
        }
        userRepository.deleteById(id);
        log.info("Пользователь [{}] удалён админом", id);
    }

    public UserResponse updateUser(Long id, RegisterRequest request, AppUserDetails userDetails) {
        log.info("Пользователь [{}] инициировал обновление пользователя [{}]", userDetails.getUsername(), id);
        AppUser user = findUserByIdOrThrow(id);
        checkUpdateUserRights(user, userDetails, request);
        updateUserFields(user, request, userDetails);
        AppUser saved = userRepository.save(user);
        log.info("Пользователь [{}] успешно обновлён", id);
        return toUserResponseWithActiveLoans(saved);
    }

    public UserResponse createUser(RegisterRequest request) {
        log.info("Попытка создать пользователя: username={}", request.getUsername());
        if (userRepository.existsByUsernameIgnoreCase(request.getUsername())) {
            throw new UserAlreadyExistsException("Пользователь с таким именем уже существует");
        }
        if (request.getRole() == Role.ADMIN) {
            checkAdminLimit();
        }
        AppUser user = AppUser.builder()
                .username(request.getUsername())
                .password(passwordEncoder.encode(request.getPassword()))
                .role(request.getRole())
                .phone(request.getPhone())
                .email(request.getEmail())
                .loyaltyPoints(0)
                .loyaltyLevel(LoyaltyLevel.NOVICE)
                .build();
        AppUser saved = userRepository.save(user);
        log.info("Пользователь создан: username={}, ID={}", saved.getUsername(), saved.getId());
        return toUserResponseWithActiveLoans(saved);
    }

    private AppUser findUserByIdOrThrow(Long id) {
        return userRepository.findById(id)
                .orElseThrow(UserNotFoundException::new);
    }

    private UserResponse toUserResponseWithActiveLoans(AppUser user) {
        bookShop.model.response.UserResponse response = bookShop.model.response.UserResponse.from(user);
        List<Loan> activeLoans = loanRepository.findByAppUserIdAndReturnedDateIsNull(user.getId());
        response.setActiveLoans(
                activeLoans.stream()
                        .map(bookShop.model.response.LoanResponse::from)
                        .collect(Collectors.toList())
        );
        return response;
    }

    private void checkUpdateUserRights(AppUser user, AppUserDetails userDetails, RegisterRequest request) {
        boolean isAdmin = userDetails.getRole() == Role.ADMIN;
        boolean isOwner = user.getId().equals(userDetails.getId());
        if (!isAdmin && !isOwner) {
            throw new ForbiddenActionException("Недостаточно прав для изменения пользователя");
        }
        if (!user.getUsername().equals(request.getUsername())) {
            throw new ForbiddenActionException("Изменение username запрещено");
        }
        if (request.getRole() != null && !request.getRole().equals(user.getRole())) {
            if (!isAdmin) {
                throw new ForbiddenActionException("Роль могут менять только пользователи с ролью ADMIN");
            }
        }
    }

    private void updateUserFields(AppUser user, RegisterRequest request, AppUserDetails userDetails) {
        if (request.getPassword() != null && !request.getPassword().isBlank()) {
            var violations = validator.validateProperty(request, "password");
            if (!violations.isEmpty()) {
                throw new ValidationException(violations.iterator().next().getMessage());
            }
            user.setPassword(passwordEncoder.encode(request.getPassword()));
        }
        boolean isAdmin = userDetails.getRole() == Role.ADMIN;
        boolean isOwner = user.getId().equals(userDetails.getId());
        if (request.getPhone() != null) {
            if (isOwner || isAdmin) {
                user.setPhone(request.getPhone());
            }
        }
        if (request.getEmail() != null) {
            if (isOwner || isAdmin) {
                user.setEmail(request.getEmail());
            }
        }
        if (request.getRole() != null && !request.getRole().equals(user.getRole())) {
            if (isAdmin) {
                if (user.getRole() != Role.ADMIN && request.getRole() == Role.ADMIN) {
                    checkAdminLimit();
                }
                user.setRole(request.getRole());
            }
        }
    }

    private void checkAdminLimit() {
        int adminCount = userRepository.countByRole(Role.ADMIN);
        if (adminCount >= MAX_ADMIN_COUNT) {
            throw new AdminLimitExceededException("В системе не может быть более " + MAX_ADMIN_COUNT + "-х админов");
        }
    }
}