Make inventory only accessible for administrator

Fixes #33
This commit is contained in:
Simon Bruder 2023-11-18 12:34:40 +01:00
parent 2515c17de5
commit 58dae6532e
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC

View file

@ -19,6 +19,7 @@ package catering.inventory;
import org.salespointframework.catalog.Product;
import org.salespointframework.inventory.UniqueInventory;
import org.salespointframework.inventory.UniqueInventoryItem;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.util.Assert;
@ -43,6 +44,7 @@ class InventoryController {
this.cateringCatalog = cateringCatalog;
}
@PreAuthorize("hasRole('ADMIN')")
@GetMapping("/inventory")
String list(Model model) {
model.addAttribute("inventory", inventory.findAll());
@ -50,6 +52,7 @@ class InventoryController {
return "inventory";
}
@PreAuthorize("hasRole('ADMIN')")
@GetMapping("/inventory/edit/{pid}")
String edit(Model model, @PathVariable Product pid) {
model.addAttribute("product", pid);
@ -58,6 +61,7 @@ class InventoryController {
return "inventory-mutate";
}
@PreAuthorize("hasRole('ADMIN')")
@PostMapping("/inventory/edit/{pid}")
String edit(@Valid InventoryMutateForm form, Errors result, @PathVariable Product pid) {
if (result.hasErrors()) {
@ -80,11 +84,13 @@ class InventoryController {
return "redirect:/inventory";
}
@PreAuthorize("hasRole('ADMIN')")
@GetMapping("/inventory/add")
String add() {
return "inventory-mutate";
}
@PreAuthorize("hasRole('ADMIN')")
@PostMapping("/inventory/add")
String add(@Valid InventoryMutateForm form, Errors result) {
if (result.hasErrors()) {
@ -97,6 +103,7 @@ class InventoryController {
return "redirect:/inventory";
}
@PreAuthorize("hasRole('ADMIN')")
@GetMapping("/inventory/delete/{pid}")
String delete(@PathVariable Product pid) {
UniqueInventoryItem item = inventory.findByProduct(pid).get();