Любовь, ненависть, боль, наслаждение, жизнь, смерть. Здесь есть всё... Вот что значит — быть человеком.

2023-05-15 15:37:45 +04:00 · 2023-05-15 15:37:45 +04:00 · 8c8bfedcdf
commit 8c8bfedcdf
parent 69d2ccb2b3
4 changed files with 28 additions and 13 deletions
--- a/data.mv.db
+++ b/data.mv.db
--- a/src/main/java/com/example/maxim/lab3/controller/StoreMVCController.java
+++ b/src/main/java/com/example/maxim/lab3/controller/StoreMVCController.java
@ -1,12 +1,17 @@
 package com.example.maxim.lab3.controller;

+import com.example.maxim.lab3.model.UserRole;
 import com.example.maxim.lab3.service.StoreService;
 import jakarta.validation.Valid;
+import org.springframework.security.access.annotation.Secured;
+import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;

+import java.security.Principal;
+
@Controller
@RequestMapping("/store")
 public class StoreMVCController {
@ -33,16 +38,21 @@ public class StoreMVCController {
        return "buyer-info";
    }
    @GetMapping(value = {"/edit", "/edit/{id}"})
-    public String editStore(@PathVariable(required = false) Long id,
-                            Model model) {
-        if (id == null || id <= 0) {
-            model.addAttribute("StoreDTO", new StoreDTO());
+    public String editStore(@PathVariable(required = false) Long id, Model model, Principal principal) {
+        String roleName = ((Authentication)principal).getAuthorities().toArray()[0].toString();
+        if (UserRole.ADMIN.toString().equals(roleName)) {
+            if (id == null || id <= 0) {
+                model.addAttribute("StoreDTO", new StoreDTO());
+            } else {
+                model.addAttribute("storeId", id);
+                model.addAttribute("StoreDTO", new StoreDTO(storeService.findStore(id)));
+            }
+            return "/store-edit";
        } else {
-            model.addAttribute("storeId", id);
-            model.addAttribute("StoreDTO", new StoreDTO(storeService.findStore(id)));
+            return "redirect:/error";
        }
-        return "store-edit";
    }
+
    @PostMapping(value = {"", "/{id}"})
    public String saveStore(@PathVariable(required = false) Long id,
                            @ModelAttribute @Valid StoreDTO storeDTO,
@ -60,9 +70,14 @@ public class StoreMVCController {
        return "redirect:/store";
    }
    @PostMapping("/delete/{id}")
-    public String deleteStore(@PathVariable Long id) {
-        storeService.deleteStore(id);
-        return "redirect:/store";
+    public String deleteStore(@PathVariable Long id, Principal principal) {
+        String roleName = ((Authentication)principal).getAuthorities().toArray()[0].toString();
+        if (UserRole.ADMIN.toString().equals(roleName)) {
+            storeService.deleteStore(id);
+            return "redirect:/store";
+        } else {
+            return "redirect:/error";
+        }
    }
 }

--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -1,5 +1,5 @@
 spring.main.banner-mode=off
-server.port=8081
+server.port=8080
 #server.tomcat.relaxed-query-chars=|,{,},[,]
 spring.datasource.url=jdbc:h2:file:./data
 spring.datasource.driverClassName=org.h2.Driver
--- a/src/main/resources/templates/store.html
+++ b/src/main/resources/templates/store.html
@ -7,7 +7,7 @@
 <body>
 <div layout:fragment="content">
    <div>
-        <a sec:authorize="isAuthenticated() and hasRole('ROLE_ADMIN')" class="btn btn-outline-dark text-center d-flex justify-content-md-center mx-5"
+        <a sec:authorize="isAuthenticated()" class="btn btn-outline-dark text-center d-flex justify-content-md-center mx-5"
           th:href="@{/store/edit}">
            <i class="fa-solid fa-plus"></i> Добавить
        </a>
@ -36,7 +36,7 @@
                           th:href="@{/store/edit/{id}(id=${store.id})}">
                            <i class="fa fa-pencil" aria-hidden="true"></i> Изменить
                        </a>
-                        <button sec:authorize="isAuthenticated() and hasRole('ROLE_ADMIN')" type="button" class="btn btn-outline-dark text-center d-flex justify-content-md-center mx-5" style="min-width: 120px;"
+                        <button sec:authorize="isAuthenticated()" type="button" class="btn btn-outline-dark text-center d-flex justify-content-md-center mx-5" style="min-width: 120px;"
                                th:attr="onclick=|confirm('Удалить запись?') && document.getElementById('remove-${store.id}').click()|">
                            <i class="fa fa-trash" aria-hidden="true"></i> Удалить
                        </button>