diff --git a/src/main/java/ru/ip/labworks/labworks/bookshop/controller/AuthorMvcController.java b/src/main/java/ru/ip/labworks/labworks/bookshop/controller/AuthorMvcController.java index 109a2e2..741f5cb 100644 --- a/src/main/java/ru/ip/labworks/labworks/bookshop/controller/AuthorMvcController.java +++ b/src/main/java/ru/ip/labworks/labworks/bookshop/controller/AuthorMvcController.java @@ -67,14 +67,14 @@ public class AuthorMvcController { if (id == null || id <= 0) { return "redirect:/author/" + authorService.addAuthor(authorDto, userId).getId().toString() + "/books"; } else { - authorService.updateAuthor(id, authorDto); + authorService.updateAuthor(id, authorDto, userId); } return "redirect:/author"; } @PostMapping("/delete/{id}") - public String deleteAuthor(@PathVariable Long id) { - authorService.deleteAuthor(id); + public String deleteAuthor(@PathVariable Long id, Principal principal) { + authorService.deleteAuthor(id, userService.findByLogin(principal.getName()).getId()); return "redirect:/author"; } @@ -94,14 +94,14 @@ public class AuthorMvcController { } @PostMapping("/{id}/books") - public String addBookToAuthor(@PathVariable Long id, @RequestParam(value = "bookid") Long bookid){ - authorService.addBookToAuthor(id, bookid); + public String addBookToAuthor(@PathVariable Long id, @RequestParam(value = "bookid") Long bookid, Principal principal){ + authorService.addBookToAuthor(id, bookid, userService.findByLogin(principal.getName()).getId()); return "redirect:/author/" + id.toString() + "/books"; } @PostMapping("/{id}/books/{bookid}") - public String removeBookFromAuthor(@PathVariable Long id, @PathVariable Long bookid){ - authorService.removeBookFromAuthor(id, bookid); + public String removeBookFromAuthor(@PathVariable Long id, @PathVariable Long bookid, Principal principal){ + authorService.removeBookFromAuthor(id, bookid, userService.findByLogin(principal.getName()).getId()); return "redirect:/author/" + id.toString() + "/books"; } diff --git a/src/main/java/ru/ip/labworks/labworks/bookshop/controller/BookMvcController.java b/src/main/java/ru/ip/labworks/labworks/bookshop/controller/BookMvcController.java index c424c95..fc8936c 100644 --- a/src/main/java/ru/ip/labworks/labworks/bookshop/controller/BookMvcController.java +++ b/src/main/java/ru/ip/labworks/labworks/bookshop/controller/BookMvcController.java @@ -66,14 +66,14 @@ public class BookMvcController { if (id == null || id <= 0) { return "redirect:/book/" + bookService.addBook(bookDto, userId).getId().toString() + "/genres"; } else { - bookService.updateBook(id, bookDto); + bookService.updateBook(id, bookDto, userId); } return "redirect:/book"; } @PostMapping("/delete/{id}") - public String deleteBook(@PathVariable Long id) { - bookService.deleteBook(id); + public String deleteBook(@PathVariable Long id, Principal principal) { + bookService.deleteBook(id, userService.findByLogin(principal.getName()).getId()); return "redirect:/book"; } @@ -93,14 +93,14 @@ public class BookMvcController { } @PostMapping("/{id}/genres") - public String addGenreToBook(@PathVariable Long id, @RequestParam(value = "genreid") Long genreid){ - bookService.addGenreToBook(id, genreid); + public String addGenreToBook(@PathVariable Long id, @RequestParam(value = "genreid") Long genreid, Principal principal){ + bookService.addGenreToBook(id, genreid, userService.findByLogin(principal.getName()).getId()); return "redirect:/book/" + id.toString() + "/genres"; } @PostMapping("/{id}/genres/{genreid}") - public String removeGenreFromBook(@PathVariable Long id, @PathVariable Long genreid){ - bookService.removeGenreFromBook(id, genreid); + public String removeGenreFromBook(@PathVariable Long id, @PathVariable Long genreid, Principal principal){ + bookService.removeGenreFromBook(id, genreid, userService.findByLogin(principal.getName()).getId()); return "redirect:/book/" + id.toString() + "/genres"; } } diff --git a/src/main/java/ru/ip/labworks/labworks/bookshop/controller/GenreMvcController.java b/src/main/java/ru/ip/labworks/labworks/bookshop/controller/GenreMvcController.java index 1b7a9e2..9c12284 100644 --- a/src/main/java/ru/ip/labworks/labworks/bookshop/controller/GenreMvcController.java +++ b/src/main/java/ru/ip/labworks/labworks/bookshop/controller/GenreMvcController.java @@ -59,14 +59,14 @@ public class GenreMvcController { if (id == null || id <= 0) { genreService.addGenre(genreDto, userId); } else { - genreService.updateGenre(id, genreDto); + genreService.updateGenre(id, genreDto, userId); } return "redirect:/genre"; } @PostMapping("/delete/{id}") - public String deleteGenre(@PathVariable Long id) { - genreService.deleteGenre(id); + public String deleteGenre(@PathVariable Long id, Principal principal) { + genreService.deleteGenre(id, userService.findByLogin(principal.getName()).getId()); return "redirect:/genre"; } } diff --git a/src/main/java/ru/ip/labworks/labworks/bookshop/service/AuthorService.java b/src/main/java/ru/ip/labworks/labworks/bookshop/service/AuthorService.java index 5627291..60dc6cc 100644 --- a/src/main/java/ru/ip/labworks/labworks/bookshop/service/AuthorService.java +++ b/src/main/java/ru/ip/labworks/labworks/bookshop/service/AuthorService.java @@ -88,8 +88,12 @@ public class AuthorService { } @Transactional - public Author updateAuthor(Long id, AuthorDto authorDto){ + public Author updateAuthor(Long id, AuthorDto authorDto, Long userId){ + User currentUser = userService.findUser(userId); final Author currentAuthor = findAuthor(id); + if(currentUser.getId() != currentAuthor.getUser().getId() && currentUser.getRole() != UserRole.ADMIN){ + return null; + } currentAuthor.setFirstnameName(authorDto.getFirstname()); currentAuthor.setLastName(authorDto.getLastname()); currentAuthor.setPhoto(authorDto.getPhoto().getBytes()); @@ -98,7 +102,12 @@ public class AuthorService { } @Transactional - public void deleteAuthor(Long id) { + public void deleteAuthor(Long id, Long userId) { + User currentUser = userService.findUser(userId); + final Author currentAuthor = findAuthor(id); + if(currentUser.getId() != currentAuthor.getUser().getId() && currentUser.getRole() != UserRole.ADMIN){ + return; + } authorRepository.deleteById(id); } @@ -108,8 +117,12 @@ public class AuthorService { } @Transactional - public void addBookToAuthor(Long id, Long bookId){ + public void addBookToAuthor(Long id, Long bookId, Long userId){ + User currentUser = userService.findUser(userId); Optional author = authorRepository.findById(id); + if(currentUser.getId() != author.get().getUser().getId() && currentUser.getRole() != UserRole.ADMIN){ + return; + } if (author.isPresent() && !author.get().getBooks().contains(bookService.findBook(bookId))){ author.get().addBook(bookService.findBook(bookId)); } @@ -117,8 +130,12 @@ public class AuthorService { } @Transactional - public void removeBookFromAuthor(Long id, Long bookId){ + public void removeBookFromAuthor(Long id, Long bookId, Long userId){ + User currentUser = userService.findUser(userId); Optional author = authorRepository.findById(id); + if(currentUser.getId() != author.get().getUser().getId() && currentUser.getRole() != UserRole.ADMIN){ + return; + } if(author.isPresent() && author.get().getBooks().contains(bookService.findBook(bookId))){ author.get().removeBook(bookService.findBook(bookId)); } diff --git a/src/main/java/ru/ip/labworks/labworks/bookshop/service/BookService.java b/src/main/java/ru/ip/labworks/labworks/bookshop/service/BookService.java index 6994125..b7fc682 100644 --- a/src/main/java/ru/ip/labworks/labworks/bookshop/service/BookService.java +++ b/src/main/java/ru/ip/labworks/labworks/bookshop/service/BookService.java @@ -8,6 +8,7 @@ import ru.ip.labworks.labworks.bookshop.controller.BookDto; import ru.ip.labworks.labworks.bookshop.model.Book; import