From a6731fcdfc46815301f04c0ba0d772dfd4a9f28c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C5=82awek=20Zatorski?= <zatorski@gmail.com>
Date: Mon, 18 Nov 2024 17:20:51 +0100
Subject: [PATCH] aa

---
 .../event/web/rest/ChargeResource.java        |  3 +++
 .../event/web/rest/EventResource.java         |  7 ++++++
 .../web/rest/TransactionItemResource.java     |  3 +++
 .../event/web/rest/TransactionResource.java   |  6 +++++
 .../event/web/rest/UserAccountResource.java   |  6 +++++
 .../app/entities/event/event-details.vue      |  2 +-
 .../transaction/transaction.component.ts      | 15 ++++++++++++
 .../app/entities/transaction/transaction.vue  |  8 ++++++-
 src/main/webapp/app/router/entities.ts        | 24 +++++++++----------
 9 files changed, 60 insertions(+), 14 deletions(-)

diff --git a/src/main/java/com/sasiedzi/event/web/rest/ChargeResource.java b/src/main/java/com/sasiedzi/event/web/rest/ChargeResource.java
index 46f4151..deeb799 100644
--- a/src/main/java/com/sasiedzi/event/web/rest/ChargeResource.java
+++ b/src/main/java/com/sasiedzi/event/web/rest/ChargeResource.java
@@ -2,6 +2,7 @@ package com.sasiedzi.event.web.rest;
 
 import com.sasiedzi.event.domain.Charge;
 import com.sasiedzi.event.repository.ChargeRepository;
+import com.sasiedzi.event.security.AuthoritiesConstants;
 import com.sasiedzi.event.web.rest.errors.BadRequestAlertException;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.NotNull;
@@ -14,6 +15,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
 import tech.jhipster.web.util.HeaderUtil;
@@ -25,6 +27,7 @@ import tech.jhipster.web.util.ResponseUtil;
 @RestController
 @RequestMapping("/api/charges")
 @Transactional
+@Secured({ AuthoritiesConstants.ADMIN })
 public class ChargeResource {
 
     private static final Logger LOG = LoggerFactory.getLogger(ChargeResource.class);
diff --git a/src/main/java/com/sasiedzi/event/web/rest/EventResource.java b/src/main/java/com/sasiedzi/event/web/rest/EventResource.java
index 0d13650..62553ec 100644
--- a/src/main/java/com/sasiedzi/event/web/rest/EventResource.java
+++ b/src/main/java/com/sasiedzi/event/web/rest/EventResource.java
@@ -2,6 +2,7 @@ package com.sasiedzi.event.web.rest;
 
 import com.sasiedzi.event.domain.Event;
 import com.sasiedzi.event.repository.EventRepository;
+import com.sasiedzi.event.security.AuthoritiesConstants;
 import com.sasiedzi.event.service.EventService;
 import com.sasiedzi.event.web.rest.errors.BadRequestAlertException;
 import jakarta.validation.Valid;
@@ -15,6 +16,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.web.bind.annotation.*;
 import tech.jhipster.web.util.HeaderUtil;
 import tech.jhipster.web.util.ResponseUtil;
@@ -50,6 +52,7 @@ public class EventResource {
      * @throws URISyntaxException if the Location URI syntax is incorrect.
      */
     @PostMapping("")
+    @Secured({ AuthoritiesConstants.ADMIN })
     public ResponseEntity<Event> createEvent(@Valid @RequestBody Event event) throws URISyntaxException {
         LOG.debug("REST request to save Event : {}", event);
         if (event.getId() != null) {
@@ -62,6 +65,7 @@ public class EventResource {
     }
 
     @PostMapping("/{id}/settle")
+    @Secured({ AuthoritiesConstants.ADMIN })
     public ResponseEntity<Optional<Event>> settleEvent(@RequestBody Optional<Event> event) throws URISyntaxException {
         event = eventService.settle(event.orElse(null));
         return ResponseEntity.ok()
@@ -80,6 +84,7 @@ public class EventResource {
      * @throws URISyntaxException if the Location URI syntax is incorrect.
      */
     @PutMapping("/{id}")
+    @Secured({ AuthoritiesConstants.ADMIN })
     public ResponseEntity<Event> updateEvent(@PathVariable(value = "id", required = false) final Long id, @Valid @RequestBody Event event)
         throws URISyntaxException {
         LOG.debug("REST request to update Event : {}, {}", id, event);
@@ -111,6 +116,7 @@ public class EventResource {
      * or with status {@code 500 (Internal Server Error)} if the event couldn't be updated.
      * @throws URISyntaxException if the Location URI syntax is incorrect.
      */
+    @Secured({ AuthoritiesConstants.ADMIN })
     @PatchMapping(value = "/{id}", consumes = { "application/json", "application/merge-patch+json" })
     public ResponseEntity<Event> partialUpdateEvent(
         @PathVariable(value = "id", required = false) final Long id,
@@ -167,6 +173,7 @@ public class EventResource {
      * @return the {@link ResponseEntity} with status {@code 204 (NO_CONTENT)}.
      */
     @DeleteMapping("/{id}")
+    @Secured({ AuthoritiesConstants.ADMIN })
     public ResponseEntity<Void> deleteEvent(@PathVariable("id") Long id) {
         LOG.debug("REST request to delete Event : {}", id);
         eventService.delete(id);
diff --git a/src/main/java/com/sasiedzi/event/web/rest/TransactionItemResource.java b/src/main/java/com/sasiedzi/event/web/rest/TransactionItemResource.java
index 14617dd..743edd4 100644
--- a/src/main/java/com/sasiedzi/event/web/rest/TransactionItemResource.java
+++ b/src/main/java/com/sasiedzi/event/web/rest/TransactionItemResource.java
@@ -2,6 +2,7 @@ package com.sasiedzi.event.web.rest;
 
