Добавление роли админа и функции блокировки пользователя

2025-02-20 12:49:26 +03:00 · 2025-02-20 12:49:26 +03:00 · 99249e4055
commit 99249e4055
parent dc19aee368
15 changed files with 127 additions and 27 deletions
--- a/src/main/java/com/example/nto/config/WebSecurityConfig.java
+++ b/src/main/java/com/example/nto/config/WebSecurityConfig.java
@ -25,11 +25,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
                .csrf().disable()
                .authorizeRequests()
                .antMatchers("/h2-console/**").permitAll()
-//                .antMatchers("/api/auth").permitAll()
+                .antMatchers("/api/user/**").hasAnyAuthority("ROLE_USER", "ROLE_ADMIN")
-//                .antMatchers("/api/users/username/{username}").permitAll()
+                .antMatchers("/api/admin/**").hasAnyAuthority("ROLE_ADMIN")
 //                .antMatchers("/api/volunteer/one/1").hasAnyAuthority("ROLE_ADMIN")
 //                .antMatchers("/api/authority/**").hasAnyAuthority("ROLE_ADMIN")
                .antMatchers("/api/**").hasAnyAuthority("ROLE_USER", "ROLE_ADMIN")
                .anyRequest().authenticated()
                .and()
                .httpBasic()
--- a/src/main/java/com/example/nto/controller/EmployeeController.java
+++ b/src/main/java/com/example/nto/controller/EmployeeController.java
@ -3,9 +3,7 @@ package com.example.nto.controller;
 import com.example.nto.dto.EmployeeDTO;
 import com.example.nto.dto.EnterDTO;
-import com.example.nto.entity.Code;
+import com.example.nto.entity.*;
 import com.example.nto.entity.Employee;
 import com.example.nto.entity.EnterType;
 import com.example.nto.service.impl.EmployeeServiceImpl;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
@ -22,23 +20,28 @@ public class EmployeeController {
    private final EmployeeServiceImpl employeeService;
-    @GetMapping("/login")
+    @GetMapping("/user/login")
    public ResponseEntity<EmployeeDTO> login(Authentication authentication){
        return ResponseEntity.ok(employeeService.getEmployeeByUsername(authentication.getName()));
    }
-    @GetMapping("/info/{login}")
+    @GetMapping("/user/info/{login}")
    public ResponseEntity<EmployeeDTO> info(@PathVariable("login") String username){
        return ResponseEntity.ok(employeeService.getInfo(username));
    }
-    @PostMapping("/add/{login}")
+    @PostMapping("/user/add/{login}")
    public ResponseEntity<EnterDTO> add(@PathVariable("login") String login, @RequestBody EnterDTO enterDTO){
        return ResponseEntity.ok(employeeService.addEnter(login, enterDTO));
    }
-    @GetMapping("/list/{login}")
+    @GetMapping("/user/list/{login}")
    public List<EnterDTO> list(@PathVariable("login") String username){
        return employeeService.getAllEmployeeEnters(username);
    }
    @PatchMapping("/admin/authority/change/{login}")
    public ResponseEntity<EmployeeAuthority> authChange(@PathVariable("login") String username, @RequestBody Authority authority){
        return ResponseEntity.ok(employeeService.changeAuthority(username, authority));
    }
 }
--- a/src/main/java/com/example/nto/dto/AuthorityDTO.java
+++ b/src/main/java/com/example/nto/dto/AuthorityDTO.java
@ -0,0 +1,8 @@
 package com.example.nto.dto;
 import lombok.Data;
@Data
 public class AuthorityDTO {
    private String authority;
 }
--- a/src/main/java/com/example/nto/dto/EmployeeDTO.java
+++ b/src/main/java/com/example/nto/dto/EmployeeDTO.java
@ -1,8 +1,10 @@
 package com.example.nto.dto;
 import com.example.nto.entity.Authority;
 import lombok.Data;
 import java.time.LocalDateTime;
 import java.util.Set;
@Data
 public class EmployeeDTO {
@ -12,4 +14,5 @@ public class EmployeeDTO {
    private String photoUrl;
    private String position;
    private LocalDateTime lastVisit;
    private Set<Authority> authority;
 }
--- a/src/main/java/com/example/nto/entity/EmployeeAuthority.java
