Compare commits

..

2 Commits

Author SHA1 Message Date
757c2d160b lab6 vue done 2023-09-26 13:14:03 +04:00
421baebbf7 lab6 mvc done 2023-09-25 22:12:27 +04:00
9 changed files with 53 additions and 24 deletions

View File

@ -263,9 +263,9 @@ export default {
methods: { methods: {
getArtistsInAlbum(id){ getArtistsInAlbum(id){
axios .create({ axios .create({
headers: { headers: {
'Authorization': 'Bearer ' + localStorage.getItem("token") 'Authorization': 'Bearer ' + localStorage.getItem("token")
}}).get(this.URL + `album/${id}/getAllArtists`) }}).get(this.URL + `album/${id}/getAllArtists`)
.then(response => { .then(response => {
this.artistsInAlbum = response.data; this.artistsInAlbum = response.data;
console.log(response.data); console.log(response.data);
@ -300,19 +300,26 @@ export default {
console.log(error); console.log(error);
}); });
}, },
addAlbum(album){ addAlbum(album) {
console.log(this.album); console.log(this.album);
axios .create({ axios
headers: { .create({
'Authorization': 'Bearer ' + localStorage.getItem("token") headers: {
}}).post(this.URL + "album", album) 'Authorization': 'Bearer ' + localStorage.getItem("token")
.then(() => { }
this.getAlbums(); })
this.closeModal(); .post(this.URL + "album", album)
}) .then(() => {
.catch(error => { this.getAlbums();
console.log(error); this.closeModal();
}); })
.catch(error => {
if (error.response && error.response.status === 403) {
console.error("Forbidden: User does not have permission to perform this operation");
} else {
console.error(error);
}
});
}, },
deleteAlbum(id){ deleteAlbum(id){
axios .create({ axios .create({

View File

@ -7,6 +7,7 @@
<div class="form__password"> <div class="form__password">
<input class="password-input form-control" v-model="password" id="password" required="" validate="false" placeholder="Пароль" type="password" name="Пароль"> <input class="password-input form-control" v-model="password" id="password" required="" validate="false" placeholder="Пароль" type="password" name="Пароль">
</div> </div>
<br>
<div class="registration__buttons"> <div class="registration__buttons">
<button class="registration__confirm btn btn-primary" id="reg_btn" type="submit">Зарегестрироваться</button><a class="registration__login" href="/login">Уже есть аккаунт</a> <button class="registration__confirm btn btn-primary" id="reg_btn" type="submit">Зарегестрироваться</button><a class="registration__login" href="/login">Уже есть аккаунт</a>
</div> </div>

View File

@ -60,6 +60,8 @@ import 'axios';
import axios from "axios"; import axios from "axios";
import Song from "@/models/Song"; import Song from "@/models/Song";
export default { export default {
name: 'Songs',
emits: ['login'],
created() { created() {
this.getSongs(); this.getSongs();
this.getAlbums(); this.getAlbums();

View File

@ -46,9 +46,13 @@ export default {
.then(response => { .then(response => {
this.users = response.data; this.users = response.data;
}) })
.catch(error => { .catch(error => {
console.log(error); if (error.response && error.response.status === 403) {
}); console.error("Forbidden: User does not have permission to perform this operation");
} else {
console.log(error);
}
});
}, },
methods:{ methods:{

View File

@ -18,7 +18,7 @@ import ru.ulstu.is.sbapp.database.service.UserService;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@EnableMethodSecurity(securedEnabled = true) @EnableMethodSecurity(securedEnabled = true, proxyTargetClass = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class); private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
public static final String SPA_URL_MASK = "/{path:[^\\.]*}"; public static final String SPA_URL_MASK = "/{path:[^\\.]*}";
@ -42,16 +42,17 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
http.cors() http.cors()
.and() .and()
.csrf().disable() .csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
.and() .and()
.authorizeRequests() .authorizeRequests()
.antMatchers("/", SPA_URL_MASK).permitAll() .antMatchers("/", SPA_URL_MASK).permitAll()
.antMatchers("/who_i_am").permitAll()
.antMatchers(HttpMethod.POST, UserController.URL_LOGIN).permitAll() .antMatchers(HttpMethod.POST, UserController.URL_LOGIN).permitAll()
.anyRequest() .anyRequest()
.authenticated() .authenticated()
.and() .and()
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class) .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
.anonymous(); .anonymous().and().logout().permitAll();
} }
@Override @Override
protected void configure(AuthenticationManagerBuilder builder) throws Exception { protected void configure(AuthenticationManagerBuilder builder) throws Exception {

