Deduplicated PreAuthorize in ProjectController
This commit is contained in:
parent
d5f7f4f53c
commit
83e4e07f50
@ -5,11 +5,11 @@ import org.springframework.http.HttpStatus
|
|||||||
import org.springframework.security.access.prepost.PreAuthorize
|
import org.springframework.security.access.prepost.PreAuthorize
|
||||||
import org.springframework.security.core.annotation.AuthenticationPrincipal
|
import org.springframework.security.core.annotation.AuthenticationPrincipal
|
||||||
import org.springframework.stereotype.Controller
|
import org.springframework.stereotype.Controller
|
||||||
import org.springframework.web.bind.annotation.GetMapping
|
|
||||||
import org.springframework.web.bind.annotation.PathVariable
|
|
||||||
import org.springframework.ui.Model
|
import org.springframework.ui.Model
|
||||||
import org.springframework.validation.BindingResult
|
import org.springframework.validation.BindingResult
|
||||||
|
import org.springframework.web.bind.annotation.GetMapping
|
||||||
import org.springframework.web.bind.annotation.ModelAttribute
|
import org.springframework.web.bind.annotation.ModelAttribute
|
||||||
|
import org.springframework.web.bind.annotation.PathVariable
|
||||||
import org.springframework.web.bind.annotation.PostMapping
|
import org.springframework.web.bind.annotation.PostMapping
|
||||||
import org.springframework.web.bind.annotation.RequestBody
|
import org.springframework.web.bind.annotation.RequestBody
|
||||||
import org.springframework.web.bind.annotation.RequestMapping
|
import org.springframework.web.bind.annotation.RequestMapping
|
||||||
@ -88,7 +88,7 @@ class HtmlController @Autowired constructor(val userRepository: UserRepository,
|
|||||||
|
|
||||||
@GetMapping("/projects")
|
@GetMapping("/projects")
|
||||||
@Transactional
|
@Transactional
|
||||||
fun listUserProjects(model: Model, @AuthenticationPrincipal userDetails: CustomUserDetails) : String {
|
fun listUserProjects(model: Model, @AuthenticationPrincipal userDetails: CustomUserDetails): String {
|
||||||
val user = entityManager.merge(userDetails.user) // Reattach User entity
|
val user = entityManager.merge(userDetails.user) // Reattach User entity
|
||||||
model.addAttribute("projects", user.projects.sortedBy { it.id })
|
model.addAttribute("projects", user.projects.sortedBy { it.id })
|
||||||
model.addAttribute("newProject", NewProject(""))
|
model.addAttribute("newProject", NewProject(""))
|
||||||
@ -97,12 +97,16 @@ class HtmlController @Autowired constructor(val userRepository: UserRepository,
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Suppress("ELValidationInJSP", "SpringElInspection")
|
||||||
|
@PreAuthorize("hasPermission(#id, 'Long', '')")
|
||||||
|
annotation class IsProjectMember
|
||||||
|
|
||||||
@Controller
|
@Controller
|
||||||
@RequestMapping("/project/{id}")
|
@RequestMapping("/project/{id}")
|
||||||
|
@IsProjectMember
|
||||||
class ProjectController @Autowired constructor(val projectRepository: ProjectRepository, val userRepository: UserRepository, val eventRepository: EventRepository, val commentRepository: CommentRepository) {
|
class ProjectController @Autowired constructor(val projectRepository: ProjectRepository, val userRepository: UserRepository, val eventRepository: EventRepository, val commentRepository: CommentRepository) {
|
||||||
|
|
||||||
@GetMapping("")
|
@GetMapping("")
|
||||||
@PreAuthorize("hasPermission(#id, 'Long', '')")
|
|
||||||
fun getProject(@PathVariable id: Long, model: Model): String {
|
fun getProject(@PathVariable id: Long, model: Model): String {
|
||||||
val project = projectRepository.findById(id).get()
|
val project = projectRepository.findById(id).get()
|
||||||
val nonMembers = userRepository.findByIdNotIn(project.members.map { it.id!! })
|
val nonMembers = userRepository.findByIdNotIn(project.members.map { it.id!! })
|
||||||
@ -112,7 +116,6 @@ class ProjectController @Autowired constructor(val projectRepository: ProjectRep
|
|||||||
}
|
}
|
||||||
|
|
||||||
@GetMapping("/events")
|
@GetMapping("/events")
|
||||||
@PreAuthorize("hasPermission(#id, 'Long', '')")
|
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
fun getProjectEventsBetween(@PathVariable id: Long, @RequestParam start: Instant?, @RequestParam end: Instant?) : Set<Event> {
|
fun getProjectEventsBetween(@PathVariable id: Long, @RequestParam start: Instant?, @RequestParam end: Instant?) : Set<Event> {
|
||||||
val project = projectRepository.findById(id).get()
