From ddf3bb3a5ddc0e3745f05f95d20ed4b35e6ddbf5 Mon Sep 17 00:00:00 2001
From: Michael <mdietz@stud.hs-heilbronn.de>
Date: Thu, 28 Mar 2019 23:07:02 +0100
Subject: [PATCH] added a check whether a given user identified by his token is
 an admin or not, returns true if yes

---
 .../bugageocaching/controller/Controller.java   | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java b/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java
index 1418cc3..6d7e97f 100644
--- a/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java
+++ b/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java
@@ -10,6 +10,7 @@ import org.springframework.http.ResponseEntity;
 import org.springframework.security.crypto.bcrypt.BCrypt;
 import org.springframework.web.bind.annotation.*;
 
+import java.util.List;
 import java.util.Optional;
 import java.util.Random;
 import java.util.concurrent.atomic.AtomicLong;
@@ -148,7 +149,7 @@ public class Controller {
       Random r = new Random();
       int low = 100000;
       int high = 1000000;
-      int code = r.nextInt(high-low) + low;
+      int code = r.nextInt(high - low) + low;
       station.setCode(code);
 
       try {
@@ -180,4 +181,18 @@ public class Controller {
     }
   }
 
+  @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
+  @RequestMapping("/api/checkAdmin")
+  @ResponseBody
+  boolean checkAdmin(@RequestParam String token) {
+    User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
+    List<Role> roles = user.getRoles();
+    for (Role role : roles) {
+      if (role.getId() == 0) { // is admin
+        return true;
+      }
+    }
+    return false;
+  }
+
 }