+++ b/src/main/java/com/example/nto/entity/EmployeeAuthority.java
@ -0,0 +1,22 @@
 package com.example.nto.entity;
 import lombok.Data;
 import javax.persistence.*;
@Data
@Entity
@Table(name="employee_authorities")
 public class EmployeeAuthority {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private long id;
    @ManyToOne
    @JoinColumn(name="employee_id")
    private Employee empId;
    @ManyToOne
    @JoinColumn(name="authorities_id")
    private Authority authId;
 }
--- a/src/main/java/com/example/nto/exception/IncorrectAuthority.java
+++ b/src/main/java/com/example/nto/exception/IncorrectAuthority.java
@ -0,0 +1,7 @@
 package com.example.nto.exception;
 public class IncorrectAuthority extends RuntimeException {
    public IncorrectAuthority(String message) {
        super(message);
    }
 }
--- a/src/main/java/com/example/nto/exception/handler/GlobalExceptionHandler.java
+++ b/src/main/java/com/example/nto/exception/handler/GlobalExceptionHandler.java
@ -1,9 +1,6 @@
 package com.example.nto.exception.handler;
-import com.example.nto.exception.EmployeeNotFoundException;
+import com.example.nto.exception.*;
 import com.example.nto.exception.IncorrectCodeException;
 import com.example.nto.exception.IncorrectPasswordException;
 import com.example.nto.exception.IncorrectTypeException;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ControllerAdvice;
@ -25,4 +22,9 @@ public class GlobalExceptionHandler {
    public ResponseEntity<String> handlerIncorrectTypeException(IncorrectTypeException e) {
        return new ResponseEntity<>(e.getMessage(), HttpStatus.CONFLICT);
    }
    @ExceptionHandler(IncorrectAuthority.class)
    public ResponseEntity<String> handlerIncorrectAuthority(IncorrectAuthority e) {
        return new ResponseEntity<>(e.getMessage(), HttpStatus.CONFLICT);
    }
 }
--- a/src/main/java/com/example/nto/repository/AuthorityRepository.java
+++ b/src/main/java/com/example/nto/repository/AuthorityRepository.java
@ -0,0 +1,12 @@
 package com.example.nto.repository;
 import com.example.nto.entity.Authority;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
 import java.util.Optional;
@Repository
 public interface AuthorityRepository extends JpaRepository<Authority, Long> {
    Optional<Authority> findByAuthority(String authority);
 }
--- a/src/main/java/com/example/nto/repository/EmployeeAuthorityRepository.java
+++ b/src/main/java/com/example/nto/repository/EmployeeAuthorityRepository.java
@ -0,0 +1,11 @@
 package com.example.nto.repository;
 import com.example.nto.entity.Employee;
 import com.example.nto.entity.EmployeeAuthority;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
@Repository
 public interface EmployeeAuthorityRepository extends JpaRepository<EmployeeAuthority, Long> {
    EmployeeAuthority findByEmpId(Employee id);
 }
--- a/src/main/java/com/example/nto/service/EmployeeService.java
+++ b/src/main/java/com/example/nto/service/EmployeeService.java
@ -2,6 +2,8 @@ package com.example.nto.service;
 import com.example.nto.dto.EmployeeDTO;
 import com.example.nto.dto.EnterDTO;
 import com.example.nto.entity.Authority;
 import com.example.nto.entity.EmployeeAuthority;
 import java.util.List;
@ -10,4 +12,5 @@ public interface EmployeeService {
    EmployeeDTO getInfo(String username);
    EnterDTO addEnter(String username, EnterDTO enterDTO);
    List<EnterDTO> getAllEmployeeEnters(String username);
    EmployeeAuthority changeAuthority(String username, Authority auth);
 }
--- a/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java
+++ b/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java
@ -2,17 +2,12 @@ package com.example.nto.service.impl;
 import com.example.nto.dto.EmployeeDTO;
 import com.example.nto.dto.EnterDTO;
-import com.example.nto.entity.Code;
+import com.example.nto.entity.*;
 import com.example.nto.entity.Employee;
