Compare commits
2 Commits
5e6d8104dc
...
757c2d160b
Author | SHA1 | Date | |
---|---|---|---|
757c2d160b | |||
421baebbf7 |
@ -302,16 +302,23 @@ export default {
|
|||||||
},
|
},
|
||||||
addAlbum(album) {
|
addAlbum(album) {
|
||||||
console.log(this.album);
|
console.log(this.album);
|
||||||
axios .create({
|
axios
|
||||||
|
.create({
|
||||||
headers: {
|
headers: {
|
||||||
'Authorization': 'Bearer ' + localStorage.getItem("token")
|
'Authorization': 'Bearer ' + localStorage.getItem("token")
|
||||||
}}).post(this.URL + "album", album)
|
}
|
||||||
|
})
|
||||||
|
.post(this.URL + "album", album)
|
||||||
.then(() => {
|
.then(() => {
|
||||||
this.getAlbums();
|
this.getAlbums();
|
||||||
this.closeModal();
|
this.closeModal();
|
||||||
})
|
})
|
||||||
.catch(error => {
|
.catch(error => {
|
||||||
console.log(error);
|
if (error.response && error.response.status === 403) {
|
||||||
|
console.error("Forbidden: User does not have permission to perform this operation");
|
||||||
|
} else {
|
||||||
|
console.error(error);
|
||||||
|
}
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
deleteAlbum(id){
|
deleteAlbum(id){
|
||||||
|
@ -7,6 +7,7 @@
|
|||||||
<div class="form__password">
|
<div class="form__password">
|
||||||
<input class="password-input form-control" v-model="password" id="password" required="" validate="false" placeholder="Пароль" type="password" name="Пароль">
|
<input class="password-input form-control" v-model="password" id="password" required="" validate="false" placeholder="Пароль" type="password" name="Пароль">
|
||||||
</div>
|
</div>
|
||||||
|
<br>
|
||||||
<div class="registration__buttons">
|
<div class="registration__buttons">
|
||||||
<button class="registration__confirm btn btn-primary" id="reg_btn" type="submit">Зарегестрироваться</button><a class="registration__login" href="/login">Уже есть аккаунт</a>
|
<button class="registration__confirm btn btn-primary" id="reg_btn" type="submit">Зарегестрироваться</button><a class="registration__login" href="/login">Уже есть аккаунт</a>
|
||||||
</div>
|
</div>
|
||||||
|
@ -60,6 +60,8 @@ import 'axios';
|
|||||||
import axios from "axios";
|
import axios from "axios";
|
||||||
import Song from "@/models/Song";
|
import Song from "@/models/Song";
|
||||||
export default {
|
export default {
|
||||||
|
name: 'Songs',
|
||||||
|
emits: ['login'],
|
||||||
created() {
|
created() {
|
||||||
this.getSongs();
|
this.getSongs();
|
||||||
this.getAlbums();
|
this.getAlbums();
|
||||||
|
@ -47,7 +47,11 @@ export default {
|
|||||||
this.users = response.data;
|
this.users = response.data;
|
||||||
})
|
})
|
||||||
.catch(error => {
|
.catch(error => {
|
||||||
|
if (error.response && error.response.status === 403) {
|
||||||
|
console.error("Forbidden: User does not have permission to perform this operation");
|
||||||
|
} else {
|
||||||
console.log(error);
|
console.log(error);
|
||||||
|
}
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
methods:{
|
methods:{
|
||||||
|
@ -18,7 +18,7 @@ import ru.ulstu.is.sbapp.database.service.UserService;
|
|||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
@EnableMethodSecurity(securedEnabled = true)
|
@EnableMethodSecurity(securedEnabled = true, proxyTargetClass = true)
|
||||||
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||||
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
|
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
|
||||||
public static final String SPA_URL_MASK = "/{path:[^\\.]*}";
|
public static final String SPA_URL_MASK = "/{path:[^\\.]*}";
|
||||||
@ -42,16 +42,17 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|||||||
http.cors()
|
http.cors()
|
||||||
.and()
|
.and()
|
||||||
.csrf().disable()
|
.csrf().disable()
|
||||||
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
|
||||||
.and()
|
.and()
|
||||||
.authorizeRequests()
|
.authorizeRequests()
|
||||||
.antMatchers("/", SPA_URL_MASK).permitAll()
|
.antMatchers("/", SPA_URL_MASK).permitAll()
|
||||||
|
.antMatchers("/who_i_am").permitAll()
|
||||||
.antMatchers(HttpMethod.POST, UserController.URL_LOGIN).permitAll()
|
.antMatchers(HttpMethod.POST, UserController.URL_LOGIN).permitAll()
|
||||||
.anyRequest()
|
.anyRequest()
|
||||||
.authenticated()
|
.authenticated()
|
||||||
.and()
|
.and()
|
||||||
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
|
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
|
||||||
.anonymous();
|
.anonymous().and().logout().permitAll();
|
||||||
}
|
}
|
||||||
@Override
|
@Override
|
||||||
protected void configure(AuthenticationManagerBuilder builder) throws Exception {
|
protected void configure(AuthenticationManagerBuilder builder) throws Exception {
|
||||||
|
@ -1,9 +1,12 @@
|
|||||||
package ru.ulstu.is.sbapp.controllers;
|
package ru.ulstu.is.sbapp.controllers;
|
||||||
|
|
||||||
import org.springframework.http.ResponseEntity;
|
import org.springframework.http.ResponseEntity;
|
||||||
|
import org.springframework.security.access.annotation.Secured;
