Надо добавить защиту
This commit is contained in:
maxnes3
parent
508954b902
commit
8044b8798c
@ -1,3 +1,4 @@
|
|||||||
|
/*
|
||||||
package ru.ip.labworks.labworks.bookshop.controller;
|
package ru.ip.labworks.labworks.bookshop.controller;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
import ru.ip.labworks.labworks.bookshop.service.BookService;
|
import ru.ip.labworks.labworks.bookshop.service.BookService;
|
||||||
@ -57,3 +58,4 @@ public class BookController {
|
|||||||
bookService.deleteBook(id);
|
bookService.deleteBook(id);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
|
|||||||
@ -1,4 +1,5 @@
|
|||||||
package ru.ip.labworks.labworks.bookshop.controller;
|
package ru.ip.labworks.labworks.bookshop.controller;
|
||||||
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
import org.springframework.ui.Model;
|
import org.springframework.ui.Model;
|
||||||
import org.springframework.validation.BindingResult;
|
import org.springframework.validation.BindingResult;
|
||||||
@ -6,8 +7,10 @@ import org.springframework.web.bind.annotation.*;
|
|||||||
import org.springframework.web.multipart.MultipartFile;
|
import org.springframework.web.multipart.MultipartFile;
|
||||||
import ru.ip.labworks.labworks.bookshop.service.BookService;
|
import ru.ip.labworks.labworks.bookshop.service.BookService;
|
||||||
import ru.ip.labworks.labworks.bookshop.service.GenreService;
|
import ru.ip.labworks.labworks.bookshop.service.GenreService;
|
||||||
|
import ru.ip.labworks.labworks.bookshop.service.UserService;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.security.Principal;
|
||||||
import java.util.Base64;
|
import java.util.Base64;
|
||||||
|
|
||||||
@Controller
|
@Controller
|
||||||
@ -15,13 +18,16 @@ import java.util.Base64;
|
|||||||
public class BookMvcController {
|
public class BookMvcController {
|
||||||
private final BookService bookService;
|
private final BookService bookService;
|
||||||
private final GenreService genreService;
|
private final GenreService genreService;
|
||||||
public BookMvcController(BookService bookService, GenreService genreService){
|
private final UserService userService;
|
||||||
|
public BookMvcController(BookService bookService, GenreService genreService, UserService userService){
|
||||||
this.bookService = bookService;
|
this.bookService = bookService;
|
||||||
this.genreService = genreService;
|
this.genreService = genreService;
|
||||||
|
this.userService = userService;
|
||||||
}
|
}
|
||||||
|
|
||||||
@GetMapping
|
@GetMapping
|
||||||
public String getBooks(Model model) {
|
public String getBooks(Model model, Authentication authentication) {
|
||||||
|
model.addAttribute("user", userService.findByLogin(authentication.getName()));
|
||||||
model.addAttribute("books",
|
model.addAttribute("books",
|
||||||
bookService.findAllBooks().stream()
|
bookService.findAllBooks().stream()
|
||||||
.map(BookDto::new)
|
.map(BookDto::new)
|
||||||
@ -31,8 +37,10 @@ public class BookMvcController {
|
|||||||
|
|
||||||
@GetMapping(value = {"/update", "/update/{id}"})
|
@GetMapping(value = {"/update", "/update/{id}"})
|
||||||
public String updateBook(@PathVariable(required = false) Long id,
|
public String updateBook(@PathVariable(required = false) Long id,
|
||||||
Model model) {
|
Model model, Principal principal) {
|
||||||
if (id == null || id <= 0) {
|
if (id == null || id <= 0) {
|
||||||
|
Long userId = userService.findByLogin(principal.getName()).getId();
|
||||||
|
model.addAttribute("userId",userId);
|
||||||
model.addAttribute("bookDto", new BookDto());
|
model.addAttribute("bookDto", new BookDto());
|
||||||
} else {
|
} else {
|
||||||
model.addAttribute("bookDto", id);
