Andrey_Abazov/PIbd-23_Abazov_A.A._IPLabs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Шестая лабораторная работа. Фикс вывода forbidden.

Browse Source
This commit is contained in:
abazov73 2023-05-16 10:19:24 +04:00
parent 1f69a7929e
commit 74766fecab
8 changed files with 88 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
backend/ipLab/data.mv.db
View File

Binary file not shown.

4
backend/ipLab/src/main/java/com/example/ipLab/StoreDataBase/Configurations/SecurityConfiguration.java
View File

@ -63,6 +63,10 @@ public class SecurityConfiguration {
.requestMatchers(HttpMethod.DELETE, "/api/**").hasRole("ADMIN")
.requestMatchers(HttpMethod.PUT, "/api/**").hasRole("ADMIN")
.requestMatchers(HttpMethod.POST, "/api/**").hasRole("ADMIN")
.requestMatchers(HttpMethod.GET, "/api/customer/**").hasRole("ADMIN")
.requestMatchers(HttpMethod.GET, "/api/store/addStore/**").hasRole("ADMIN")
.requestMatchers(HttpMethod.GET, "/customer/**").hasRole("ADMIN")
.requestMatchers(HttpMethod.GET, "/store/addToStore/**").hasRole("ADMIN")
.requestMatchers("/api/**").authenticated()
.requestMatchers(HttpMethod.POST, UserController.URL_LOGIN).permitAll()
.requestMatchers(HttpMethod.GET, "/img/**").permitAll())

6
backend/ipLab/src/main/java/com/example/ipLab/StoreDataBase/Controllers/CustomerController.java
View File

@ -1,10 +1,14 @@
package com.example.ipLab.StoreDataBase.Controllers;
import com.example.ipLab.StoreDataBase.DTO.CustomerDTO;
import com.example.ipLab.StoreDataBase.Exceptions.ForbiddenException;
import com.example.ipLab.StoreDataBase.Model.CustomUser;
import com.example.ipLab.StoreDataBase.Model.Customer;
import com.example.ipLab.StoreDataBase.Model.UserRole;
import com.example.ipLab.StoreDataBase.Service.CustomerService;
import com.example.ipLab.WebConfiguration;
import jakarta.validation.Valid;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.web.bind.annotation.*;
import java.util.List;
@ -24,7 +28,7 @@ public class CustomerController {
}
@GetMapping
public List<CustomerDTO> getCustomers(){
public List<CustomerDTO> getCustomers(@AuthenticationPrincipal CustomUser user){
return customerService.getAllCustomers().stream()
.map(CustomerDTO::new)
.toList();

8
backend/ipLab/src/main/java/com/example/ipLab/StoreDataBase/Exceptions/ForbiddenException.java Normal file
View File

@ -0,0 +1,8 @@
package com.example.ipLab.StoreDataBase.Exceptions;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.ResponseStatus;
@ResponseStatus(HttpStatus.FORBIDDEN)
public class ForbiddenException extends RuntimeException {
}

