From a97df591a7c69064df13916c7a0b53f19385f5a5 Mon Sep 17 00:00:00 2001 From: neviyn Date: Thu, 13 May 2021 19:55:17 +0100 Subject: [PATCH] Moved @Secured to the class level for MemberController & UploadController --- src/main/kotlin/uk/co/neviyn/booru/Controller.kt | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/main/kotlin/uk/co/neviyn/booru/Controller.kt b/src/main/kotlin/uk/co/neviyn/booru/Controller.kt index 927f7b8..9620435 100644 --- a/src/main/kotlin/uk/co/neviyn/booru/Controller.kt +++ b/src/main/kotlin/uk/co/neviyn/booru/Controller.kt @@ -172,6 +172,7 @@ class ImageController @Controller @RequestMapping("/user") +@Secured class MemberController @Autowired constructor( val memberRepository: MemberRepository @@ -186,7 +187,6 @@ class MemberController } @PostMapping - @Secured fun updateLoggedInUser(@Valid @ModelAttribute userData: DisplayUser, @AuthenticationPrincipal userDetails: CustomUserDetails, model: Model): String { if (userData.id == userDetails.getId() && passwordEncoder().matches(userData.oldPassword, userDetails.password)) { val user = memberRepository.findById(userDetails.getId()).get() @@ -205,6 +205,7 @@ class MemberController @Controller @RequestMapping("/upload") +@Secured class UploadController @Autowired constructor( val imageRepository: ImageRepository, @@ -221,7 +222,6 @@ class UploadController } @PostMapping - @Secured fun uploadFile( @AuthenticationPrincipal userDetails: CustomUserDetails, @RequestParam file: MultipartFile, @@ -240,7 +240,6 @@ class UploadController } @DeleteMapping("/d/{imageID}") - @Secured @Transactional fun deleteUpload(@PathVariable imageID: Long, @AuthenticationPrincipal userDetails: CustomUserDetails): String { val target = imageRepository.findById(imageID)