Добавлен контролей ролей ко всем методам
This commit is contained in:
parent
fd63fd182f
commit
bc4bc0bdd2
@ -17,6 +17,8 @@ import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import static com.example.onomatopoeiaback.domain.employee.CheckPosition.checkIsAdmin;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/employee")
|
||||
public class EmployeeController {
|
||||
@ -31,26 +33,26 @@ public class EmployeeController {
|
||||
@PostMapping("/create")
|
||||
@SecurityRequirement(name = "basicAuth")
|
||||
public ResponseEntity<Employee> createEmployee(Authentication authentication, @RequestBody EmployeeDTO employeeDTO) {
|
||||
checkIsAdmin(authentication);
|
||||
return ResponseEntity.ok(employeeService.createEmployee(employeeDTO));
|
||||
}
|
||||
|
||||
@GetMapping("/info")
|
||||
@GetMapping("/{username}/info")
|
||||
@SecurityRequirement(name = "basicAuth")
|
||||
public ResponseEntity<Employee> info(Authentication authentication) {
|
||||
return ResponseEntity.ok(employeeService.info(Auth.getEmployee(authentication).getLogin()));
|
||||
public ResponseEntity<Employee> info(Authentication authentication, @PathVariable String username) {
|
||||
return ResponseEntity.ok(employeeService.info(Auth.getEmployee(authentication), username));
|
||||
}
|
||||
|
||||
@GetMapping("/auth")
|
||||
@SecurityRequirement(name = "basicAuth")
|
||||
public ResponseEntity<Visit> auth(Authentication authentication) {
|
||||
employeeService.auth(Auth.getEmployee(authentication).getLogin());
|
||||
public ResponseEntity<Employee> auth() {
|
||||
return new ResponseEntity<>(HttpStatus.OK);
|
||||
}
|
||||
|
||||
@PatchMapping("/open")
|
||||
@SecurityRequirement(name = "basicAuth")
|
||||
public ResponseEntity<Visit> open(Authentication authentication, @RequestBody VisitDTO visitDTO) {
|
||||
visitService.register(Auth.getEmployee(authentication).getLogin(), visitDTO);
|
||||
visitService.register(Auth.getEmployee(authentication), visitDTO);
|
||||
return new ResponseEntity<>(HttpStatus.OK);
|
||||
}
|
||||
}
|
||||
|
||||
@ -11,6 +11,8 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import static com.example.onomatopoeiaback.domain.employee.CheckPosition.checkIsAdmin;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/qr_code")
|
||||
public class QrCodeController {
|
||||
@ -24,6 +26,7 @@ public class QrCodeController {
|
||||
@PostMapping("/create")
|
||||
@SecurityRequirement(name = "basicAuth")
|
||||
public ResponseEntity<QrCode> createQrCode(Authentication authentication, @RequestParam String name) {
|
||||
checkIsAdmin(authentication);
|
||||
return ResponseEntity.ok(qrCodeService.createQrCode(name));
|
||||
}
|
||||
}
|
||||
|
||||
@ -2,6 +2,7 @@ package com.example.onomatopoeiaback.controller;
|
||||
|
||||
import com.example.onomatopoeiaback.domain.visit.Visit;
|
||||
import com.example.onomatopoeiaback.domain.visit.VisitDTO;
|
||||
import com.example.onomatopoeiaback.security.Auth;
|
||||
import com.example.onomatopoeiaback.service.VisitService;
|
||||
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
|
||||
import org.springframework.data.domain.Page;
|
||||
@ -28,7 +29,7 @@ public class VisitController {
|
||||
@RequestParam(defaultValue = "0") int page,
|
||||
@RequestParam(defaultValue = "10") int size) {
|
||||
|
||||
Page<Visit> visits = visitService.getVisits(login, page, size);
|
||||
Page<Visit> visits = visitService.getVisits(Auth.getEmployee(authentication), login, page, size);
|
||||
return ResponseEntity.ok(visits);
|
||||
}
|
||||
}
|
||||
|
||||
@ -0,0 +1,20 @@
|
||||
package com.example.onomatopoeiaback.domain.employee;
|
||||
|
||||
import com.example.onomatopoeiaback.exceptions.ForbiddenException;
|
||||
import com.example.onomatopoeiaback.security.Auth;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
public class CheckPosition {
|
||||
public static void checkIsAdmin(Employee employee) {
|
||||
if (employee == null || !employee.getPosition().equals(PositionType.ADMINISTRATOR)) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
}
|
||||
|
||||
public static void checkIsAdmin(Authentication authentication) {
|
||||
Employee employee = Auth.getEmployee(authentication);
|
||||
if (employee == null || !employee.getPosition().equals(PositionType.ADMINISTRATOR)) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -28,4 +28,11 @@ public class GeneralExceptionsHandler {
|
||||
public ExceptionDTO handleForbiddenException(ForbiddenException e) {
|
||||
return new ExceptionDTO("FORBIDDEN", e.getMessage());
|
||||
}
|
||||
|
||||
@ResponseStatus(HttpStatus.NOT_FOUND)
|
||||
@ExceptionHandler(NotFoundException.class)
|
||||
@ResponseBody
|
||||
public ExceptionDTO notFoundException(NotFoundException e) {
|
||||
return new ExceptionDTO("NOT FOUND", e.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
@ -0,0 +1,8 @@
|
||||
package com.example.onomatopoeiaback.exceptions;
|
||||
