Index: src/main/java/mk/ukim/finki/easyfood/config/SecurityConfig.java =================================================================== --- src/main/java/mk/ukim/finki/easyfood/config/SecurityConfig.java (revision 4325a1ba1647554f46270d33e7ef1feb9474909a) +++ src/main/java/mk/ukim/finki/easyfood/config/SecurityConfig.java (revision 96b38c5d7509c30b504003723bce11d064e24909) @@ -41,6 +41,6 @@ .authenticationProvider(authenticationProvider()) .authorizeHttpRequests(authz -> authz - .requestMatchers(HttpMethod.POST, "/DeliveryMan/accept/**", "/DeliveryMan/deliver/**").permitAll() - .requestMatchers("/login", "/register", "/css/**","/DeliveryMan/**", "/js/**", "/images/**", "/error", "/home", "/").permitAll() + .requestMatchers("/login", "/register", "/css/**", "/js/**", "/images/**", "/error", "/home", "/").permitAll() + .requestMatchers("/DeliveryMan/accept/**", "/DeliveryMan/deliver/**","/DeliveryMan/**").hasRole("DELIVERY_MAN") .requestMatchers("/admin/register").permitAll() .requestMatchers("/admin/**").hasRole("ADMIN") @@ -52,7 +52,8 @@ .usernameParameter("email") .passwordParameter("password") - .defaultSuccessUrl("/home", true) + .defaultSuccessUrl("/post-login", true) // Change this line .failureUrl("/login?error=true") .permitAll() + ) .logout(logout -> logout @@ -60,4 +61,5 @@ .invalidateHttpSession(true) .deleteCookies("JSESSIONID") + .permitAll() ) Index: src/main/java/mk/ukim/finki/easyfood/service/UserService.java =================================================================== --- src/main/java/mk/ukim/finki/easyfood/service/UserService.java (revision 4325a1ba1647554f46270d33e7ef1feb9474909a) +++ src/main/java/mk/ukim/finki/easyfood/service/UserService.java (revision 96b38c5d7509c30b504003723bce11d064e24909) @@ -15,4 +15,6 @@ Optional findByEmail(String email); + Optional findByEmailDM(String email); + public Customer save(Customer customer); Index: src/main/java/mk/ukim/finki/easyfood/service/impl/UserServiceImpl.java =================================================================== --- src/main/java/mk/ukim/finki/easyfood/service/impl/UserServiceImpl.java (revision 4325a1ba1647554f46270d33e7ef1feb9474909a) +++ src/main/java/mk/ukim/finki/easyfood/service/impl/UserServiceImpl.java (revision 96b38c5d7509c30b504003723bce11d064e24909) @@ -102,4 +102,9 @@ @Override + public Optional findByEmailDM(String email) { + return deliveryManRepository.findByEmail(email); + } + + @Override public Customer save(Customer customer) { return userRepository.save(customer); Index: src/main/java/mk/ukim/finki/easyfood/web/controller/DeliveryManController.java =================================================================== --- src/main/java/mk/ukim/finki/easyfood/web/controller/DeliveryManController.java (revision 4325a1ba1647554f46270d33e7ef1feb9474909a) +++ src/main/java/mk/ukim/finki/easyfood/web/controller/DeliveryManController.java (revision 96b38c5d7509c30b504003723bce11d064e24909) @@ -1,7 +1,11 @@ package mk.ukim.finki.easyfood.web.controller; +import mk.ukim.finki.easyfood.model.AppUser; import mk.ukim.finki.easyfood.model.Order; import mk.ukim.finki.easyfood.model.enumerations.ORDER_STATUS; import mk.ukim.finki.easyfood.service.OrderService; +import mk.ukim.finki.easyfood.service.UserService; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; @@ -15,11 +19,23 @@ public class DeliveryManController { private final OrderService orderService; + private final UserService userService; // Inject the user service - public DeliveryManController(OrderService orderService) { + public DeliveryManController(OrderService orderService, UserService userService) { this.orderService = orderService; + this.userService = userService; } @GetMapping("/{id}") - public String deliveryManShow(@PathVariable Long id, Model model) { + public String deliveryManShow(@PathVariable Long id, Model model, Authentication authentication) { + UserDetails userDetails = (UserDetails) authentication.getPrincipal(); + AppUser loggedInUser = userService.findByEmailDM(userDetails.getUsername()) + .orElseThrow(() -> new IllegalArgumentException("User not found")); + + // CRUCIAL SECURITY CHECK: Make sure the URL ID matches the logged-in user's ID + if (!id.equals(loggedInUser.getId())) { + // Redirect to their own page if they try to access another user's page + return "redirect:/DeliveryMan/" + loggedInUser.getId(); + } + model.addAttribute("pendingOrders", orderService.listOrdersByDeliveryManAndOrderStatus(id, "PENDING")); model.addAttribute("processingOrders", orderService.listOrdersByDeliveryManAndOrderStatus(id, "OUT_FOR_DELIVERY")); @@ -31,5 +47,4 @@ orderService.updateOrderStatus(orderId, ORDER_STATUS.OUT_FOR_DELIVERY); - // Retrieve the updated order using orElseThrow() to get the Order object Order updatedOrder = orderService.findById(orderId) .orElseThrow(() -> new IllegalArgumentException("Order not found with ID: " + orderId)); @@ -44,5 +59,4 @@ orderService.updateOrderStatus(orderId, ORDER_STATUS.DELIVERED); - // Retrieve the updated order using orElseThrow() to get the Order object Order updatedOrder = orderService.findById(orderId) .orElseThrow(() -> new IllegalArgumentException("Order not found with ID: " + orderId)); Index: src/main/java/mk/ukim/finki/easyfood/web/controller/PostLoginController.java =================================================================== --- src/main/java/mk/ukim/finki/easyfood/web/controller/PostLoginController.java (revision 96b38c5d7509c30b504003723bce11d064e24909) +++ src/main/java/mk/ukim/finki/easyfood/web/controller/PostLoginController.java (revision 96b38c5d7509c30b504003723bce11d064e24909) @@ -0,0 +1,45 @@ +package mk.ukim.finki.easyfood.web.controller; + +import mk.ukim.finki.easyfood.model.AppUser; +import mk.ukim.finki.easyfood.model.DeliveryMan; // You need to import this +import mk.ukim.finki.easyfood.service.UserService; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.security.core.userdetails.UsernameNotFoundException; + +import java.util.Collection; + +@Controller +public class PostLoginController { + + private final UserService userService; + + public PostLoginController(UserService userService) { + this.userService = userService; + } + + @GetMapping("/post-login") + public String postLoginRedirect(Authentication authentication) { + Collection authorities = authentication.getAuthorities(); + UserDetails userDetails = (UserDetails) authentication.getPrincipal(); + + if (authorities.stream().anyMatch(a -> a.getAuthority().equals("ROLE_ADMIN"))) { + // Your logic for admin + return "redirect:/admin"; + } else if (authorities.stream().anyMatch(a -> a.getAuthority().equals("ROLE_DELIVERY_MAN"))) { + // Use the specific findByEmail for DeliveryMan + DeliveryMan deliveryMan = userService.findDeliveryManByEmail(userDetails.getUsername()) + .orElseThrow(() -> new UsernameNotFoundException("Delivery man not found.")); + Long userId = deliveryMan.getId(); + return "redirect:/DeliveryMan/" + userId; + } else { + // Your logic for other roles or regular users + AppUser user = userService.findByEmail(userDetails.getUsername()) + .orElseThrow(() -> new UsernameNotFoundException("User not found.")); + return "redirect:/home"; + } + } +}