From c5dfae5f3ef8eb6da81abd4ff9c2b92a8e4307d4 Mon Sep 17 00:00:00 2001
From: dasha <amayashimizu89@gmail.com>
Date: Mon, 15 May 2023 15:56:55 +0400
Subject: [PATCH] =?UTF-8?q?=D1=82=D0=B0=D0=BA=20=D0=BF=D1=80=D0=B0=D0=B2?=
 =?UTF-8?q?=D0=B8=D0=BB=D1=8C=D0=BD=D0=B5=D0=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 front/src/App.js                                    |  4 ++--
 .../app/configuration/SecurityConfiguration.java    |  7 +++++--
 .../app/student/controller/CustomerController.java  | 13 ++++---------
 3 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/front/src/App.js b/front/src/App.js
index 5c161f9..5b775af 100644
--- a/front/src/App.js
+++ b/front/src/App.js
@@ -15,7 +15,7 @@ export default function App() {
         {path: 'films', label: 'Главная', userAccess: 'NONE'},
         {path: 'registration', label: 'Регистрация', userAccess: 'NONE'},
         {path: 'entry', label: 'Вход', userAccess: 'NONE'},
-        {path: 'users', label: 'Пользователи', userAccess: 'ADMIN'},
+        {path: 'users', label: 'Пользователи', userAccess: 'USER'},
         {path: 'sessions', label: 'Сеансы', userAccess: 'NONE'},
         {path: 'orders', label: 'Заказы', userAccess: 'USER'}
     ];
@@ -35,7 +35,7 @@ export default function App() {
                     <Route element={<PrivateRoutes userAccess='USER'/>}>
                         <Route element={<Orders/>} path="/orders"/>
                     </Route>
-                    <Route element={<PrivateRoutes userAccess="ADMIN"/>}>
+                    <Route element={<PrivateRoutes userAccess='USER'/>}>
                         <Route element={<Users/>} path="/users"/>
                     </Route>
                 </Routes>
diff --git a/src/main/java/com/labwork1/app/configuration/SecurityConfiguration.java b/src/main/java/com/labwork1/app/configuration/SecurityConfiguration.java
index da8aff3..ef59180 100644
--- a/src/main/java/com/labwork1/app/configuration/SecurityConfiguration.java
+++ b/src/main/java/com/labwork1/app/configuration/SecurityConfiguration.java
@@ -11,14 +11,18 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 @Configuration
+@EnableWebSecurity
+@EnableMethodSecurity(securedEnabled = true)
 public class SecurityConfiguration {
     private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
     public static final String SPA_URL_MASK = "/{path:[^\\.]*}";
@@ -51,13 +55,12 @@ public class SecurityConfiguration {
                 .requestMatchers("/", SPA_URL_MASK).permitAll()
                 .requestMatchers(HttpMethod.POST, CustomerController.URL_LOGIN).permitAll()
                 .requestMatchers(HttpMethod.POST, CustomerController.URL_SIGNUP).permitAll()
-                .requestMatchers(HttpMethod.POST, CustomerController.URL_GET_ROLE).permitAll()
                 .anyRequest()
                 .authenticated()
                 .and()
                 .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
                 .anonymous();
-        return http.build();
+        return http.userDetailsService(userService).build();
     }
 
     @Bean
diff --git a/src/main/java/com/labwork1/app/student/controller/CustomerController.java b/src/main/java/com/labwork1/app/student/controller/CustomerController.java
index a5b5bb5..2b7c9e2 100644
--- a/src/main/java/com/labwork1/app/student/controller/CustomerController.java
+++ b/src/main/java/com/labwork1/app/student/controller/CustomerController.java
@@ -11,6 +11,8 @@ import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Pageable;
 import org.springframework.security.access.annotation.Secured;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.bind.annotation.*;
 
@@ -61,17 +63,10 @@ public class CustomerController {
         return user.getRole().toString();
     }
 
-    @GetMapping(OpenAPI30Configuration.API_PREFIX + URL_MAIN)
     @Secured({UserRole.AsString.ADMIN})
+    @GetMapping(OpenAPI30Configuration.API_PREFIX + URL_MAIN)
     public Page<CustomerDto> getCustomers(@RequestParam(defaultValue = "1") int page,
-                                                               @RequestParam(defaultValue = "5") int size) {
-        /*final Page<CustomerDto> users = customerService.findAllPages(page, size)
-                .map(CustomerDto::new);
-        final int totalPages = users.getTotalPages();
-        final List<Integer> pageNumbers = IntStream.rangeClosed(1, totalPages)
-                .boxed()
-                .toList();
-        return Pair.of(users, pageNumbers);*/
+                                            @RequestParam(defaultValue = "5") int size) {
         final Page<CustomerDto> users = customerService.findAllPages(page, size)
                 .map(CustomerDto::new);
         return users;