lab-5
Change Controllers to secure admin-accesible actions from violations
This commit is contained in:
parent
767fa9c758
commit
783f8886c2
@ -3,6 +3,7 @@ package com.ip.library.authors.api;
|
||||
import java.util.List;
|
||||
|
||||
import org.modelmapper.ModelMapper;
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.web.bind.annotation.DeleteMapping;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
@ -13,6 +14,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import com.ip.library.core.configuration.Constants;
|
||||
import com.ip.library.users.model.UserRole;
|
||||
import com.ip.library.authors.model.AuthorEntity;
|
||||
import com.ip.library.authors.service.AuthorService;
|
||||
|
||||
@ -20,6 +22,7 @@ import jakarta.validation.Valid;
|
||||
|
||||
|
||||
@RestController
|
||||
@Secured(value = UserRole.Secured.ADMIN)
|
||||
@RequestMapping(Constants.API_URL + "/author")
|
||||
public class AuthorController {
|
||||
private final AuthorService authorService;
|
||||
|
||||
@ -3,6 +3,7 @@ package com.ip.library.books.api;
|
||||
import java.util.List;
|
||||
|
||||
import org.modelmapper.ModelMapper;
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.web.bind.annotation.DeleteMapping;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
@ -17,10 +18,12 @@ import com.ip.library.books.model.BookEntity;
|
||||
import com.ip.library.books.service.BookService;
|
||||
import com.ip.library.core.configuration.Constants;
|
||||
import com.ip.library.types.service.TypeService;
|
||||
import com.ip.library.users.model.UserRole;
|
||||
|
||||
import jakarta.validation.Valid;
|
||||
|
||||
@RestController
|
||||
@Secured(value = UserRole.Secured.ADMIN)
|
||||
@RequestMapping(Constants.API_URL + "/book")
|
||||
public class BookController {
|
||||
private final BookService bookService;
|
||||
@ -74,11 +77,6 @@ public class BookController {
|
||||
return toBookDto(bookService.delete(id));
|
||||
}
|
||||
|
||||
@GetMapping("/{bookId}/users/number")
|
||||
public int getBookSubscribersNumber(@PathVariable(name = "bookId") Long bookId) {
|
||||
return bookService.getBookSubscribersNumber(bookId);
|
||||
}
|
||||
|
||||
@GetMapping("/{bookId}/author/{authorId}")
|
||||
public boolean addAuthor(
|
||||
@PathVariable(name = "bookId") Long bookId,
|
||||
|
||||
@ -3,6 +3,7 @@ package com.ip.library.types.api;
|
||||
import java.util.List;
|
||||
|
||||
import org.modelmapper.ModelMapper;
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.web.bind.annotation.DeleteMapping;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
@ -15,10 +16,12 @@ import org.springframework.web.bind.annotation.RestController;
|
||||
import com.ip.library.core.configuration.Constants;
|
||||
import com.ip.library.types.model.TypeEntity;
|
||||
import com.ip.library.types.service.TypeService;
|
||||
import com.ip.library.users.model.UserRole;
|
||||
|
||||
import jakarta.validation.Valid;
|
||||
|
||||
@RestController
|
||||
@Secured(value = UserRole.Secured.ADMIN)
|
||||
@RequestMapping(Constants.API_URL + "/type")
|
||||
public class TypeController {
|
||||
private final TypeService typeService;
|
||||
|
||||
@ -0,0 +1,59 @@
|
||||
package com.ip.library.users.api;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.modelmapper.ModelMapper;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import com.ip.library.books.api.BookDto;
|
||||
import com.ip.library.books.model.BookEntity;
|
||||
import com.ip.library.books.service.BookService;
|
||||
import com.ip.library.core.configuration.Constants;
|
||||
import com.ip.library.users.service.UserService;
|
||||
|
||||
@RestController
|
||||
@RequestMapping(Constants.API_URL + "/user/{userId}/book")
|
||||
public class UserBookController {
|
||||
private final UserService userService;
|
||||
private final ModelMapper modelMapper;
|
||||
private final BookService bookService;
|
||||
|
||||
public UserBookController(
|
||||
UserService userService,
|
||||
ModelMapper modelMapper,
|
||||
BookService bookService) {
|
||||
this.userService = userService;
|
||||
this.modelMapper = modelMapper;