98
backend/ipLab/src/main/resources/templates/customer.html
View File

@ -5,52 +5,60 @@
<head>
</head>
<body>
<div sec:authorize="hasRole('ROLE_ADMIN')" layout:fragment="content">
<div>
<a class="btn btn-success button-fixed"
th:href="@{/customer/edit/}">
<i class="fa-solid fa-plus"></i> Добавить
</a>
<div layout:fragment="content">
<div sec:authorize="hasRole('ROLE_ADMIN')">
<div>
<a class="btn btn-success button-fixed"
th:href="@{/customer/edit/}">
<i class="fa-solid fa-plus"></i> Добавить
</a>
</div>
<div class="table-responsive">
<table class="table table-success table-hover">
<thead>
<tr>
<th scope="col">#</th>
<th scope="col">ID</th>
<th scope="col">Фамилия</th>
<th scope="col">Имя</th>
<th scope="col">Отчество</th>
<th scope="col"></th>
</tr>
</thead>
<tbody>
<tr th:each="customer, iterator: ${customers}">
<th scope="row" th:text="${iterator.index} + 1"/>
<td th:text="${customer.Id}"/>
<td th:text="${customer.lastName}"/>
<td th:text="${customer.firstName}"/>
<td th:text="${customer.middleName}"/>
<td style="width: 10%">
<div class="btn-group" role="group" aria-label="Basic example">
<a class="btn btn-warning button-fixed button-sm"
th:href="@{/customer/edit/{id}(id=${customer.id})}">
<i class="fa fa-pencil" aria-hidden="true"></i> Изменить
</a>
<button type="button" class="btn btn-danger button-fixed button-sm"
th:attr="onclick=|confirm('Удалить запись?') && document.getElementById('remove-${customer.id}').click()|">
<i class="fa fa-trash" aria-hidden="true"></i> Удалить
</button>
</div>
<form th:action="@{/customer/delete/{id}(id=${customer.id})}" method="post">
<button th:id="'remove-' + ${customer.id}" type="submit" style="display: none">
Удалить
</button>
</form>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="table-responsive">
<table class="table table-success table-hover">
<thead>
<tr>
<th scope="col">#</th>
<th scope="col">ID</th>
<th scope="col">Фамилия</th>
<th scope="col">Имя</th>
<th scope="col">Отчество</th>
<th scope="col"></th>
</tr>
</thead>
<tbody>
<tr th:each="customer, iterator: ${customers}">
<th scope="row" th:text="${iterator.index} + 1"/>
<td th:text="${customer.Id}"/>
<td th:text="${customer.lastName}"/>
<td th:text="${customer.firstName}"/>
<td th:text="${customer.middleName}"/>
<td style="width: 10%">
<div class="btn-group" role="group" aria-label="Basic example">
<a class="btn btn-warning button-fixed button-sm"
th:href="@{/customer/edit/{id}(id=${customer.id})}">
<i class="fa fa-pencil" aria-hidden="true"></i> Изменить
</a>
<button type="button" class="btn btn-danger button-fixed button-sm"
th:attr="onclick=|confirm('Удалить запись?') && document.getElementById('remove-${customer.id}').click()|">
<i class="fa fa-trash" aria-hidden="true"></i> Удалить
</button>
</div>
<form th:action="@{/customer/delete/{id}(id=${customer.id})}" method="post">
<button th:id="'remove-' + ${customer.id}" type="submit" style="display: none">
Удалить
</button>
</form>
</td>
</tr>
</tbody>
</table>
<div sec:authorize="hasRole('ROLE_USER')">
<div>
<h2>Forbidden</h2>
<a href="/">На главную</a>
</div>
</div>
</div>
</body>

3
frontend/src/App.jsx
View File

@ -8,6 +8,7 @@ import OrderPage from './components/pages/orderPage';
import AddToStorePage from './components/pages/addToStorePage';
import LoginPage from './components/pages/loginPage';
import Logout from './components/pages/logout';
import ForbiddenPage from './components/pages/forbiddenPage'
import './styleSite.css';
function Router(props) {
@ -18,10 +19,12 @@ export default function App() {
const routes = [
{ index: true, element: <StorePage/> },
localStorage.getItem("role") === "ADMIN" && { path: 'customer', element: <CustomerPage/>, label:'Покупатели'},
localStorage.getItem("role") !== "ADMIN" && { path: 'customer', element: <ForbiddenPage/>},
{ path: 'store', element: <StorePage/>, label: 'Магазины' },
{ path: 'product', element: <ProductPage/>, label: 'Товары' },
{ path: 'order', element: <OrderPage/>, label: 'Заказы'},
localStorage.getItem("role") === "ADMIN" && { path: 'addToStore', element: <AddToStorePage/>, label: 'Доставка'},
localStorage.getItem("role") !== "ADMIN" && { path: 'addToStore', element: <ForbiddenPage/>},
{ path: '/login', element: <LoginPage/>},
{ path: '/logout', element: <Logout/>}
];

9
frontend/src/components/pages/customerPage.jsx
View File

@ -28,7 +28,7 @@ function CustomerPage(){
}
return(
<article className="h-100 mt-0 mb-0 d-flex flex-column justify-content-between">
<CustomerTable headers={catalogCustomerHeaders}
{localStorage.getItem("role") === "ADMIN" && <CustomerTable headers={catalogCustomerHeaders}
getAllUrl={url}
url={url}
getUrl={getUrl}
@ -48,7 +48,12 @@ function CustomerPage(){
<label className="form-label" forhtml="middleName">Отчество</label>
<input className="form-control" type="text" id="middleName" value={data.middleName} onChange={handleFormChange} required="required"/>
</div>
</CustomerTable>
</CustomerTable>}
{localStorage.getItem("role") !== "ADMIN" &&
<div>
<h2>Forbidden</h2>
<a href="/">На главную</a>
</div>}
</article>
)
}

8
frontend/src/components/pages/forbiddenPage.jsx Normal file
View File

@ -0,0 +1,8 @@
export default function ForbiddenPage(){
return(
<div>
<h2>Forbidden</h2>
<a href="/">На главную</a>
</div>
)
}