modification in the order now all the search will be for bill and fix security problems with the order

Author: JEstebanC

src/main/java/JEstebanC/FastFoodApp/controller/OrdersController.java

@@ -1,7 +1,6 @@
 package JEstebanC.FastFoodApp.controller;
 
 import java.time.Instant;
-import java.util.Collection;
 import java.util.Map;
 
 import javax.validation.Valid;
@@ -11,17 +10,18 @@
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.DeleteMapping;
-import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import JEstebanC.FastFoodApp.model.Additional;
+import JEstebanC.FastFoodApp.dto.UserBillOrdersDTO;
+import JEstebanC.FastFoodApp.enumeration.StatusBill;
 import JEstebanC.FastFoodApp.model.Orders;
 import JEstebanC.FastFoodApp.model.Response;
+import JEstebanC.FastFoodApp.service.BillServiceImp;
 import JEstebanC.FastFoodApp.service.OrdersServiceImp;
 import lombok.RequiredArgsConstructor;
 
@@ -37,58 +37,62 @@ public class OrdersController {
 
 	@Autowired
 	private final OrdersServiceImp serviceImp;
+	@Autowired
+	private final BillServiceImp serviceBillImp;
 
 //	CREATE
 	@PostMapping()
 	public ResponseEntity<Response> saveOrder(@RequestBody @Valid Orders order) {
-		Collection<Additional> additionals = order.getAdditional();
-		for (Additional additional : additionals) {
-			if (additional.getIdAdditional()!=null && additional.getPrice()<=0) {
-				return ResponseEntity
-						.ok(Response.builder().timeStamp(Instant.now()).message("The order with id:" + order.getIdOrder() + " does not have the additional prices")
-								.status(HttpStatus.BAD_REQUEST).statusCode(HttpStatus.BAD_REQUEST.value()).build());
+		UserBillOrdersDTO userBillOrdersDTO = serviceBillImp.findByIdBill(order.getBill().getIdBill());
+		if (userBillOrdersDTO != null) {
+			if (userBillOrdersDTO.getBillUserDTO().getStatusBill() != StatusBill.PAID) {
+				return ResponseEntity.ok(Response.builder().timeStamp(Instant.now())
+						.data(Map.of("order", serviceImp.create(order))).message("Create order").status(HttpStatus.OK)
+						.statusCode(HttpStatus.OK.value()).build());
 			}
+		} else {
+			return ResponseEntity.ok(Response.builder().timeStamp(Instant.now())
+					.message("The bill " + order.getIdOrder() + " does not exist").status(HttpStatus.BAD_REQUEST)
+					.statusCode(HttpStatus.BAD_REQUEST.value()).build());
 		}
-		return ResponseEntity
-				.ok(Response.builder().timeStamp(Instant.now()).data(Map.of("order", serviceImp.create(order)))
-						.message("Create order").status(HttpStatus.OK).statusCode(HttpStatus.OK.value()).build());
-	}
-
-//  READ
-	@PreAuthorize("hasRole('ROLE_ADMIN') OR hasRole('ROLE_EMPLOYEE')")
-	@GetMapping(value = "/list")
-	public ResponseEntity<Response> getOrder() {
-		return ResponseEntity.ok(Response.builder().timeStamp(Instant.now()).data(Map.of("order", serviceImp.list()))
-				.message("List orders").status(HttpStatus.OK).statusCode(HttpStatus.OK.value()).build());
+		return ResponseEntity.ok(Response.builder().timeStamp(Instant.now())
+				.message("The order with id:" + order.getIdOrder() + " does not created because the bill already paid")
+				.status(HttpStatus.BAD_REQUEST).statusCode(HttpStatus.BAD_REQUEST.value()).build());
 	}
 
