Compare commits

..

No commits in common. "757c2d160b1a986f9b18bdb1d066c47d8d973b51" and "5e6d8104dc6413ef2d1a6d9296210d3ad115e997" have entirely different histories.

9 changed files with 24 additions and 53 deletions

View File

@ -263,9 +263,9 @@ export default {
methods: {
getArtistsInAlbum(id){
axios .create({
headers: {
'Authorization': 'Bearer ' + localStorage.getItem("token")
}}).get(this.URL + `album/${id}/getAllArtists`)
headers: {
'Authorization': 'Bearer ' + localStorage.getItem("token")
}}).get(this.URL + `album/${id}/getAllArtists`)
.then(response => {
this.artistsInAlbum = response.data;
console.log(response.data);
@ -300,26 +300,19 @@ export default {
console.log(error);
});
},
addAlbum(album) {
console.log(this.album);
axios
.create({
headers: {
'Authorization': 'Bearer ' + localStorage.getItem("token")
}
})
.post(this.URL + "album", album)
.then(() => {
this.getAlbums();
this.closeModal();
})
.catch(error => {
if (error.response && error.response.status === 403) {
console.error("Forbidden: User does not have permission to perform this operation");
} else {
console.error(error);
}
});
addAlbum(album){
console.log(this.album);
axios .create({
headers: {
'Authorization': 'Bearer ' + localStorage.getItem("token")
}}).post(this.URL + "album", album)
.then(() => {
this.getAlbums();
this.closeModal();
})
.catch(error => {
console.log(error);
});
},
deleteAlbum(id){
axios .create({

View File

@ -7,7 +7,6 @@
<div class="form__password">
<input class="password-input form-control" v-model="password" id="password" required="" validate="false" placeholder="Пароль" type="password" name="Пароль">
</div>
<br>
<div class="registration__buttons">
<button class="registration__confirm btn btn-primary" id="reg_btn" type="submit">Зарегестрироваться</button><a class="registration__login" href="/login">Уже есть аккаунт</a>
</div>

View File

@ -60,8 +60,6 @@ import 'axios';
import axios from "axios";
import Song from "@/models/Song";
export default {
name: 'Songs',
emits: ['login'],
created() {
this.getSongs();
this.getAlbums();

View File

@ -46,13 +46,9 @@ export default {
.then(response => {
this.users = response.data;
})
.catch(error => {
if (error.response && error.response.status === 403) {
console.error("Forbidden: User does not have permission to perform this operation");
} else {
console.log(error);
}
});
.catch(error => {
console.log(error);
});
},
methods:{

View File

@ -18,7 +18,7 @@ import ru.ulstu.is.sbapp.database.service.UserService;
@Configuration
@EnableWebSecurity
@EnableMethodSecurity(securedEnabled = true, proxyTargetClass = true)
@EnableMethodSecurity(securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
public static final String SPA_URL_MASK = "/{path:[^\\.]*}";
@ -42,17 +42,16 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
http.cors()
.and()
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/", SPA_URL_MASK).permitAll()
.antMatchers("/who_i_am").permitAll()
.antMatchers(HttpMethod.POST, UserController.URL_LOGIN).permitAll()
.anyRequest()
.authenticated()
.and()
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
.anonymous().and().logout().permitAll();
.anonymous();
}
@Override
protected void configure(AuthenticationManagerBuilder builder) throws Exception {

View File

@ -1,12 +1,9 @@
package ru.ulstu.is.sbapp.controllers;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
import ru.ulstu.is.sbapp.database.model.Artist;
import ru.ulstu.is.sbapp.database.model.Role;
import ru.ulstu.is.sbapp.database.model.Song;
import ru.ulstu.is.sbapp.database.service.AlbumService;
@ -36,7 +33,6 @@ public class AlbumController {
}
@PostMapping
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
public AlbumDTO createAlbum(@RequestBody @Valid AlbumDTO albumDTO){
return new AlbumDTO(albumService.addAlbum(albumDTO.getAlbumName(), albumDTO.getArtistIds()));
}

View File

@ -1,12 +1,8 @@
package ru.ulstu.is.sbapp.controllers;
import javax.validation.Valid;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
import ru.ulstu.is.sbapp.database.model.Role;
import ru.ulstu.is.sbapp.database.service.ArtistService;
import java.util.List;
@ -33,7 +29,6 @@ public class ArtistController {
}
@PostMapping
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
public ArtistDTO createArtist(@RequestBody @Valid ArtistDTO artistDTO){
return new ArtistDTO(artistService.addArtist(artistDTO.getArtistName(), artistDTO.getGenre()));
}

View File

@ -1,12 +1,8 @@
package ru.ulstu.is.sbapp.controllers;
import javax.validation.Valid;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
import ru.ulstu.is.sbapp.database.model.Role;
import ru.ulstu.is.sbapp.database.service.AlbumService;
import ru.ulstu.is.sbapp.database.service.SongService;
@ -36,7 +32,6 @@ public class SongController {
}
@PostMapping
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
public SongDTO createSong(@RequestBody @Valid SongDTO songDTO){
return new SongDTO(songService.addSong(songDTO.getSongName(), songDTO.getDuration()));
}

View File

@ -2,7 +2,6 @@ package ru.ulstu.is.sbapp.controllers;
import javax.validation.Valid;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import ru.ulstu.is.sbapp.database.model.User;
import ru.ulstu.is.sbapp.database.model.Role;
@ -40,11 +39,12 @@ public class UserController {
}
}
@GetMapping("/{id}")
@Secured({Role.AsString.ADMIN})
public UserDTO getUser(@PathVariable Long id) {
return new UserDTO(userService.findUser(id));
}
@GetMapping("/")
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
@Secured({Role.AsString.ADMIN})
public List<UserDTO> getUsers() {
return userService.findAllUsers().stream()
.map(UserDTO::new)