Andrey_Abazov/PIbd-23_Abazov_A.A._IPLabs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Шестая лабораторная работа. Фикс вывода forbidden.

Browse Source
This commit is contained in:
abazov73 2023-05-16 10:19:24 +04:00
parent 1f69a7929e
commit 74766fecab
8 changed files with 88 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
backend/ipLab/data.mv.db
View File

Binary file not shown.

4
backend/ipLab/src/main/java/com/example/ipLab/StoreDataBase/Configurations/SecurityConfiguration.java
View File

@ -63,6 +63,10 @@ public class SecurityConfiguration {
.requestMatchers(HttpMethod.DELETE, "/api/**").hasRole("ADMIN") .requestMatchers(HttpMethod.DELETE, "/api/**").hasRole("ADMIN")
.requestMatchers(HttpMethod.PUT, "/api/**").hasRole("ADMIN") .requestMatchers(HttpMethod.PUT, "/api/**").hasRole("ADMIN")
.requestMatchers(HttpMethod.POST, "/api/**").hasRole("ADMIN") .requestMatchers(HttpMethod.POST, "/api/**").hasRole("ADMIN")
.requestMatchers(HttpMethod.GET, "/api/customer/**").hasRole("ADMIN")
.requestMatchers(HttpMethod.GET, "/api/store/addStore/**").hasRole("ADMIN")
.requestMatchers(HttpMethod.GET, "/customer/**").hasRole("ADMIN")
.requestMatchers(HttpMethod.GET, "/store/addToStore/**").hasRole("ADMIN")
.requestMatchers("/api/**").authenticated() .requestMatchers("/api/**").authenticated()
.requestMatchers(HttpMethod.POST, UserController.URL_LOGIN).permitAll() .requestMatchers(HttpMethod.POST, UserController.URL_LOGIN).permitAll()
.requestMatchers(HttpMethod.GET, "/img/**").permitAll()) .requestMatchers(HttpMethod.GET, "/img/**").permitAll())

6
backend/ipLab/src/main/java/com/example/ipLab/StoreDataBase/Controllers/CustomerController.java
View File

@ -1,10 +1,14 @@
package com.example.ipLab.StoreDataBase.Controllers; package com.example.ipLab.StoreDataBase.Controllers;
import com.example.ipLab.StoreDataBase.DTO.CustomerDTO; import com.example.ipLab.StoreDataBase.DTO.CustomerDTO;
import com.example.ipLab.StoreDataBase.Exceptions.ForbiddenException;
import com.example.ipLab.StoreDataBase.Model.CustomUser;
import com.example.ipLab.StoreDataBase.Model.Customer; import com.example.ipLab.StoreDataBase.Model.Customer;
import com.example.ipLab.StoreDataBase.Model.UserRole;
import com.example.ipLab.StoreDataBase.Service.CustomerService; import com.example.ipLab.StoreDataBase.Service.CustomerService;
import com.example.ipLab.WebConfiguration; import com.example.ipLab.WebConfiguration;
import jakarta.validation.Valid; import jakarta.validation.Valid;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import java.util.List; import java.util.List;
@ -24,7 +28,7 @@ public class CustomerController {
} }
@GetMapping @GetMapping
public List<CustomerDTO> getCustomers(){ public List<CustomerDTO> getCustomers(@AuthenticationPrincipal CustomUser user){
return customerService.getAllCustomers().stream() return customerService.getAllCustomers().stream()
.map(CustomerDTO::new) .map(CustomerDTO::new)
.toList(); .toList();

8
backend/ipLab/src/main/java/com/example/ipLab/StoreDataBase/Exceptions/ForbiddenException.java Normal file
View File

@ -0,0 +1,8 @@
package com.example.ipLab.StoreDataBase.Exceptions;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.ResponseStatus;
@ResponseStatus(HttpStatus.FORBIDDEN)
public class ForbiddenException extends RuntimeException {
}

