diff --git a/data.mv.db b/data.mv.db index 94e6e38..0b35ea6 100644 Binary files a/data.mv.db and b/data.mv.db differ diff --git a/src/main/java/com/example/maxim/lab3/controller/StoreMVCController.java b/src/main/java/com/example/maxim/lab3/controller/StoreMVCController.java index 6511dec..1c1285d 100644 --- a/src/main/java/com/example/maxim/lab3/controller/StoreMVCController.java +++ b/src/main/java/com/example/maxim/lab3/controller/StoreMVCController.java @@ -1,12 +1,17 @@ package com.example.maxim.lab3.controller; +import com.example.maxim.lab3.model.UserRole; import com.example.maxim.lab3.service.StoreService; import jakarta.validation.Valid; +import org.springframework.security.access.annotation.Secured; +import org.springframework.security.core.Authentication; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.validation.BindingResult; import org.springframework.web.bind.annotation.*; +import java.security.Principal; + @Controller @RequestMapping("/store") public class StoreMVCController { @@ -33,16 +38,21 @@ public class StoreMVCController { return "buyer-info"; } @GetMapping(value = {"/edit", "/edit/{id}"}) - public String editStore(@PathVariable(required = false) Long id, - Model model) { - if (id == null || id <= 0) { - model.addAttribute("StoreDTO", new StoreDTO()); + public String editStore(@PathVariable(required = false) Long id, Model model, Principal principal) { + String roleName = ((Authentication)principal).getAuthorities().toArray()[0].toString(); + if (UserRole.ADMIN.toString().equals(roleName)) { + if (id == null || id <= 0) { + model.addAttribute("StoreDTO", new StoreDTO()); + } else { + model.addAttribute("storeId", id); + model.addAttribute("StoreDTO", new StoreDTO(storeService.findStore(id))); + } + return "/store-edit"; } else { - model.addAttribute("storeId", id); - model.addAttribute("StoreDTO", new StoreDTO(storeService.findStore(id))); + return "redirect:/error"; } - return "store-edit"; } + @PostMapping(value = {"", "/{id}"}) public String saveStore(@PathVariable(required = false) Long id, @ModelAttribute @Valid StoreDTO storeDTO, @@ -60,9 +70,14 @@ public class StoreMVCController { return "redirect:/store"; } @PostMapping("/delete/{id}") - public String deleteStore(@PathVariable Long id) { - storeService.deleteStore(id); - return "redirect:/store"; + public String deleteStore(@PathVariable Long id, Principal principal) { + String roleName = ((Authentication)principal).getAuthorities().toArray()[0].toString(); + if (UserRole.ADMIN.toString().equals(roleName)) { + storeService.deleteStore(id); + return "redirect:/store"; + } else { + return "redirect:/error"; + } } } diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index d96dddc..62a4c3f 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,5 +1,5 @@ spring.main.banner-mode=off -server.port=8081 +server.port=8080 #server.tomcat.relaxed-query-chars=|,{,},[,] spring.datasource.url=jdbc:h2:file:./data spring.datasource.driverClassName=org.h2.Driver diff --git a/src/main/resources/templates/store.html b/src/main/resources/templates/store.html index ff019a6..7fb514c 100644 --- a/src/main/resources/templates/store.html +++ b/src/main/resources/templates/store.html @@ -7,7 +7,7 @@
- Добавить @@ -36,7 +36,7 @@ th:href="@{/store/edit/{id}(id=${store.id})}"> Изменить -