|
model.addAttribute("bookDto", id);
|
||||||
@ -46,15 +54,17 @@ public class BookMvcController {
|
|||||||
@RequestParam(value = "multipartFile") MultipartFile multipartFile,
|
@RequestParam(value = "multipartFile") MultipartFile multipartFile,
|
||||||
@ModelAttribute("bookDto") BookDto bookDto,
|
@ModelAttribute("bookDto") BookDto bookDto,
|
||||||
BindingResult bindingResult,
|
BindingResult bindingResult,
|
||||||
Model model) throws IOException {
|
Model model, Principal principal) throws IOException {
|
||||||
if (bindingResult.hasErrors()) {
|
if (bindingResult.hasErrors()) {
|
||||||
model.addAttribute("errors",
|
model.addAttribute("errors",
|
||||||
bindingResult.getAllErrors());
|
bindingResult.getAllErrors());
|
||||||
return "book-update";
|
return "book-update";
|
||||||
}
|
}
|
||||||
|
Long userId = userService.findByLogin(principal.getName()).getId();
|
||||||
|
model.addAttribute("userId", userId);
|
||||||
bookDto.setCover("data:" + multipartFile.getContentType() + ";base64," + Base64.getEncoder().encodeToString(multipartFile.getBytes()));
|
bookDto.setCover("data:" + multipartFile.getContentType() + ";base64," + Base64.getEncoder().encodeToString(multipartFile.getBytes()));
|
||||||
if (id == null || id <= 0) {
|
if (id == null || id <= 0) {
|
||||||
return "redirect:/book/" + bookService.addBook(bookDto).getId().toString() + "/genres";
|
return "redirect:/book/" + bookService.addBook(bookDto, userId).getId().toString() + "/genres";
|
||||||
} else {
|
} else {
|
||||||
bookService.updateBook(id, bookDto);
|
bookService.updateBook(id, bookDto);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
package ru.ip.labworks.labworks.bookshop.controller;
|
/*package ru.ip.labworks.labworks.bookshop.controller;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
import ru.ip.labworks.labworks.bookshop.service.GenreService;
|
import ru.ip.labworks.labworks.bookshop.service.GenreService;
|
||||||
import ru.ip.labworks.labworks.configuration.WebConfiguration;
|
import ru.ip.labworks.labworks.configuration.WebConfiguration;
|
||||||
@ -40,4 +40,4 @@ public class GenreController {
|
|||||||
public void deleteGenre(@PathVariable Long id){
|
public void deleteGenre(@PathVariable Long id){
|
||||||
genreService.deleteGenre(id);
|
genreService.deleteGenre(id);
|
||||||
}
|
}
|
||||||
}
|
}*/
|
||||||
|
|||||||
@ -1,22 +1,28 @@
|
|||||||
package ru.ip.labworks.labworks.bookshop.controller;
|
package ru.ip.labworks.labworks.bookshop.controller;
|
||||||
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
import org.springframework.ui.Model;
|
import org.springframework.ui.Model;
|
||||||
import org.springframework.validation.BindingResult;
|
import org.springframework.validation.BindingResult;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
import ru.ip.labworks.labworks.bookshop.service.GenreService;
|
import ru.ip.labworks.labworks.bookshop.service.GenreService;
|
||||||
|
import ru.ip.labworks.labworks.bookshop.service.UserService;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.security.Principal;
|
||||||
|
|
||||||
@Controller
|
@Controller
|
||||||
@RequestMapping("/genre")
|
@RequestMapping("/genre")
|
||||||
public class GenreMvcController {
|
public class GenreMvcController {
|
||||||
private final GenreService genreService;
|
private final GenreService genreService;
|
||||||
public GenreMvcController(GenreService genreService){
|
private final UserService userService;
|
||||||
|
public GenreMvcController(GenreService genreService, UserService userService){
|
||||||
this.genreService = genreService;
|
this.genreService = genreService;
|
||||||
|
this.userService = userService;
