mirrors/swt23w23
1
0
Fork 0
mirror of https://github.com/st-tu-dresden-praktikum/swt23w23 synced 2024-07-19 21:04:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use class-wide PreAuthorize for InventoryController

Browse source 
This should protect against accidentally forgetting it for one method.
This commit is contained in:
Simon Bruder 2023-12-07 19:12:55 +01:00
parent 3e2cc3d0b2
commit 0eb3276dde
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
1 changed files with 1 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/main/java/catering/inventory/InventoryController.java
View file

@ -58,6 +58,7 @@ import jakarta.validation.Valid;
*/ */
@Controller @Controller
@PreAuthorize("hasRole('ADMIN')")
class InventoryController { class InventoryController {
private final UniqueInventory<UniqueInventoryItem> inventory; private final UniqueInventory<UniqueInventoryItem> inventory;
private final CateringCatalog cateringCatalog; private final CateringCatalog cateringCatalog;
@ -69,7 +70,6 @@ class InventoryController {
this.cateringCatalog = cateringCatalog; this.cateringCatalog = cateringCatalog;
} }
@PreAuthorize("hasRole('ADMIN')")
@GetMapping("/inventory") @GetMapping("/inventory")
String list(Model model) { String list(Model model) {
model.addAttribute("inventory", inventory.findAll()); model.addAttribute("inventory", inventory.findAll());
@ -77,7 +77,6 @@ class InventoryController {
return "inventory"; return "inventory";
} }
@PreAuthorize("hasRole('ADMIN')")
@GetMapping("/inventory/edit/{pid}") @GetMapping("/inventory/edit/{pid}")
String edit(Model model, @PathVariable Product pid) { String edit(Model model, @PathVariable Product pid) {
UniqueInventoryItem item = inventory.findByProduct(pid).get(); UniqueInventoryItem item = inventory.findByProduct(pid).get();
@ -93,14 +92,12 @@ class InventoryController {
return "inventory-mutate"; return "inventory-mutate";
} }
@PreAuthorize("hasRole('ADMIN')")
@PostMapping(path = "/inventory/edit/{pid}", params = "type=Consumable") @PostMapping(path = "/inventory/edit/{pid}", params = "type=Consumable")
String editConsumable(@Valid @ModelAttribute("form") ConsumableMutateForm form, Errors result, String editConsumable(@Valid @ModelAttribute("form") ConsumableMutateForm form, Errors result,
@PathVariable Product pid, Model model) { @PathVariable Product pid, Model model) {
return edit(form, result, pid, model); return edit(form, result, pid, model);
} }
@PreAuthorize("hasRole('ADMIN')")
@PostMapping(path = "/inventory/edit/{pid}", params = "type=Rentable") @PostMapping(path = "/inventory/edit/{pid}", params = "type=Rentable")
String editRentable(@Valid @ModelAttribute("form") RentableMutateForm form, Errors result, String editRentable(@Valid @ModelAttribute("form") RentableMutateForm form, Errors result,
@PathVariable Product pid, Model model) { @PathVariable Product pid, Model model) {
@ -122,7 +119,6 @@ class InventoryController {
return "redirect:/inventory"; return "redirect:/inventory";
} }
@PreAuthorize("hasRole('ADMIN')")
@GetMapping(path = "/inventory/add") @GetMapping(path = "/inventory/add")
String add(Model model, @RequestParam String type) { String add(Model model, @RequestParam String type) {
switch (type) { switch (type) {
@ -142,13 +138,11 @@ class InventoryController {
return "inventory-mutate"; return "inventory-mutate";
} }
@PreAuthorize("hasRole('ADMIN')")
@PostMapping(path = "/inventory/add", params = "type=Consumable") @PostMapping(path = "/inventory/add", params = "type=Consumable")
String addConsumable(@Valid @ModelAttribute("form") ConsumableMutateForm form, Errors result, Model model) { String addConsumable(@Valid @ModelAttribute("form") ConsumableMutateForm form, Errors result, Model model) {
return add(form, result, model); return add(form, result, model);
} }
@PreAuthorize("hasRole('ADMIN')")
@PostMapping(path = "/inventory/add", params = "type=Rentable") @PostMapping(path = "/inventory/add", params = "type=Rentable")
String addRentable(@Valid @ModelAttribute("form") ConsumableMutateForm form, Errors result, Model model) { String addRentable(@Valid @ModelAttribute("form") ConsumableMutateForm form, Errors result, Model model) {
return add(form, result, model); return add(form, result, model);
@ -162,7 +156,6 @@ class InventoryController {
return "redirect:/inventory"; return "redirect:/inventory";
} }
@PreAuthorize("hasRole('ADMIN')")
@GetMapping("/inventory/delete/{pid}") @GetMapping("/inventory/delete/{pid}")
String delete(@PathVariable Product pid) { String delete(@PathVariable Product pid) {
UniqueInventoryItem item = inventory.findByProduct(pid).get(); UniqueInventoryItem item = inventory.findByProduct(pid).get();