From 770791302cb3c4c5de69d1a0e124fec50f9b70cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C5=82awek=20Zatorski?= Date: Mon, 18 Nov 2024 20:38:53 +0100 Subject: [PATCH] Prod deploy 18 listopada --- .../java/com/sasiedzi/event/domain/Event.java | 2 +- .../event/web/rest/RegistrationResource.java | 28 +++++++++++++++++++ .../entities/event/event-details.component.ts | 3 ++ .../app/entities/event/event-details.vue | 10 +++++-- src/main/webapp/app/router/index.ts | 2 +- 5 files changed, 41 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/sasiedzi/event/domain/Event.java b/src/main/java/com/sasiedzi/event/domain/Event.java index 7f63271..9a71876 100644 --- a/src/main/java/com/sasiedzi/event/domain/Event.java +++ b/src/main/java/com/sasiedzi/event/domain/Event.java @@ -44,7 +44,7 @@ public class Event implements Serializable { private String comment; @OneToMany(fetch = FetchType.EAGER, mappedBy = "event") - @JsonIgnoreProperties(value = { "user", "event", "transactionItems" }, allowSetters = true) + @JsonIgnoreProperties(value = { "event", "transactionItems" }, allowSetters = true) private Set registrations = new HashSet<>(); @OneToMany(fetch = FetchType.LAZY, mappedBy = "event") diff --git a/src/main/java/com/sasiedzi/event/web/rest/RegistrationResource.java b/src/main/java/com/sasiedzi/event/web/rest/RegistrationResource.java index bda8b43..7044f6e 100644 --- a/src/main/java/com/sasiedzi/event/web/rest/RegistrationResource.java +++ b/src/main/java/com/sasiedzi/event/web/rest/RegistrationResource.java @@ -1,5 +1,6 @@ package com.sasiedzi.event.web.rest; +import com.sasiedzi.event.domain.CurrentUserHolder; import com.sasiedzi.event.domain.Registration; import com.sasiedzi.event.domain.User; import com.sasiedzi.event.repository.RegistrationRepository; @@ -20,6 +21,7 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.AccessDeniedException; import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.*; @@ -54,6 +56,11 @@ public class RegistrationResource { this.userRepository = userRepository; } + private static Long currentEventId = 1751L; + + @Autowired + CurrentUserHolder currentUser; + /** * {@code POST /registrations} : Create a new registration. * @@ -64,6 +71,11 @@ public class RegistrationResource { @PostMapping("") public ResponseEntity createRegistration(@Valid @RequestBody Registration registration, Principal principal) throws URISyntaxException { + if ( + !currentUser.getAdminUser().getAuthorities().contains("ROLE_ADMIN") && !registration.getEvent().getId().equals(currentEventId) + ) { + throw new AccessDeniedException("Registration is closed for this event"); + } LOG.debug("REST request to save Registration : {}", registration); AdminUserDTO userFromAuthentication; if (principal instanceof AbstractAuthenticationToken) { @@ -97,6 +109,11 @@ public class RegistrationResource { @PathVariable(value = "id", required = false) final Long id, @Valid @RequestBody Registration registration ) throws URISyntaxException { + if ( + !currentUser.getAdminUser().getAuthorities().contains("ROLE_ADMIN") && !registration.getEvent().getId().equals(currentEventId) + ) { + throw new AccessDeniedException("Registration is closed for this event"); + } LOG.debug("REST request to update Registration : {}, {}", id, registration); if (registration.getId() == null) { throw new BadRequestAlertException("Invalid id", ENTITY_NAME, "idnull"); @@ -131,6 +148,11 @@ public class RegistrationResource { @PathVariable(value = "id", required = false) final Long id, @NotNull @RequestBody Registration registration ) throws URISyntaxException { + if ( + !currentUser.getAdminUser().getAuthorities().contains("ROLE_ADMIN") && !registration.getEvent().getId().equals(currentEventId) + ) { + throw new AccessDeniedException("Registration is closed for this event"); + } LOG.debug("REST request to partial update Registration partially : {}, {}", id, registration); if (registration.getId() == null) { throw new BadRequestAlertException("Invalid id", ENTITY_NAME, "idnull"); @@ -208,6 +230,12 @@ public class RegistrationResource { */ @DeleteMapping("/{id}") public ResponseEntity deleteRegistration(@PathVariable("id") Long id) { + Registration registration = registrationRepository.findById(id).get(); + if ( + !currentUser.getAdminUser().getAuthorities().contains("ROLE_ADMIN") && !registration.getEvent().getId().equals(currentEventId) + ) { + throw new AccessDeniedException("Registration is closed for this event"); + } LOG.debug("REST request to delete Registration : {}", id); registrationRepository.deleteById(id); return ResponseEntity.noContent() diff --git a/src/main/webapp/app/entities/event/event-details.component.ts b/src/main/webapp/app/entities/event/event-details.component.ts index c14d82e..b3220f1 100644 --- a/src/main/webapp/app/entities/event/event-details.component.ts +++ b/src/main/webapp/app/entities/event/event-details.component.ts @@ -20,6 +20,7 @@ export default defineComponent({ const alertService = inject('alertService', () => useAlertService(), true); const { formatDateShort } = useDateFormat(); const dataUtils = useDataUtils(); + const isCurrentEvent = ref(false); const registrationService = inject('registrationService', () => new RegistrationService()); const accountService = inject('accountService'); @@ -34,6 +35,7 @@ export default defineComponent({ const retrieveEvent = async (eventId: string) => { try { const res = await eventService().find(eventId); + isCurrentEvent.value = eventId == '1751'; event.value = res; // sortedAndIndexedRegistrations.value = res.registrations; sortedAndIndexedRegistrations.value = res.registrations.sort( @@ -108,6 +110,7 @@ export default defineComponent({ accountService, eventService, event, + isCurrentEvent, ...dataUtils, formatDateShort, previousState, diff --git a/src/main/webapp/app/entities/event/event-details.vue b/src/main/webapp/app/entities/event/event-details.vue index 5b72904..8197aa6 100644 --- a/src/main/webapp/app/entities/event/event-details.vue +++ b/src/main/webapp/app/entities/event/event-details.vue @@ -35,7 +35,12 @@ {{ event.comment }} - + @@ -69,12 +74,13 @@ variant="danger" class="btn btn-sm" data-cy="entityDeleteButton" - v-if="(registration.id && registration.user?.id == currentUserId) || hasAnyAuthority('ROLE_ADMIN')" + v-if="(registration.id && registration.user?.id == currentUserId && isCurrentEvent) || hasAnyAuthority('ROLE_ADMIN')" v-b-modal.removeEntity > Delete + {{ registration.user?.id }}/{{ currentUserId }} {{ registration.comment }} diff --git a/src/main/webapp/app/router/index.ts b/src/main/webapp/app/router/index.ts index 912bcf3..36e5067 100644 --- a/src/main/webapp/app/router/index.ts +++ b/src/main/webapp/app/router/index.ts @@ -12,7 +12,7 @@ export const createRouter = () => routes: [ { path: '/', - redirect: '/event/1551/view', + redirect: '/event/1751/view', }, { path: '/forbidden',