Надо добавить защиту
This commit is contained in:
maxnes3
parent
508954b902
commit
8044b8798c
@ -1,3 +1,4 @@
|
||||
/*
|
||||
package ru.ip.labworks.labworks.bookshop.controller;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import ru.ip.labworks.labworks.bookshop.service.BookService;
|
||||
@ -57,3 +58,4 @@ public class BookController {
|
||||
bookService.deleteBook(id);
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
package ru.ip.labworks.labworks.bookshop.controller;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.Model;
|
||||
import org.springframework.validation.BindingResult;
|
||||
@ -6,8 +7,10 @@ import org.springframework.web.bind.annotation.*;
|
||||
import org.springframework.web.multipart.MultipartFile;
|
||||
import ru.ip.labworks.labworks.bookshop.service.BookService;
|
||||
import ru.ip.labworks.labworks.bookshop.service.GenreService;
|
||||
import ru.ip.labworks.labworks.bookshop.service.UserService;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.Principal;
|
||||
import java.util.Base64;
|
||||
|
||||
@Controller
|
||||
@ -15,13 +18,16 @@ import java.util.Base64;
|
||||
public class BookMvcController {
|
||||
private final BookService bookService;
|
||||
private final GenreService genreService;
|
||||
public BookMvcController(BookService bookService, GenreService genreService){
|
||||
private final UserService userService;
|
||||
public BookMvcController(BookService bookService, GenreService genreService, UserService userService){
|
||||
this.bookService = bookService;
|
||||
this.genreService = genreService;
|
||||
this.userService = userService;
|
||||
}
|
||||
|
||||
@GetMapping
|
||||
public String getBooks(Model model) {
|
||||
public String getBooks(Model model, Authentication authentication) {
|
||||
model.addAttribute("user", userService.findByLogin(authentication.getName()));
|
||||
model.addAttribute("books",
|
||||
bookService.findAllBooks().stream()
|
||||
.map(BookDto::new)
|
||||
@ -31,8 +37,10 @@ public class BookMvcController {
|
||||
|
||||
@GetMapping(value = {"/update", "/update/{id}"})
|
||||
public String updateBook(@PathVariable(required = false) Long id,
|
||||
Model model) {
|
||||
Model model, Principal principal) {
|
||||
if (id == null || id <= 0) {
|
||||
Long userId = userService.findByLogin(principal.getName()).getId();
|
||||
model.addAttribute("userId",userId);
|
||||
model.addAttribute("bookDto", new BookDto());
|
||||
} else {
|
||||
model.addAttribute("bookDto", id);
|
||||
@ -46,15 +54,17 @@ public class BookMvcController {
|
||||
@RequestParam(value = "multipartFile") MultipartFile multipartFile,
|
||||
@ModelAttribute("bookDto") BookDto bookDto,
|
||||
BindingResult bindingResult,
|
||||
Model model) throws IOException {
|
||||
Model model, Principal principal) throws IOException {
|
||||
if (bindingResult.hasErrors()) {
|
||||
model.addAttribute("errors",
|
||||
bindingResult.getAllErrors());
|
||||
return "book-update";
|
||||
}
|
||||
Long userId = userService.findByLogin(principal.getName()).getId();
|
||||
model.addAttribute("userId", userId);
|
||||
bookDto.setCover("data:" + multipartFile.getContentType() + ";base64," + Base64.getEncoder().encodeToString(multipartFile.getBytes()));
|
||||
if (id == null || id <= 0) {
|
||||
return "redirect:/book/" + bookService.addBook(bookDto).getId().toString() + "/genres";
|
||||
return "redirect:/book/" + bookService.addBook(bookDto, userId).getId().toString() + "/genres";
|
||||
} else {
|
||||
bookService.updateBook(id, bookDto);
|
||||
}
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
package ru.ip.labworks.labworks.bookshop.controller;
|
||||
/*package ru.ip.labworks.labworks.bookshop.controller;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import ru.ip.labworks.labworks.bookshop.service.GenreService;
|
||||
import ru.ip.labworks.labworks.configuration.WebConfiguration;
|
||||
@ -40,4 +40,4 @@ public class GenreController {
|
||||
public void deleteGenre(@PathVariable Long id){
|
||||
genreService.deleteGenre(id);
|
||||
}
|
||||
}
|
||||
}*/
|
||||
|
||||
@ -1,22 +1,28 @@
|
||||
package ru.ip.labworks.labworks.bookshop.controller;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.Model;
|
||||
import org.springframework.validation.BindingResult;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import ru.ip.labworks.labworks.bookshop.service.GenreService;
|
||||
import ru.ip.labworks.labworks.bookshop.service.UserService;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.Principal;
|
||||
|
||||
@Controller
|
||||
@RequestMapping("/genre")
|
||||
public class GenreMvcController {
|
||||
private final GenreService genreService;
|
||||
public GenreMvcController(GenreService genreService){
|
||||
private final UserService userService;
|
||||
public GenreMvcController(GenreService genreService, UserService userService){
|
||||
this.genreService = genreService;
|
||||
this.userService = userService;
|
||||
}
|
||||
|
