Prod deploy 18 listopada

src/main/java/com/sasiedzi/event/domain/Event.java

@@ -44,7 +44,7 @@ public class Event implements Serializable {
     private String comment;
 
     @OneToMany(fetch = FetchType.EAGER, mappedBy = "event")
-    @JsonIgnoreProperties(value = { "user", "event", "transactionItems" }, allowSetters = true)
+    @JsonIgnoreProperties(value = { "event", "transactionItems" }, allowSetters = true)
     private Set<Registration> registrations = new HashSet<>();
 
     @OneToMany(fetch = FetchType.LAZY, mappedBy = "event")

src/main/java/com/sasiedzi/event/web/rest/RegistrationResource.java

@@ -1,5 +1,6 @@
 package com.sasiedzi.event.web.rest;
 
+import com.sasiedzi.event.domain.CurrentUserHolder;
 import com.sasiedzi.event.domain.Registration;
 import com.sasiedzi.event.domain.User;
 import com.sasiedzi.event.repository.RegistrationRepository;
@@ -20,6 +21,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
@@ -54,6 +56,11 @@ public class RegistrationResource {
         this.userRepository = userRepository;
     }
 
+    private static Long currentEventId = 1751L;
+
+    @Autowired
+    CurrentUserHolder currentUser;
+
     /**
      * {@code POST  /registrations} : Create a new registration.
      *
@@ -64,6 +71,11 @@ public class RegistrationResource {
     @PostMapping("")
     public ResponseEntity<Registration> createRegistration(@Valid @RequestBody Registration registration, Principal principal)
         throws URISyntaxException {
+        if (
+            !currentUser.getAdminUser().getAuthorities().contains("ROLE_ADMIN") && !registration.getEvent().getId().equals(currentEventId)
+        ) {
+            throw new AccessDeniedException("Registration is closed for this event");
+        }
         LOG.debug("REST request to save Registration : {}", registration);
         AdminUserDTO userFromAuthentication;
         if (principal instanceof AbstractAuthenticationToken) {
@@ -97,6 +109,11 @@ public class RegistrationResource {
         @PathVariable(value = "id", required = false) final Long id,
         @Valid @RequestBody Registration registration
     ) throws URISyntaxException {
+        if (
+            !currentUser.getAdminUser().getAuthorities().contains("ROLE_ADMIN") && !registration.getEvent().getId().equals(currentEventId)
+        ) {
+            throw new AccessDeniedException("Registration is closed for this event");
+        }
         LOG.debug("REST request to update Registration : {}, {}", id, registration);
         if (registration.getId() == null) {
             throw new BadRequestAlertException("Invalid id", ENTITY_NAME, "idnull");
@@ -131,6 +148,11 @@ public class RegistrationResource {
         @PathVariable(value = "id", required = false) final Long id,
         @NotNull @RequestBody Registration registration
     ) throws URISyntaxException {
+        if (
+            !currentUser.getAdminUser().getAuthorities().contains("ROLE_ADMIN") && !registration.getEvent().getId().equals(currentEventId)
+        ) {
+            throw new AccessDeniedException("Registration is closed for this event");
+        }
         LOG.debug("REST request to partial update Registration partially : {}, {}", id, registration);
         if (registration.getId() == null) {
             throw new BadRequestAlertException("Invalid id", ENTITY_NAME, "idnull");
@@ -208,6 +230,12 @@ public class RegistrationResource {
      */
     @DeleteMapping("/{id}")
     public ResponseEntity<Void> deleteRegistration(@PathVariable("id") Long id) {
+        Registration registration = registrationRepository.findById(id).get();
+        if (
+            !currentUser.getAdminUser().getAuthorities().contains("ROLE_ADMIN") && !registration.getEvent().getId().equals(currentEventId)
+        ) {
+            throw new AccessDeniedException("Registration is closed for this event");
+        }
         LOG.debug("REST request to delete Registration : {}", id);
         registrationRepository.deleteById(id);
         return ResponseEntity.noContent()