mirrors/swt23w23
1
0
Fork 0
mirror of https://github.com/st-tu-dresden-praktikum/swt23w23 synced 2024-06-30 18:53:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Make inventory only accessible for administrator

Browse source 
Fixes #33
This commit is contained in:
Simon Bruder 2023-11-18 12:34:40 +01:00
parent 2515c17de5
commit 58dae6532e
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/main/java/catering/inventory/InventoryController.java
View file

@ -19,6 +19,7 @@ package catering.inventory;
import org.salespointframework.catalog.Product; import org.salespointframework.catalog.Product;
import org.salespointframework.inventory.UniqueInventory; import org.salespointframework.inventory.UniqueInventory;
import org.salespointframework.inventory.UniqueInventoryItem; import org.salespointframework.inventory.UniqueInventoryItem;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.ui.Model; import org.springframework.ui.Model;
import org.springframework.util.Assert; import org.springframework.util.Assert;
@ -43,6 +44,7 @@ class InventoryController {
this.cateringCatalog = cateringCatalog; this.cateringCatalog = cateringCatalog;
} }
@PreAuthorize("hasRole('ADMIN')")
@GetMapping("/inventory") @GetMapping("/inventory")
String list(Model model) { String list(Model model) {
model.addAttribute("inventory", inventory.findAll()); model.addAttribute("inventory", inventory.findAll());
@ -50,6 +52,7 @@ class InventoryController {
return "inventory"; return "inventory";
} }
@PreAuthorize("hasRole('ADMIN')")
@GetMapping("/inventory/edit/{pid}") @GetMapping("/inventory/edit/{pid}")
String edit(Model model, @PathVariable Product pid) { String edit(Model model, @PathVariable Product pid) {
model.addAttribute("product", pid); model.addAttribute("product", pid);
@ -58,6 +61,7 @@ class InventoryController {
return "inventory-mutate"; return "inventory-mutate";
} }
@PreAuthorize("hasRole('ADMIN')")
@PostMapping("/inventory/edit/{pid}") @PostMapping("/inventory/edit/{pid}")
String edit(@Valid InventoryMutateForm form, Errors result, @PathVariable Product pid) { String edit(@Valid InventoryMutateForm form, Errors result, @PathVariable Product pid) {
if (result.hasErrors()) { if (result.hasErrors()) {
@ -80,11 +84,13 @@ class InventoryController {
return "redirect:/inventory"; return "redirect:/inventory";
} }
@PreAuthorize("hasRole('ADMIN')")
@GetMapping("/inventory/add") @GetMapping("/inventory/add")
String add() { String add() {
return "inventory-mutate"; return "inventory-mutate";
} }
@PreAuthorize("hasRole('ADMIN')")
@PostMapping("/inventory/add") @PostMapping("/inventory/add")
String add(@Valid InventoryMutateForm form, Errors result) { String add(@Valid InventoryMutateForm form, Errors result) {
if (result.hasErrors()) { if (result.hasErrors()) {
@ -97,6 +103,7 @@ class InventoryController {
return "redirect:/inventory"; return "redirect:/inventory";
} }
@PreAuthorize("hasRole('ADMIN')")
@GetMapping("/inventory/delete/{pid}") @GetMapping("/inventory/delete/{pid}")
String delete(@PathVariable Product pid) { String delete(@PathVariable Product pid) {
UniqueInventoryItem item = inventory.findByProduct(pid).get(); UniqueInventoryItem item = inventory.findByProduct(pid).get();