Zakharov_Rostislav/Internet-programming_PIbd-23_ZakharovRA
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lab-5

Browse Source 
Change Controllers to secure admin-accesible actions from violations
This commit is contained in:
Zakharov_Rostislav 2024-05-23 14:23:16 +04:00
parent 767fa9c758
commit 783f8886c2
5 changed files with 74 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
SpringApp/library/src/main/java/com/ip/library/authors/api/AuthorController.java
View File

@ -3,6 +3,7 @@ package com.ip.library.authors.api;
import java.util.List; import java.util.List;
import org.modelmapper.ModelMapper; import org.modelmapper.ModelMapper;
import org.springframework.security.access.annotation.Secured;
import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PathVariable;
@ -13,6 +14,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
import com.ip.library.core.configuration.Constants; import com.ip.library.core.configuration.Constants;
import com.ip.library.users.model.UserRole;
import com.ip.library.authors.model.AuthorEntity; import com.ip.library.authors.model.AuthorEntity;
import com.ip.library.authors.service.AuthorService; import com.ip.library.authors.service.AuthorService;
@ -20,6 +22,7 @@ import jakarta.validation.Valid;
@RestController @RestController
@Secured(value = UserRole.Secured.ADMIN)
@RequestMapping(Constants.API_URL + "/author") @RequestMapping(Constants.API_URL + "/author")
public class AuthorController { public class AuthorController {
private final AuthorService authorService; private final AuthorService authorService;

8
SpringApp/library/src/main/java/com/ip/library/books/api/BookController.java
View File

@ -3,6 +3,7 @@ package com.ip.library.books.api;
import java.util.List; import java.util.List;
import org.modelmapper.ModelMapper; import org.modelmapper.ModelMapper;
import org.springframework.security.access.annotation.Secured;
import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PathVariable;
@ -17,10 +18,12 @@ import com.ip.library.books.model.BookEntity;
import com.ip.library.books.service.BookService; import com.ip.library.books.service.BookService;
import com.ip.library.core.configuration.Constants; import com.ip.library.core.configuration.Constants;
import com.ip.library.types.service.TypeService; import com.ip.library.types.service.TypeService;
import com.ip.library.users.model.UserRole;
import jakarta.validation.Valid; import jakarta.validation.Valid;
@RestController @RestController
@Secured(value = UserRole.Secured.ADMIN)
@RequestMapping(Constants.API_URL + "/book") @RequestMapping(Constants.API_URL + "/book")
public class BookController { public class BookController {
private final BookService bookService; private final BookService bookService;
@ -74,11 +77,6 @@ public class BookController {
return toBookDto(bookService.delete(id)); return toBookDto(bookService.delete(id));
} }
@GetMapping("/{bookId}/users/number")
public int getBookSubscribersNumber(@PathVariable(name = "bookId") Long bookId) {
return bookService.getBookSubscribersNumber(bookId);
}
@GetMapping("/{bookId}/author/{authorId}") @GetMapping("/{bookId}/author/{authorId}")
public boolean addAuthor( public boolean addAuthor(
@PathVariable(name = "bookId") Long bookId, @PathVariable(name = "bookId") Long bookId,

3
SpringApp/library/src/main/java/com/ip/library/types/api/TypeController.java
View File

@ -3,6 +3,7 @@ package com.ip.library.types.api;
import java.util.List; import java.util.List;
import org.modelmapper.ModelMapper; import org.modelmapper.ModelMapper;
import org.springframework.security.access.annotation.Secured;
import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PathVariable;
@ -15,10 +16,12 @@ import org.springframework.web.bind.annotation.RestController;
import com.ip.library.core.configuration.Constants; import com.ip.library.core.configuration.Constants;
import com.ip.library.types.model.TypeEntity; import com.ip.library.types.model.TypeEntity;
import com.ip.library.types.service.TypeService; import com.ip.library.types.service.TypeService;
import com.ip.library.users.model.UserRole;
import jakarta.validation.Valid; import jakarta.validation.Valid;
@RestController @RestController
@Secured(value = UserRole.Secured.ADMIN)
@RequestMapping(Constants.API_URL + "/type") @RequestMapping(Constants.API_URL + "/type")
public class TypeController { public class TypeController {
private final TypeService typeService; private final TypeService typeService;