 import com.sasiedzi.event.domain.TransactionItem;
 import com.sasiedzi.event.repository.TransactionItemRepository;
+import com.sasiedzi.event.security.AuthoritiesConstants;
 import com.sasiedzi.event.web.rest.errors.BadRequestAlertException;
 import java.net.URI;
 import java.net.URISyntaxException;
@@ -12,6 +13,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
 import tech.jhipster.web.util.HeaderUtil;
@@ -23,6 +25,7 @@ import tech.jhipster.web.util.ResponseUtil;
 @RestController
 @RequestMapping("/api/transaction-items")
 @Transactional
+@Secured({ AuthoritiesConstants.ADMIN })
 public class TransactionItemResource {
 
     private static final Logger LOG = LoggerFactory.getLogger(TransactionItemResource.class);
diff --git a/src/main/java/com/sasiedzi/event/web/rest/TransactionResource.java b/src/main/java/com/sasiedzi/event/web/rest/TransactionResource.java
index df8907e..d8ecb96 100644
--- a/src/main/java/com/sasiedzi/event/web/rest/TransactionResource.java
+++ b/src/main/java/com/sasiedzi/event/web/rest/TransactionResource.java
@@ -2,6 +2,7 @@ package com.sasiedzi.event.web.rest;
 
 import com.sasiedzi.event.domain.*;
 import com.sasiedzi.event.repository.TransactionRepository;
+import com.sasiedzi.event.security.AuthoritiesConstants;
 import com.sasiedzi.event.web.rest.errors.BadRequestAlertException;
 import java.math.BigDecimal;
 import java.net.URI;
@@ -12,6 +13,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
 import tech.jhipster.web.util.HeaderUtil;
@@ -46,6 +48,7 @@ public class TransactionResource {
      * @throws URISyntaxException if the Location URI syntax is incorrect.
      */
     @PostMapping("")
+    @Secured({ AuthoritiesConstants.ADMIN })
     public ResponseEntity<Transaction> createTransaction(@RequestBody Transaction transaction) throws URISyntaxException {
         LOG.debug("REST request to save Transaction : {}", transaction);
         if (transaction.getId() != null) {
@@ -67,6 +70,7 @@ public class TransactionResource {
      * or with status {@code 500 (Internal Server Error)} if the transaction couldn't be updated.
      * @throws URISyntaxException if the Location URI syntax is incorrect.
      */
+    @Secured({ AuthoritiesConstants.ADMIN })
     @PutMapping("/{id}")
     public ResponseEntity<Transaction> updateTransaction(
         @PathVariable(value = "id", required = false) final Long id,
@@ -101,6 +105,7 @@ public class TransactionResource {
      * or with status {@code 500 (Internal Server Error)} if the transaction couldn't be updated.
      * @throws URISyntaxException if the Location URI syntax is incorrect.
      */
+    @Secured({ AuthoritiesConstants.ADMIN })
     @PatchMapping(value = "/{id}", consumes = { "application/json", "application/merge-patch+json" })
     public ResponseEntity<Transaction> partialUpdateTransaction(
         @PathVariable(value = "id", required = false) final Long id,
@@ -277,6 +282,7 @@ public class TransactionResource {
      * @return the {@link ResponseEntity} with status {@code 204 (NO_CONTENT)}.
      */
     @DeleteMapping("/{id}")
+    @Secured({ AuthoritiesConstants.ADMIN })
     public ResponseEntity<Void> deleteTransaction(@PathVariable("id") Long id) {
         LOG.debug("REST request to delete Transaction : {}", id);
         transactionRepository.deleteById(id);
diff --git a/src/main/java/com/sasiedzi/event/web/rest/UserAccountResource.java b/src/main/java/com/sasiedzi/event/web/rest/UserAccountResource.java
index cf27f67..c7a4837 100644
--- a/src/main/java/com/sasiedzi/event/web/rest/UserAccountResource.java
+++ b/src/main/java/com/sasiedzi/event/web/rest/UserAccountResource.java
@@ -4,6 +4,7 @@ import com.sasiedzi.event.domain.CurrentUserHolder;
 import com.sasiedzi.event.domain.User;
 import com.sasiedzi.event.domain.UserAccount;
 import com.sasiedzi.event.repository.UserAccountRepository;
