Encapsulated methods that are allowed only for admins. Removed ability to add new user, new user must be registered using auth.
This commit is contained in:
Dmitrii Cravcenco
@@ -4,6 +4,7 @@ import lombok.RequiredArgsConstructor;
|
|||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.authentication.AuthenticationProvider;
|
import org.springframework.security.authentication.AuthenticationProvider;
|
||||||
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||||
@@ -13,6 +14,7 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
|
|||||||
@Configuration
|
@Configuration
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
@RequiredArgsConstructor
|
@RequiredArgsConstructor
|
||||||
|
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||||
public class SecurityConfiguration {
|
public class SecurityConfiguration {
|
||||||
|
|
||||||
private final JwtAuthenticationFilter jwtAuthFilter;
|
private final JwtAuthenticationFilter jwtAuthFilter;
|
||||||
@@ -24,7 +26,6 @@ public class SecurityConfiguration {
|
|||||||
.csrf(csrf -> csrf.disable())
|
.csrf(csrf -> csrf.disable())
|
||||||
.authorizeHttpRequests(auth -> auth
|
.authorizeHttpRequests(auth -> auth
|
||||||
.requestMatchers("/api/v1/auth/**").permitAll()
|
.requestMatchers("/api/v1/auth/**").permitAll()
|
||||||
.requestMatchers("/expenses").hasRole("ADMIN")
|
|
||||||
.anyRequest().authenticated()
|
.anyRequest().authenticated()
|
||||||
)
|
)
|
||||||
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||||
|
|||||||
@@ -6,8 +6,8 @@ import com.faf223.expensetrackerfaf.dto.mappers.ExpenseMapper;
|
|||||||
import com.faf223.expensetrackerfaf.model.Expense;
|
import com.faf223.expensetrackerfaf.model.Expense;
|
||||||
import com.faf223.expensetrackerfaf.service.ExpenseService;
|
import com.faf223.expensetrackerfaf.service.ExpenseService;
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.http.ResponseEntity;
|
import org.springframework.http.ResponseEntity;
|
||||||
|
import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
import org.springframework.validation.BindingResult;
|
import org.springframework.validation.BindingResult;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
|
|
||||||
@@ -23,6 +23,7 @@ public class ExpenseController {
|
|||||||
private final ExpenseMapper expenseMapper;
|
private final ExpenseMapper expenseMapper;
|
||||||
|
|
||||||
@GetMapping()
|
@GetMapping()
|
||||||
|
@PreAuthorize("hasRole('ADMIN')")
|
||||||
public ResponseEntity<List<ExpenseDTO>> getAllExpenses() {
|
public ResponseEntity<List<ExpenseDTO>> getAllExpenses() {
|
||||||
List<ExpenseDTO> expenses = expenseService.getExpenses().stream().map(expenseMapper::toDto).collect(Collectors.toList());
|
List<ExpenseDTO> expenses = expenseService.getExpenses().stream().map(expenseMapper::toDto).collect(Collectors.toList());
|
||||||
if (!expenses.isEmpty()) return ResponseEntity.ok(expenses);
|
if (!expenses.isEmpty()) return ResponseEntity.ok(expenses);
|
||||||
|
|||||||
@@ -6,8 +6,8 @@ import com.faf223.expensetrackerfaf.dto.mappers.IncomeMapper;
|
|||||||
import com.faf223.expensetrackerfaf.model.Income;
|
import com.faf223.expensetrackerfaf.model.Income;
|
||||||
import com.faf223.expensetrackerfaf.service.IncomeService;
|
import com.faf223.expensetrackerfaf.service.IncomeService;
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.http.ResponseEntity;
|
import org.springframework.http.ResponseEntity;
|
||||||
|
import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
import org.springframework.validation.BindingResult;
|
import org.springframework.validation.BindingResult;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
|
|
||||||
@@ -23,6 +23,7 @@ public class IncomeController {
|
|||||||
private final IncomeMapper incomeMapper;
|
private final IncomeMapper incomeMapper;
|
||||||
|
|
||||||
@GetMapping()
|
@GetMapping()
|
||||||
|
@PreAuthorize("hasRole('ADMIN')")
|
||||||
public ResponseEntity<List<IncomeDTO>> getAllIncomes() {
|
public ResponseEntity<List<IncomeDTO>> getAllIncomes() {
|
||||||
List<IncomeDTO> incomes = incomeService.getIncomes().stream().map(incomeMapper::toDto).collect(Collectors.toList());
|
List<IncomeDTO> incomes = incomeService.getIncomes().stream().map(incomeMapper::toDto).collect(Collectors.toList());
|
||||||
if (!incomes.isEmpty()) return ResponseEntity.ok(incomes);
|
if (!incomes.isEmpty()) return ResponseEntity.ok(incomes);
|
||||||
|
|||||||
@@ -6,11 +6,13 @@ import com.faf223.expensetrackerfaf.dto.mappers.UserMapper;
|
|||||||
import com.faf223.expensetrackerfaf.model.User;
|
import com.faf223.expensetrackerfaf.model.User;
|
||||||
import com.faf223.expensetrackerfaf.service.UserService;
|
import com.faf223.expensetrackerfaf.service.UserService;
