fix

.
2023-05-15 15:40:33 +04:00 · 2023-05-15 14:19:01 +04:00
6 changed files with 43 additions and 11 deletions
--- a/front/src/components/common/Container.jsx
+++ b/front/src/components/common/Container.jsx
@ -25,12 +25,14 @@ export default function Container(props) {
                    <a
                      className="text-end align-self-end"
                      href="#"
+                      type="button"
                      onClick={()=>props.onRemove(item.id)}
                    >
                      Удалить
                    </a>
                    <a
                      className="px-2 text-end align-self-end"
+                      type="button"
                      href="#"
                      onClick={()=>props.onEdit(item.id)}
                    >
@ -39,6 +41,7 @@ export default function Container(props) {
                    <a
                      className="px-2 text-end align-self-end"
                      href="#"
+                      type="button"
                      onClick={()=>props.onUpdateGenre(item.id)}
                    >
                      Изменить жанры
--- a/front/src/components/pages/dev/UsersPage.jsx
+++ b/front/src/components/pages/dev/UsersPage.jsx
@ -49,7 +49,7 @@ export default function UsersPage(props) {
                <nav>
                    <ul className="pagination">
                        {pageNumbers.map((number) => (
-                            <li className={`page-item ${number === pageNumber + 1 ? "active" : ""}`}
+                            <li className={`page-item ${number === pageNumber ? "active" : ""}`}
                                onClick={() => pageButtonOnClick(number)}>
                                <a className="page-link" href="#">{number}</a>
                            </li>
--- a/front/src/services/DataService.js
+++ b/front/src/services/DataService.js
@ -29,7 +29,11 @@ export default class DataService {
        return response.data.map(item => transformer(item));
    }
    static async read(dataUrlPrefix, url, id, transformer) {
-        const response = await axios.get(dataUrlPrefix + url + '/' + id);
+        const response = await axios.get(dataUrlPrefix + url + '/' + id,{
+            headers:{
+                "Authorization": "Bearer " + localStorage.getItem("token")
+            }
+        });
        return transformer(response.data);
    }

@ -53,23 +57,27 @@ export default class DataService {
    }
    static async createGenre(dataUrlPrefix, url, data){
        const headers = { 
-            "Content-Type": "application/json"
+            "Content-Type": "application/json",
+            "Authorization": "Bearer " + localStorage.getItem("token")
        };
        const response = await axios.post(dataUrlPrefix + url + `?name=${data.name}&login=${localStorage.getItem("login")}`, JSON.stringify(data), headers);
        return true;
    }

    static async updateBook(dataUrlPrefix, url, data) {
-        const headers = { 
-            "Content-Type": "application/json"
-        };
        const response = await axios.put(dataUrlPrefix + url + '/' + data.id + `?name=${data.name}&desc=${data.description}
-        &authorId=${data.author}`, JSON.stringify(data), headers);
+        &authorId=${data.author}`, JSON.stringify(data), {
+            headers:{
+                "Content-Type": "application/json",
+                "Authorization": "Bearer " + localStorage.getItem("token")
+            }
+        });
        return true;
    }
    static async updateAuthor(dataUrlPrefix, url, data) {
        const headers = { 
-            "Content-Type": "application/json"
+            "Content-Type": "application/json",
+            "Authorization": "Bearer " + localStorage.getItem("token")
        };
        const response = await axios.put(dataUrlPrefix + url + '/' + data.id + `?name=${data.name}&surname=${data.surname}
        &patronymic=${data.patronymic}`, JSON.stringify(data), headers);
@ -77,14 +85,16 @@ export default class DataService {
    }
    static async updateGenre(dataUrlPrefix, url, data) {
        const headers = { 
-            "Content-Type": "application/json"
+            "Content-Type": "application/json",
+            "Authorization": "Bearer " + localStorage.getItem("token")
        };
        const response = await axios.put(dataUrlPrefix + url + '/' + data.id + `?name=${data.name}`, JSON.stringify(data), headers);
        return true;
    }
    static async updateBookGenre(dataUrlPrefix, url, data, genreId, param){
        const headers = { 
-            "Content-Type": "application/json"
+            "Content-Type": "application/json",
+            "Authorization": "Bearer " + localStorage.getItem("token")
        };
        if(param === true){
            const response = await axios.put(dataUrlPrefix + url + '/' + data.id + '/genres/' + genreId, JSON.stringify(data), headers);
@ -96,7 +106,11 @@ export default class DataService {
    }

