Change of routes for appointment security, change so that appointments are...

Change of routes for appointment security, change so that appointments are retrieved according to the authenticated patient or doctor.
Doctors can now only book appointments in their own name

src/main/java/com/projet/projetIndu/controllers/AppointmentController.java → src/main/java/com/projet/projetIndu/controllers/DoctorAppointmentController.java

@@ -15,54 +15,52 @@ import java.time.LocalDateTime;
 import java.util.List;
 
 @Controller
-@RequestMapping("/appointments") // Toutes les routes commenceront par /appointments
-public class AppointmentController {
+@RequestMapping("/doctors/appointments")
+public class DoctorAppointmentController {
 
     private final AppointmentService appointmentService;
     private final DoctorService doctorService;
     private final PatientService patientService;
 
-
-    public AppointmentController(AppointmentService appointmentService, DoctorService doctorService, PatientService patientService) {
+    public DoctorAppointmentController(AppointmentService appointmentService, DoctorService doctorService, PatientService patientService) {
         this.appointmentService = appointmentService;
         this.doctorService = doctorService;
         this.patientService = patientService;
     }
 
     @GetMapping
-    public String showAppointments(Model model) {
-        List<Appointment> appointments = appointmentService.getAllAppointments();
-        model.addAttribute("appointments", appointments);
-        return "appointments";
-    }
-
-    @GetMapping("/doctor/{doctorId}")
-    public String listAppointmentsForDoctor(@PathVariable Long doctorId, Model model) {
+    public String showDoctorAppointments(Model model) {
+        Long doctorId = doctorService.getAuthenticatedDoctorId();
         List<Appointment> appointments = appointmentService.getAppointmentsByDoctor(doctorId);
         model.addAttribute("appointments", appointments);
         return "appointments";
     }
 
-
     @GetMapping("/create")
     public String showCreateForm(Model model) {
         model.addAttribute("appointment", new Appointment());
-
         List<Patient> patients = patientService.getAllPatients();
-        List<Doctor> doctors = doctorService.getAllDoctors();
-
         model.addAttribute("patients", patients);
-        model.addAttribute("doctors", doctors);
+        Long doctorId = doctorService.getAuthenticatedDoctorId();
+        Doctor doctor = doctorService.getDoctorById(doctorId)
+                .orElseThrow(() -> new RuntimeException("Médecin introuvable"));
+
+        model.addAttribute("doctor", doctor);
 
         return "create-appointment";
     }
 
 
     @PostMapping("/create")
-    public String createAppointment(@RequestParam("doctorId") Long doctorId,
-                                    @RequestParam("patientId") Long patientId,
+    public String createAppointment(@RequestParam("patientId") Long patientId,
                                     @RequestParam("dateTime") String dateTime,
-                                    @RequestParam("reason") String reason) {
+                                    @RequestParam("reason") String reason,
+                                    @RequestParam("doctorId") Long doctorId) {
+
+        Long authenticatedDoctorId = doctorService.getAuthenticatedDoctorId();
+        if (!authenticatedDoctorId.equals(doctorId)) {
+            throw new RuntimeException("Le médecin authentifié ne peut pas prendre des rendez-vous pour un autre médecin.");
+        }
 
         Doctor doctor = doctorService.getDoctorById(doctorId)
                 .orElseThrow(() -> new RuntimeException("Médecin introuvable"));
@@ -80,16 +78,15 @@ public class AppointmentController {
 
         appointmentService.saveAppointment(appointment);
 
-        return "redirect:/appointments";
+        return "redirect:/doctors/appointments";
     }
 
 
-
-
     @PostMapping("/{id}/cancel")
     public String cancelAppointment(@PathVariable Long id) {
         appointmentService.cancelAppointment(id);
-        return "redirect:/appointments";
+        return "redirect:/doctors/appointments";
     }
 }
 
+

src/main/java/com/projet/projetIndu/controllers/PatientAppointmentController.java