 //	UPDATE
 	@PreAuthorize("hasRole('ROLE_ADMIN') OR hasRole('ROLE_EMPLOYEE')")
 	@PutMapping(value = "/{id}")
 	public ResponseEntity<Response> updateOrder(@PathVariable("id") Long id, @RequestBody @Valid Orders order) {
-		if (serviceImp.exist(id)) {
-			Collection<Additional> additionals = order.getAdditional();
-			for (Additional additional : additionals) {
-				if (additional.getIdAdditional()!=null && additional.getPrice()<=0) {
-					return ResponseEntity
-							.ok(Response.builder().timeStamp(Instant.now()).message("The order with id:" +id + " does not have the additional prices")
+		UserBillOrdersDTO userBillOrdersDTO = serviceBillImp.findByIdBill(order.getBill().getIdBill());
+		if (userBillOrdersDTO != null) {
+			if (userBillOrdersDTO.getBillUserDTO().getStatusBill() != StatusBill.PAID) {
+				Orders orderRequest = serviceImp.findByIdOrder(id);
+				if (orderRequest != null) {
+					return ResponseEntity.ok(Response.builder().timeStamp(Instant.now())
+							.data(Map.of("order", serviceImp.update(id, order))).message("Updating order with id: "+id)
+							.status(HttpStatus.OK).statusCode(HttpStatus.OK.value()).build());
+				} else {
+					return ResponseEntity.ok(
+							Response.builder().timeStamp(Instant.now()).message("The order " + id + " does not exist")
 									.status(HttpStatus.BAD_REQUEST).statusCode(HttpStatus.BAD_REQUEST.value()).build());
 				}
 			}
-			return ResponseEntity
-					.ok(Response.builder().timeStamp(Instant.now()).data(Map.of("order", serviceImp.update(id,order)))
-							.message("Create order").status(HttpStatus.OK).statusCode(HttpStatus.OK.value()).build());
+		} else {
+			return ResponseEntity.ok(Response.builder().timeStamp(Instant.now())
+					.message("The bill " + order.getBill().getIdBill() + " does not exist")
+					.status(HttpStatus.BAD_REQUEST).statusCode(HttpStatus.BAD_REQUEST.value()).build());
 		}
-		return ResponseEntity
-				.ok(Response.builder().timeStamp(Instant.now()).message("The order with id:" + id + " does not exist")
-						.status(HttpStatus.BAD_REQUEST).statusCode(HttpStatus.BAD_REQUEST.value()).build());
-
+		return ResponseEntity.ok(Response.builder().timeStamp(Instant.now())
+				.message("The order with id:" + order.getIdOrder() + " does not created because the bill already paid")
+				.status(HttpStatus.BAD_REQUEST).statusCode(HttpStatus.BAD_REQUEST.value()).build());
 	}
 
 	@PreAuthorize("hasRole('ROLE_ADMIN') OR hasRole('ROLE_EMPLOYEE')")
 //	DELETE
 	@DeleteMapping(value = "/{id}")
 	public ResponseEntity<Response> deleteOrder(@PathVariable("id") Long id) {
+
 		if (serviceImp.exist(id)) {
 			return ResponseEntity.ok(Response.builder().timeStamp(Instant.now())
 					.data(Map.of("order", serviceImp.delete(id))).message("order bill with id: " + id)
@@ -99,13 +103,4 @@ public ResponseEntity<Response> deleteOrder(@PathVariable("id") Long id) {
 							.status(HttpStatus.BAD_REQUEST).statusCode(HttpStatus.BAD_REQUEST.value()).build());
 		}
 	}
-
-	@PreAuthorize("hasRole('ROLE_ADMIN') OR hasRole('ROLE_EMPLOYEE')")
-// 	SEARCH  ORDER BY ID CLIENT
-	@GetMapping(value = "/bill/{idBill}")
-	public ResponseEntity<Response> getOrderByIdClient(@PathVariable("idBill") Long idBill) {
-		return ResponseEntity
-				.ok(Response.builder().timeStamp(Instant.now()).data(Map.of("order", serviceImp.findByIdBill(idBill)))
-						.message("List orders").status(HttpStatus.OK).statusCode(HttpStatus.OK.value()).build());
-	}
 }

src/main/java/JEstebanC/FastFoodApp/dto/BillOrdersDTO.java

@@ -18,10 +18,12 @@
 @Data
 public class BillUserDTO {
 	private Long idBill;
-	private UserForBillDTO userForBill;
-	private PayMode payMode;
-
 	@DateTimeFormat(iso = DateTimeFormat.ISO.DATE, pattern = "yyyy-MM-dd'T'HH:mm:ss.SSSX")
 	private Date date;
+	private int noTable;
+	private int totalPrice;
 	private StatusBill statusBill;
+	private PayMode payMode;
+	private UserForBillDTO userForBill;
+	
 }

src/main/java/JEstebanC/FastFoodApp/dto/BillUserDTO.java

@@ -22,7 +22,6 @@ public class OrdersDTO {
 	private Long idOrder;
 	private StatusOrder statusOrder;
 	private int amount;
-	private int noTable;
 	private int total;
 