 import com.example.nto.entity.Enter;
 import com.example.nto.entity.EnterType;
 import com.example.nto.exception.EmployeeNotFoundException;
 import com.example.nto.exception.IncorrectAuthority;
 import com.example.nto.exception.IncorrectCodeException;
 import com.example.nto.exception.IncorrectTypeException;
-import com.example.nto.repository.CodeRepository;
+import com.example.nto.repository.*;
 import com.example.nto.repository.EmployeeRepository;
 import com.example.nto.repository.EnterRepository;
 import com.example.nto.repository.EnterTypeRepository;
 import com.example.nto.service.EmployeeService;
 import com.example.nto.util.EmployeeMapper;
 import com.example.nto.util.EnterMapper;
@ -33,6 +28,8 @@ public class EmployeeServiceImpl implements EmployeeService {
    private final CodeRepository codeRepository;
    private final EnterTypeRepository enterTypeRepository;
    private final EnterRepository enterRepository;
    private final AuthorityRepository authorityRepository;
    private final EmployeeAuthorityRepository employeeAuthorityRepository;
    @Override
    public EmployeeDTO getEmployeeByUsername(String username) {
@ -84,5 +81,20 @@ public class EmployeeServiceImpl implements EmployeeService {
                .collect(Collectors.toList());
    }
    @Override
    public EmployeeAuthority changeAuthority(String username, Authority auth) {
        Optional<Employee> optionalEmployee = employeeRepository.findByUsername(username);
        if(optionalEmployee.isEmpty())
            throw new EmployeeNotFoundException("Employee with username: " + username + " not found");
        Optional<Authority> optionalAuthority = authorityRepository.findByAuthority(auth.getAuthority());
        if(optionalAuthority.isEmpty())
            throw new IncorrectAuthority("Incorrect authority");
        EmployeeAuthority employeeAuthority = employeeAuthorityRepository.findByEmpId(optionalEmployee.get());
        employeeAuthority.setAuthId(optionalAuthority.get());
        return employeeAuthorityRepository.save(employeeAuthority);
    }
 }
--- a/src/main/java/com/example/nto/util/AuthorityMapper.java
+++ b/src/main/java/com/example/nto/util/AuthorityMapper.java
@ -0,0 +1,17 @@
 package com.example.nto.util;
 import com.example.nto.dto.AuthorityDTO;
 import com.example.nto.dto.EnterDTO;
 import com.example.nto.entity.Authority;
 import com.example.nto.entity.Enter;
 import lombok.experimental.UtilityClass;
@UtilityClass
 public class AuthorityMapper {
    public AuthorityDTO convertToDTO(Authority authority){
        AuthorityDTO authorityDTO = new AuthorityDTO();
        authorityDTO.setAuthority(authority.getAuthority());
        return authorityDTO;
    }
 }
--- a/src/main/java/com/example/nto/util/EmployeeMapper.java
+++ b/src/main/java/com/example/nto/util/EmployeeMapper.java
@ -1,5 +1,6 @@
 package com.example.nto.util;
 import com.example.nto.dto.AuthorityDTO;
 import com.example.nto.dto.EmployeeDTO;
 import com.example.nto.entity.Employee;
 import lombok.experimental.UtilityClass;
@ -14,6 +15,7 @@ public class EmployeeMapper {
        employeeDTO.setPosition(employee.getPosition());
        employeeDTO.setPhotoUrl(employee.getPhotoUrl());
        employeeDTO.setLastVisit(employee.getLastVisit());
        employeeDTO.setAuthority(employee.getAuthorities());
        return employeeDTO;
    }
--- a/src/main/resources/db.changelog/1.0/data/csv/2025-02-18-0003-authority-data.csv
+++ b/src/main/resources/db.changelog/1.0/data/csv/2025-02-18-0003-authority-data.csv
@ -1,3 +1,4 @@
 authorities
 ROLE_USER
 ROLE_ADMIN
 ROLE_BLOCK
--- a/src/main/resources/db.changelog/1.0/data/csv/2025-02-18-0004-employee-authority-data.csv
+++ b/src/main/resources/db.changelog/1.0/data/csv/2025-02-18-0004-employee-authority-data.csv
@ -1,5 +1,5 @@
 employee_id;authorities_id
 1;1
-2;1
+2;2
-3;1
+3;3
 4;1