Encapsulated methods that are allowed only for admins. Removed ability to add new user, new user must be registered using auth.
This commit is contained in:
Dmitrii Cravcenco
@@ -4,6 +4,7 @@ import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
@@ -13,6 +14,7 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@RequiredArgsConstructor
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
public class SecurityConfiguration {
|
||||
|
||||
private final JwtAuthenticationFilter jwtAuthFilter;
|
||||
@@ -24,7 +26,6 @@ public class SecurityConfiguration {
|
||||
.csrf(csrf -> csrf.disable())
|
||||
.authorizeHttpRequests(auth -> auth
|
||||
.requestMatchers("/api/v1/auth/**").permitAll()
|
||||
.requestMatchers("/expenses").hasRole("ADMIN")
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||
|
||||
@@ -6,8 +6,8 @@ import com.faf223.expensetrackerfaf.dto.mappers.ExpenseMapper;
|
||||
import com.faf223.expensetrackerfaf.model.Expense;
|
||||
import com.faf223.expensetrackerfaf.service.ExpenseService;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.validation.BindingResult;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
@@ -23,6 +23,7 @@ public class ExpenseController {
|
||||
private final ExpenseMapper expenseMapper;
|
||||
|
||||
@GetMapping()
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
public ResponseEntity<List<ExpenseDTO>> getAllExpenses() {
|
||||
List<ExpenseDTO> expenses = expenseService.getExpenses().stream().map(expenseMapper::toDto).collect(Collectors.toList());
|
||||
if (!expenses.isEmpty()) return ResponseEntity.ok(expenses);
|
||||
|
||||
@@ -6,8 +6,8 @@ import com.faf223.expensetrackerfaf.dto.mappers.IncomeMapper;
|
||||
import com.faf223.expensetrackerfaf.model.Income;
|
||||
import com.faf223.expensetrackerfaf.service.IncomeService;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.validation.BindingResult;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
@@ -23,6 +23,7 @@ public class IncomeController {
|
||||
private final IncomeMapper incomeMapper;
|
||||
|
||||
@GetMapping()
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
public ResponseEntity<List<IncomeDTO>> getAllIncomes() {
|
||||
List<IncomeDTO> incomes = incomeService.getIncomes().stream().map(incomeMapper::toDto).collect(Collectors.toList());
|
||||
if (!incomes.isEmpty()) return ResponseEntity.ok(incomes);
|
||||
|
||||
@@ -6,11 +6,13 @@ import com.faf223.expensetrackerfaf.dto.mappers.UserMapper;
|
||||
import com.faf223.expensetrackerfaf.model.User;
|
||||
import com.faf223.expensetrackerfaf.service.UserService;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.validation.BindingResult;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import java.util.ArrayList;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/users")
|
||||
@RequiredArgsConstructor
|
||||
@@ -19,24 +21,12 @@ public class UserController {
|
||||
private final UserService userService;
|
||||
private final UserMapper userMapper;
|
||||
|
||||
@PostMapping()
|
||||
public ResponseEntity<UserDTO> createNewUser(@RequestBody UserCreationDTO userDTO,
|
||||
BindingResult bindingResult) {
|
||||
User user = userMapper.toUser(userDTO);
|
||||
if (!bindingResult.hasErrors()) {
|
||||
userService.createOrUpdateUser(user);
|
||||
return ResponseEntity.ok(userMapper.toDto(user));
|
||||
} else {
|
||||
return ResponseEntity.notFound().build();
|
||||
}
|
||||
}
|
||||
|
||||
@PatchMapping()
|
||||
public ResponseEntity<UserDTO> updateUser(@RequestBody UserCreationDTO userDTO,
|
||||
BindingResult bindingResult) {
|
||||
User user = userMapper.toUser(userDTO);
|
||||
if (!bindingResult.hasErrors()) {
|
||||
userService.createOrUpdateUser(user);
|
||||
userService.updateUser(user);
|
||||
return ResponseEntity.ok(userMapper.toDto(user));
|
||||
} else {
|
||||
return ResponseEntity.notFound().build();
|
||||
@@ -49,5 +39,13 @@ public class UserController {
|
||||
if (user != null) return ResponseEntity.ok(userMapper.toDto(user));
|
||||
else return ResponseEntity.notFound().build();
|
||||
}
|
||||
|
||||
@GetMapping()
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
public ResponseEntity<ArrayList<UserDTO>> getAllUsers() {
|
||||
ArrayList<User> users = new ArrayList<>(userService.getUsers());
|
||||
|
||||
return ResponseEntity.ok(userMapper.toDto(users));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -3,10 +3,10 @@ package com.faf223.expensetrackerfaf.dto.mappers;
|
||||
import com.faf223.expensetrackerfaf.dto.UserCreationDTO;
|
||||
import com.faf223.expensetrackerfaf.dto.UserDTO;
|
||||
import com.faf223.expensetrackerfaf.model.User;
|
||||
import com.faf223.expensetrackerfaf.service.UserService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.util.ArrayList;
|
||||
|
||||
@Component
|
||||
public class UserMapper {
|
||||
|
||||
@@ -14,6 +14,16 @@ public class UserMapper {
|
||||
return new UserDTO(user.getFirstName(), user.getLastName(), user.getUsername());
|
||||
}
|
||||
|
||||
public ArrayList<UserDTO> toDto(ArrayList<User> user) {
|
||||
|
||||
ArrayList<UserDTO> list = new ArrayList<>();
|
||||
|
||||
for (User u: user)
|
||||
list.add(toDto(u));
|
||||
|
||||
return list;
|
||||
}
|
||||
|
||||
public User toUser(UserCreationDTO userDTO) {
|
||||
|
||||
User user = new User();
|
||||
|
||||
@@ -3,7 +3,6 @@ package com.faf223.expensetrackerfaf.service;
|
||||
import com.faf223.expensetrackerfaf.model.User;
|
||||
import com.faf223.expensetrackerfaf.repository.UserRepository;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.List;
|
||||
@@ -14,7 +13,7 @@ public class UserService {
|
||||
|
||||
private final UserRepository userRepository;
|
||||
|
||||
public void createOrUpdateUser(User user) {
|
||||
public void updateUser(User user) {
|
||||
userRepository.save(user);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user