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.http.ResponseEntity;
|
import org.springframework.http.ResponseEntity;
|
||||||
|
import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
import org.springframework.validation.BindingResult;
|
import org.springframework.validation.BindingResult;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
|
||||||
@RestController
|
@RestController
|
||||||
@RequestMapping("/users")
|
@RequestMapping("/users")
|
||||||
@RequiredArgsConstructor
|
@RequiredArgsConstructor
|
||||||
@@ -19,24 +21,12 @@ public class UserController {
|
|||||||
private final UserService userService;
|
private final UserService userService;
|
||||||
private final UserMapper userMapper;
|
private final UserMapper userMapper;
|
||||||
|
|
||||||
@PostMapping()
|
|
||||||
public ResponseEntity<UserDTO> createNewUser(@RequestBody UserCreationDTO userDTO,
|
|
||||||
BindingResult bindingResult) {
|
|
||||||
User user = userMapper.toUser(userDTO);
|
|
||||||
if (!bindingResult.hasErrors()) {
|
|
||||||
userService.createOrUpdateUser(user);
|
|
||||||
return ResponseEntity.ok(userMapper.toDto(user));
|
|
||||||
} else {
|
|
||||||
return ResponseEntity.notFound().build();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@PatchMapping()
|
@PatchMapping()
|
||||||
public ResponseEntity<UserDTO> updateUser(@RequestBody UserCreationDTO userDTO,
|
public ResponseEntity<UserDTO> updateUser(@RequestBody UserCreationDTO userDTO,
|
||||||
BindingResult bindingResult) {
|
BindingResult bindingResult) {
|
||||||
User user = userMapper.toUser(userDTO);
|
User user = userMapper.toUser(userDTO);
|
||||||
if (!bindingResult.hasErrors()) {
|
if (!bindingResult.hasErrors()) {
|
||||||
userService.createOrUpdateUser(user);
|
userService.updateUser(user);
|
||||||
return ResponseEntity.ok(userMapper.toDto(user));
|
return ResponseEntity.ok(userMapper.toDto(user));
|
||||||
} else {
|
} else {
|
||||||
return ResponseEntity.notFound().build();
|
return ResponseEntity.notFound().build();
|
||||||
@@ -49,5 +39,13 @@ public class UserController {
|
|||||||
if (user != null) return ResponseEntity.ok(userMapper.toDto(user));
|
if (user != null) return ResponseEntity.ok(userMapper.toDto(user));
|
||||||
else return ResponseEntity.notFound().build();
|
else return ResponseEntity.notFound().build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@GetMapping()
|
||||||
|
@PreAuthorize("hasRole('ADMIN')")
|
||||||
|
public ResponseEntity<ArrayList<UserDTO>> getAllUsers() {
|
||||||
|
ArrayList<User> users = new ArrayList<>(userService.getUsers());
|
||||||
|
|
||||||
|
return ResponseEntity.ok(userMapper.toDto(users));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ package com.faf223.expensetrackerfaf.dto.mappers;
|
|||||||
import com.faf223.expensetrackerfaf.dto.UserCreationDTO;
|
import com.faf223.expensetrackerfaf.dto.UserCreationDTO;
|
||||||
import com.faf223.expensetrackerfaf.dto.UserDTO;
|
import com.faf223.expensetrackerfaf.dto.UserDTO;
|
||||||
import com.faf223.expensetrackerfaf.model.User;
|
import com.faf223.expensetrackerfaf.model.User;
|
||||||
import com.faf223.expensetrackerfaf.service.UserService;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
|
||||||
@Component
|
@Component
|
||||||
public class UserMapper {
|
public class UserMapper {
|
||||||
|
|
||||||
@@ -14,6 +14,16 @@ public class UserMapper {
|
|||||||
return new UserDTO(user.getFirstName(), user.getLastName(), user.getUsername());
|
return new UserDTO(user.getFirstName(), user.getLastName(), user.getUsername());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public ArrayList<UserDTO> toDto(ArrayList<User> user) {
|
||||||
|
|
||||||
|
ArrayList<UserDTO> list = new ArrayList<>();
|
||||||
|
|
||||||
|
for (User u: user)
|
||||||
|
list.add(toDto(u));
|
||||||
|
|
||||||
|
return list;
|
||||||
|
}
|
||||||
|
|
||||||
public User toUser(UserCreationDTO userDTO) {
|
public User toUser(UserCreationDTO userDTO) {
|
||||||
|
|
||||||
User user = new User();
|
User user = new User();
|
||||||
|
|||||||
@@ -3,7 +3,6 @@ package com.faf223.expensetrackerfaf.service;
|
|||||||
import com.faf223.expensetrackerfaf.model.User;
|
import com.faf223.expensetrackerfaf.model.User;
|
||||||
import com.faf223.expensetrackerfaf.repository.UserRepository;
|
import com.faf223.expensetrackerfaf.repository.UserRepository;
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
@@ -14,7 +13,7 @@ public class UserService {
|
|||||||
|
|
||||||
private final UserRepository userRepository;
|
private final UserRepository userRepository;
|
||||||
|
|
||||||
public void createOrUpdateUser(User user) {
|
public void updateUser(User user) {
|
||||||
userRepository.save(user);
|
userRepository.save(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user