|
||||||
}
|
}
|
||||||
|
|
||||||
@GetMapping
|
@GetMapping
|
||||||
public String getBooks(Model model) {
|
public String getBooks(Model model, Authentication authentication) {
|
||||||
|
model.addAttribute("user", userService.findByLogin(authentication.getName()));
|
||||||
model.addAttribute("genres",
|
model.addAttribute("genres",
|
||||||
genreService.findAllGenres().stream()
|
genreService.findAllGenres().stream()
|
||||||
.map(GenreDto::new)
|
.map(GenreDto::new)
|
||||||
@ -26,8 +32,10 @@ public class GenreMvcController {
|
|||||||
|
|
||||||
@GetMapping(value = {"/update", "/update/{id}"})
|
@GetMapping(value = {"/update", "/update/{id}"})
|
||||||
public String editBook(@PathVariable(required = false) Long id,
|
public String editBook(@PathVariable(required = false) Long id,
|
||||||
Model model) {
|
Model model, Principal principal) {
|
||||||
if (id == null || id <= 0) {
|
if (id == null || id <= 0) {
|
||||||
|
Long userId = userService.findByLogin(principal.getName()).getId();
|
||||||
|
model.addAttribute("userId",userId);
|
||||||
model.addAttribute("genreDto", new GenreDto());
|
model.addAttribute("genreDto", new GenreDto());
|
||||||
} else {
|
} else {
|
||||||
model.addAttribute("genreDto", id);
|
model.addAttribute("genreDto", id);
|
||||||
@ -40,14 +48,16 @@ public class GenreMvcController {
|
|||||||
public String saveBook(@PathVariable(required = false) Long id,
|
public String saveBook(@PathVariable(required = false) Long id,
|
||||||
@ModelAttribute("genreDto") GenreDto genreDto,
|
@ModelAttribute("genreDto") GenreDto genreDto,
|
||||||
BindingResult bindingResult,
|
BindingResult bindingResult,
|
||||||
Model model) throws IOException {
|
Model model, Principal principal) throws IOException {
|
||||||
if (bindingResult.hasErrors()) {
|
if (bindingResult.hasErrors()) {
|
||||||
model.addAttribute("errors",
|
model.addAttribute("errors",
|
||||||
bindingResult.getAllErrors());
|
bindingResult.getAllErrors());
|
||||||
return "genre-update";
|
return "genre-update";
|
||||||
}
|
}
|
||||||
|
Long userId = userService.findByLogin(principal.getName()).getId();
|
||||||
|
model.addAttribute("userId", userId);
|
||||||
if (id == null || id <= 0) {
|
if (id == null || id <= 0) {
|
||||||
genreService.addGenre(genreDto);
|
genreService.addGenre(genreDto, userId);
|
||||||
} else {
|
} else {
|
||||||
genreService.updateGenre(id, genreDto);
|
genreService.updateGenre(id, genreDto);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -7,6 +7,7 @@ import org.springframework.util.StringUtils;
|
|||||||
import ru.ip.labworks.labworks.bookshop.controller.BookDto;
|
import ru.ip.labworks.labworks.bookshop.controller.BookDto;
|
||||||
import ru.ip.labworks.labworks.bookshop.model.Book;
|
import ru.ip.labworks.labworks.bookshop.model.Book;
|
||||||
import ru.ip.labworks.labworks.bookshop.model.Genre;
|
import ru.ip.labworks.labworks.bookshop.model.Genre;
|
||||||
|
import ru.ip.labworks.labworks.bookshop.model.User;
|
||||||
import ru.ip.labworks.labworks.bookshop.repository.BookRepository;
|
import ru.ip.labworks.labworks.bookshop.repository.BookRepository;
|
||||||
import ru.ip.labworks.labworks.util.validation.ValidatorUtil;
|
import ru.ip.labworks.labworks.util.validation.ValidatorUtil;
|
||||||
|
|
||||||
@ -24,11 +25,14 @@ public class BookService {
|
|||||||
private final ValidatorUtil validatorUtil;
|
private final ValidatorUtil validatorUtil;
|
||||||
@Autowired
|
@Autowired
|
||||||
private final GenreService genreService;
|
private final GenreService genreService;
|
||||||
|
@Autowired
|
||||||
|
private final UserService userService;
|
||||||
|
|
||||||
