From 74e563da7fa6886449fd2be5933e2d4ca5c85f48 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期二, 12 九月 2023 11:25:52 +0800
Subject: [PATCH] [UPDATE] 解決弱點Se: Incorrect definition of Serializable class [UPDATE] 解決弱點Information exposure to log file [UPDATE] 解決弱點Use of hard-coded password

---
 pamapi/src/main/java/com/pollex/pam/web/rest/AppointmentResource.java |   97 ++++++++++++++++++++++++++++++++++++++++++------
 1 files changed, 85 insertions(+), 12 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/AppointmentResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/AppointmentResource.java
index 27957f3..e646ebc 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/AppointmentResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/AppointmentResource.java
@@ -1,14 +1,30 @@
 package com.pollex.pam.web.rest;
 
-import com.pollex.pam.service.dto.AppointmentDTO;
+import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
+import com.pollex.pam.business.aop.logging.audit.AuditLoggingType;
+import com.pollex.pam.business.appointment.process.AppointmentProcess;
+import com.pollex.pam.business.domain.Appointment;
+import com.pollex.pam.business.enums.AppointmentStatusEnum;
+import com.pollex.pam.business.security.SecurityUtils;
+import com.pollex.pam.business.service.SendMsgService;
+
+import com.pollex.pam.business.service.dto.*;
+import com.pollex.pam.business.service.mapper.AppointmentMapper;
+import com.pollex.pam.business.web.errors.CreateFailBecauseOfCancelAppointmentRecentException;
+import com.pollex.pam.business.web.errors.CreateFailHaveProcessingAppointmentException;
+
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
-import com.pollex.pam.service.AppointmentService;
-import com.pollex.pam.service.SatisfactionService;
-import com.pollex.pam.service.dto.AppointmentCreateDTO;
-import com.pollex.pam.service.dto.AppointmentCustomerViewDTO;
+import com.pollex.pam.business.service.AppointmentService;
+import com.pollex.pam.business.service.PersonalNotificationService;
+import com.pollex.pam.business.service.SatisfactionService;
+
+import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.*;
+
+import java.util.List;
 
 @RestController
 @RequestMapping("/api/appointment")
@@ -17,39 +33,96 @@
 	@Autowired
 	AppointmentService appointmentService;
 
+    @Autowired
+    AppointmentMapper appointmentMapper;
+
 	@Autowired
 	SatisfactionService satisfactionService;
 
+    @Autowired
+    SendMsgService sendMsgService;
+
+    @Autowired
+    AppointmentProcess abstractAppointmentProcess;
+
+    @Autowired
+    PersonalNotificationService personalNotificationService;
+
+    @AuditLoggingInject(type = CUSTOMER_EDIT_APPOINTMENT)
     @PutMapping("")
-    public ResponseEntity<Void> updateAppointment(@RequestBody AppointmentDTO appointment) {
-        appointmentService.updateAppointment(appointment);
+    public ResponseEntity<Void> updateAppointment(@RequestBody AppointmentUpdateDTO dto) {
+    	Appointment appointment = appointmentService.updateAppointment(dto);
+        personalNotificationService.createUpdateAppointmentToConsultant(appointment);
         return ResponseEntity.noContent().build();
     }
 
+    @AuditLoggingInject(type = AuditLoggingType.CUSTOMER_CANCEL_APPOINTMENT)
     @DeleteMapping("/{appointmentId}")
     public ResponseEntity<Void> markAppointmentDeleted(@PathVariable Long appointmentId) {
         appointmentService.markAppointmentDeleted(appointmentId);
         return ResponseEntity.noContent().build();
     }
 
+    @AuditLoggingInject(type = AuditLoggingType.CUSTOMER_CREATE_APPOINTMENT)
 	@PostMapping("/customer/create")
-	public void clientCreateAppointment(@RequestBody AppointmentCreateDTO appointmentCreateDTO) {
-		appointmentService.customerCreateAppointment(appointmentCreateDTO);
-	}
+	public AppointmentDTO clientCreateAppointment(@RequestBody AppointmentCreateDTO appointmentCreateDTO) {
+        List<Appointment> processing = appointmentService.findProcessingAppointmentByCustomer(SecurityUtils.getCustomerDBId());
+        List<Appointment> cancelAppointmentment = appointmentService.findCustomer3DayCancelAppointment();
+        if(!processing.isEmpty()) {
+        	throw new CreateFailHaveProcessingAppointmentException();
+    	}else if(!cancelAppointmentment.isEmpty()) {
+    		throw new CreateFailBecauseOfCancelAppointmentRecentException();
+    	}
+        
+        Appointment appointment = appointmentService.customerCreateAppointment(appointmentCreateDTO);
+        satisfactionService.createUnfilledSystemSatisfaction(appointment);
+
+        return appointmentMapper.toAppointmentDTO(appointment);
+    }
 
 	@PostMapping("/markAsContacted/{appointmentId}")
-	public void markAsContacted(@PathVariable Long appointmentId) {
+	public AppointmentCustomerViewDTO markAsContacted(@PathVariable Long appointmentId) {
 		appointmentService.markAsContacted(appointmentId);
-	}
+	    return appointmentService.getAppointmentDetail(appointmentId);
+    }
 
+    @AuditLoggingInject(type = CHECK_APPOINTMENT)
 	@GetMapping("/getDetail/{appointmentId}")
 	public AppointmentCustomerViewDTO getAppointmentDetail(@PathVariable Long appointmentId) {
 		return appointmentService.getAppointmentDetail(appointmentId);
 	}
 
+    @AuditLoggingInject(type = CONSULTANT_READ_APPOINTMENT)
 	@PostMapping("/recordRead/{appointmentId}")
     public ResponseEntity<Void> recordConsultantReadAppointment(@PathVariable Long appointmentId) {
         appointmentService.recordConsultantReadTime(appointmentId);
         return ResponseEntity.noContent().build();
     }
+
+    @AuditLoggingInject(type = APPOINTMENT_CLOSE)
+	@PostMapping("/close")
+    public ResponseEntity<Void> closeAppointment(@RequestBody AppointmentCloseDTO closeDTO) {
+		appointmentService.closeAppointment(closeDTO);
+        return ResponseEntity.noContent().build();
+    }
+
+    @GetMapping("/customer/expiring/newest")
+    public ResponseEntity<AppointmentCustomerViewDTO> getNewestExpiringAppointment() {
+        Long customerId = SecurityUtils.getCustomerDBId();
+        AppointmentCustomerViewDTO customerNewestExpiringAppointment = appointmentService.getCustomerNewestExpiringAppointment(customerId);
+
+        return new ResponseEntity<>(customerNewestExpiringAppointment, HttpStatus.OK);
+    }
+
+    @GetMapping("/consultant/pending/sum")
+    public ResponseEntity<Long> getConsultantPendingAppointmentSum() {
+        String agentNo = SecurityUtils.getAgentNo();
+        return new ResponseEntity<>(appointmentService.getConsultantPendingAppointmentSum(agentNo), HttpStatus.OK);
+    }
+    
+    @GetMapping("/customer/get_all_group_by_consultant")
+    public List<CustomerFavoriteConsultantDTO> getCustomerAllAppointmentGroupByConsultant() {
+        return appointmentService.getCustomerAllAppointmentGroupByConsultant();
+    }
+
 }

--
Gitblit v1.8.0