Index: src/main/java/mk/ukim/finki/synergymed/repositories/ClientRepository.java =================================================================== --- src/main/java/mk/ukim/finki/synergymed/repositories/ClientRepository.java (revision 5e1075dd0cd3bb015a3344da440769c15949a606) +++ src/main/java/mk/ukim/finki/synergymed/repositories/ClientRepository.java (revision e944b43ee202f9e1bcca7f009fd725fea1c1c8da) @@ -20,6 +20,5 @@ Optional findByUsers(User user); - - + Optional findByUsersUsername(String username); } Index: src/main/java/mk/ukim/finki/synergymed/web/AllergyController.java =================================================================== --- src/main/java/mk/ukim/finki/synergymed/web/AllergyController.java (revision 5e1075dd0cd3bb015a3344da440769c15949a606) +++ src/main/java/mk/ukim/finki/synergymed/web/AllergyController.java (revision e944b43ee202f9e1bcca7f009fd725fea1c1c8da) @@ -6,6 +6,9 @@ import mk.ukim.finki.synergymed.models.User; import mk.ukim.finki.synergymed.repositories.MedicineRepository; +import mk.ukim.finki.synergymed.repositories.UserRepository; import mk.ukim.finki.synergymed.service.HealthProfileService; import org.springframework.format.annotation.DateTimeFormat; +import org.springframework.security.core.annotation.AuthenticationPrincipal; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; @@ -13,5 +16,4 @@ import org.springframework.web.servlet.mvc.support.RedirectAttributes; -import jakarta.servlet.http.HttpSession; import java.time.LocalDate; import java.util.List; @@ -25,16 +27,15 @@ private final HealthProfileService healthProfileService; private final MedicineRepository medicineRepository; + private final UserRepository userRepository; + + private User getCurrentUser(UserDetails ud) { + return userRepository.findByUsername(ud.getUsername()) + .orElseThrow(() -> new RuntimeException("User not found: " + ud.getUsername())); + } @GetMapping("/manage") - public String manageAllergies(HttpSession session, Model model) { - User user = (User) session.getAttribute("user"); - String username = (String) session.getAttribute("username"); + public String manageAllergies(@AuthenticationPrincipal UserDetails ud, Model model) { + User user = getCurrentUser(ud); - if (user == null || username == null) { - System.out.println("NO USER IN SESSION"); - return "redirect:/login"; - } - - // Check if user has a health profile Optional healthProfile = healthProfileService.getByClientId(user.getId()); if (healthProfile.isEmpty()) { @@ -43,9 +44,8 @@ } - // Get all available medicines for the dropdown List medicines = medicineRepository.findAll(); model.addAttribute("user", user); - model.addAttribute("username", username); + model.addAttribute("username", user.getUsername()); model.addAttribute("healthProfile", healthProfile.get()); model.addAttribute("medicines", medicines); @@ -55,16 +55,12 @@ @PostMapping("/add") - public String addAllergy(@RequestParam Integer medicineId, + public String addAllergy(@AuthenticationPrincipal UserDetails ud, + @RequestParam Integer medicineId, @RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd") LocalDate dateDiagnosed, @RequestParam String description, @RequestParam String severity, - HttpSession session, RedirectAttributes redirectAttributes) { - User user = (User) session.getAttribute("user"); - - if (user == null) { - return "redirect:/login"; - } + User user = getCurrentUser(ud); try { Index: src/main/java/mk/ukim/finki/synergymed/web/ClientOrderController.java =================================================================== --- src/main/java/mk/ukim/finki/synergymed/web/ClientOrderController.java (revision 5e1075dd0cd3bb015a3344da440769c15949a606) +++ src/main/java/mk/ukim/finki/synergymed/web/ClientOrderController.java (revision e944b43ee202f9e1bcca7f009fd725fea1c1c8da) @@ -1,9 +1,11 @@ package mk.ukim.finki.synergymed.web; -import jakarta.servlet.http.HttpSession; import lombok.RequiredArgsConstructor; import mk.ukim.finki.synergymed.models.Clientorder; import mk.ukim.finki.synergymed.models.User; +import mk.ukim.finki.synergymed.repositories.UserRepository; import mk.ukim.finki.synergymed.service.ClientOrderService; +import org.springframework.security.core.annotation.AuthenticationPrincipal; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; @@ -17,9 +19,14 @@ private final ClientOrderService orderService; + private final UserRepository userRepository; + + private User getCurrentUser(UserDetails ud) { + return userRepository.findByUsername(ud.getUsername()) + .orElseThrow(() -> new RuntimeException("User not found: " + ud.getUsername())); + } @GetMapping("/orders") - public String myOrders(HttpSession session, Model model) { - User user = (User) session.getAttribute("user"); - if (user == null) return "redirect:/login"; + public String myOrders(@AuthenticationPrincipal UserDetails ud, Model model) { + User user = getCurrentUser(ud); List orders = orderService.findAllForClient(user.getId()); model.addAttribute("orders", orders); @@ -29,8 +36,7 @@ @GetMapping("/orders/{orderId}") public String myOrderDetail(@PathVariable Integer orderId, - HttpSession session, + @AuthenticationPrincipal UserDetails ud, Model model) { - User user = (User) session.getAttribute("user"); - if (user == null) return "redirect:/login"; + User user = getCurrentUser(ud); Clientorder order = orderService.findByIdForClient(orderId, user.getId()).orElseThrow(); model.addAttribute("order", order); Index: src/main/java/mk/ukim/finki/synergymed/web/HealthProfileController.java =================================================================== --- src/main/java/mk/ukim/finki/synergymed/web/HealthProfileController.java (revision 5e1075dd0cd3bb015a3344da440769c15949a606) +++ src/main/java/mk/ukim/finki/synergymed/web/HealthProfileController.java (revision e944b43ee202f9e1bcca7f009fd725fea1c1c8da) @@ -4,6 +4,9 @@ import mk.ukim.finki.synergymed.models.Client; import mk.ukim.finki.synergymed.models.User; +import mk.ukim.finki.synergymed.repositories.UserRepository; import mk.ukim.finki.synergymed.service.ClientService; import mk.ukim.finki.synergymed.service.HealthProfileService; +import org.springframework.security.core.annotation.AuthenticationPrincipal; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; @@ -11,5 +14,4 @@ import org.springframework.web.servlet.mvc.support.RedirectAttributes; -import jakarta.servlet.http.HttpSession; import java.util.List; @@ -21,21 +23,20 @@ private final HealthProfileService healthProfileService; private final ClientService clientService; + private final UserRepository userRepository; - // TODO: 28.8.2025 Only admins can access this + private User getCurrentUser(UserDetails ud) { + return userRepository.findByUsername(ud.getUsername()) + .orElseThrow(() -> new RuntimeException("User not found: " + ud.getUsername())); + } + @GetMapping("/create") public String getCreateHealthProfilePage( @RequestParam(required = false) String searchTerm, - HttpSession session, + @AuthenticationPrincipal UserDetails ud, Model model) { - User user = (User) session.getAttribute("user"); - - if (user == null) { - return "redirect:/login"; - } - + User user = getCurrentUser(ud); model.addAttribute("user", user); - // Get clients without health profiles List clientsWithoutHealthProfile; @@ -58,14 +59,8 @@ @RequestParam Integer clientId, @RequestParam String bloodType, - HttpSession session, + @AuthenticationPrincipal UserDetails ud, RedirectAttributes redirectAttributes) { - User user = (User) session.getAttribute("user"); - - if (user == null) { - return "redirect:/login"; - } - - // TODO: Add admin role check here + User user = getCurrentUser(ud); try { @@ -78,6 +73,5 @@ return "redirect:/admin/health-profile/create"; - } - catch (Exception e) { + } catch (Exception e) { redirectAttributes.addFlashAttribute("error", "Failed to create health profile: " + e.getMessage()); return "redirect:/admin/health-profile/create"; Index: src/main/java/mk/ukim/finki/synergymed/web/PaymentController.java =================================================================== --- src/main/java/mk/ukim/finki/synergymed/web/PaymentController.java (revision 5e1075dd0cd3bb015a3344da440769c15949a606) +++ src/main/java/mk/ukim/finki/synergymed/web/PaymentController.java (revision e944b43ee202f9e1bcca7f009fd725fea1c1c8da) @@ -1,5 +1,4 @@ package mk.ukim.finki.synergymed.web; -import jakarta.servlet.http.HttpSession; import lombok.RequiredArgsConstructor; import mk.ukim.finki.synergymed.models.Client; @@ -7,4 +6,5 @@ import mk.ukim.finki.synergymed.models.Shoppingcart; import mk.ukim.finki.synergymed.models.User; +import mk.ukim.finki.synergymed.repositories.UserRepository; import mk.ukim.finki.synergymed.service.ClientService; import mk.ukim.finki.synergymed.service.DeliveryCompanyService; @@ -12,4 +12,6 @@ import mk.ukim.finki.synergymed.service.PaymentService; import mk.ukim.finki.synergymed.service.ShoppingCartService; +import org.springframework.security.core.annotation.AuthenticationPrincipal; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; @@ -29,13 +31,19 @@ private final DeliveryCompanyService deliveryCompanyService; private final ClientService clientService; + private final UserRepository userRepository; + + private User getCurrentUser(UserDetails ud) { + return userRepository.findByUsername(ud.getUsername()) + .orElseThrow(() -> new RuntimeException("User not found: " + ud.getUsername())); + } @GetMapping - public String getPaymentPage(Model model, HttpSession session) { + public String getPaymentPage(@AuthenticationPrincipal UserDetails ud, Model model) { + User user = getCurrentUser(ud); + Client client = clientService.findClientById(user.getId()); + Shoppingcart cart = shoppingCartService.getOrCreateCart(client); model.addAttribute("methods", paymentMethodService.findAll()); model.addAttribute("deliveryCompanies", deliveryCompanyService.findAll()); - Client client = getClientFromSession(session); - Shoppingcart cart = shoppingCartService.getOrCreateCart(client); - model.addAttribute("total", shoppingCartService.getTotal(cart)); @@ -43,12 +51,11 @@ } - - @PostMapping - public String processPayment(@RequestParam Integer paymentMethodId, + public String processPayment(@AuthenticationPrincipal UserDetails ud, + @RequestParam Integer paymentMethodId, @RequestParam Integer deliveryCompanyId, - HttpSession session, Model model) { - Client client = getClientFromSession(session); + User user = getCurrentUser(ud); + Client client = clientService.findClientById(user.getId()); Shoppingcart cart = shoppingCartService.getOrCreateCart(client); @@ -59,14 +66,3 @@ return "payment-success"; } - - private Client getClientFromSession(HttpSession session) { - User user = (User) session.getAttribute("user"); - String username = (String) session.getAttribute("username"); - - if (user == null || username == null) { - throw new IllegalStateException("No user in session. Please login first."); - } - - return clientService.findClientById(user.getId()); - } } Index: src/main/java/mk/ukim/finki/synergymed/web/ProfileController.java =================================================================== --- src/main/java/mk/ukim/finki/synergymed/web/ProfileController.java (revision 5e1075dd0cd3bb015a3344da440769c15949a606) +++ src/main/java/mk/ukim/finki/synergymed/web/ProfileController.java (revision e944b43ee202f9e1bcca7f009fd725fea1c1c8da) @@ -7,6 +7,5 @@ import mk.ukim.finki.synergymed.repositories.UserRepository; import mk.ukim.finki.synergymed.service.*; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Controller; @@ -29,22 +28,12 @@ private final ClientService clientService; - private User getCurrentUser() { - Authentication auth = SecurityContextHolder.getContext().getAuthentication(); - Object principal = auth.getPrincipal(); - String username; - - if (principal instanceof UserDetails ud) { - username = ud.getUsername(); - } else { - username = principal.toString(); - } - - return userRepository.findByUsername(username) - .orElseThrow(() -> new RuntimeException("User not found: " + username)); + private User getCurrentUser(UserDetails ud) { + return userRepository.findByUsername(ud.getUsername()) + .orElseThrow(() -> new RuntimeException("User not found: " + ud.getUsername())); } @GetMapping - public String getProfilePage(Model model) { - User user = getCurrentUser(); + public String getProfilePage(@AuthenticationPrincipal UserDetails ud, Model model) { + User user = getCurrentUser(ud); model.addAttribute("user", user); model.addAttribute("username", user.getUsername()); @@ -57,4 +46,5 @@ model.addAttribute("hasHealthProfile", false); } + model.addAttribute("activeTab", "profile"); return "profile"; @@ -62,6 +52,6 @@ @GetMapping("/contacts") - public String profileContacts(Model