Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 91ae3f3

Browse files
committed
Role definations have been done.
1 parent 2340b7e commit 91ae3f3

File tree

8 files changed

+56
-22
lines changed

8 files changed

+56
-22
lines changed

‎day-15/api/Todo.md

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,11 @@
33
3. FakeApplicationUserDao kullanarak (fake) uygulamayı başlat.
44
1. User, Editor, Admin Rollerini post et..
55
2. User, Editor, Admin kullanıcıları oluştur.
6+
3. **Unutma** varsayılan olarak tüm kullanıcılar **USER** rolü ile eklendi. Roller dağıtımını yapmayı unutma. Bu veri tabanında **users_role** tablosunu kullanarak yapabilirsin.
67
4. Uygulamayı durdur.
7-
5. UserServiceImp kullanarak (mysql) uygulamayı yeniden başlat.
8-
6. Postman'de kullanıcılar için koleksiyon oluştur.
9-
7. {{accessToken}} değişkenini koleksiyonlar için tanımla.
10-
8. Login testine bak.
11-
9. API güvenlik testleri denemesi yap.
8+
6. UserServiceImp kullanarak (mysql) uygulamayı yeniden başlat.
9+
7. Postman'de kullanıcılar için koleksiyon oluştur.
10+
8. {{accessToken}} değişkenini koleksiyonlar için tanımla.
11+
9. Login testine bak.
12+
10. Üretilen JWT jwt.io üzerinde test et.
13+
11. Resources için erişim senaryoları uygula.

‎day-15/api/src/main/java/com/bookstore/api/controllers/AuthController.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,7 @@ public AuthDto login(@RequestBody UserRequest loginRequest) {
6464

6565
AuthDto authResponse = new AuthDto();
6666
authResponse.setAccessToken("Bearer " + jwtToken);
67+
authResponse.setUserName(user.getUserName());
6768
authResponse.setRefreshToken(refreshTokenService.createRefreshToken(user).getData());
6869
authResponse.setUserId(user.getId());
6970
authResponse.setMessage("Successed.");

‎day-15/api/src/main/java/com/bookstore/api/controllers/AuthorController.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44

55
import org.springframework.http.HttpStatus;
66
import org.springframework.http.ResponseEntity;
7+
import org.springframework.security.access.prepost.PreAuthorize;
78
import org.springframework.web.bind.annotation.CrossOrigin;
89
import org.springframework.web.bind.annotation.DeleteMapping;
910
import org.springframework.web.bind.annotation.GetMapping;
@@ -46,12 +47,14 @@ public ResponseEntity<?> getOneAuthor(@PathVariable(name = "id", required = true
4647
}
4748

4849
@PostMapping
50+
@PreAuthorize("hasAuthority('author:post')")
4951
public ResponseEntity<?> postOneAuthor(@RequestBody @Valid Author author) {
5052
var apiResponse = authorService.postOneAuthor(author);
5153
return new ResponseEntity<>(apiResponse, apiResponse.getHttpStatus());
5254
}
5355

5456
@PutMapping("/{id}")
57+
@PreAuthorize("hasAuthority('author:put')")
5558
public ResponseEntity<?> putOneAuthor(@PathVariable(name = "id", required = true) int id,
5659
@RequestBody Author author) {
5760

@@ -64,6 +67,7 @@ public ResponseEntity<?> putOneAuthor(@PathVariable(name = "id", required = true
6467
}
6568

6669
@DeleteMapping("/{id}")
70+
@PreAuthorize("hasAuthority('author:delete')")
6771
public ResponseEntity<Void> deleteOneAuthor(@PathVariable("id") int id) {
6872
authorService.deleteOneAuthor(id);
6973
return new ResponseEntity<>(HttpStatus.NO_CONTENT);

‎day-15/api/src/main/java/com/bookstore/api/controllers/BookContoller.java

Lines changed: 8 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -18,47 +18,46 @@
1818
import com.bookstore.api.entities.dto.BookDtoForPut;
1919
import com.bookstore.api.services.Abstract.BookService;
2020