+import com.sasiedzi.event.security.AuthoritiesConstants;
 import com.sasiedzi.event.service.EventService;
 import com.sasiedzi.event.service.UserService;
 import com.sasiedzi.event.web.rest.errors.BadRequestAlertException;
@@ -17,6 +18,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.transaction.annotation.Transactional;
@@ -53,6 +55,7 @@ public class UserAccountResource {
      * @throws URISyntaxException if the Location URI syntax is incorrect.
      */
     @PostMapping("")
+    @Secured({ AuthoritiesConstants.ADMIN })
     public ResponseEntity<UserAccount> createUserAccount(@RequestBody UserAccount userAccount) throws URISyntaxException {
         LOG.debug("REST request to save UserAccount : {}", userAccount);
         if (userAccount.getId() != null) {
@@ -74,6 +77,7 @@ public class UserAccountResource {
      * or with status {@code 500 (Internal Server Error)} if the userAccount couldn't be updated.
      * @throws URISyntaxException if the Location URI syntax is incorrect.
      */
+    @Secured({ AuthoritiesConstants.ADMIN })
     @PutMapping("/{id}")
     public ResponseEntity<UserAccount> updateUserAccount(
         @PathVariable(value = "id", required = false) final Long id,
@@ -108,6 +112,7 @@ public class UserAccountResource {
      * or with status {@code 500 (Internal Server Error)} if the userAccount couldn't be updated.
      * @throws URISyntaxException if the Location URI syntax is incorrect.
      */
+    @Secured({ AuthoritiesConstants.ADMIN })
     @PatchMapping(value = "/{id}", consumes = { "application/json", "application/merge-patch+json" })
     public ResponseEntity<UserAccount> partialUpdateUserAccount(
         @PathVariable(value = "id", required = false) final Long id,
@@ -188,6 +193,7 @@ public class UserAccountResource {
      * @return the {@link ResponseEntity} with status {@code 204 (NO_CONTENT)}.
      */
     @DeleteMapping("/{id}")
+    @Secured({ AuthoritiesConstants.ADMIN })
     public ResponseEntity<Void> deleteUserAccount(@PathVariable("id") Long id) {
         LOG.debug("REST request to delete UserAccount : {}", id);
         userAccountRepository.deleteById(id);
diff --git a/src/main/webapp/app/entities/event/event-details.vue b/src/main/webapp/app/entities/event/event-details.vue
index 90cc162..5b72904 100644
--- a/src/main/webapp/app/entities/event/event-details.vue
+++ b/src/main/webapp/app/entities/event/event-details.vue
@@ -1,6 +1,6 @@
 <template>
   <div class="row justify-content-center">
-    <div class="col-8">
+    <div class="col-12">
       <div v-if="event">
         <!--        <h2 class="jh-entity-heading" data-cy="eventDetailsHeading"><span>Event</span> {{ event.id }}</h2>-->
         <dl class="row jh-entity-details">
diff --git a/src/main/webapp/app/entities/transaction/transaction.component.ts b/src/main/webapp/app/entities/transaction/transaction.component.ts
index 308850b..5d4d9dd 100644
--- a/src/main/webapp/app/entities/transaction/transaction.component.ts
+++ b/src/main/webapp/app/entities/transaction/transaction.component.ts
@@ -3,6 +3,7 @@ import { type Ref, defineComponent, inject, onMounted, ref } from 'vue';
 import TransactionService from './transaction.service';
 import { type ITransaction } from '@/shared/model/transaction.model';
 import { useAlertService } from '@/shared/alert/alert.service';
+import type AccountService from '@/account/account.service';
 
 export default defineComponent({
   compatConfig: { MODE: 3 },
@@ -19,6 +20,8 @@ export default defineComponent({
     const alertService = inject('alertService', () => useAlertService(), true);
 
     const transactions: Ref<ITransaction[]> = ref([]);
+    const hasAnyAuthorityValues: Ref<any> = ref({});
+    const accountService = inject<AccountService>('accountService');
 
     const isFetching = ref(false);
 