public BookService(BookRepository bookRepository, ValidatorUtil validatorUtil, GenreService genreService){
|
public BookService(BookRepository bookRepository, ValidatorUtil validatorUtil, GenreService genreService, UserService userService){
|
||||||
this.bookRepository = bookRepository;
|
this.bookRepository = bookRepository;
|
||||||
this.validatorUtil = validatorUtil;
|
this.validatorUtil = validatorUtil;
|
||||||
this.genreService = genreService;
|
this.genreService = genreService;
|
||||||
|
this.userService = userService;
|
||||||
}
|
}
|
||||||
|
|
||||||
private Date ParseToDate(String s){
|
private Date ParseToDate(String s){
|
||||||
@ -53,8 +57,10 @@ public class BookService {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Transactional
|
@Transactional
|
||||||
public Book addBook(BookDto bookDto) throws IOException {
|
public Book addBook(BookDto bookDto, Long userId) throws IOException {
|
||||||
|
User currentUser = userService.findUser(userId);
|
||||||
final Book book = new Book(bookDto);
|
final Book book = new Book(bookDto);
|
||||||
|
book.setUser(currentUser);
|
||||||
validatorUtil.validate(book);
|
validatorUtil.validate(book);
|
||||||
return bookRepository.save(book);
|
return bookRepository.save(book);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -6,6 +6,7 @@ import org.springframework.transaction.annotation.Transactional;
|
|||||||
import org.springframework.util.StringUtils;
|
import org.springframework.util.StringUtils;
|
||||||
import ru.ip.labworks.labworks.bookshop.controller.GenreDto;
|
import ru.ip.labworks.labworks.bookshop.controller.GenreDto;
|
||||||
import ru.ip.labworks.labworks.bookshop.model.Genre;
|
import ru.ip.labworks.labworks.bookshop.model.Genre;
|
||||||
|
import ru.ip.labworks.labworks.bookshop.model.User;
|
||||||
import ru.ip.labworks.labworks.bookshop.repository.GenreRepository;
|
import ru.ip.labworks.labworks.bookshop.repository.GenreRepository;
|
||||||
import ru.ip.labworks.labworks.util.validation.ValidatorUtil;
|
import ru.ip.labworks.labworks.util.validation.ValidatorUtil;
|
||||||
|
|
||||||
@ -19,10 +20,13 @@ public class GenreService {
|
|||||||
private final GenreRepository genreRepository;
|
private final GenreRepository genreRepository;
|
||||||
@Autowired
|
@Autowired
|
||||||
private final ValidatorUtil validatorUtil;
|
private final ValidatorUtil validatorUtil;
|
||||||
|
@Autowired
|
||||||
|
private final UserService userService;
|
||||||
|
|
||||||
public GenreService(GenreRepository genreRepository, ValidatorUtil validatorUtil){
|
public GenreService(GenreRepository genreRepository, ValidatorUtil validatorUtil, UserService userService){
|
||||||
this.genreRepository = genreRepository;
|
this.genreRepository = genreRepository;
|
||||||
this.validatorUtil = validatorUtil;
|
this.validatorUtil = validatorUtil;
|
||||||
|
this.userService = userService;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Transactional
|
@Transactional
|
||||||
@ -34,8 +38,10 @@ public class GenreService {
|
|||||||
return genreRepository.save(genre);
|
return genreRepository.save(genre);
|
||||||
}
|
}
|
||||||
@Transactional
|
@Transactional
|
||||||
public Genre addGenre(GenreDto genreDto) throws IOException {
|
public Genre addGenre(GenreDto genreDto, Long userId) throws IOException {
|
||||||
|
User currentUser = userService.findUser(userId);
|
||||||
final Genre genre = new Genre(genreDto);
|
final Genre genre = new Genre(genreDto);
|
||||||
|
genre.setUser(currentUser);
|
||||||
validatorUtil.validate(genre);
|
validatorUtil.validate(genre);
|
||||||
return genreRepository.save(genre);
|
return genreRepository.save(genre);
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user