21+
import lombok.RequiredArgsConstructor;
22+
2123
@RestController
2224
@RequestMapping("api/v1/books")
23-
// @PreAuthorize("hasRole('ROLE_ADMIN')")
25+
@RequiredArgsConstructor
2426
public class BookContoller {
2527

26-
// Logger logger = LoggerFactory.getLogger(BookContoller.class.getName());
27-
2828
private final BookService bookService;
2929

30-
public BookContoller(BookService bookService) {
31-
this.bookService = bookService;
32-
}
33-
3430
@GetMapping
35-
@PreAuthorize("hasAuthority('book:get')")
31+
@PreAuthorize("permitAll()")
3632
public ResponseEntity<?> getAllBooks() {
3733
return ResponseEntity
3834
.status(HttpStatus.OK)
3935
.body(bookService.getAllBook());
4036
}
4137

4238
@GetMapping(path = "/{id}")
39+
@PreAuthorize("permitAll()")
4340
public ResponseEntity<?> getOneBook(@PathVariable(name = "id", required = true) int id) {
4441
var response = bookService.getOneBook(id);
4542
return new ResponseEntity<>(response, response.getHttpStatus());
4643
}
4744

4845
@PostMapping
49-
@PreAuthorize("hasRole('ROLE_ADMIN')")
46+
@PreAuthorize("hasAuthority('book:post')")
5047
public ResponseEntity<?> postOneBook(@RequestBody @Valid BookDtoForPost book) {
5148
var response = bookService.postOneBook(book);
5249
return new ResponseEntity<>(response, response.getHttpStatus());
5350
}
5451

5552
@PutMapping(path = "/{id}")
53+
@PreAuthorize("hasAuthority('book:put')")
5654
public ResponseEntity<?> putOneBook(@PathVariable(name = "id", required = true) int id,
5755
@RequestBody BookDtoForPut request) {
5856
return new ResponseEntity<>(bookService.putOneBook(id, request), HttpStatus.ACCEPTED);
5957
}
6058

6159
@DeleteMapping(path = "/{id}")
60+
@PreAuthorize("hasAuthority('book:delete')")
6261
public ResponseEntity<?> deleteOneBook(@PathVariable int id) {
6362
bookService.deleteOneBook(id);
6463
return new ResponseEntity<>(HttpStatus.NO_CONTENT);

‎day-15/api/src/main/java/com/bookstore/api/controllers/CategoryController.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44

55
import org.springframework.http.HttpStatus;
66
import org.springframework.http.ResponseEntity;
7+
import org.springframework.security.access.prepost.PreAuthorize;
78
import org.springframework.web.bind.annotation.DeleteMapping;
89
import org.springframework.web.bind.annotation.ExceptionHandler;
910
import org.springframework.web.bind.annotation.GetMapping;
@@ -44,18 +45,21 @@ public ApiResponse<Category> getOneCategory(@PathVariable(name = "id", required
4445
}
4546

4647
@PostMapping
48+
@PreAuthorize("hasAuthority('category:post')")
4749
public ResponseEntity<?> postOneCategory(@RequestBody Category category) {
4850
var response = categoryService.postOneCategory(category);
4951
return new ResponseEntity<>(response, response.getHttpStatus());
5052
}
5153

5254
@PutMapping("/{id}")
55+
@PreAuthorize("hasAuthority('category:put')")
5356
public ResponseEntity<?> putOneCategory(@PathVariable(name = "id") int id, @RequestBody Category category) {
5457
var response = categoryService.putOneCategory(id, category);
5558
return new ResponseEntity<>(response, response.getHttpStatus());
5659
}
5760

5861
@DeleteMapping("/{id}")
62+
@PreAuthorize("hasAuthority('category:delete')")
5963
public ResponseEntity<Void> deleteOneCategory(@PathVariable(name = "id") int id) {
6064
categoryService.deleteCategory(id);
6165
return new ResponseEntity<>(HttpStatus.NO_CONTENT);

