diff --git a/src/main/java/catering/inventory/InventoryController.java b/src/main/java/catering/inventory/InventoryController.java index d87c5aa..53feb6c 100644 --- a/src/main/java/catering/inventory/InventoryController.java +++ b/src/main/java/catering/inventory/InventoryController.java @@ -19,6 +19,7 @@ package catering.inventory; import org.salespointframework.catalog.Product; import org.salespointframework.inventory.UniqueInventory; import org.salespointframework.inventory.UniqueInventoryItem; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.util.Assert; @@ -43,6 +44,7 @@ class InventoryController { this.cateringCatalog = cateringCatalog; } + @PreAuthorize("hasRole('ADMIN')") @GetMapping("/inventory") String list(Model model) { model.addAttribute("inventory", inventory.findAll()); @@ -50,6 +52,7 @@ class InventoryController { return "inventory"; } + @PreAuthorize("hasRole('ADMIN')") @GetMapping("/inventory/edit/{pid}") String edit(Model model, @PathVariable Product pid) { model.addAttribute("product", pid); @@ -58,6 +61,7 @@ class InventoryController { return "inventory-mutate"; } + @PreAuthorize("hasRole('ADMIN')") @PostMapping("/inventory/edit/{pid}") String edit(@Valid InventoryMutateForm form, Errors result, @PathVariable Product pid) { if (result.hasErrors()) { @@ -80,11 +84,13 @@ class InventoryController { return "redirect:/inventory"; } + @PreAuthorize("hasRole('ADMIN')") @GetMapping("/inventory/add") String add() { return "inventory-mutate"; } + @PreAuthorize("hasRole('ADMIN')") @PostMapping("/inventory/add") String add(@Valid InventoryMutateForm form, Errors result) { if (result.hasErrors()) { @@ -97,6 +103,7 @@ class InventoryController { return "redirect:/inventory"; } + @PreAuthorize("hasRole('ADMIN')") @GetMapping("/inventory/delete/{pid}") String delete(@PathVariable Product pid) { UniqueInventoryItem item = inventory.findByProduct(pid).get();