так правильнее

2023-05-15 15:56:55 +04:00 · 2023-05-15 15:56:55 +04:00 · c5dfae5f3e
commit c5dfae5f3e
parent 4e3dfdab49
3 changed files with 11 additions and 13 deletions
--- a/front/src/App.js
+++ b/front/src/App.js
@ -15,7 +15,7 @@ export default function App() {
        {path: 'films', label: 'Главная', userAccess: 'NONE'},
        {path: 'registration', label: 'Регистрация', userAccess: 'NONE'},
        {path: 'entry', label: 'Вход', userAccess: 'NONE'},
-        {path: 'users', label: 'Пользователи', userAccess: 'ADMIN'},
+        {path: 'users', label: 'Пользователи', userAccess: 'USER'},
        {path: 'sessions', label: 'Сеансы', userAccess: 'NONE'},
        {path: 'orders', label: 'Заказы', userAccess: 'USER'}
    ];
@ -35,7 +35,7 @@ export default function App() {
                    <Route element={<PrivateRoutes userAccess='USER'/>}>
                        <Route element={<Orders/>} path="/orders"/>
                    </Route>
-                    <Route element={<PrivateRoutes userAccess="ADMIN"/>}>
+                    <Route element={<PrivateRoutes userAccess='USER'/>}>
                        <Route element={<Users/>} path="/users"/>
                    </Route>
                </Routes>
--- a/src/main/java/com/labwork1/app/configuration/SecurityConfiguration.java
+++ b/src/main/java/com/labwork1/app/configuration/SecurityConfiguration.java
@ -11,14 +11,18 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
+@EnableWebSecurity
+@EnableMethodSecurity(securedEnabled = true)
 public class SecurityConfiguration {
    private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
    public static final String SPA_URL_MASK = "/{path:[^\\.]*}";
@ -51,13 +55,12 @@ public class SecurityConfiguration {
                .requestMatchers("/", SPA_URL_MASK).permitAll()
                .requestMatchers(HttpMethod.POST, CustomerController.URL_LOGIN).permitAll()
                .requestMatchers(HttpMethod.POST, CustomerController.URL_SIGNUP).permitAll()
-                .requestMatchers(HttpMethod.POST, CustomerController.URL_GET_ROLE).permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
                .anonymous();
-        return http.build();
+        return http.userDetailsService(userService).build();
    }

    @Bean
--- a/src/main/java/com/labwork1/app/student/controller/CustomerController.java
+++ b/src/main/java/com/labwork1/app/student/controller/CustomerController.java
@ -11,6 +11,8 @@ import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Pageable;
 import org.springframework.security.access.annotation.Secured;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.bind.annotation.*;

@ -61,17 +63,10 @@ public class CustomerController {
        return user.getRole().toString();
    }

-    @GetMapping(OpenAPI30Configuration.API_PREFIX + URL_MAIN)
    @Secured({UserRole.AsString.ADMIN})
+    @GetMapping(OpenAPI30Configuration.API_PREFIX + URL_MAIN)
    public Page<CustomerDto> getCustomers(@RequestParam(defaultValue = "1") int page,
-                                                               @RequestParam(defaultValue = "5") int size) {
-        /*final Page<CustomerDto> users = customerService.findAllPages(page, size)
-                .map(CustomerDto::new);
-        final int totalPages = users.getTotalPages();
-        final List<Integer> pageNumbers = IntStream.rangeClosed(1, totalPages)
-                .boxed()
-                .toList();
-        return Pair.of(users, pageNumbers);*/
+                                            @RequestParam(defaultValue = "5") int size) {
        final Page<CustomerDto> users = customerService.findAllPages(page, size)
                .map(CustomerDto::new);
        return users;