ru.ip.labworks.labworks.bookshop.model.Genre; import ru.ip.labworks.labworks.bookshop.model.User; +import ru.ip.labworks.labworks.bookshop.model.UserRole; import ru.ip.labworks.labworks.bookshop.repository.BookRepository; import ru.ip.labworks.labworks.util.validation.ValidatorUtil; @@ -95,8 +96,12 @@ public class BookService { } @Transactional - public Book updateBook(Long id, BookDto bookDto){ + public Book updateBook(Long id, BookDto bookDto, Long userId){ + User currentUser = userService.findUser(userId); final Book currentBook = findBook(id); + if(currentUser.getId() != currentBook.getUser().getId() && currentUser.getRole() != UserRole.ADMIN){ + return null; + } currentBook.setName(bookDto.getName()); currentBook.setRelease(bookDto.getRelease()); currentBook.setCover(bookDto.getCover().getBytes()); @@ -105,7 +110,12 @@ public class BookService { } @Transactional - public void deleteBook(Long id) { + public void deleteBook(Long id, Long userId) { + User currentUser = userService.findUser(userId); + final Book currentBook = findBook(id); + if(currentUser.getId() != currentBook.getUser().getId() && currentUser.getRole() != UserRole.ADMIN){ + return; + } bookRepository.deleteById(id); } @@ -115,8 +125,12 @@ public class BookService { } @Transactional - public void addGenreToBook(Long id, Long genreId){ + public void addGenreToBook(Long id, Long genreId, Long userId){ + User currentUser = userService.findUser(userId); Optional book = bookRepository.findById(id); + if(currentUser.getId() != book.get().getUser().getId() && currentUser.getRole() != UserRole.ADMIN){ + return; + } if (book.isPresent() && !book.get().getGenres().contains(genreService.findGenre(genreId))){ book.get().addGenre(genreService.findGenre(genreId)); } @@ -124,8 +138,12 @@ public class BookService { } @Transactional - public void removeGenreFromBook(Long id, Long genreId){ + public void removeGenreFromBook(Long id, Long genreId, Long userId){ + User currentUser = userService.findUser(userId); Optional book = bookRepository.findById(id); + if(currentUser.getId() != book.get().getUser().getId() && currentUser.getRole() != UserRole.ADMIN){ + return; + } if(book.isPresent() && book.get().getGenres().contains(genreService.findGenre(genreId))){ book.get().removeGenre(genreService.findGenre(genreId)); } diff --git a/src/main/java/ru/ip/labworks/labworks/bookshop/service/GenreService.java b/src/main/java/ru/ip/labworks/labworks/bookshop/service/GenreService.java index 62d35c8..626b2af 100644 --- a/src/main/java/ru/ip/labworks/labworks/bookshop/service/GenreService.java +++ b/src/main/java/ru/ip/labworks/labworks/bookshop/service/GenreService.java @@ -7,6 +7,7 @@ import org.springframework.util.StringUtils; import ru.ip.labworks.labworks.bookshop.controller.GenreDto; import ru.ip.labworks.labworks.bookshop.model.Genre; import ru.ip.labworks.labworks.bookshop.model.User; +import ru.ip.labworks.labworks.bookshop.model.UserRole; import ru.ip.labworks.labworks.bookshop.repository.GenreRepository; import ru.ip.labworks.labworks.util.validation.ValidatorUtil; @@ -68,14 +69,23 @@ public class GenreService { } @Transactional - public Genre updateGenre(Long id, GenreDto genreDto){ + public Genre updateGenre(Long id, GenreDto genreDto, Long userId){ + User currentUser = userService.findUser(userId); final Genre currentGenre = findGenre(id); + if(currentUser.getId() != currentGenre.getUser().getId() && currentUser.getRole() != UserRole.ADMIN){ + return null; + } currentGenre.setName(genreDto.getName()); return genreRepository.save(currentGenre); } @Transactional - public void deleteGenre(Long id) { + public void deleteGenre(Long id, Long userId) { + User currentUser = userService.findUser(userId); + final Genre currentGenre = findGenre(id); + if(currentUser.getId() != currentGenre.getUser().getId() && currentUser.getRole() != UserRole.ADMIN){ + return; + } genreRepository.deleteById(id); }