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.web.bind.annotation.ResponseStatus;
|
||||
|
||||
@ResponseStatus(code = HttpStatus.NOT_FOUND, reason = "Запрашиваемые данные не найдены")
|
||||
public class NotFoundException extends RuntimeException {
|
||||
}
|
||||
@ -2,9 +2,10 @@ package com.example.onomatopoeiaback.service;
|
||||
|
||||
import com.example.onomatopoeiaback.domain.employee.Employee;
|
||||
import com.example.onomatopoeiaback.domain.employee.EmployeeDTO;
|
||||
import com.example.onomatopoeiaback.exceptions.UnauthorizedException;
|
||||
import com.example.onomatopoeiaback.domain.employee.PositionType;
|
||||
import com.example.onomatopoeiaback.exceptions.ForbiddenException;
|
||||
import com.example.onomatopoeiaback.exceptions.NotFoundException;
|
||||
import com.example.onomatopoeiaback.repository.EmployeeRepository;
|
||||
import com.example.onomatopoeiaback.repository.VisitRepository;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
@ -35,21 +36,15 @@ public class EmployeeService {
|
||||
return employee;
|
||||
}
|
||||
|
||||
public void auth(String login) {
|
||||
Optional<Employee> employeeOptional = employeeRepository.findByLogin(login);
|
||||
|
||||
if (employeeOptional.isEmpty()) {
|
||||
throw new UnauthorizedException();
|
||||
public Employee info(Employee employee, String login) {
|
||||
Optional<Employee> requestedEmployeeOptional = employeeRepository.findByLogin(login);
|
||||
if (requestedEmployeeOptional.isEmpty()) {
|
||||
throw new NotFoundException();
|
||||
}
|
||||
}
|
||||
|
||||
public Employee info(String login) {
|
||||
Optional<Employee> employeeOptional = employeeRepository.findByLogin(login);
|
||||
|
||||
if (employeeOptional.isEmpty()) {
|
||||
throw new UnauthorizedException();
|
||||
Employee requestedEmployee = requestedEmployeeOptional.get();
|
||||
if (employee.getPosition().equals(PositionType.ADMINISTRATOR) || employee.getId() == requestedEmployee.getId()) {
|
||||
return requestedEmployee;
|
||||
}
|
||||
|
||||
return employeeOptional.get();
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
}
|
||||
|
||||
@ -2,10 +2,12 @@ package com.example.onomatopoeiaback.service;
|
||||
|
||||
|
||||
import com.example.onomatopoeiaback.domain.employee.Employee;
|
||||
import com.example.onomatopoeiaback.domain.employee.PositionType;
|
||||
import com.example.onomatopoeiaback.domain.qrcode.QrCode;
|
||||
import com.example.onomatopoeiaback.domain.visit.Visit;
|
||||
import com.example.onomatopoeiaback.domain.visit.VisitDTO;
|
||||
import com.example.onomatopoeiaback.exceptions.BadRequestException;
|
||||
import com.example.onomatopoeiaback.exceptions.ForbiddenException;
|
||||
import com.example.onomatopoeiaback.exceptions.UnauthorizedException;
|
||||
import com.example.onomatopoeiaback.repository.EmployeeRepository;
|
||||
import com.example.onomatopoeiaback.repository.QrCodeRepository;
|
||||
@ -34,21 +36,15 @@ public class VisitService {
|
||||
}
|
||||
|
||||
|
||||
public void register(String login, VisitDTO visitDTO) {
|
||||
Optional<Employee> employeeOptional = employeeRepository.findByLogin(login);
|
||||
public void register(Employee employee, VisitDTO visitDTO) {
|
||||
LocalDateTime localDateTime = LocalDateTime.now().truncatedTo(ChronoUnit.SECONDS);
|
||||
|
||||
Optional<QrCode> qrCodeOptional = qrCodeRepository.findById(visitDTO.getQrCodeId());
|
||||
if (qrCodeOptional.isEmpty()) {
|
||||
throw new BadRequestException();
|
||||
}
|
||||
|
||||
if (employeeOptional.isEmpty()) {
|
||||
throw new UnauthorizedException();
|
||||
}
|
||||
|
||||
QrCode qrCode = qrCodeOptional.get();
|
||||
Employee employee = employeeOptional.get();
|
||||
|
||||
Visit visit = new Visit();
|
||||
visit.setQrCode(qrCode);
|
||||
visit.setVisitType(visitDTO.getVisitType());
|
||||
@ -59,14 +55,19 @@ public class VisitService {
|
||||
employeeRepository.saveAndFlush(employee);
|
||||
}
|
||||
|
||||
public Page<Visit> getVisits(String login, Integer page, Integer size) {
|
||||
Optional<Employee> employeeOptional = employeeRepository.findByLogin(login);
|
||||
public Page<Visit> getVisits(Employee employee, String requestedEmployeeLogin, Integer page, Integer size) {
|
||||
Optional<Employee> employeeOptional = employeeRepository.findByLogin(requestedEmployeeLogin);
|
||||
|
||||
if (employeeOptional.isEmpty()) {
|
||||
throw new UnauthorizedException();
|
||||
}
|
||||
Employee requestedEmployee = employeeOptional.get();
|
||||
|
||||
PageRequest pageable = PageRequest.of(page, size);
|
||||
return visitRepository.findByEmployeeId(employeeOptional.get().getId(), pageable);
|
||||
if (employee.getPosition().equals(PositionType.ADMINISTRATOR) || employee.getId() == requestedEmployee.getId()) {
|
||||
PageRequest pageable = PageRequest.of(page, size);
|
||||
return visitRepository.findByEmployeeId(requestedEmployee.getId(), pageable);
|
||||
}
|
||||
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user