From 783f8886c2bf90641af2277aa9eb5f815499df3a Mon Sep 17 00:00:00 2001 From: Zakharov_Rostislav Date: Thu, 23 May 2024 14:23:16 +0400 Subject: [PATCH] lab-5 Change Controllers to secure admin-accesible actions from violations --- .../library/authors/api/AuthorController.java | 3 + .../ip/library/books/api/BookController.java | 8 +-- .../ip/library/types/api/TypeController.java | 3 + .../library/users/api/UserBookController.java | 59 +++++++++++++++++++ .../ip/library/users/api/UserController.java | 39 ++---------- 5 files changed, 74 insertions(+), 38 deletions(-) create mode 100644 SpringApp/library/src/main/java/com/ip/library/users/api/UserBookController.java diff --git a/SpringApp/library/src/main/java/com/ip/library/authors/api/AuthorController.java b/SpringApp/library/src/main/java/com/ip/library/authors/api/AuthorController.java index 31cf660..431ff51 100644 --- a/SpringApp/library/src/main/java/com/ip/library/authors/api/AuthorController.java +++ b/SpringApp/library/src/main/java/com/ip/library/authors/api/AuthorController.java @@ -3,6 +3,7 @@ package com.ip.library.authors.api; import java.util.List; import org.modelmapper.ModelMapper; +import org.springframework.security.access.annotation.Secured; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -13,6 +14,7 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; import com.ip.library.core.configuration.Constants; +import com.ip.library.users.model.UserRole; import com.ip.library.authors.model.AuthorEntity; import com.ip.library.authors.service.AuthorService; @@ -20,6 +22,7 @@ import jakarta.validation.Valid; @RestController +@Secured(value = UserRole.Secured.ADMIN) @RequestMapping(Constants.API_URL + "/author") public class AuthorController { private final AuthorService authorService; diff --git a/SpringApp/library/src/main/java/com/ip/library/books/api/BookController.java b/SpringApp/library/src/main/java/com/ip/library/books/api/BookController.java index 537a191..4d4e914 100644 --- a/SpringApp/library/src/main/java/com/ip/library/books/api/BookController.java +++ b/SpringApp/library/src/main/java/com/ip/library/books/api/BookController.java @@ -3,6 +3,7 @@ package com.ip.library.books.api; import java.util.List; import org.modelmapper.ModelMapper; +import org.springframework.security.access.annotation.Secured; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -17,10 +18,12 @@ import com.ip.library.books.model.BookEntity; import com.ip.library.books.service.BookService; import com.ip.library.core.configuration.Constants; import com.ip.library.types.service.TypeService; +import com.ip.library.users.model.UserRole; import jakarta.validation.Valid; @RestController +@Secured(value = UserRole.Secured.ADMIN) @RequestMapping(Constants.API_URL + "/book") public class BookController { private final BookService bookService; @@ -74,11 +77,6 @@ public class BookController { return toBookDto(bookService.delete(id)); } - @GetMapping("/{bookId}/users/number") - public int getBookSubscribersNumber(@PathVariable(name = "bookId") Long bookId) { - return bookService.getBookSubscribersNumber(bookId); - } - @GetMapping("/{bookId}/author/{authorId}") public boolean addAuthor( @PathVariable(name = "bookId") Long bookId, diff --git a/SpringApp/library/src/main/java/com/ip/library/types/api/TypeController.java b/SpringApp/library/src/main/java/com/ip/library/types/api/TypeController.java index 3846ce9..f6e6125 100644 --- a/SpringApp/library/src/main/java/com/ip/library/types/api/TypeController.java +++ b/SpringApp/library/src/main/java/com/ip/library/types/api/TypeController.java @@ -3,6 +3,7 @@ package com.ip.library.types.api; import java.util.List; import org.modelmapper.ModelMapper; +import org.springframework.security.access.annotation.Secured; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -15,10 +16,12 @@ import org.springframework.web.bind.annotation.RestController; import com.ip.library.core.configuration.Constants; import com.ip.library.types.model.TypeEntity; import com.ip.library.types.service.TypeService; +import com.ip.library.users.model.UserRole; import jakarta.validation.Valid; @RestController +@Secured(value = UserRole.Secured.ADMIN) @RequestMapping(Constants.API_URL + "/type") public class TypeController { private final TypeService typeService; diff --git a/SpringApp/library/src/main/java/com/ip/library/users/api/UserBookController.java b/SpringApp/library/src/main/java/com/ip/library/users/api/UserBookController.java new file mode 100644 index 0000000..6226093 --- /dev/null +++ b/SpringApp/library/src/main/java/com/ip/library/users/api/UserBookController.java @@ -0,0 +1,59 @@ +package com.ip.library.users.api; + +import java.util.List; + +import org.modelmapper.ModelMapper; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.RestController; + +import com.ip.library.books.api.BookDto; +import com.ip.library.books.model.BookEntity; +import com.ip.library.books.service.BookService; +import com.ip.library.core.configuration.Constants; +import com.ip.library.users.service.UserService; + +@RestController +@RequestMapping(Constants.API_URL + "/user/{userId}/book") +public class UserBookController { + private final UserService userService; + private final ModelMapper modelMapper; + private final BookService bookService; + + public UserBookController( + UserService userService, + ModelMapper modelMapper, + BookService bookService) { + this.userService = userService; + this.modelMapper = modelMapper; + this.bookService = bookService; + } + + private BookDto toBookDto (BookEntity entity) { + BookDto bookDto = modelMapper.map(entity, BookDto.class); + bookDto.setAuthorId(entity.getAuthorsBooks().stream().map(x -> x.getAuthor().getId()).toList()); + return bookDto; + } + + @GetMapping("/{bookId}") + public boolean addFavorite( + @PathVariable(name = "userId") Long userId, + @PathVariable(name = "bookId") Long bookId) { + return userService.addFavorite(userId, bookId); + } + + @GetMapping("/all-books") + public List getUserFavorites( + @PathVariable(name = "userId") Long userId, + @RequestParam(name = "page", defaultValue = "0") int page, + @RequestParam(name = "size", defaultValue = Constants.DEFAULT_PAGE_SIZE) int size) { + return userService.getUserFavorities(userId, page, size).stream().map(this::toBookDto).toList(); + } + + @GetMapping("/{bookId}/number") + public int getBookSubscribersNumber(@PathVariable(name = "bookId") Long bookId) { + return bookService.getBookSubscribersNumber(bookId); + } +} diff --git a/SpringApp/library/src/main/java/com/ip/library/users/api/UserController.java b/SpringApp/library/src/main/java/com/ip/library/users/api/UserController.java index ab75e47..e845453 100644 --- a/SpringApp/library/src/main/java/com/ip/library/users/api/UserController.java +++ b/SpringApp/library/src/main/java/com/ip/library/users/api/UserController.java @@ -1,8 +1,7 @@ package com.ip.library.users.api; -import java.util.List; - import org.modelmapper.ModelMapper; +import org.springframework.security.access.annotation.Secured; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -13,32 +12,28 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; -import com.ip.library.books.api.BookDto; -import com.ip.library.books.model.BookEntity; import com.ip.library.core.api.PageDto; import com.ip.library.core.api.PageDtoMapper; import com.ip.library.core.configuration.Constants; import com.ip.library.users.model.UserEntity; +import com.ip.library.users.model.UserRole; import com.ip.library.users.service.UserService; import jakarta.validation.Valid; @RestController +@Secured(value = UserRole.Secured.ADMIN) @RequestMapping(Constants.API_URL + "/user") public class UserController { private final UserService userService; private final ModelMapper modelMapper; - public UserController(UserService userService, ModelMapper modelMapper) { + public UserController( + UserService userService, + ModelMapper modelMapper) { this.userService = userService; this.modelMapper = modelMapper; } - - private BookDto toBookDto (BookEntity entity) { - BookDto bookDto = modelMapper.map(entity, BookDto.class); - bookDto.setAuthorId(entity.getAuthorsBooks().stream().map(x -> x.getAuthor().getId()).toList()); - return bookDto; - } private UserDto toUserDto(UserEntity entity) { return modelMapper.map(entity, UserDto.class); @@ -79,26 +74,4 @@ public class UserController { public UserDto changePassword(@PathVariable(name = "id") Long id, @RequestBody String newPassword) { return toUserDto(userService.changePassword(id, newPassword)); } - - @DeleteMapping("/{userId}/books/{bookId}") - public boolean removeFavorite( - @PathVariable(name = "userId") Long userId, - @PathVariable(name = "bookId") Long bookId) { - return true; - } - - @GetMapping("/{userId}/books/{bookId}") - public boolean addFavorite( - @PathVariable(name = "userId") Long userId, - @PathVariable(name = "bookId") Long bookId) { - return userService.addFavorite(userId, bookId); - } - - @GetMapping("/{userId}/books") - public List getUserFavorites( - @PathVariable(name = "userId") Long userId, - @RequestParam(name = "page", defaultValue = "0") int page, - @RequestParam(name = "size", defaultValue = Constants.DEFAULT_PAGE_SIZE) int size) { - return userService.getUserFavorities(userId, page, size).stream().map(this::toBookDto).toList(); - } }