|
val project = projectRepository.findById(id).get()
|
||||||
@ -124,7 +127,6 @@ class ProjectController @Autowired constructor(val projectRepository: ProjectRep
|
|||||||
|
|
||||||
|
|
||||||
@PostMapping("/adduser")
|
@PostMapping("/adduser")
|
||||||
@PreAuthorize("hasPermission(#id, 'Long', '')")
|
|
||||||
fun addUserToProject(@PathVariable id: Long, @RequestParam("uid") uid: Long) : String {
|
fun addUserToProject(@PathVariable id: Long, @RequestParam("uid") uid: Long) : String {
|
||||||
val user = userRepository.findById(uid).get()
|
val user = userRepository.findById(uid).get()
|
||||||
val project = projectRepository.findById(id).get()
|
val project = projectRepository.findById(id).get()
|
||||||
@ -134,7 +136,6 @@ class ProjectController @Autowired constructor(val projectRepository: ProjectRep
|
|||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/removeuser")
|
@PostMapping("/removeuser")
|
||||||
@PreAuthorize("hasPermission(#id, 'Long', '')")
|
|
||||||
fun removeUserFromProject(@PathVariable id: Long, @RequestParam("id") uid: Long) : String{
|
fun removeUserFromProject(@PathVariable id: Long, @RequestParam("id") uid: Long) : String{
|
||||||
val project = projectRepository.findById(id).get()
|
val project = projectRepository.findById(id).get()
|
||||||
// Don't allow projects to have no members
|
// Don't allow projects to have no members
|
||||||
@ -146,7 +147,6 @@ class ProjectController @Autowired constructor(val projectRepository: ProjectRep
|
|||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/addevent")
|
@PostMapping("/addevent")
|
||||||
@PreAuthorize("hasPermission(#id, 'Long', '')")
|
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
fun addEventToProject(@PathVariable id: Long, @RequestBody e: NewEvent) {
|
fun addEventToProject(@PathVariable id: Long, @RequestBody e: NewEvent) {
|
||||||
val project = projectRepository.findById(id).get()
|
val project = projectRepository.findById(id).get()
|
||||||
@ -155,7 +155,6 @@ class ProjectController @Autowired constructor(val projectRepository: ProjectRep
|
|||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/editevent")
|
@PostMapping("/editevent")
|
||||||
@PreAuthorize("hasPermission(#id, 'Long', '')")
|
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
fun editEvent(@PathVariable id: Long, @RequestBody e: EditedEvent) {
|
fun editEvent(@PathVariable id: Long, @RequestBody e: EditedEvent) {
|
||||||
val event = eventRepository.findById(e.id).get()
|
val event = eventRepository.findById(e.id).get()
|
||||||
@ -167,14 +166,12 @@ class ProjectController @Autowired constructor(val projectRepository: ProjectRep
|
|||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/deleteevent")
|
@PostMapping("/deleteevent")
|
||||||
@PreAuthorize("hasPermission(#id, 'Long', '')")
|
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
fun deleteEvent(@PathVariable id: Long, @RequestBody e: EventID) {
|
fun deleteEvent(@PathVariable id: Long, @RequestBody e: EventID) {
|
||||||
eventRepository.deleteById(e.id)
|
eventRepository.deleteById(e.id)
|
||||||
}
|
}
|
||||||
|
|
||||||
@GetMapping("/eventcomments/{eventID}")
|
@GetMapping("/eventcomments/{eventID}")
|
||||||
@PreAuthorize("hasPermission(#id, 'Long', '')")
|
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
fun getCommentsForEvent(@PathVariable id: Long, @PathVariable eventID: Long): List<FlatComment> {
|
fun getCommentsForEvent(@PathVariable id: Long, @PathVariable eventID: Long): List<FlatComment> {
|
||||||
val project = projectRepository.findById(id).get()
|
val project = projectRepository.findById(id).get()
|
||||||
@ -184,7 +181,6 @@ class ProjectController @Autowired constructor(val projectRepository: ProjectRep
|
|||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/addcomment/{eventID}")
|
@PostMapping("/addcomment/{eventID}")
|
||||||
@PreAuthorize("hasPermission(#id, 'Long', '')")
|
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
fun addCommentToEvent(@PathVariable id: Long, @PathVariable eventID: Long, @RequestBody c: NewComment, @AuthenticationPrincipal userDetails: CustomUserDetails) {
|
fun addCommentToEvent(@PathVariable id: Long, @PathVariable eventID: Long, @RequestBody c: NewComment, @AuthenticationPrincipal userDetails: CustomUserDetails) {
|
||||||
val event = eventRepository.findById(eventID).get()
|
val event = eventRepository.findById(eventID).get()
|
||||||
|
Loading…
Reference in New Issue
Block a user