model) { - User user = getCurrentUser(); + public String profileContacts(@AuthenticationPrincipal UserDetails ud, Model model) { + User user = getCurrentUser(ud); List list = contactInformationService.listForUser(user.getId()); Contactinformation contact = list.isEmpty() ? null : list.get(0); @@ -72,17 +62,14 @@ @GetMapping("/contacts/new") - public String newProfileContact(Model model) { - getCurrentUser(); // just to ensure authenticated - model.addAttribute("context", "profile"); - model.addAttribute("postUrl", "/profile/contacts/save"); - model.addAttribute("backUrl", "/profile/contacts"); + public String newProfileContact() { return "contact-form"; } @PostMapping("/contacts/save") - public String saveProfileContact(@RequestParam(required = false) Integer id, + public String saveProfileContact(@AuthenticationPrincipal UserDetails ud, + @RequestParam(required = false) Integer id, @RequestParam(required = false) String phone, @RequestParam(required = false) String address) { - User user = getCurrentUser(); + User user = getCurrentUser(ud); if (id == null) { contactInformationService.createForUser(user.getId(), phone, address); @@ -94,6 +81,7 @@ @PostMapping("/contacts/delete") - public String deleteProfileContact(@RequestParam Integer id) { - User user = getCurrentUser(); + public String deleteProfileContact(@AuthenticationPrincipal UserDetails ud, + @RequestParam Integer id) { + User user = getCurrentUser(ud); contactInformationService.deleteForUser(id, user.getId()); return "redirect:/profile/contacts"; @@ -105,6 +93,6 @@ @GetMapping("/prescriptions") - public String prescriptions(Model model) { - User user = getCurrentUser(); + public String prescriptions(@AuthenticationPrincipal UserDetails ud, Model model) { + User user = getCurrentUser(ud); Integer clientId = user.getId(); Index: src/main/java/mk/ukim/finki/synergymed/web/SensitiveClientDataController.java =================================================================== --- src/main/java/mk/ukim/finki/synergymed/web/SensitiveClientDataController.java (revision 5e1075dd0cd3bb015a3344da440769c15949a606) +++ src/main/java/mk/ukim/finki/synergymed/web/SensitiveClientDataController.java (revision e944b43ee202f9e1bcca7f009fd725fea1c1c8da) @@ -1,8 +1,10 @@ package mk.ukim.finki.synergymed.web; -import jakarta.servlet.http.HttpSession; import lombok.RequiredArgsConstructor; import mk.ukim.finki.synergymed.models.User; +import mk.ukim.finki.synergymed.repositories.UserRepository; import mk.ukim.finki.synergymed.service.SensitiveClientDataService; +import org.springframework.security.core.annotation.AuthenticationPrincipal; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; @@ -17,9 +19,15 @@ private final SensitiveClientDataService sensitiveService; + private final UserRepository userRepository; + + private User getCurrentUser(UserDetails ud) { + return userRepository.findByUsername(ud.getUsername()) + .orElseThrow(() -> new RuntimeException("User not found: " + ud.getUsername())); + } @GetMapping("/apply") - public String applyForm(HttpSession session, Model model) { - User user = (User) session.getAttribute("user"); - if (user == null) return "redirect:/login"; // require login [18]. + public String applyForm(@AuthenticationPrincipal UserDetails ud, Model model) { + User user = getCurrentUser(ud); + model.addAttribute("user", user); model.addAttribute("activeTab", "prescriptions"); return "verification-apply"; @@ -29,10 +37,9 @@ public String submitApplication(@RequestParam String embg, @RequestParam("portrait") MultipartFile portrait, - HttpSession session, + @AuthenticationPrincipal UserDetails ud, RedirectAttributes ra) { - User user = (User) session.getAttribute("user"); - if (user == null) return "redirect:/login"; + User user = getCurrentUser(ud); try { - sensitiveService.applyOrUpdate(user.getId(), embg, portrait); // single-row upsert [13]. + sensitiveService.applyOrUpdate(user.getId(), embg, portrait); ra.addFlashAttribute("message", "Application submitted. Verification is now pending."); } catch (Exception e) { Index: src/main/java/mk/ukim/finki/synergymed/web/ShoppingCartController.java =================================================================== --- src/main/java/mk/ukim/finki/synergymed/web/ShoppingCartController.java (revision 5e1075dd0cd3bb015a3344da440769c15949a606) +++ src/main/java/mk/ukim/finki/synergymed/web/ShoppingCartController.java (revision e944b43ee202f9e1bcca7f009fd725fea1c1c8da) @@ -1,5 +1,4 @@ package mk.ukim.finki.synergymed.web; -import jakarta.servlet.http.HttpSession; import lombok.RequiredArgsConstructor; import mk.ukim.finki.synergymed.models.Brandedmedicine; @@ -11,4 +10,6 @@ import mk.ukim.finki.synergymed.service.BrandedMedicineService; import mk.ukim.finki.synergymed.service.ShoppingCartService; +import org.springframework.security.core.annotation.AuthenticationPrincipal; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; @@ -25,9 +26,26 @@ private final ShoppingcartRepository shoppingcartRepository; + private Client getClient(UserDetails ud) { + User user = clientRepository.findByUsersUsername(ud.getUsername()) + .map(Client::getUsers) + .orElseThrow(() -> new IllegalStateException("Client not found for user " + ud.getUsername())); + return clientRepository.findByUsers(user) + .orElseThrow(() -> new IllegalStateException("Client not found for user " + ud.getUsername())); + } + + private Shoppingcart getOrCreateCart(Client client) { + return shoppingcartRepository.findByClient(client) + .orElseGet(() -> { + Shoppingcart cart = new Shoppingcart(); + cart.setClient(client); + return shoppingcartRepository.save(cart); + }); + } + @PostMapping("/add/{medicineId}") public String addToCart(@PathVariable Integer medicineId, @RequestParam(defaultValue = "1") int quantity, - HttpSession session) { - Client client = getClientFromSession(session); + @AuthenticationPrincipal UserDetails ud) { + Client client = getClient(ud); Shoppingcart cart = getOrCreateCart(client); @@ -40,6 +58,7 @@ @PostMapping("/plus/{medicineId}") - public String increaseQuantity(@PathVariable Integer medicineId, HttpSession session) { - Client client = getClientFromSession(session); + public String increaseQuantity(@PathVariable Integer medicineId, + @AuthenticationPrincipal UserDetails ud) { + Client client = getClient(ud); Shoppingcart cart = getOrCreateCart(client); @@ -52,6 +71,7 @@ @PostMapping("/minus/{medicineId}") - public String decreaseQuantity(@PathVariable Integer medicineId, HttpSession session) { - Client client = getClientFromSession(session); + public String decreaseQuantity(@PathVariable Integer medicineId, + @AuthenticationPrincipal UserDetails ud) { + Client client = getClient(ud); Shoppingcart cart = getOrCreateCart(client); @@ -64,6 +84,7 @@ @PostMapping("/remove/{medicineId}") - public String removeFromCart(@PathVariable Integer medicineId, HttpSession session) { - Client client = getClientFromSession(session); + public String removeFromCart(@PathVariable Integer medicineId, + @AuthenticationPrincipal UserDetails ud) { + Client client = getClient(ud); Shoppingcart cart = getOrCreateCart(client); @@ -76,37 +97,15 @@ @GetMapping - public String showCart(Model model, HttpSession session) { - Client client = getClientFromSession(session); + public String showCart(Model model, + @AuthenticationPrincipal UserDetails ud) { + Client client = getClient(ud); Shoppingcart cart = getOrCreateCart(client); model.addAttribute("items", shoppingCartService.getMedicinesInCart(cart)); model.addAttribute("total", shoppingCartService.getTotal(cart)); - model.addAttribute("username", session.getAttribute("username")); - - // TODO: 30.8.2025 FIX AFTER GETTING IMAGES IN DB + model.addAttribute("username", ud.getUsername()); model.addAttribute("firstImageById", null); return "cart"; } - - private Client getClientFromSession(HttpSession session) { - User user = (User) session.getAttribute("user"); - String username = (String) session.getAttribute("username"); - - if (user == null || username == null) { - throw new IllegalStateException("No user in session. Please login first."); - } - - return clientRepository.findByUsers(user) - .orElseThrow(() -> new IllegalStateException("Client not found for user " + username)); - } - - private Shoppingcart getOrCreateCart(Client client) { - return shoppingcartRepository.findByClient(client) - .orElseGet(() -> { - Shoppingcart cart = new Shoppingcart(); - cart.setClient(client); - return shoppingcartRepository.save(cart); - }); - } }