From aef49f6faffbd93350f322db5fad339e2867656b Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期一, 18 九月 2023 17:08:10 +0800
Subject: [PATCH] [UPDATE] 解決弱點Cleartext sensitive data in a database

---
 pamapi/src/main/java/com/pollex/pam/web/rest/ConsultantResource.java |   88 ++++++++++++++++++++++++++++++++++++++------
 1 files changed, 76 insertions(+), 12 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/ConsultantResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/ConsultantResource.java
index 4b1193d..7c8bc6f 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/ConsultantResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/ConsultantResource.java
@@ -1,27 +1,44 @@
 package com.pollex.pam.web.rest;
 
-import com.pollex.pam.service.ConsultantService;
-import com.pollex.pam.service.dto.*;
+import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
+import com.pollex.pam.business.domain.Consultant;
+import com.pollex.pam.business.security.SecurityUtils;
+import com.pollex.pam.business.service.AppointmentService;
+import com.pollex.pam.business.service.ConsultantService;
+import com.pollex.pam.business.service.dto.*;
+import org.apache.commons.compress.utils.IOUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
+import java.io.IOException;
+import java.io.InputStream;
 import java.util.List;
+
+import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.EDIT_CONSULTANT_DATA;
 
 @RestController
 @RequestMapping("/api/consultant")
 public class ConsultantResource {
 
-    private final ConsultantService consultantService;
+    @Autowired
+    ConsultantService consultantService;
 
-    public ConsultantResource(ConsultantService consultantService) {
-        this.consultantService = consultantService;
-    }
+    @Autowired
+    AppointmentService appointmentService;
 
     @GetMapping("/favorite")
-    public ResponseEntity<List<ConsultantDTO>> getMyConsultantList() {
-        List<ConsultantDTO> myConsultants = consultantService.getMyConsultantList();
+    public ResponseEntity<List<CustomerFavoriteConsultantDTO>> getMyConsultantList() {
+        List<CustomerFavoriteConsultantDTO> myConsultants = consultantService.getMyConsultantList();
         return new ResponseEntity<>(myConsultants, HttpStatus.OK);
+    }
+
+    @PostMapping("/favorite/view")
+    public ResponseEntity<Void> recordMyConsultantListView() {
+        consultantService.recordMyConsultantListView();
+        return ResponseEntity.noContent().build();
     }
 
     @GetMapping("/recommend")
@@ -36,21 +53,68 @@
         return new ResponseEntity<>(HttpStatus.ACCEPTED);
     }
 
-    @GetMapping("/strictQuery")
+    @DeleteMapping("/favorite/{agentNo}")
+    public ResponseEntity<Void> removeConsultantFromCustomList(@PathVariable String agentNo) {
+        consultantService.removeConsultantFromCustomList(agentNo);
+        return new ResponseEntity<>(HttpStatus.OK);
+    }
+
+
+    @PostMapping("/strictQuery")
     public ResponseEntity<List<ConsultantDTO>> strictQueryConsultant(@RequestBody StrictQueryConsultantParam param) {
         List<ConsultantDTO> queryResult = consultantService.strictQueryConsultant(param);
         return new ResponseEntity<>(queryResult, HttpStatus.OK);
     }
 
-    @GetMapping("/fastQuery")
+    @PostMapping("/fastQuery")
     public ResponseEntity<List<ConsultantDTO>> fastQueryConsultant(@RequestBody FastQueryConsultantParam param) {
         List<ConsultantDTO> queryResult = consultantService.fastQueryConsultant(param);
         return new ResponseEntity<>(queryResult, HttpStatus.OK);
     }
 
-    @GetMapping("/{agentNo}")
-    public ResponseEntity<ConsultantDetailDTO> getConsultantDetail(@PathVariable String agentNo) {
+    @GetMapping("/detail")
+    public ResponseEntity<ConsultantDetailDTO> getConsultantDetail(@RequestParam("agentNo") String agentNo) {
         ConsultantDetailDTO result = consultantService.getConsultantDetail(agentNo);
         return new ResponseEntity<>(result, HttpStatus.OK);
     }
+
+    @GetMapping("/getMyAppointment")
+    public List<AppointmentCustomerViewDTO> getMyAppointment() {
+    	return consultantService.getMyAppointment();
+    }
+
+    @GetMapping(value = "/avatar/{agentNo}", produces = MediaType.IMAGE_JPEG_VALUE)
+    public ResponseEntity<byte[]> getAvatarImage(@PathVariable String agentNo) throws IOException {
+//        try {
+//            Resource resource = new ClassPathResource("static/consultant/" + fileName);
+//            InputStream in = resource.getInputStream();
+//            return new ResponseEntity<>(IOUtils.toByteArray(in), HttpStatus.OK);
+//        } catch (FileNotFoundException e) {
+//            return new ResponseEntity<>(HttpStatus.NOT_FOUND);
+//        }
+    	InputStream in = consultantService.getAvatarImage(agentNo);
+    	if(in!=null) {
+    		return new ResponseEntity<>(IOUtils.toByteArray(in), HttpStatus.OK);
+    	}else {
+    		return new ResponseEntity<>(HttpStatus.NOT_FOUND);
+    	}
+
+
+    }
+
+    @PostMapping("/record/allAppointmentsView")
+    public ResponseEntity<Void> recordAllAppointmentsView() {
+        consultantService.recordAllAppointmentsView();
+        return ResponseEntity.noContent().build();
+    }
+
+    @AuditLoggingInject(type = EDIT_CONSULTANT_DATA)
+    @PostMapping("/edit")
+    public ResponseEntity<Consultant> editConsultant(@RequestBody ConsultantEditDTO editDTO) {
+    	if(!editDTO.getAgentNo().equals(SecurityUtils.getAgentNo())) {
+    		throw new IllegalAccessError();
+    	}
+    	Consultant editResult = consultantService.editConsultant(editDTO);
+        return new ResponseEntity<>(editResult, HttpStatus.OK);
+    }
 }

--
Gitblit v1.8.0