2 files changed, 33 insertions, 3 deletions

diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/CupboardController.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/CupboardController.java
index 36ae341..664b53b 100644
--- a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/CupboardController.java
+++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/CupboardController.java
@@ -13,6 +13,7 @@ import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
@@ -162,6 +163,34 @@ public class CupboardController {
     }
 
     /**
+     * Checks out a need by checkoutAmount
+     * 
+     * @param data JSON object with paramters needID and amount
+     * @param key  Key used to authenticate user
+     * @return OK if successful, other statuses if failure
+     * @throws IllegalAccessException
+     */
+    @PutMapping("/checkout")
+    public ResponseEntity<Object> checkoutNeeds(@RequestBody Map<String, Integer> data, @RequestHeader("jelly-api-key") String key) throws IllegalAccessException {
+        int needID = data.get("needID");
+        int checkoutAmount = data.get("amount");
+        LOG.log(Level.INFO, "Checking out need with ID: " + needID + " by " + checkoutAmount);
+        try {
+            cupboardService.checkoutNeed(needID, checkoutAmount, key);
+            return new ResponseEntity<>(HttpStatus.OK);
+        } catch (IllegalArgumentException ex) {
+            ex.printStackTrace();
+            return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
+        } catch (IllegalAccessException ex) {
+            ex.printStackTrace();
+            return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
+        } catch (IOException ex) {
+            ex.printStackTrace();
+            return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
+        }
+    }
+
+    /**
      * Deletes a single need from the cupboard using the Need's id
      * 
      * @param id The need's ID
diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java
index dfaad3a..b0dbd1d 100644
--- a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java
+++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java
@@ -99,12 +99,13 @@ public class UserController {
      * @param key      The authentication key of the user
      * @return OK response and the user if it was successful, or
      *         INTERNAL_SERVER_ERROR if there was an issue
+     * @throws IllegalAccessException 
      */
     @PutMapping("/{username}")
-    public ResponseEntity<User> updateUser(@RequestBody User user, @PathVariable String username, @RequestHeader("jelly-api-key") String key) {
-        LOG.log(Level.INFO,"PUT: " + user + " " + username + " " + key.toString());
+    public ResponseEntity<User> updateUser(@RequestHeader("jelly-api-key") String key, @RequestBody User user, @PathVariable String username) throws IllegalAccessException {
+        LOG.log(Level.INFO,"PUT: " + user + " " + username + " " + key);
         try {
-            //authService.authenticate(username, key);
+            authService.authenticate(username, key);
             user = userService.updateUser(user, username);
             if (user != null) {
                 return new ResponseEntity<>(user, HttpStatus.OK);