diff --git a/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java b/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java index ea7f8b9..b494885 100644 --- a/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java +++ b/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java @@ -4,6 +4,7 @@ import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.http.SessionCreationPolicy; @@ -13,6 +14,7 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic @Configuration @EnableWebSecurity @RequiredArgsConstructor +@EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfiguration { private final JwtAuthenticationFilter jwtAuthFilter; @@ -24,7 +26,6 @@ public class SecurityConfiguration { .csrf(csrf -> csrf.disable()) .authorizeHttpRequests(auth -> auth .requestMatchers("/api/v1/auth/**").permitAll() - .requestMatchers("/expenses").hasRole("ADMIN") .anyRequest().authenticated() ) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) diff --git a/src/main/java/com/faf223/expensetrackerfaf/controller/ExpenseController.java b/src/main/java/com/faf223/expensetrackerfaf/controller/ExpenseController.java index 7f8fa2d..e7f000f 100644 --- a/src/main/java/com/faf223/expensetrackerfaf/controller/ExpenseController.java +++ b/src/main/java/com/faf223/expensetrackerfaf/controller/ExpenseController.java @@ -6,8 +6,8 @@ import com.faf223.expensetrackerfaf.dto.mappers.ExpenseMapper; import com.faf223.expensetrackerfaf.model.Expense; import com.faf223.expensetrackerfaf.service.ExpenseService; import lombok.RequiredArgsConstructor; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.BindingResult; import org.springframework.web.bind.annotation.*; @@ -23,6 +23,7 @@ public class ExpenseController { private final ExpenseMapper expenseMapper; @GetMapping() + @PreAuthorize("hasRole('ADMIN')") public ResponseEntity> getAllExpenses() { List expenses = expenseService.getExpenses().stream().map(expenseMapper::toDto).collect(Collectors.toList()); if (!expenses.isEmpty()) return ResponseEntity.ok(expenses); diff --git a/src/main/java/com/faf223/expensetrackerfaf/controller/IncomeController.java b/src/main/java/com/faf223/expensetrackerfaf/controller/IncomeController.java index 582062e..6811d10 100644 --- a/src/main/java/com/faf223/expensetrackerfaf/controller/IncomeController.java +++ b/src/main/java/com/faf223/expensetrackerfaf/controller/IncomeController.java @@ -6,8 +6,8 @@ import com.faf223.expensetrackerfaf.dto.mappers.IncomeMapper; import com.faf223.expensetrackerfaf.model.Income; import com.faf223.expensetrackerfaf.service.IncomeService; import lombok.RequiredArgsConstructor; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.BindingResult; import org.springframework.web.bind.annotation.*; @@ -23,6 +23,7 @@ public class IncomeController { private final IncomeMapper incomeMapper; @GetMapping() + @PreAuthorize("hasRole('ADMIN')") public ResponseEntity> getAllIncomes() { List incomes = incomeService.getIncomes().stream().map(incomeMapper::toDto).collect(Collectors.toList()); if (!incomes.isEmpty()) return ResponseEntity.ok(incomes); diff --git a/src/main/java/com/faf223/expensetrackerfaf/controller/UserController.java b/src/main/java/com/faf223/expensetrackerfaf/controller/UserController.java index 542ccbc..093190f 100644 --- a/src/main/java/com/faf223/expensetrackerfaf/controller/UserController.java +++ b/src/main/java/com/faf223/expensetrackerfaf/controller/UserController.java @@ -6,11 +6,13 @@ import com.faf223.expensetrackerfaf.dto.mappers.UserMapper; import com.faf223.expensetrackerfaf.model.User; import com.faf223.expensetrackerfaf.service.UserService; import lombok.RequiredArgsConstructor; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.BindingResult; import org.springframework.web.bind.annotation.*; +import java.util.ArrayList; + @RestController @RequestMapping("/users") @RequiredArgsConstructor @@ -19,24 +21,12 @@ public class UserController { private final UserService userService; private final UserMapper userMapper; - @PostMapping() - public ResponseEntity createNewUser(@RequestBody UserCreationDTO userDTO, - BindingResult bindingResult) { - User user = userMapper.toUser(userDTO); - if (!bindingResult.hasErrors()) { - userService.createOrUpdateUser(user); - return ResponseEntity.ok(userMapper.toDto(user)); - } else { - return ResponseEntity.notFound().build(); - } - } - @PatchMapping() public ResponseEntity updateUser(@RequestBody UserCreationDTO userDTO, BindingResult bindingResult) { User user = userMapper.toUser(userDTO); if (!bindingResult.hasErrors()) { - userService.createOrUpdateUser(user); + userService.updateUser(user); return ResponseEntity.ok(userMapper.toDto(user)); } else { return ResponseEntity.notFound().build(); @@ -49,5 +39,13 @@ public class UserController { if (user != null) return ResponseEntity.ok(userMapper.toDto(user)); else return ResponseEntity.notFound().build(); } + + @GetMapping() + @PreAuthorize("hasRole('ADMIN')") + public ResponseEntity> getAllUsers() { + ArrayList users = new ArrayList<>(userService.getUsers()); + + return ResponseEntity.ok(userMapper.toDto(users)); + } } diff --git a/src/main/java/com/faf223/expensetrackerfaf/dto/mappers/UserMapper.java b/src/main/java/com/faf223/expensetrackerfaf/dto/mappers/UserMapper.java index 90af4a2..7e3cfab 100644 --- a/src/main/java/com/faf223/expensetrackerfaf/dto/mappers/UserMapper.java +++ b/src/main/java/com/faf223/expensetrackerfaf/dto/mappers/UserMapper.java @@ -3,10 +3,10 @@ package com.faf223.expensetrackerfaf.dto.mappers; import com.faf223.expensetrackerfaf.dto.UserCreationDTO; import com.faf223.expensetrackerfaf.dto.UserDTO; import com.faf223.expensetrackerfaf.model.User; -import com.faf223.expensetrackerfaf.service.UserService; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import java.util.ArrayList; + @Component public class UserMapper { @@ -14,6 +14,16 @@ public class UserMapper { return new UserDTO(user.getFirstName(), user.getLastName(), user.getUsername()); } + public ArrayList toDto(ArrayList user) { + + ArrayList list = new ArrayList<>(); + + for (User u: user) + list.add(toDto(u)); + + return list; + } + public User toUser(UserCreationDTO userDTO) { User user = new User(); diff --git a/src/main/java/com/faf223/expensetrackerfaf/service/UserService.java b/src/main/java/com/faf223/expensetrackerfaf/service/UserService.java index c3de777..75d3243 100644 --- a/src/main/java/com/faf223/expensetrackerfaf/service/UserService.java +++ b/src/main/java/com/faf223/expensetrackerfaf/service/UserService.java @@ -3,7 +3,6 @@ package com.faf223.expensetrackerfaf.service; import com.faf223.expensetrackerfaf.model.User; import com.faf223.expensetrackerfaf.repository.UserRepository; import lombok.RequiredArgsConstructor; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import java.util.List; @@ -14,7 +13,7 @@ public class UserService { private final UserRepository userRepository; - public void createOrUpdateUser(User user) { + public void updateUser(User user) { userRepository.save(user); }