59
SpringApp/library/src/main/java/com/ip/library/users/api/UserBookController.java Normal file
View File

@ -0,0 +1,59 @@
package com.ip.library.users.api;
import java.util.List;
import org.modelmapper.ModelMapper;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import com.ip.library.books.api.BookDto;
import com.ip.library.books.model.BookEntity;
import com.ip.library.books.service.BookService;
import com.ip.library.core.configuration.Constants;
import com.ip.library.users.service.UserService;
@RestController
@RequestMapping(Constants.API_URL + "/user/{userId}/book")
public class UserBookController {
private final UserService userService;
private final ModelMapper modelMapper;
private final BookService bookService;
public UserBookController(
UserService userService,
ModelMapper modelMapper,
BookService bookService) {
this.userService = userService;
this.modelMapper = modelMapper;
this.bookService = bookService;
}
private BookDto toBookDto (BookEntity entity) {
BookDto bookDto = modelMapper.map(entity, BookDto.class);
bookDto.setAuthorId(entity.getAuthorsBooks().stream().map(x -> x.getAuthor().getId()).toList());
return bookDto;
}
@GetMapping("/{bookId}")
public boolean addFavorite(
@PathVariable(name = "userId") Long userId,
@PathVariable(name = "bookId") Long bookId) {
return userService.addFavorite(userId, bookId);
}
@GetMapping("/all-books")
public List<BookDto> getUserFavorites(
@PathVariable(name = "userId") Long userId,
@RequestParam(name = "page", defaultValue = "0") int page,
@RequestParam(name = "size", defaultValue = Constants.DEFAULT_PAGE_SIZE) int size) {
return userService.getUserFavorities(userId, page, size).stream().map(this::toBookDto).toList();
}
@GetMapping("/{bookId}/number")
public int getBookSubscribersNumber(@PathVariable(name = "bookId") Long bookId) {
return bookService.getBookSubscribersNumber(bookId);
}
}

39
SpringApp/library/src/main/java/com/ip/library/users/api/UserController.java
View File

@ -1,8 +1,7 @@
package com.ip.library.users.api; package com.ip.library.users.api;
import java.util.List;
import org.modelmapper.ModelMapper; import org.modelmapper.ModelMapper;
import org.springframework.security.access.annotation.Secured;
import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PathVariable;
@ -13,33 +12,29 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
import com.ip.library.books.api.BookDto;
import com.ip.library.books.model.BookEntity;
import com.ip.library.core.api.PageDto; import com.ip.library.core.api.PageDto;
import com.ip.library.core.api.PageDtoMapper; import com.ip.library.core.api.PageDtoMapper;
import com.ip.library.core.configuration.Constants; import com.ip.library.core.configuration.Constants;
import com.ip.library.users.model.UserEntity; import com.ip.library.users.model.UserEntity;
import com.ip.library.users.model.UserRole;
import com.ip.library.users.service.UserService; import com.ip.library.users.service.UserService;
import jakarta.validation.Valid; import jakarta.validation.Valid;
@RestController @RestController
@Secured(value = UserRole.Secured.ADMIN)
@RequestMapping(Constants.API_URL + "/user") @RequestMapping(Constants.API_URL + "/user")
public class UserController { public class UserController {
private final UserService userService; private final UserService userService;
private final ModelMapper modelMapper; private final ModelMapper modelMapper;
public UserController(UserService userService, ModelMapper modelMapper) { public UserController(
UserService userService,
ModelMapper modelMapper) {
this.userService = userService; this.userService = userService;
this.modelMapper = modelMapper; this.modelMapper = modelMapper;
} }
private BookDto toBookDto (BookEntity entity) {
BookDto bookDto = modelMapper.map(entity, BookDto.class);
bookDto.setAuthorId(entity.getAuthorsBooks().stream().map(x -> x.getAuthor().getId()).toList());
return bookDto;
}
private UserDto toUserDto(UserEntity entity) { private UserDto toUserDto(UserEntity entity) {
return modelMapper.map(entity, UserDto.class); return modelMapper.map(entity, UserDto.class);
} }
@ -79,26 +74,4 @@ public class UserController {
public UserDto changePassword(@PathVariable(name = "id") Long id, @RequestBody String newPassword) { public UserDto changePassword(@PathVariable(name = "id") Long id, @RequestBody String newPassword) {
return toUserDto(userService.changePassword(id, newPassword)); return toUserDto(userService.changePassword(id, newPassword));
} }
@DeleteMapping("/{userId}/books/{bookId}")
public boolean removeFavorite(
@PathVariable(name = "userId") Long userId,
@PathVariable(name = "bookId") Long bookId) {
return true;
}
@GetMapping("/{userId}/books/{bookId}")
public boolean addFavorite(
@PathVariable(name = "userId") Long userId,
@PathVariable(name = "bookId") Long bookId) {
return userService.addFavorite(userId, bookId);
}
@GetMapping("/{userId}/books")
public List<BookDto> getUserFavorites(
@PathVariable(name = "userId") Long userId,
@RequestParam(name = "page", defaultValue = "0") int page,
@RequestParam(name = "size", defaultValue = Constants.DEFAULT_PAGE_SIZE) int size) {
return userService.getUserFavorities(userId, page, size).stream().map(this::toBookDto).toList();
}
} }