||||
@GetMapping
|
||||
public String getBooks(Model model) {
|
||||
public String getBooks(Model model, Authentication authentication) {
|
||||
model.addAttribute("user", userService.findByLogin(authentication.getName()));
|
||||
model.addAttribute("genres",
|
||||
genreService.findAllGenres().stream()
|
||||
.map(GenreDto::new)
|
||||
@ -26,8 +32,10 @@ public class GenreMvcController {
|
||||
|
||||
@GetMapping(value = {"/update", "/update/{id}"})
|
||||
public String editBook(@PathVariable(required = false) Long id,
|
||||
Model model) {
|
||||
Model model, Principal principal) {
|
||||
if (id == null || id <= 0) {
|
||||
Long userId = userService.findByLogin(principal.getName()).getId();
|
||||
model.addAttribute("userId",userId);
|
||||
model.addAttribute("genreDto", new GenreDto());
|
||||
} else {
|
||||
model.addAttribute("genreDto", id);
|
||||
@ -40,14 +48,16 @@ public class GenreMvcController {
|
||||
public String saveBook(@PathVariable(required = false) Long id,
|
||||
@ModelAttribute("genreDto") GenreDto genreDto,
|
||||
BindingResult bindingResult,
|
||||
Model model) throws IOException {
|
||||
Model model, Principal principal) throws IOException {
|
||||
if (bindingResult.hasErrors()) {
|
||||
model.addAttribute("errors",
|
||||
bindingResult.getAllErrors());
|
||||
return "genre-update";
|
||||
}
|
||||
Long userId = userService.findByLogin(principal.getName()).getId();
|
||||
model.addAttribute("userId", userId);
|
||||
if (id == null || id <= 0) {
|
||||
genreService.addGenre(genreDto);
|
||||
genreService.addGenre(genreDto, userId);
|
||||
} else {
|
||||
genreService.updateGenre(id, genreDto);
|
||||
}
|
||||
|
||||
@ -7,6 +7,7 @@ import org.springframework.util.StringUtils;
|
||||
import ru.ip.labworks.labworks.bookshop.controller.BookDto;
|
||||
import ru.ip.labworks.labworks.bookshop.model.Book;
|
||||
import ru.ip.labworks.labworks.bookshop.model.Genre;
|
||||
import ru.ip.labworks.labworks.bookshop.model.User;
|
||||
import ru.ip.labworks.labworks.bookshop.repository.BookRepository;
|
||||
import ru.ip.labworks.labworks.util.validation.ValidatorUtil;
|
||||
|
||||
@ -24,11 +25,14 @@ public class BookService {
|
||||
private final ValidatorUtil validatorUtil;
|
||||
@Autowired
|
||||
private final GenreService genreService;
|
||||
@Autowired
|
||||
private final UserService userService;
|
||||
|
||||
public BookService(BookRepository bookRepository, ValidatorUtil validatorUtil, GenreService genreService){
|
||||
public BookService(BookRepository bookRepository, ValidatorUtil validatorUtil, GenreService genreService, UserService userService){
|
||||
this.bookRepository = bookRepository;
|
||||
this.validatorUtil = validatorUtil;
|
||||
this.genreService = genreService;
|
||||
this.userService = userService;
|
||||
}
|
||||
|
||||
private Date ParseToDate(String s){
|
||||
@ -53,8 +57,10 @@ public class BookService {
|
||||
}
|
||||
|
||||
@Transactional
|
||||
public Book addBook(BookDto bookDto) throws IOException {
|
||||
public Book addBook(BookDto bookDto, Long userId) throws IOException {
|
||||
User currentUser = userService.findUser(userId);
|
||||
final Book book = new Book(bookDto);
|
||||
book.setUser(currentUser);
|
||||
validatorUtil.validate(book);
|
||||
return bookRepository.save(book);
|
||||
}
|
||||
|
||||
@ -6,6 +6,7 @@ import org.springframework.transaction.annotation.Transactional;
|
||||
import org.springframework.util.StringUtils;
|
||||
import ru.ip.labworks.labworks.bookshop.controller.GenreDto;
|
||||
import ru.ip.labworks.labworks.bookshop.model.Genre;
|
||||
import ru.ip.labworks.labworks.bookshop.model.User;
|
||||
import ru.ip.labworks.labworks.bookshop.repository.GenreRepository;
|
||||
import ru.ip.labworks.labworks.util.validation.ValidatorUtil;
|
||||
|
||||
@ -19,10 +20,13 @@ public class GenreService {
|
||||
private final GenreRepository genreRepository;
|
||||
@Autowired
|
||||
private final ValidatorUtil validatorUtil;
|
||||
@Autowired
|
||||
private final UserService userService;
|
||||
|
||||
public GenreService(GenreRepository genreRepository, ValidatorUtil validatorUtil){
|
||||
public GenreService(GenreRepository genreRepository, ValidatorUtil validatorUtil, UserService userService){
|
||||
this.genreRepository = genreRepository;
|
||||
this.validatorUtil = validatorUtil;
|
||||
this.userService = userService;
|
||||
}
|
||||
|
||||
@Transactional
|
||||
@ -34,8 +38,10 @@ public class GenreService {
|
||||
return genreRepository.save(genre);
|
||||
}
|
||||
@Transactional
|
||||
public Genre addGenre(GenreDto genreDto) throws IOException {
|
||||
public Genre addGenre(GenreDto genreDto, Long userId) throws IOException {
|
||||
User currentUser = userService.findUser(userId);
|
||||
final Genre genre = new Genre(genreDto);
|
||||
genre.setUser(currentUser);
|
||||
validatorUtil.validate(genre);
|
||||
return genreRepository.save(genre);
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user