Make only customers able to delete their own account

This commit is contained in:
Denis Natusch 2023-11-15 01:44:12 +01:00 committed by Simon Bruder
parent 3478fe2b24
commit ee280786ee
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
2 changed files with 6 additions and 1 deletions

View file

@ -5,6 +5,7 @@ import jakarta.persistence.EmbeddedId;
import jakarta.persistence.Entity; import jakarta.persistence.Entity;
import jakarta.persistence.OneToOne; import jakarta.persistence.OneToOne;
import org.salespointframework.useraccount.Role;
import org.salespointframework.useraccount.UserAccount; import org.salespointframework.useraccount.UserAccount;
import org.salespointframework.core.AbstractAggregateRoot; import org.salespointframework.core.AbstractAggregateRoot;
@ -63,6 +64,10 @@ public class User extends AbstractAggregateRoot<UserIdentifier> {
return userAccount.isEnabled(); return userAccount.isEnabled();
} }
public boolean hasRole(String role) {
return userAccount.getRoles().stream().toList().contains(Role.of(role));
}
@Embeddable @Embeddable
public static final class UserIdentifier implements Identifier, Serializable { public static final class UserIdentifier implements Identifier, Serializable {

View file

@ -35,7 +35,7 @@
<div class="horizontal_center"> <div class="horizontal_center">
<button class="danger_zone" th:text="#{profile.edit}" type="submit"></button> <button class="danger_zone" th:text="#{profile.edit}" type="submit"></button>
<a th:href="@{/profile/disable}"> <a th:href="@{/profile/disable}">
<button class="danger_zone" th:text="#{profile.delete}" type="button"></button> <button th:if="${user.hasRole('CUSTOMER')}" class="danger_zone" th:text="#{profile.delete}" type="button"></button>
</a> </a>
</div> </div>
</div> </div>