Шестая лабораторная работа. Фикс вывода forbidden.
This commit is contained in:
parent
1f69a7929e
commit
74766fecab
Binary file not shown.
@ -63,6 +63,10 @@ public class SecurityConfiguration {
|
|||||||
.requestMatchers(HttpMethod.DELETE, "/api/**").hasRole("ADMIN")
|
.requestMatchers(HttpMethod.DELETE, "/api/**").hasRole("ADMIN")
|
||||||
.requestMatchers(HttpMethod.PUT, "/api/**").hasRole("ADMIN")
|
.requestMatchers(HttpMethod.PUT, "/api/**").hasRole("ADMIN")
|
||||||
.requestMatchers(HttpMethod.POST, "/api/**").hasRole("ADMIN")
|
.requestMatchers(HttpMethod.POST, "/api/**").hasRole("ADMIN")
|
||||||
|
.requestMatchers(HttpMethod.GET, "/api/customer/**").hasRole("ADMIN")
|
||||||
|
.requestMatchers(HttpMethod.GET, "/api/store/addStore/**").hasRole("ADMIN")
|
||||||
|
.requestMatchers(HttpMethod.GET, "/customer/**").hasRole("ADMIN")
|
||||||
|
.requestMatchers(HttpMethod.GET, "/store/addToStore/**").hasRole("ADMIN")
|
||||||
.requestMatchers("/api/**").authenticated()
|
.requestMatchers("/api/**").authenticated()
|
||||||
.requestMatchers(HttpMethod.POST, UserController.URL_LOGIN).permitAll()
|
.requestMatchers(HttpMethod.POST, UserController.URL_LOGIN).permitAll()
|
||||||
.requestMatchers(HttpMethod.GET, "/img/**").permitAll())
|
.requestMatchers(HttpMethod.GET, "/img/**").permitAll())
|
||||||
|
@ -1,10 +1,14 @@
|
|||||||
package com.example.ipLab.StoreDataBase.Controllers;
|
package com.example.ipLab.StoreDataBase.Controllers;
|
||||||
|
|
||||||
import com.example.ipLab.StoreDataBase.DTO.CustomerDTO;
|
import com.example.ipLab.StoreDataBase.DTO.CustomerDTO;
|
||||||
|
import com.example.ipLab.StoreDataBase.Exceptions.ForbiddenException;
|
||||||
|
import com.example.ipLab.StoreDataBase.Model.CustomUser;
|
||||||
import com.example.ipLab.StoreDataBase.Model.Customer;
|
import com.example.ipLab.StoreDataBase.Model.Customer;
|
||||||
|
import com.example.ipLab.StoreDataBase.Model.UserRole;
|
||||||
import com.example.ipLab.StoreDataBase.Service.CustomerService;
|
import com.example.ipLab.StoreDataBase.Service.CustomerService;
|
||||||
import com.example.ipLab.WebConfiguration;
|
import com.example.ipLab.WebConfiguration;
|
||||||
import jakarta.validation.Valid;
|
import jakarta.validation.Valid;
|
||||||
|
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
@ -24,7 +28,7 @@ public class CustomerController {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@GetMapping
|
@GetMapping
|
||||||
public List<CustomerDTO> getCustomers(){
|
public List<CustomerDTO> getCustomers(@AuthenticationPrincipal CustomUser user){
|
||||||
return customerService.getAllCustomers().stream()
|
return customerService.getAllCustomers().stream()
|
||||||
.map(CustomerDTO::new)
|
.map(CustomerDTO::new)
|
||||||
.toList();
|
.toList();
|
||||||
|
@ -0,0 +1,8 @@
|
|||||||
|
package com.example.ipLab.StoreDataBase.Exceptions;
|
||||||
|
|
||||||
|
import org.springframework.http.HttpStatus;
|
||||||
|
import org.springframework.web.bind.annotation.ResponseStatus;
|
||||||
|
|
||||||
|
@ResponseStatus(HttpStatus.FORBIDDEN)
|
||||||
|
public class ForbiddenException extends RuntimeException {
|
||||||
|
}
|
@ -5,7 +5,8 @@
|
|||||||
<head>
|
<head>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<div sec:authorize="hasRole('ROLE_ADMIN')" layout:fragment="content">
|
<div layout:fragment="content">
|
||||||
|
<div sec:authorize="hasRole('ROLE_ADMIN')">
|
||||||
<div>
|
<div>
|
||||||
<a class="btn btn-success button-fixed"
|
<a class="btn btn-success button-fixed"
|
||||||
th:href="@{/customer/edit/}">
|
th:href="@{/customer/edit/}">
|
||||||
@ -53,5 +54,12 @@
|
|||||||
</table>
|
</table>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
<div sec:authorize="hasRole('ROLE_USER')">
|
||||||
|
<div>
|
||||||
|
<h2>Forbidden</h2>
|
||||||
|
<a href="/">На главную</a>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
