Шестая лабораторная работа. Фикс вывода forbidden.

backend/ipLab/src/main/java/com/example/ipLab/StoreDataBase/Configurations/SecurityConfiguration.java

@@ -63,6 +63,10 @@ public class SecurityConfiguration {
                         .requestMatchers(HttpMethod.DELETE, "/api/**").hasRole("ADMIN")
                         .requestMatchers(HttpMethod.PUT, "/api/**").hasRole("ADMIN")
                         .requestMatchers(HttpMethod.POST, "/api/**").hasRole("ADMIN")
+                        .requestMatchers(HttpMethod.GET, "/api/customer/**").hasRole("ADMIN")
+                        .requestMatchers(HttpMethod.GET, "/api/store/addStore/**").hasRole("ADMIN")
+                        .requestMatchers(HttpMethod.GET, "/customer/**").hasRole("ADMIN")
+                        .requestMatchers(HttpMethod.GET, "/store/addToStore/**").hasRole("ADMIN")
                         .requestMatchers("/api/**").authenticated()
                         .requestMatchers(HttpMethod.POST, UserController.URL_LOGIN).permitAll()
                         .requestMatchers(HttpMethod.GET, "/img/**").permitAll())

backend/ipLab/src/main/java/com/example/ipLab/StoreDataBase/Controllers/CustomerController.java

@@ -1,10 +1,14 @@
 package com.example.ipLab.StoreDataBase.Controllers;
 
 import com.example.ipLab.StoreDataBase.DTO.CustomerDTO;
+import com.example.ipLab.StoreDataBase.Exceptions.ForbiddenException;
+import com.example.ipLab.StoreDataBase.Model.CustomUser;
 import com.example.ipLab.StoreDataBase.Model.Customer;
+import com.example.ipLab.StoreDataBase.Model.UserRole;
 import com.example.ipLab.StoreDataBase.Service.CustomerService;
 import com.example.ipLab.WebConfiguration;
 import jakarta.validation.Valid;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -24,7 +28,7 @@ public class CustomerController {
     }
 
     @GetMapping
-    public List<CustomerDTO> getCustomers(){
+    public List<CustomerDTO> getCustomers(@AuthenticationPrincipal CustomUser user){
         return  customerService.getAllCustomers().stream()
                 .map(CustomerDTO::new)
                 .toList();

backend/ipLab/src/main/java/com/example/ipLab/StoreDataBase/Exceptions/ForbiddenException.java

@@ -0,0 +1,8 @@
+package com.example.ipLab.StoreDataBase.Exceptions;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+@ResponseStatus(HttpStatus.FORBIDDEN)
+public class ForbiddenException extends RuntimeException {
+}

backend/ipLab/src/main/resources/templates/customer.html

@@ -5,7 +5,8 @@
 <head>
 </head>
 <body>
-<div sec:authorize="hasRole('ROLE_ADMIN')" layout:fragment="content">
+<div layout:fragment="content">
+    <div sec:authorize="hasRole('ROLE_ADMIN')">
         <div>
             <a class="btn btn-success button-fixed"
                th:href="@{/customer/edit/}">
@@ -52,6 +53,13 @@
                 </tbody>
             </table>
         </div>
+    </div>
+    <div sec:authorize="hasRole('ROLE_USER')">
+        <div>
+            <h2>Forbidden</h2>
+            <a href="/">На главную</a>
+        </div>
+    </div>
 </div>
 </body>
 </html>

frontend/src/App.jsx

@@ -8,6 +8,7 @@ import OrderPage from './components/pages/orderPage';
 import AddToStorePage from './components/pages/addToStorePage';
 import LoginPage from './components/pages/loginPage';
 import Logout from './components/pages/logout';
+import ForbiddenPage from './components/pages/forbiddenPage'
 import './styleSite.css';
 
 function Router(props) {
@@ -18,10 +19,12 @@ export default function App() {
   const routes = [
     { index: true, element: <StorePage/> },
     localStorage.getItem("role") === "ADMIN" && { path: 'customer', element: <CustomerPage/>, label:'Покупатели'},
+    localStorage.getItem("role") !== "ADMIN" && { path: 'customer', element: <ForbiddenPage/>},
     { path: 'store', element: <StorePage/>, label: 'Магазины' },
     { path: 'product', element: <ProductPage/>, label: 'Товары' },
     { path: 'order', element: <OrderPage/>, label: 'Заказы'},
     localStorage.getItem("role") === "ADMIN" && { path: 'addToStore', element: <AddToStorePage/>, label: 'Доставка'},
+    localStorage.getItem("role") !== "ADMIN" && { path: 'addToStore', element: <ForbiddenPage/>},
     { path: '/login', element: <LoginPage/>},
     { path: '/logout', element: <Logout/>}
   ];

frontend/src/components/pages/customerPage.jsx

@@ -28,7 +28,7 @@ function CustomerPage(){
     }
     return(
         <article className="h-100 mt-0 mb-0 d-flex flex-column justify-content-between">
-        <CustomerTable headers={catalogCustomerHeaders} 
+        {localStorage.getItem("role") === "ADMIN" && <CustomerTable headers={catalogCustomerHeaders} 
             getAllUrl={url}
             url={url}
             getUrl={getUrl}
@@ -48,7 +48,12 @@ function CustomerPage(){
             <label className="form-label" forhtml="middleName">Отчество</label>
             <input className="form-control" type="text" id="middleName" value={data.middleName} onChange={handleFormChange} required="required"/>
           </div>
-        </CustomerTable>
+        </CustomerTable>}
+        {localStorage.getItem("role") !== "ADMIN" && 
+          <div>
+            <h2>Forbidden</h2>
+            <a href="/">На главную</a>
+          </div>}
       </article>
     )
 }

frontend/src/components/pages/forbiddenPage.jsx

@@ -0,0 +1,8 @@
+export default function ForbiddenPage(){
+    return(
+        <div>
+            <h2>Forbidden</h2>
+            <a href="/">На главную</a>
+        </div>
+    )
+}