diff --git a/front/src/pages/albums.vue b/front/src/pages/albums.vue index cb3938b..af76bb9 100644 --- a/front/src/pages/albums.vue +++ b/front/src/pages/albums.vue @@ -263,9 +263,9 @@ export default { methods: { getArtistsInAlbum(id){ axios .create({ - headers: { - 'Authorization': 'Bearer ' + localStorage.getItem("token") - }}).get(this.URL + `album/${id}/getAllArtists`) + headers: { + 'Authorization': 'Bearer ' + localStorage.getItem("token") + }}).get(this.URL + `album/${id}/getAllArtists`) .then(response => { this.artistsInAlbum = response.data; console.log(response.data); @@ -300,19 +300,26 @@ export default { console.log(error); }); }, - addAlbum(album){ - console.log(this.album); - axios .create({ - headers: { - 'Authorization': 'Bearer ' + localStorage.getItem("token") - }}).post(this.URL + "album", album) - .then(() => { - this.getAlbums(); - this.closeModal(); - }) - .catch(error => { - console.log(error); - }); + addAlbum(album) { + console.log(this.album); + axios + .create({ + headers: { + 'Authorization': 'Bearer ' + localStorage.getItem("token") + } + }) + .post(this.URL + "album", album) + .then(() => { + this.getAlbums(); + this.closeModal(); + }) + .catch(error => { + if (error.response && error.response.status === 403) { + console.error("Forbidden: User does not have permission to perform this operation"); + } else { + console.error(error); + } + }); }, deleteAlbum(id){ axios .create({ diff --git a/front/src/pages/songs.vue b/front/src/pages/songs.vue index 13c5938..47c2b50 100644 --- a/front/src/pages/songs.vue +++ b/front/src/pages/songs.vue @@ -60,6 +60,8 @@ import 'axios'; import axios from "axios"; import Song from "@/models/Song"; export default { + name: 'Songs', + emits: ['login'], created() { this.getSongs(); this.getAlbums(); diff --git a/front/src/pages/users.vue b/front/src/pages/users.vue index 401443e..073e732 100644 --- a/front/src/pages/users.vue +++ b/front/src/pages/users.vue @@ -46,9 +46,13 @@ export default { .then(response => { this.users = response.data; }) - .catch(error => { - console.log(error); - }); + .catch(error => { + if (error.response && error.response.status === 403) { + console.error("Forbidden: User does not have permission to perform this operation"); + } else { + console.error(error); + } + }); }, methods:{ diff --git a/src/main/java/ru/ulstu/is/sbapp/controllers/UserController.java b/src/main/java/ru/ulstu/is/sbapp/controllers/UserController.java index 776c5ed..95e1aab 100644 --- a/src/main/java/ru/ulstu/is/sbapp/controllers/UserController.java +++ b/src/main/java/ru/ulstu/is/sbapp/controllers/UserController.java @@ -2,6 +2,7 @@ package ru.ulstu.is.sbapp.controllers; import javax.validation.Valid; import org.springframework.security.access.annotation.Secured; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import ru.ulstu.is.sbapp.database.model.User; import ru.ulstu.is.sbapp.database.model.Role; @@ -39,12 +40,11 @@ public class UserController { } } @GetMapping("/{id}") - @Secured({Role.AsString.ADMIN}) public UserDTO getUser(@PathVariable Long id) { return new UserDTO(userService.findUser(id)); } @GetMapping("/") - @Secured({Role.AsString.ADMIN}) + @PreAuthorize("hasAuthority('ADMIN')") public List getUsers() { return userService.findAllUsers().stream() .map(UserDTO::new)