@ -8,6 +8,7 @@ import OrderPage from './components/pages/orderPage';
|
|||||||
import AddToStorePage from './components/pages/addToStorePage';
|
import AddToStorePage from './components/pages/addToStorePage';
|
||||||
import LoginPage from './components/pages/loginPage';
|
import LoginPage from './components/pages/loginPage';
|
||||||
import Logout from './components/pages/logout';
|
import Logout from './components/pages/logout';
|
||||||
|
import ForbiddenPage from './components/pages/forbiddenPage'
|
||||||
import './styleSite.css';
|
import './styleSite.css';
|
||||||
|
|
||||||
function Router(props) {
|
function Router(props) {
|
||||||
@ -18,10 +19,12 @@ export default function App() {
|
|||||||
const routes = [
|
const routes = [
|
||||||
{ index: true, element: <StorePage/> },
|
{ index: true, element: <StorePage/> },
|
||||||
localStorage.getItem("role") === "ADMIN" && { path: 'customer', element: <CustomerPage/>, label:'Покупатели'},
|
localStorage.getItem("role") === "ADMIN" && { path: 'customer', element: <CustomerPage/>, label:'Покупатели'},
|
||||||
|
localStorage.getItem("role") !== "ADMIN" && { path: 'customer', element: <ForbiddenPage/>},
|
||||||
{ path: 'store', element: <StorePage/>, label: 'Магазины' },
|
{ path: 'store', element: <StorePage/>, label: 'Магазины' },
|
||||||
{ path: 'product', element: <ProductPage/>, label: 'Товары' },
|
{ path: 'product', element: <ProductPage/>, label: 'Товары' },
|
||||||
{ path: 'order', element: <OrderPage/>, label: 'Заказы'},
|
{ path: 'order', element: <OrderPage/>, label: 'Заказы'},
|
||||||
localStorage.getItem("role") === "ADMIN" && { path: 'addToStore', element: <AddToStorePage/>, label: 'Доставка'},
|
localStorage.getItem("role") === "ADMIN" && { path: 'addToStore', element: <AddToStorePage/>, label: 'Доставка'},
|
||||||
|
localStorage.getItem("role") !== "ADMIN" && { path: 'addToStore', element: <ForbiddenPage/>},
|
||||||
{ path: '/login', element: <LoginPage/>},
|
{ path: '/login', element: <LoginPage/>},
|
||||||
{ path: '/logout', element: <Logout/>}
|
{ path: '/logout', element: <Logout/>}
|
||||||
];
|
];
|
||||||
|
@ -28,7 +28,7 @@ function CustomerPage(){
|
|||||||
}
|
}
|
||||||
return(
|
return(
|
||||||
<article className="h-100 mt-0 mb-0 d-flex flex-column justify-content-between">
|
<article className="h-100 mt-0 mb-0 d-flex flex-column justify-content-between">
|
||||||
<CustomerTable headers={catalogCustomerHeaders}
|
{localStorage.getItem("role") === "ADMIN" && <CustomerTable headers={catalogCustomerHeaders}
|
||||||
getAllUrl={url}
|
getAllUrl={url}
|
||||||
url={url}
|
url={url}
|
||||||
getUrl={getUrl}
|
getUrl={getUrl}
|
||||||
@ -48,7 +48,12 @@ function CustomerPage(){
|
|||||||
<label className="form-label" forhtml="middleName">Отчество</label>
|
<label className="form-label" forhtml="middleName">Отчество</label>
|
||||||
<input className="form-control" type="text" id="middleName" value={data.middleName} onChange={handleFormChange} required="required"/>
|
<input className="form-control" type="text" id="middleName" value={data.middleName} onChange={handleFormChange} required="required"/>
|
||||||
</div>
|
</div>
|
||||||
</CustomerTable>
|
</CustomerTable>}
|
||||||
|
{localStorage.getItem("role") !== "ADMIN" &&
|
||||||
|
<div>
|
||||||
|
<h2>Forbidden</h2>
|
||||||
|
<a href="/">На главную</a>
|
||||||
|
</div>}
|
||||||
</article>
|
</article>
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
8
frontend/src/components/pages/forbiddenPage.jsx
Normal file
8
frontend/src/components/pages/forbiddenPage.jsx
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
export default function ForbiddenPage(){
|
||||||
|
return(
|
||||||
|
<div>
|
||||||
|
<h2>Forbidden</h2>
|
||||||
|
<a href="/">На главную</a>
|
||||||
|
</div>
|
||||||
|
)
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user