|
||||||
|
import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
|
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
|
||||||
import ru.ulstu.is.sbapp.database.model.Artist;
|
import ru.ulstu.is.sbapp.database.model.Artist;
|
||||||
|
import ru.ulstu.is.sbapp.database.model.Role;
|
||||||
import ru.ulstu.is.sbapp.database.model.Song;
|
import ru.ulstu.is.sbapp.database.model.Song;
|
||||||
import ru.ulstu.is.sbapp.database.service.AlbumService;
|
import ru.ulstu.is.sbapp.database.service.AlbumService;
|
||||||
|
|
||||||
@ -33,6 +36,7 @@ public class AlbumController {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping
|
@PostMapping
|
||||||
|
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
|
||||||
public AlbumDTO createAlbum(@RequestBody @Valid AlbumDTO albumDTO){
|
public AlbumDTO createAlbum(@RequestBody @Valid AlbumDTO albumDTO){
|
||||||
return new AlbumDTO(albumService.addAlbum(albumDTO.getAlbumName(), albumDTO.getArtistIds()));
|
return new AlbumDTO(albumService.addAlbum(albumDTO.getAlbumName(), albumDTO.getArtistIds()));
|
||||||
}
|
}
|
||||||
|
@ -1,8 +1,12 @@
|
|||||||
package ru.ulstu.is.sbapp.controllers;
|
package ru.ulstu.is.sbapp.controllers;
|
||||||
|
|
||||||
import javax.validation.Valid;
|
import javax.validation.Valid;
|
||||||
|
|
||||||
|
import org.springframework.security.access.annotation.Secured;
|
||||||
|
import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
|
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
|
||||||
|
import ru.ulstu.is.sbapp.database.model.Role;
|
||||||
import ru.ulstu.is.sbapp.database.service.ArtistService;
|
import ru.ulstu.is.sbapp.database.service.ArtistService;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
@ -29,6 +33,7 @@ public class ArtistController {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping
|
@PostMapping
|
||||||
|
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
|
||||||
public ArtistDTO createArtist(@RequestBody @Valid ArtistDTO artistDTO){
|
public ArtistDTO createArtist(@RequestBody @Valid ArtistDTO artistDTO){
|
||||||
return new ArtistDTO(artistService.addArtist(artistDTO.getArtistName(), artistDTO.getGenre()));
|
return new ArtistDTO(artistService.addArtist(artistDTO.getArtistName(), artistDTO.getGenre()));
|
||||||
}
|
}
|
||||||
|
@ -1,8 +1,12 @@
|
|||||||
package ru.ulstu.is.sbapp.controllers;
|
package ru.ulstu.is.sbapp.controllers;
|
||||||
|
|
||||||
import javax.validation.Valid;
|
import javax.validation.Valid;
|
||||||
|
|
||||||
|
import org.springframework.security.access.annotation.Secured;
|
||||||
|
import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
|
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
|
||||||
|
import ru.ulstu.is.sbapp.database.model.Role;
|
||||||
import ru.ulstu.is.sbapp.database.service.AlbumService;
|
import ru.ulstu.is.sbapp.database.service.AlbumService;
|
||||||
import ru.ulstu.is.sbapp.database.service.SongService;
|
import ru.ulstu.is.sbapp.database.service.SongService;
|
||||||
|
|
||||||
@ -32,6 +36,7 @@ public class SongController {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping
|
@PostMapping
|
||||||
|
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
|
||||||
public SongDTO createSong(@RequestBody @Valid SongDTO songDTO){
|
public SongDTO createSong(@RequestBody @Valid SongDTO songDTO){
|
||||||
return new SongDTO(songService.addSong(songDTO.getSongName(), songDTO.getDuration()));
|
return new SongDTO(songService.addSong(songDTO.getSongName(), songDTO.getDuration()));
|
||||||
}
|
}
|
||||||
|
@ -2,6 +2,7 @@ package ru.ulstu.is.sbapp.controllers;
|
|||||||
|
|
||||||
import javax.validation.Valid;
|
import javax.validation.Valid;
|
||||||
import org.springframework.security.access.annotation.Secured;
|
import org.springframework.security.access.annotation.Secured;
|
||||||
|
import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
import ru.ulstu.is.sbapp.database.model.User;
|
import ru.ulstu.is.sbapp.database.model.User;
|
||||||
import ru.ulstu.is.sbapp.database.model.Role;
|
import ru.ulstu.is.sbapp.database.model.Role;
|
||||||
@ -39,12 +40,11 @@ public class UserController {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
@GetMapping("/{id}")
|
@GetMapping("/{id}")
|
||||||
@Secured({Role.AsString.ADMIN})
|
|
||||||
public UserDTO getUser(@PathVariable Long id) {
|
public UserDTO getUser(@PathVariable Long id) {
|
||||||
return new UserDTO(userService.findUser(id));
|
return new UserDTO(userService.findUser(id));
|
||||||
}
|
}
|
||||||
@GetMapping("/")
|
@GetMapping("/")
|
||||||
@Secured({Role.AsString.ADMIN})
|
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
|
||||||
public List<UserDTO> getUsers() {
|
public List<UserDTO> getUsers() {
|
||||||
return userService.findAllUsers().stream()
|
return userService.findAllUsers().stream()
|
||||||
.map(UserDTO::new)
|
.map(UserDTO::new)
|
||||||
|
Loading…
Reference in New Issue
Block a user