 //	Product

src/main/java/JEstebanC/FastFoodApp/dto/OrdersDTO.java

@@ -41,6 +41,9 @@ public class Bill {
 	@NotNull(message = "idPayMode cannot be empty or null")
 	@JoinColumn(name = "idPayMode")
 	private PayMode PayMode;
-
+	@NotNull(message = "noTable cannot be empty or null")
+	private int noTable;
+	@NotNull(message = "total price cannot be empty or null")
+	private int totalPrice;
 	private StatusBill statusBill;
 }

src/main/java/JEstebanC/FastFoodApp/model/Bill.java

@@ -49,7 +49,6 @@ public class Orders {
 
 	@NotNull(message = "amount cannot be empty or null")
 	private int amount;
-	private int noTable;
 	@NotNull(message = "total cannot be empty or null")
 	private int total;
 	private StatusOrder statusOrder;

src/main/java/JEstebanC/FastFoodApp/model/Orders.java

@@ -175,6 +175,8 @@ public Collection<UserBillOrdersDTO> findByNewIdUser(Long idUser, StatusBill sta
 	private BillUserDTO convertirBillToDTO(Bill bill) {
 		BillUserDTO billUser = new BillUserDTO();
 		billUser.setIdBill(bill.getIdBill());
+		billUser.setNoTable(bill.getNoTable());
+		billUser.setTotalPrice(bill.getTotalPrice());
 
 		UserForBillDTO userForBill = new UserForBillDTO();
 		userForBill.setIdUser(bill.getUser().getIdUser());
@@ -202,6 +204,8 @@ private UserBillOrdersDTO convertirBillOrderToDTO(Bill bill) {
 
 		BillUserDTO billUser = new BillUserDTO();
 		billUser.setIdBill(bill.getIdBill());
+		billUser.setNoTable(bill.getNoTable());
+		billUser.setTotalPrice(bill.getTotalPrice());
 
 		UserForBillDTO userForBill = new UserForBillDTO();
 		userForBill.setIdUser(bill.getUser().getIdUser());
@@ -228,31 +232,13 @@ private UserBillOrdersDTO convertirBillOrderToDTO(Bill bill) {
 		return billOrder;
 	}
 
-	private OrdersDTO convertirOrderToDTO(Orders orders) {
-
-		OrdersDTO billOrder = new OrdersDTO();
-		billOrder.setIdOrder(orders.getIdOrder());
-		billOrder.setStatusOrder(orders.getStatusOrder());
-		billOrder.setAmount(orders.getAmount());
-		billOrder.setNoTable(orders.getNoTable());
-		billOrder.setTotal(orders.getTotal());
-
-		Collection<Product> product = new ArrayList<Product>();
-		product.add(orders.getProduct());
-		billOrder.setProduct(product);
-
-		Collection<Additional> additional = new ArrayList<Additional>();
-		additional.addAll(orders.getAdditional());
-		billOrder.setAdditional(additional);
-
-		return billOrder;
-	}
-
 	private UserBillOrdersDTO convertirBillByOrderToDTO(Bill bill, int statusBill) {
 		UserBillOrdersDTO billOrder = new UserBillOrdersDTO();
 
 		BillUserDTO billUser = new BillUserDTO();
 		billUser.setIdBill(bill.getIdBill());
+		billUser.setNoTable(bill.getNoTable());
+		billUser.setTotalPrice(bill.getTotalPrice());
 
 		UserForBillDTO userForBill = new UserForBillDTO();
 		userForBill.setIdUser(bill.getUser().getIdUser());
@@ -278,5 +264,24 @@ private UserBillOrdersDTO convertirBillByOrderToDTO(Bill bill, int statusBill) {
 		billOrder.setOrdersDTO(orders);
 		return billOrder;
 	}
+	
+	private OrdersDTO convertirOrderToDTO(Orders orders) {
+
+		OrdersDTO billOrder = new OrdersDTO();
+		billOrder.setIdOrder(orders.getIdOrder());
+		billOrder.setStatusOrder(orders.getStatusOrder());
+		billOrder.setAmount(orders.getAmount());
+		billOrder.setTotal(orders.getTotal());
+
+		Collection<Product> product = new ArrayList<Product>();
+		product.add(orders.getProduct());
+		billOrder.setProduct(product);
+
+		Collection<Additional> additional = new ArrayList<Additional>();
+		additional.addAll(orders.getAdditional());
+		billOrder.setAdditional(additional);
+
+		return billOrder;
+	}
 
 }