cool commit

2025-02-19 18:48:25 +03:00 · 2025-02-19 18:48:25 +03:00 · 2fef942c52
commit 2fef942c52
parent 639704713d
7 changed files with 35 additions and 8 deletions
--- a/src/main/java/com/example/nto/config/SecurityConfig.java
+++ b/src/main/java/com/example/nto/config/SecurityConfig.java
@ -7,6 +7,7 @@ import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
@ -21,6 +22,7 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
+@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class SecurityConfig {

    private final UserDetailsService userDetailsService;
--- a/src/main/java/com/example/nto/controller/EmployeeController.java
+++ b/src/main/java/com/example/nto/controller/EmployeeController.java
@ -18,13 +18,11 @@ public class EmployeeController {
    public void EmployeeExists(@RequestParam final String login) {
        employeeService.employeeExists(login);
    }
-//    @PreAuthorize("hasAuthority('ROLE_ADMIN')")
    @GetMapping("/info")
    public Employee info(@RequestParam final String login) {
        return employeeService.getEmployee(login);
    }

-//    @PreAuthorize("hasAuthority('ROLE_USER', 'ROLE_ADMIN')")
    @PatchMapping("/open")
    public void open(@RequestParam final String login, @RequestBody final Code code) {
        employeeService.updateVisit(login, code.getValue());
@ -34,4 +32,10 @@ public class EmployeeController {
    public void add(@RequestBody final Employee employee) {
        employeeService.addEmployee(employee);
    }
+
+//    @PreAuthorize("hasAuthority('ROLE_ADMIN')")
+    @PutMapping("/ban")
+    public void ban(@RequestParam final String login) {
+        employeeService.banEmployee(login);
+    }
 }
--- a/src/main/java/com/example/nto/model/entity/Employee.java
+++ b/src/main/java/com/example/nto/model/entity/Employee.java
@ -39,6 +39,8 @@ public class Employee implements UserDetails {
    @Enumerated(EnumType.STRING)
    private EmployeeRoleType role;

+    private Boolean isBanned;
+
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return List.of(new SimpleGrantedAuthority("ROLE_" + role.name()));
--- a/src/main/java/com/example/nto/service/EmployeeService.java
+++ b/src/main/java/com/example/nto/service/EmployeeService.java
@ -13,4 +13,5 @@ public interface EmployeeService {

    void addEmployee(Employee employee);

+    void banEmployee(String login);
 }
--- a/src/main/java/com/example/nto/service/exception/EmployeeBannedException.java
+++ b/src/main/java/com/example/nto/service/exception/EmployeeBannedException.java
@ -0,0 +1,7 @@
+package com.example.nto.service.exception;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+@ResponseStatus(HttpStatus.FORBIDDEN)
+public class EmployeeBannedException extends RuntimeException { }
--- a/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java
+++ b/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java
@ -5,6 +5,7 @@ import com.example.nto.repository.CodeRepository;
 import com.example.nto.repository.EmployeeRepository;
 import com.example.nto.service.EmployeeService;
 import com.example.nto.service.exception.CodeNotFoundException;
+import com.example.nto.service.exception.EmployeeBannedException;
 import com.example.nto.service.exception.EmployeeNotFoundException;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
@ -39,7 +40,6 @@ public class EmployeeServiceImpl implements EmployeeService {
    @Override
    public Employee getEmployee(final String login) {
        var encoder = new BCryptPasswordEncoder();
-        System.out.println(encoder.encode("nigger"));
        if (!employeeRepository.existsByLogin(login)) {
            throw new EmployeeNotFoundException();
        }
@ -55,6 +55,9 @@ public class EmployeeServiceImpl implements EmployeeService {
            throw new CodeNotFoundException();
        }
        final Employee employee = employeeRepository.findEmployeeByLogin(login);
+        if (employee.getIsBanned()) {
+            throw new EmployeeBannedException();
+        }
        employee.setLastVisit(LocalDateTime.now());
        employeeRepository.save(employee);
    }
@ -64,4 +67,12 @@ public class EmployeeServiceImpl implements EmployeeService {
        employee.setPassword(passwordEncoder.encode(employee.getPassword()));
        employeeRepository.save(employee);
    }
+
+    @Override
+    public void banEmployee(String login) {
+        employeeExists(login);
+        var employee = getEmployee(login);
+        employee.setIsBanned(true);
+        employeeRepository.save(employee);
+    }
 }
--- a/src/main/resources/data.sql
+++ b/src/main/resources/data.sql
@ -1,9 +1,9 @@
-INSERT INTO employee (id, login, password, name, photo, position, last_visit, role)
+INSERT INTO employee (id, login, password, name, photo, position, last_visit, role, is_banned)
 VALUES
-(1, 'pivanov', '$2a$10$ciGeZy83rnnmeVDJylnAAuqg2z3ZfXNIS.8PYwRQdPrbguAybtUbe', 'Иванов Петр Федорович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-12T08:30', 'USER'),
-(2, 'ipetrov', 'cringe', 'Петров Иван Константинович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Аналитик', '2024-02-13T08:35', 'ADMIN'),
-(3, 'asemenov', 'pupupu', 'Семенов Анатолий Анатольевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-13T08:31', 'USER'),
-(4, 'afedorov', '$2a$10$4tbL.Kp1e4TB1Luq86hzAeAdDgBLoqH3Kh0GaR5RmkNni5lzre3oO', 'Федоров Александр Сергеевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Тестировщик', '2024-02-12T08:36', 'USER');
+(1, 'pivanov', '$2a$10$ciGeZy83rnnmeVDJylnAAuqg2z3ZfXNIS.8PYwRQdPrbguAybtUbe', 'Иванов Петр Федорович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-12T08:30', 'USER', false),
+(2, 'ipetrov', 'cringe', 'Петров Иван Константинович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Аналитик', '2024-02-13T08:35', 'ADMIN', false),
+(3, 'asemenov', 'pupupu', 'Семенов Анатолий Анатольевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-13T08:31', 'USER', false),
+(4, 'afedorov', '$2a$10$4tbL.Kp1e4TB1Luq86hzAeAdDgBLoqH3Kh0GaR5RmkNni5lzre3oO', 'Федоров Александр Сергеевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Тестировщик', '2024-02-12T08:36', 'ADMIN', false);

 INSERT INTO code (value)
 VALUES