10
backend/ipLab/src/main/resources/templates/customer.html
View File

@ -5,7 +5,8 @@
<head> <head>
</head> </head>
<body> <body>
<div sec:authorize="hasRole('ROLE_ADMIN')" layout:fragment="content"> <div layout:fragment="content">
<div sec:authorize="hasRole('ROLE_ADMIN')">
<div> <div>
<a class="btn btn-success button-fixed" <a class="btn btn-success button-fixed"
th:href="@{/customer/edit/}"> th:href="@{/customer/edit/}">
@ -52,6 +53,13 @@
</tbody> </tbody>
</table> </table>
</div> </div>
</div>
<div sec:authorize="hasRole('ROLE_USER')">
<div>
<h2>Forbidden</h2>
<a href="/">На главную</a>
</div>
</div>
</div> </div>
</body> </body>
</html> </html>

3
frontend/src/App.jsx
View File

@ -8,6 +8,7 @@ import OrderPage from './components/pages/orderPage';
import AddToStorePage from './components/pages/addToStorePage'; import AddToStorePage from './components/pages/addToStorePage';
import LoginPage from './components/pages/loginPage'; import LoginPage from './components/pages/loginPage';
import Logout from './components/pages/logout'; import Logout from './components/pages/logout';
import ForbiddenPage from './components/pages/forbiddenPage'
import './styleSite.css'; import './styleSite.css';
function Router(props) { function Router(props) {
@ -18,10 +19,12 @@ export default function App() {
const routes = [ const routes = [
{ index: true, element: <StorePage/> }, { index: true, element: <StorePage/> },
localStorage.getItem("role") === "ADMIN" && { path: 'customer', element: <CustomerPage/>, label:'Покупатели'}, localStorage.getItem("role") === "ADMIN" && { path: 'customer', element: <CustomerPage/>, label:'Покупатели'},
localStorage.getItem("role") !== "ADMIN" && { path: 'customer', element: <ForbiddenPage/>},
{ path: 'store', element: <StorePage/>, label: 'Магазины' }, { path: 'store', element: <StorePage/>, label: 'Магазины' },
{ path: 'product', element: <ProductPage/>, label: 'Товары' }, { path: 'product', element: <ProductPage/>, label: 'Товары' },
{ path: 'order', element: <OrderPage/>, label: 'Заказы'}, { path: 'order', element: <OrderPage/>, label: 'Заказы'},
localStorage.getItem("role") === "ADMIN" && { path: 'addToStore', element: <AddToStorePage/>, label: 'Доставка'}, localStorage.getItem("role") === "ADMIN" && { path: 'addToStore', element: <AddToStorePage/>, label: 'Доставка'},
localStorage.getItem("role") !== "ADMIN" && { path: 'addToStore', element: <ForbiddenPage/>},
{ path: '/login', element: <LoginPage/>}, { path: '/login', element: <LoginPage/>},
{ path: '/logout', element: <Logout/>} { path: '/logout', element: <Logout/>}
]; ];

9
frontend/src/components/pages/customerPage.jsx
View File

@ -28,7 +28,7 @@ function CustomerPage(){
} }
return( return(
<article className="h-100 mt-0 mb-0 d-flex flex-column justify-content-between"> <article className="h-100 mt-0 mb-0 d-flex flex-column justify-content-between">
<CustomerTable headers={catalogCustomerHeaders} {localStorage.getItem("role") === "ADMIN" && <CustomerTable headers={catalogCustomerHeaders}
getAllUrl={url} getAllUrl={url}
url={url} url={url}
getUrl={getUrl} getUrl={getUrl}
@ -48,7 +48,12 @@ function CustomerPage(){
<label className="form-label" forhtml="middleName">Отчество</label> <label className="form-label" forhtml="middleName">Отчество</label>
<input className="form-control" type="text" id="middleName" value={data.middleName} onChange={handleFormChange} required="required"/> <input className="form-control" type="text" id="middleName" value={data.middleName} onChange={handleFormChange} required="required"/>
</div> </div>
</CustomerTable> </CustomerTable>}
{localStorage.getItem("role") !== "ADMIN" &&
<div>
<h2>Forbidden</h2>
<a href="/">На главную</a>
</div>}
</article> </article>
) )
} }

8
frontend/src/components/pages/forbiddenPage.jsx Normal file
View File

@ -0,0 +1,8 @@
export default function ForbiddenPage(){
return(
<div>
<h2>Forbidden</h2>
<a href="/">На главную</a>
</div>
)
}