From 68a0f373cb61aeee2c2cc10d331ee6edfcd84808 Mon Sep 17 00:00:00 2001
From: Pekka Helenius <fincer89@hotmail.com>
Date: Sat, 3 Oct 2020 03:41:30 +0300
Subject: [PATCH] Return different book JSON based on user login data & book
 publish status

Signed-off-by: Pekka Helenius <fincer89@hotmail.com>
---
 .../fjordtek/bookstore/web/BookRestController.java   | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/bookstore/src/main/java/com/fjordtek/bookstore/web/BookRestController.java b/bookstore/src/main/java/com/fjordtek/bookstore/web/BookRestController.java
index 072b7a3..b21d92e 100644
--- a/bookstore/src/main/java/com/fjordtek/bookstore/web/BookRestController.java
+++ b/bookstore/src/main/java/com/fjordtek/bookstore/web/BookRestController.java
@@ -9,6 +9,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -55,12 +56,19 @@ public class BookRestController {
 			)
 	public @ResponseBody Iterable<Book> getAllBooksRestData(
 			HttpServletRequest requestData,
-			HttpServletResponse responseData
+			HttpServletResponse responseData,
+			Authentication authData
 			) {
 
+		String authorities = authData.getAuthorities().toString();
+
 		httpServerLogger.log(requestData, responseData);
 
-		return bookRepository.findAll();
+		if (authorities.contains("MARKETING")) {
+			return bookRepository.findAll();
+		} else {
+			return bookRepository.findAllPublished();
+		}
 	}
 
 	@RequestMapping(