+package com.projet.projetIndu.controllers;
+
+import com.projet.projetIndu.entities.Appointment;
+import com.projet.projetIndu.services.AppointmentService;
+import com.projet.projetIndu.services.PatientService;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+import java.util.List;
+
+@Controller
+@RequestMapping("/patients/appointments") // L'URL commence bien par /patients/
+public class PatientAppointmentController {
+
+    private final AppointmentService appointmentService;
+    private final PatientService patientService;
+
+    public PatientAppointmentController(AppointmentService appointmentService, PatientService patientService) {
+        this.appointmentService = appointmentService;
+        this.patientService = patientService;
+    }
+
+    @GetMapping
+    public String showPatientAppointments(Model model) {
+        Long patientId = patientService.getAuthenticatedPatientId(); // Récupère l'ID du patient connecté
+        List<Appointment> appointments = appointmentService.getAppointmentsByPatient(patientId);
+        model.addAttribute("appointments", appointments);
+        return "appointments";
+    }
+}
+

src/main/java/com/projet/projetIndu/repositories/AppointmentRepository.java

@@ -12,4 +12,6 @@ public interface AppointmentRepository extends JpaRepository<Appointment, Long>
     Optional<Appointment> findByDateTime(LocalDateTime dateTime);
 
     List<Appointment> findByDoctorId(Long doctorId);
+
+    List<Appointment> findByPatientId(Long patientId);
 }

src/main/java/com/projet/projetIndu/services/AppointmentService.java

@@ -6,7 +6,6 @@ import com.projet.projetIndu.repositories.AppointmentRepository;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import java.time.LocalDate;
 import java.time.LocalDateTime;
 import java.util.List;
 import java.util.Optional;
@@ -53,5 +52,9 @@ public class AppointmentService {
         return appointmentRepository.findByDoctorId(doctorId);
     }
 
+    public List<Appointment> getAppointmentsByPatient(Long patientId) {
+        return appointmentRepository.findByPatientId(patientId);
+    }
+
 
 }

src/main/java/com/projet/projetIndu/services/DoctorService.java

@@ -3,9 +3,10 @@ package com.projet.projetIndu.services;
 import com.projet.projetIndu.entities.Doctor;
 import com.projet.projetIndu.repositories.DoctorRepository;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 
-import java.util.Arrays;
 import java.util.List;
 import java.util.Optional;
 
@@ -43,23 +44,16 @@ public class DoctorService {
     public void deleteDoctorById(Long id) {
         doctorRepository.deleteById(id);
     }
+
+    public Long getAuthenticatedDoctorId() {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        String email = authentication.getName();
+        return doctorRepository.findByEmail(email)
+                .map(Doctor::getId)
+                .orElseThrow(() -> new RuntimeException("Médecin non trouvé"));
+    }
 }
 
-//    ///Pour le codage en dur (à retirer ensuite avec la BDD)
-//    public List<Doctor> getAllDoctors() {
-//        return Arrays.asList(
-//                new Doctor(1L, "Jean", "Dupont", "Cardiologue", "jean.dupont@example.com"),
-//                new Doctor(2L, "Marie", "Curie", "Radiologue", "marie.curie@example.com"),
-//                new Doctor(3L, "Paul", "Durand", "Généraliste", "paul.durand@example.com")
-//        );
-//    }
 //
-//    // Pour le dur
-//    public List<Doctor> getDoctorByName(String firstName, String lastName) {
-//        return getAllDoctors().stream()
-//                .filter(doctor -> doctor.getFirstName().toLowerCase().contains(firstName.toLowerCase()) ||
-//                        doctor.getLastName().toLowerCase().contains(lastName.toLowerCase()))
-//                .toList();
-//    }
 
