mirror of
https://github.com/st-tu-dresden-praktikum/swt23w23
synced 2024-07-19 21:04:36 +02:00
Use class-wide PreAuthorize for InventoryController
This should protect against accidentally forgetting it for one method.
This commit is contained in:
parent
3e2cc3d0b2
commit
0eb3276dde
|
@ -58,6 +58,7 @@ import jakarta.validation.Valid;
|
|||
*/
|
||||
|
||||
@Controller
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
class InventoryController {
|
||||
private final UniqueInventory<UniqueInventoryItem> inventory;
|
||||
private final CateringCatalog cateringCatalog;
|
||||
|
@ -69,7 +70,6 @@ class InventoryController {
|
|||
this.cateringCatalog = cateringCatalog;
|
||||
}
|
||||
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
@GetMapping("/inventory")
|
||||
String list(Model model) {
|
||||
model.addAttribute("inventory", inventory.findAll());
|
||||
|
@ -77,7 +77,6 @@ class InventoryController {
|
|||
return "inventory";
|
||||
}
|
||||
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
@GetMapping("/inventory/edit/{pid}")
|
||||
String edit(Model model, @PathVariable Product pid) {
|
||||
UniqueInventoryItem item = inventory.findByProduct(pid).get();
|
||||
|
@ -93,14 +92,12 @@ class InventoryController {
|
|||
return "inventory-mutate";
|
||||
}
|
||||
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
@PostMapping(path = "/inventory/edit/{pid}", params = "type=Consumable")
|
||||
String editConsumable(@Valid @ModelAttribute("form") ConsumableMutateForm form, Errors result,
|
||||
@PathVariable Product pid, Model model) {
|
||||
return edit(form, result, pid, model);
|
||||
}
|
||||
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
@PostMapping(path = "/inventory/edit/{pid}", params = "type=Rentable")
|
||||
String editRentable(@Valid @ModelAttribute("form") RentableMutateForm form, Errors result,
|
||||
@PathVariable Product pid, Model model) {
|
||||
|
@ -122,7 +119,6 @@ class InventoryController {
|
|||
return "redirect:/inventory";
|
||||
}
|
||||
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
@GetMapping(path = "/inventory/add")
|
||||
String add(Model model, @RequestParam String type) {
|
||||
switch (type) {
|
||||
|
@ -142,13 +138,11 @@ class InventoryController {
|
|||
return "inventory-mutate";
|
||||
}
|
||||
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
@PostMapping(path = "/inventory/add", params = "type=Consumable")
|
||||
String addConsumable(@Valid @ModelAttribute("form") ConsumableMutateForm form, Errors result, Model model) {
|
||||
return add(form, result, model);
|
||||
}
|
||||
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
@PostMapping(path = "/inventory/add", params = "type=Rentable")
|
||||
String addRentable(@Valid @ModelAttribute("form") ConsumableMutateForm form, Errors result, Model model) {
|
||||
return add(form, result, model);
|
||||
|
@ -162,7 +156,6 @@ class InventoryController {
|
|||
return "redirect:/inventory";
|
||||
}
|
||||
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
@GetMapping("/inventory/delete/{pid}")
|
||||
String delete(@PathVariable Product pid) {
|
||||
UniqueInventoryItem item = inventory.findByProduct(pid).get();
|
||||
|
|
Loading…
Reference in a new issue