|
||||
this.bookService = bookService;
|
||||
}
|
||||
|
||||
private BookDto toBookDto (BookEntity entity) {
|
||||
BookDto bookDto = modelMapper.map(entity, BookDto.class);
|
||||
bookDto.setAuthorId(entity.getAuthorsBooks().stream().map(x -> x.getAuthor().getId()).toList());
|
||||
return bookDto;
|
||||
}
|
||||
|
||||
@GetMapping("/{bookId}")
|
||||
public boolean addFavorite(
|
||||
@PathVariable(name = "userId") Long userId,
|
||||
@PathVariable(name = "bookId") Long bookId) {
|
||||
return userService.addFavorite(userId, bookId);
|
||||
}
|
||||
|
||||
@GetMapping("/all-books")
|
||||
public List<BookDto> getUserFavorites(
|
||||
@PathVariable(name = "userId") Long userId,
|
||||
@RequestParam(name = "page", defaultValue = "0") int page,
|
||||
@RequestParam(name = "size", defaultValue = Constants.DEFAULT_PAGE_SIZE) int size) {
|
||||
return userService.getUserFavorities(userId, page, size).stream().map(this::toBookDto).toList();
|
||||
}
|
||||
|
||||
@GetMapping("/{bookId}/number")
|
||||
public int getBookSubscribersNumber(@PathVariable(name = "bookId") Long bookId) {
|
||||
return bookService.getBookSubscribersNumber(bookId);
|
||||
}
|
||||
}
|
||||
@ -1,8 +1,7 @@
|
||||
package com.ip.library.users.api;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.modelmapper.ModelMapper;
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.web.bind.annotation.DeleteMapping;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
@ -13,32 +12,28 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import com.ip.library.books.api.BookDto;
|
||||
import com.ip.library.books.model.BookEntity;
|
||||
import com.ip.library.core.api.PageDto;
|
||||
import com.ip.library.core.api.PageDtoMapper;
|
||||
import com.ip.library.core.configuration.Constants;
|
||||
import com.ip.library.users.model.UserEntity;
|
||||
import com.ip.library.users.model.UserRole;
|
||||
import com.ip.library.users.service.UserService;
|
||||
|
||||
import jakarta.validation.Valid;
|
||||
|
||||
@RestController
|
||||
@Secured(value = UserRole.Secured.ADMIN)
|
||||
@RequestMapping(Constants.API_URL + "/user")
|
||||
public class UserController {
|
||||
private final UserService userService;
|
||||
private final ModelMapper modelMapper;
|
||||
|
||||
public UserController(UserService userService, ModelMapper modelMapper) {
|
||||
public UserController(
|
||||
UserService userService,
|
||||
ModelMapper modelMapper) {
|
||||
this.userService = userService;
|
||||
this.modelMapper = modelMapper;
|
||||
}
|
||||
|
||||
private BookDto toBookDto (BookEntity entity) {
|
||||
BookDto bookDto = modelMapper.map(entity, BookDto.class);
|
||||
bookDto.setAuthorId(entity.getAuthorsBooks().stream().map(x -> x.getAuthor().getId()).toList());
|
||||
return bookDto;
|
||||
}
|
||||
|
||||
private UserDto toUserDto(UserEntity entity) {
|
||||
return modelMapper.map(entity, UserDto.class);
|
||||
@ -79,26 +74,4 @@ public class UserController {
|
||||
public UserDto changePassword(@PathVariable(name = "id") Long id, @RequestBody String newPassword) {
|
||||
return toUserDto(userService.changePassword(id, newPassword));
|
||||
}
|
||||
|
||||
@DeleteMapping("/{userId}/books/{bookId}")
|
||||
public boolean removeFavorite(
|
||||
@PathVariable(name = "userId") Long userId,
|
||||
@PathVariable(name = "bookId") Long bookId) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@GetMapping("/{userId}/books/{bookId}")
|
||||
public boolean addFavorite(
|
||||
@PathVariable(name = "userId") Long userId,
|
||||
@PathVariable(name = "bookId") Long bookId) {
|
||||
return userService.addFavorite(userId, bookId);
|
||||
}
|
||||
|
||||
@GetMapping("/{userId}/books")
|
||||
public List<BookDto> getUserFavorites(
|
||||
@PathVariable(name = "userId") Long userId,
|
||||
@RequestParam(name = "page", defaultValue = "0") int page,
|
||||
@RequestParam(name = "size", defaultValue = Constants.DEFAULT_PAGE_SIZE) int size) {
|
||||
return userService.getUserFavorities(userId, page, size).stream().map(this::toBookDto).toList();
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user