 

src/main/java/com/projet/projetIndu/services/PatientService.java

@@ -3,6 +3,8 @@ package com.projet.projetIndu.services;
 import com.projet.projetIndu.entities.Patient;
 import com.projet.projetIndu.repositories.PatientRepository;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 
 import java.util.List;
@@ -37,4 +39,14 @@ public class PatientService {
     public void deletePatientById(Long id) {
         patientRepository.deleteById(id);
     }
+
+
+    public Long getAuthenticatedPatientId() {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        String email = authentication.getName();
+
+        return patientRepository.findByEmail(email)
+                .map(Patient::getId)
+                .orElseThrow(() -> new RuntimeException("Patient non trouvé"));
+    }
 }

src/main/resources/templates/appointments.html

@@ -38,7 +38,7 @@
         </tbody>
     </table>
 
-    <a href="/appointments/create" class="btn btn-primary mt-3">Créer un nouveau rendez-vous</a>
+    <a href="/doctors/appointments/create" class="btn btn-primary mt-3">Créer un nouveau rendez-vous</a>
     <a href="/doctors/dashboard" class="btn btn-secondary mt-3">Retour au tableau de bord</a>
 </div>
 

src/main/resources/templates/create-appointment.html

@@ -11,7 +11,7 @@
 <div class="container mt-5">
     <h1 class="text-center mb-4">Créer un rendez-vous</h1>
 
-    <form method="post" th:action="@{/appointments/create}">
+    <form method="post" th:action="@{/doctors/appointments/create}">
         <!-- Sélecteur du Patient -->
         <div class="mb-3">
             <label class="form-label">Patient :</label>
@@ -24,16 +24,12 @@
             </select>
         </div>
 
-        <!-- Sélecteur du Médecin -->
         <div class="mb-3">
             <label class="form-label">Médecin :</label>
-            <select class="form-select" name="doctorId" required>
-                <option value="">Sélectionner un médecin</option>
-                <option th:each="doctor : ${doctors}"
-                        th:value="${doctor.id}"
-                        th:text="${doctor.firstName + ' ' + doctor.lastName}">
-                </option>
-            </select>
+            <input type="hidden" name="doctorId" th:value="${doctor.id}">
+            <!-- Affichage du nom du médecin authentifié -->
+            <input type="text" class="form-control" th:value="'Dr. ' + ${doctor.firstName} + ' ' + ${doctor.lastName}"
+                   readonly>
         </div>
 
         <!-- Champ Date et Heure -->
@@ -49,7 +45,7 @@
         </div>
 
         <button type="submit" class="btn btn-success">Créer le rendez-vous</button>
-        <a href="/appointments" th:href="@{/appointments}" class="btn btn-secondary">Annuler</a>
+        <a href="/doctors/appointments" th:href="@{/doctors/appointments}" class="btn btn-secondary">Annuler</a>
     </form>
 </div>
 

src/main/resources/templates/doctor-dashboard.html

@@ -36,7 +36,7 @@
                 <p class="mt-2 text-gray-600">Accéder aux dossiers médicaux de vos patients.</p>
             </a>
 
-            <a href="/appointments"
+            <a href="/doctors/appointments"
                class="p-6 bg-white shadow-md rounded-lg hover:shadow-lg transition md:col-span-2 flex items-center justify-center text-center">
                 <div class="space-y-2">
                     <h3 class="text-xl font-semibold text-gray-800">Rendez-vous</h3>

src/main/resources/templates/patient-dashboard.html

@@ -29,7 +29,7 @@
             <p class="mt-2 text-gray-600">Consulter vos dossiers médicaux.</p>
         </a>
 
-        <a href="/appointments" class="p-6 bg-white shadow-md rounded-lg hover:shadow-lg transition">
+        <a href="/patients/appointments" class="p-6 bg-white shadow-md rounded-lg hover:shadow-lg transition">
             <h3 class="text-xl font-semibold text-gray-800">Mes Rendez-vous</h3>
             <p class="mt-2 text-gray-600">Voir et gérer vos rendez-vous.</p>
         </a>