    static async delete(dataUrlPrefix,url, id) {
-        const response = await axios.delete(dataUrlPrefix + url + '/' + id);
+        const response = await axios.delete(dataUrlPrefix + url + '/' + id,{
+            headers:{
+                "Authorization": "Bearer " + localStorage.getItem("token")
+            }
+        });
        return response.data.id;
    }
 }
--- a/src/main/java/com/labwork01/app/author/controller/AuthorController.java
+++ b/src/main/java/com/labwork01/app/author/controller/AuthorController.java
@ -1,6 +1,8 @@
 package com.labwork01.app.author.controller;

 import com.labwork01.app.author.service.AuthorService;
+import com.labwork01.app.user.model.UserRole;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.web.bind.annotation.*;

 import java.util.List;
@ -13,6 +15,7 @@ public class AuthorController {
        this.authorService = authorService;
    }
    @GetMapping("/{id}")
+    @Secured({UserRole.AsString.ADMIN})
    public AuthorDto getAuthor(@PathVariable Long id) {
        return new AuthorDto(authorService.findAuthor(id));
    }
@ -33,6 +36,7 @@ public class AuthorController {
    }

    @PutMapping("/{id}")
+    @Secured({UserRole.AsString.ADMIN})
    public AuthorDto updateAuthor(@PathVariable Long id,
                                  @RequestParam("name") String name,
                                  @RequestParam("surname") String surname,
@ -41,6 +45,7 @@ public class AuthorController {
    }

    @DeleteMapping("/{id}")
+    @Secured({UserRole.AsString.ADMIN})
    public AuthorDto deleteAuthor(@PathVariable Long id) {
        return new AuthorDto(authorService.deleteAuthor(id));
    }
--- a/src/main/java/com/labwork01/app/book/controller/BookController.java
+++ b/src/main/java/com/labwork01/app/book/controller/BookController.java
@ -4,6 +4,8 @@ import com.labwork01.app.author.service.AuthorService;
 import com.labwork01.app.book.service.BookService;
 import com.labwork01.app.genre.model.Genre;
 import com.labwork01.app.genre.service.GenreService;
+import com.labwork01.app.user.model.UserRole;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.web.bind.annotation.*;

 import java.util.ArrayList;
@ -21,6 +23,7 @@ public class BookController {
        this.genreService = genreService;
    }
    @GetMapping("/{id}")
+    @Secured({UserRole.AsString.ADMIN})
    public BookDto getBook(@PathVariable Long id) {
        return new BookDto(bookService.findBook(id));
    }
@ -49,6 +52,7 @@ public class BookController {
    }

    @PutMapping("/{id}")
+    @Secured({UserRole.AsString.ADMIN})
    public BookDto updateBook(@PathVariable Long id,
                              @RequestParam("name") String name,
                              @RequestParam("desc") String description,
@ -66,6 +70,7 @@ public class BookController {
        return new BookDto(bookService.removeGenreFromBook(id, genreService.findGenre(genreId)));
    }
    @DeleteMapping("/{id}")
+    @Secured({UserRole.AsString.ADMIN})
    public BookDto deleteBook(@PathVariable Long id) {
        return new BookDto(bookService.deleteBook(id));
    }
--- a/src/main/java/com/labwork01/app/genre/controller/GenreController.java
+++ b/src/main/java/com/labwork01/app/genre/controller/GenreController.java
@ -1,6 +1,8 @@
 package com.labwork01.app.genre.controller;

 import com.labwork01.app.genre.service.GenreService;
+import com.labwork01.app.user.model.UserRole;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.web.bind.annotation.*;

 import java.util.List;
@ -13,6 +15,7 @@ public class GenreController {
        this.genreService = genreService;
    }
    @GetMapping("/{id}")
+    @Secured({UserRole.AsString.ADMIN})
    public GenreDto getGenre(@PathVariable Long id) {
        return new GenreDto(genreService.findGenre(id));
    }
@ -30,12 +33,14 @@ public class GenreController {
    }

    @PutMapping("/{id}")
+    @Secured({UserRole.AsString.ADMIN})
    public GenreDto updateGenre(@PathVariable Long id,
                                    @RequestParam("name") String name) {
        return new GenreDto(genreService.updateGenre(id, name));
    }

    @DeleteMapping("/{id}")
+    @Secured({UserRole.AsString.ADMIN})
    public GenreDto deleteGenre(@PathVariable Long id) {
        return new GenreDto(genreService.deleteGenre(id));
    }
Author	SHA1	Message	Date
Danil_Malin	004ba73684	fix	2023-05-15 15:40:33 +04:00
Danil_Malin	858188c8ad	.	2023-05-15 14:19:01 +04:00