‎day-15/api/src/main/java/com/bookstore/api/jwt/JwtTokenProvider.java

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55

66
import javax.crypto.SecretKey;
77

8+
import org.modelmapper.ModelMapper;
89
import org.springframework.security.core.Authentication;
910
import org.springframework.stereotype.Component;
1011

@@ -28,6 +29,7 @@ public class JwtTokenProvider {
2829
private final JwtConfig jwtConfig;
2930
private final SecretKey secretKey;
3031
private final UserService userService;
32+
private final ModelMapper mapper;
3133

3234
public String generateJwtToken(Authentication auth) {
3335

@@ -44,7 +46,8 @@ public String generateJwtToken(Authentication auth) {
4446

4547
public String generateJwtTokenByUserId(int userId) {
4648

47-
User user = userService.getOneUser(userId).getData();
49+
User user = mapper.map(userService.getOneUser(userId).getData(), User.class);
50+
4851
ApplicationUser userDetails = userService.selectApplicationUserByUsername(user.getUserName())
4952
.orElseThrow(() -> new UserNotFoundException(userId));
5053

‎day-15/api/src/main/java/com/bookstore/api/security/ApplicationUserPermission.java

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,18 @@ public enum ApplicationUserPermission {
44
BOOK_GET("book:get"),
55
BOOK_POST("book:post"),
66
BOOK_PUT("book:put"),
7-
BOOK_DELETE("book:delete");
8-
7+
BOOK_DELETE("book:delete"),
8+
9+
CATEGORY_GET("category:get"),
10+
CATEGORY_POST("category:post"),
11+
CATEGORY_PUT("category:put"),
12+
CATEGORY_DELETE("category:delete"),
13+
14+
AUTHOR_GET("author:get"),
15+
AUTHOR_POST("author:post"),
16+
AUTHOR_PUT("author:put"),
17+
AUTHOR_DELETE("author:delete");
18+
919
private final String permission;
1020

1121
public String getPermission() {
@@ -15,5 +25,5 @@ public String getPermission() {
1525
private ApplicationUserPermission(String permission) {
1626
this.permission = permission;
1727
}
18-
28+
1929
}

‎day-15/api/src/main/java/com/bookstore/api/security/ApplicationUserRole.java

Lines changed: 15 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,20 @@
99
import static com.bookstore.api.security.ApplicationUserPermission.*;
1010

1111
public enum ApplicationUserRole {
12-
ADMIN(Sets.newHashSet(BOOK_GET, BOOK_POST, BOOK_PUT, BOOK_DELETE)),
13-
EDITOR(Sets.newHashSet(BOOK_GET, BOOK_POST, BOOK_PUT)),
14-
USER(Sets.newHashSet(BOOK_GET));
12+
13+
ADMIN(Sets.newHashSet(
14+
BOOK_GET, BOOK_POST, BOOK_PUT, BOOK_DELETE,
15+
CATEGORY_GET, CATEGORY_POST, CATEGORY_PUT, CATEGORY_DELETE,
16+
AUTHOR_GET, AUTHOR_POST, AUTHOR_PUT, AUTHOR_DELETE)),
17+
18+
EDITOR(Sets.newHashSet(
19+
BOOK_GET, BOOK_POST,
20+
CATEGORY_GET, CATEGORY_POST,
21+
AUTHOR_GET, AUTHOR_POST)),
22+
23+
USER(Sets.newHashSet(BOOK_GET,
24+
CATEGORY_GET,
25+
AUTHOR_GET));
1526

1627
private final Set<ApplicationUserPermission> permissions;
1728

@@ -33,7 +44,7 @@ public Set<SimpleGrantedAuthority> getGrantedAuthorities() {
3344
// book:put
3445
// book:delete
3546
// ROLE_ADMIN
36-
permissions.add(new SimpleGrantedAuthority("ROLE_"+this.name()));
47+
permissions.add(new SimpleGrantedAuthority("ROLE_" + this.name()));
3748
return permissions;
3849
}
3950
}

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /