Compare commits
2 Commits
5e6d8104dc
...
757c2d160b
Author | SHA1 | Date | |
---|---|---|---|
757c2d160b | |||
421baebbf7 |
@ -300,18 +300,25 @@ export default {
|
||||
console.log(error);
|
||||
});
|
||||
},
|
||||
addAlbum(album){
|
||||
addAlbum(album) {
|
||||
console.log(this.album);
|
||||
axios .create({
|
||||
axios
|
||||
.create({
|
||||
headers: {
|
||||
'Authorization': 'Bearer ' + localStorage.getItem("token")
|
||||
}}).post(this.URL + "album", album)
|
||||
}
|
||||
})
|
||||
.post(this.URL + "album", album)
|
||||
.then(() => {
|
||||
this.getAlbums();
|
||||
this.closeModal();
|
||||
})
|
||||
.catch(error => {
|
||||
console.log(error);
|
||||
if (error.response && error.response.status === 403) {
|
||||
console.error("Forbidden: User does not have permission to perform this operation");
|
||||
} else {
|
||||
console.error(error);
|
||||
}
|
||||
});
|
||||
},
|
||||
deleteAlbum(id){
|
||||
|
@ -7,6 +7,7 @@
|
||||
<div class="form__password">
|
||||
<input class="password-input form-control" v-model="password" id="password" required="" validate="false" placeholder="Пароль" type="password" name="Пароль">
|
||||
</div>
|
||||
<br>
|
||||
<div class="registration__buttons">
|
||||
<button class="registration__confirm btn btn-primary" id="reg_btn" type="submit">Зарегестрироваться</button><a class="registration__login" href="/login">Уже есть аккаунт</a>
|
||||
</div>
|
||||
|
@ -60,6 +60,8 @@ import 'axios';
|
||||
import axios from "axios";
|
||||
import Song from "@/models/Song";
|
||||
export default {
|
||||
name: 'Songs',
|
||||
emits: ['login'],
|
||||
created() {
|
||||
this.getSongs();
|
||||
this.getAlbums();
|
||||
|
@ -47,7 +47,11 @@ export default {
|
||||
this.users = response.data;
|
||||
})
|
||||
.catch(error => {
|
||||
if (error.response && error.response.status === 403) {
|
||||
console.error("Forbidden: User does not have permission to perform this operation");
|
||||
} else {
|
||||
console.log(error);
|
||||
}
|
||||
});
|
||||
},
|
||||
methods:{
|
||||
|
@ -18,7 +18,7 @@ import ru.ulstu.is.sbapp.database.service.UserService;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@EnableMethodSecurity(securedEnabled = true)
|
||||
@EnableMethodSecurity(securedEnabled = true, proxyTargetClass = true)
|
||||
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
|
||||
public static final String SPA_URL_MASK = "/{path:[^\\.]*}";
|
||||
@ -42,16 +42,17 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||
http.cors()
|
||||
.and()
|
||||
.csrf().disable()
|
||||
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
||||
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
|
||||
.and()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/", SPA_URL_MASK).permitAll()
|
||||
.antMatchers("/who_i_am").permitAll()
|
||||
.antMatchers(HttpMethod.POST, UserController.URL_LOGIN).permitAll()
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
|
||||
.anonymous();
|
||||
.anonymous().and().logout().permitAll();
|
||||
}
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder builder) throws Exception {
|
||||
|
@ -1,9 +1,12 @@
|
||||
package ru.ulstu.is.sbapp.controllers;
|
||||
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
|
||||
import ru.ulstu.is.sbapp.database.model.Artist;
|
||||
import ru.ulstu.is.sbapp.database.model.Role;
|
||||
import ru.ulstu.is.sbapp.database.model.Song;
|
||||
import ru.ulstu.is.sbapp.database.service.AlbumService;
|
||||
|
||||
@ -33,6 +36,7 @@ public class AlbumController {
|
||||
}
|
||||
|
||||
@PostMapping
|
||||
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
|
||||
public AlbumDTO createAlbum(@RequestBody @Valid AlbumDTO albumDTO){
|
||||
return new AlbumDTO(albumService.addAlbum(albumDTO.getAlbumName(), albumDTO.getArtistIds()));
|
||||
}
|
||||
|
@ -1,8 +1,12 @@
|
||||
package ru.ulstu.is.sbapp.controllers;
|
||||
|
||||
import javax.validation.Valid;
|
||||
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
|
||||
import ru.ulstu.is.sbapp.database.model.Role;
|
||||
import ru.ulstu.is.sbapp.database.service.ArtistService;
|
||||
|
||||
import java.util.List;
|
||||
@ -29,6 +33,7 @@ public class ArtistController {
|
||||
}
|
||||
|
||||
@PostMapping
|
||||
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
|
||||
public ArtistDTO createArtist(@RequestBody @Valid ArtistDTO artistDTO){
|
||||
return new ArtistDTO(artistService.addArtist(artistDTO.getArtistName(), artistDTO.getGenre()));
|
||||
}
|
||||
|
@ -1,8 +1,12 @@
|
||||
package ru.ulstu.is.sbapp.controllers;
|
||||
|
||||
import javax.validation.Valid;
|
||||
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
|
||||
import ru.ulstu.is.sbapp.database.model.Role;
|
||||
import ru.ulstu.is.sbapp.database.service.AlbumService;
|
||||
import ru.ulstu.is.sbapp.database.service.SongService;
|
||||
|
||||
@ -32,6 +36,7 @@ public class SongController {
|
||||
}
|
||||
|
||||
@PostMapping
|
||||
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
|
||||
public SongDTO createSong(@RequestBody @Valid SongDTO songDTO){
|
||||
return new SongDTO(songService.addSong(songDTO.getSongName(), songDTO.getDuration()));
|
||||
}
|
||||
|
@ -2,6 +2,7 @@ package ru.ulstu.is.sbapp.controllers;
|
||||
|
||||
import javax.validation.Valid;
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import ru.ulstu.is.sbapp.database.model.User;
|
||||
import ru.ulstu.is.sbapp.database.model.Role;
|
||||
@ -39,12 +40,11 @@ public class UserController {
|
||||
}
|
||||
}
|
||||
@GetMapping("/{id}")
|
||||
@Secured({Role.AsString.ADMIN})
|
||||
public UserDTO getUser(@PathVariable Long id) {
|
||||
return new UserDTO(userService.findUser(id));
|
||||
}
|
||||
@GetMapping("/")
|
||||
@Secured({Role.AsString.ADMIN})
|
||||
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
|
||||
public List<UserDTO> getUsers() {
|
||||
return userService.findAllUsers().stream()
|
||||
.map(UserDTO::new)
|
||||
|
Loading…
Reference in New Issue
Block a user