View File

@ -1,9 +1,12 @@
package ru.ulstu.is.sbapp.controllers; package ru.ulstu.is.sbapp.controllers;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration; import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
import ru.ulstu.is.sbapp.database.model.Artist; import ru.ulstu.is.sbapp.database.model.Artist;
import ru.ulstu.is.sbapp.database.model.Role;
import ru.ulstu.is.sbapp.database.model.Song; import ru.ulstu.is.sbapp.database.model.Song;
import ru.ulstu.is.sbapp.database.service.AlbumService; import ru.ulstu.is.sbapp.database.service.AlbumService;
@ -33,6 +36,7 @@ public class AlbumController {
} }
@PostMapping @PostMapping
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
public AlbumDTO createAlbum(@RequestBody @Valid AlbumDTO albumDTO){ public AlbumDTO createAlbum(@RequestBody @Valid AlbumDTO albumDTO){
return new AlbumDTO(albumService.addAlbum(albumDTO.getAlbumName(), albumDTO.getArtistIds())); return new AlbumDTO(albumService.addAlbum(albumDTO.getAlbumName(), albumDTO.getArtistIds()));
} }

View File

@ -1,8 +1,12 @@
package ru.ulstu.is.sbapp.controllers; package ru.ulstu.is.sbapp.controllers;
import javax.validation.Valid; import javax.validation.Valid;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration; import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
import ru.ulstu.is.sbapp.database.model.Role;
import ru.ulstu.is.sbapp.database.service.ArtistService; import ru.ulstu.is.sbapp.database.service.ArtistService;
import java.util.List; import java.util.List;
@ -29,6 +33,7 @@ public class ArtistController {
} }
@PostMapping @PostMapping
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
public ArtistDTO createArtist(@RequestBody @Valid ArtistDTO artistDTO){ public ArtistDTO createArtist(@RequestBody @Valid ArtistDTO artistDTO){
return new ArtistDTO(artistService.addArtist(artistDTO.getArtistName(), artistDTO.getGenre())); return new ArtistDTO(artistService.addArtist(artistDTO.getArtistName(), artistDTO.getGenre()));
} }

View File

@ -1,8 +1,12 @@
package ru.ulstu.is.sbapp.controllers; package ru.ulstu.is.sbapp.controllers;
import javax.validation.Valid; import javax.validation.Valid;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration; import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
import ru.ulstu.is.sbapp.database.model.Role;
import ru.ulstu.is.sbapp.database.service.AlbumService; import ru.ulstu.is.sbapp.database.service.AlbumService;
import ru.ulstu.is.sbapp.database.service.SongService; import ru.ulstu.is.sbapp.database.service.SongService;
@ -32,6 +36,7 @@ public class SongController {
} }
@PostMapping @PostMapping
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
public SongDTO createSong(@RequestBody @Valid SongDTO songDTO){ public SongDTO createSong(@RequestBody @Valid SongDTO songDTO){
return new SongDTO(songService.addSong(songDTO.getSongName(), songDTO.getDuration())); return new SongDTO(songService.addSong(songDTO.getSongName(), songDTO.getDuration()));
} }

View File

@ -2,6 +2,7 @@ package ru.ulstu.is.sbapp.controllers;
import javax.validation.Valid; import javax.validation.Valid;
import org.springframework.security.access.annotation.Secured; import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import ru.ulstu.is.sbapp.database.model.User; import ru.ulstu.is.sbapp.database.model.User;
import ru.ulstu.is.sbapp.database.model.Role; import ru.ulstu.is.sbapp.database.model.Role;
@ -39,12 +40,11 @@ public class UserController {
} }
} }
@GetMapping("/{id}") @GetMapping("/{id}")
@Secured({Role.AsString.ADMIN})
public UserDTO getUser(@PathVariable Long id) { public UserDTO getUser(@PathVariable Long id) {
return new UserDTO(userService.findUser(id)); return new UserDTO(userService.findUser(id));
} }
@GetMapping("/") @GetMapping("/")
@Secured({Role.AsString.ADMIN}) @PreAuthorize("hasAuthority('ROLE_ADMIN')")
public List<UserDTO> getUsers() { public List<UserDTO> getUsers() {
return userService.findAllUsers().stream() return userService.findAllUsers().stream()
.map(UserDTO::new) .map(UserDTO::new)