Compare commits

...

2 Commits

Author SHA1 Message Date
757c2d160b lab6 vue done 2023-09-26 13:14:03 +04:00
421baebbf7 lab6 mvc done 2023-09-25 22:12:27 +04:00
9 changed files with 53 additions and 24 deletions

View File

@ -300,18 +300,25 @@ export default {
console.log(error);
});
},
addAlbum(album){
addAlbum(album) {
console.log(this.album);
axios .create({
axios
.create({
headers: {
'Authorization': 'Bearer ' + localStorage.getItem("token")
}}).post(this.URL + "album", album)
}
})
.post(this.URL + "album", album)
.then(() => {
this.getAlbums();
this.closeModal();
})
.catch(error => {
console.log(error);
if (error.response && error.response.status === 403) {
console.error("Forbidden: User does not have permission to perform this operation");
} else {
console.error(error);
}
});
},
deleteAlbum(id){

View File

@ -7,6 +7,7 @@
<div class="form__password">
<input class="password-input form-control" v-model="password" id="password" required="" validate="false" placeholder="Пароль" type="password" name="Пароль">
</div>
<br>
<div class="registration__buttons">
<button class="registration__confirm btn btn-primary" id="reg_btn" type="submit">Зарегестрироваться</button><a class="registration__login" href="/login">Уже есть аккаунт</a>
</div>

View File

@ -60,6 +60,8 @@ import 'axios';
import axios from "axios";
import Song from "@/models/Song";
export default {
name: 'Songs',
emits: ['login'],
created() {
this.getSongs();
this.getAlbums();

View File

@ -47,7 +47,11 @@ export default {
this.users = response.data;
})
.catch(error => {
if (error.response && error.response.status === 403) {
console.error("Forbidden: User does not have permission to perform this operation");
} else {
console.log(error);
}
});
},
methods:{

View File

@ -18,7 +18,7 @@ import ru.ulstu.is.sbapp.database.service.UserService;
@Configuration
@EnableWebSecurity
@EnableMethodSecurity(securedEnabled = true)
@EnableMethodSecurity(securedEnabled = true, proxyTargetClass = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
public static final String SPA_URL_MASK = "/{path:[^\\.]*}";
@ -42,16 +42,17 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
http.cors()
.and()
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
.and()
.authorizeRequests()
.antMatchers("/", SPA_URL_MASK).permitAll()
.antMatchers("/who_i_am").permitAll()
.antMatchers(HttpMethod.POST, UserController.URL_LOGIN).permitAll()
.anyRequest()
.authenticated()
.and()
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
.anonymous();
.anonymous().and().logout().permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder builder) throws Exception {

View File

@ -1,9 +1,12 @@
package ru.ulstu.is.sbapp.controllers;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
import ru.ulstu.is.sbapp.database.model.Artist;
import ru.ulstu.is.sbapp.database.model.Role;
import ru.ulstu.is.sbapp.database.model.Song;
import ru.ulstu.is.sbapp.database.service.AlbumService;
@ -33,6 +36,7 @@ public class AlbumController {
}
@PostMapping
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
public AlbumDTO createAlbum(@RequestBody @Valid AlbumDTO albumDTO){
return new AlbumDTO(albumService.addAlbum(albumDTO.getAlbumName(), albumDTO.getArtistIds()));
}

View File

@ -1,8 +1,12 @@
package ru.ulstu.is.sbapp.controllers;
import javax.validation.Valid;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
import ru.ulstu.is.sbapp.database.model.Role;
import ru.ulstu.is.sbapp.database.service.ArtistService;
import java.util.List;
@ -29,6 +33,7 @@ public class ArtistController {
}
@PostMapping
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
public ArtistDTO createArtist(@RequestBody @Valid ArtistDTO artistDTO){
return new ArtistDTO(artistService.addArtist(artistDTO.getArtistName(), artistDTO.getGenre()));
}

View File

@ -1,8 +1,12 @@
package ru.ulstu.is.sbapp.controllers;
import javax.validation.Valid;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
import ru.ulstu.is.sbapp.database.model.Role;
import ru.ulstu.is.sbapp.database.service.AlbumService;
import ru.ulstu.is.sbapp.database.service.SongService;
@ -32,6 +36,7 @@ public class SongController {
}
@PostMapping
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
public SongDTO createSong(@RequestBody @Valid SongDTO songDTO){
return new SongDTO(songService.addSong(songDTO.getSongName(), songDTO.getDuration()));
}

View File

@ -2,6 +2,7 @@ package ru.ulstu.is.sbapp.controllers;
import javax.validation.Valid;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import ru.ulstu.is.sbapp.database.model.User;
import ru.ulstu.is.sbapp.database.model.Role;
@ -39,12 +40,11 @@ public class UserController {
}
}
@GetMapping("/{id}")
@Secured({Role.AsString.ADMIN})
public UserDTO getUser(@PathVariable Long id) {
return new UserDTO(userService.findUser(id));
}
@GetMapping("/")
@Secured({Role.AsString.ADMIN})
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
public List<UserDTO> getUsers() {
return userService.findAllUsers().stream()
.map(UserDTO::new)