@@ -75,10 +78,22 @@ export default defineComponent({
       retrieveTransactions,
       clear,
       removeId,
+      accountService,
+      hasAnyAuthorityValues,
       removeEntity,
       prepareRemove,
       closeDialog,
       removeTransaction,
     };
   },
+  methods: {
+    hasAnyAuthority(authorities: any): boolean {
+      this.accountService.hasAnyAuthorityAndCheckAuth(authorities).then(value => {
+        if (this.hasAnyAuthorityValues[authorities] !== value) {
+          this.hasAnyAuthorityValues = { ...this.hasAnyAuthorityValues, [authorities]: value };
+        }
+      });
+      return this.hasAnyAuthorityValues[authorities] ?? false;
+    },
+  },
 });
diff --git a/src/main/webapp/app/entities/transaction/transaction.vue b/src/main/webapp/app/entities/transaction/transaction.vue
index 870e1cd..4431611 100644
--- a/src/main/webapp/app/entities/transaction/transaction.vue
+++ b/src/main/webapp/app/entities/transaction/transaction.vue
@@ -63,7 +63,12 @@
                     <span class="d-none d-md-inline">View</span>
                   </button>
                 </router-link>
-                <router-link :to="{ name: 'TransactionEdit', params: { transactionId: transaction.id } }" custom v-slot="{ navigate }">
+                <router-link
+                  :to="{ name: 'TransactionEdit', params: { transactionId: transaction.id } }"
+                  custom
+                  v-slot="{ navigate }"
+                  v-if="hasAnyAuthority('ROLE_ADMIN')"
+                >
                   <button @click="navigate" class="btn btn-primary btn-sm edit" data-cy="entityEditButton">
                     <font-awesome-icon icon="pencil-alt"></font-awesome-icon>
                     <span class="d-none d-md-inline">Edit</span>
@@ -74,6 +79,7 @@
                   variant="danger"
                   class="btn btn-sm"
                   data-cy="entityDeleteButton"
+                  v-if="hasAnyAuthority('ROLE_ADMIN')"
                   v-b-modal.removeEntity
                 >
                   <font-awesome-icon icon="times"></font-awesome-icon>
diff --git a/src/main/webapp/app/router/entities.ts b/src/main/webapp/app/router/entities.ts
index d58d2af..ba91571 100644
--- a/src/main/webapp/app/router/entities.ts
+++ b/src/main/webapp/app/router/entities.ts
@@ -33,25 +33,25 @@ export default {
       path: 'charge',
       name: 'Charge',
       component: Charge,
-      meta: { authorities: [Authority.USER] },
+      meta: { authorities: [Authority.ADMIN] },
     },
     {
       path: 'charge/new',
       name: 'ChargeCreate',
       component: ChargeUpdate,
-      meta: { authorities: [Authority.USER] },
+      meta: { authorities: [Authority.ADMIN] },
     },
     {
       path: 'charge/:chargeId/edit',
       name: 'ChargeEdit',
       component: ChargeUpdate,
-      meta: { authorities: [Authority.USER] },
+      meta: { authorities: [Authority.ADMIN] },
     },
     {
       path: 'charge/:chargeId/view',
       name: 'ChargeView',
       component: ChargeDetails,
-      meta: { authorities: [Authority.USER] },
+      meta: { authorities: [Authority.ADMIN] },
     },
     {
       path: 'event',
@@ -63,13 +63,13 @@ export default {
       path: 'event/new',
       name: 'EventCreate',
       component: EventUpdate,
-      meta: { authorities: [Authority.USER] },
+      meta: { authorities: [Authority.ADMIN] },
     },
     {
       path: 'event/:eventId/edit',
       name: 'EventEdit',
       component: EventUpdate,
-      meta: { authorities: [Authority.USER] },
+      meta: { authorities: [Authority.ADMIN] },
     },
     {
       path: 'event/:eventId/view',
@@ -118,13 +118,13 @@ export default {
       path: 'transaction/new',
       name: 'TransactionCreate',
       component: TransactionUpdate,
-      meta: { authorities: [Authority.USER] },
+      meta: { authorities: [Authority.ADMIN] },
     },
     {
       path: 'transaction/:transactionId/edit',
       name: 'TransactionEdit',
       component: TransactionUpdate,
-      meta: { authorities: [Authority.USER] },
+      meta: { authorities: [Authority.ADMIN] },
     },
     {
       path: 'transaction/:transactionId/view',
@@ -136,25 +136,25 @@ export default {
       path: 'user-account',
       name: 'UserAccount',
       component: UserAccount,
-      meta: { authorities: [Authority.USER] },
+      meta: { authorities: [Authority.ADMIN] },
     },
     {
       path: 'user-account/new',
       name: 'UserAccountCreate',
       component: UserAccountUpdate,
-      meta: { authorities: [Authority.USER] },
+      meta: { authorities: [Authority.ADMIN] },
     },
     {
       path: 'user-account/:userAccountId/edit',
       name: 'UserAccountEdit',
       component: UserAccountUpdate,
-      meta: { authorities: [Authority.USER] },
+      meta: { authorities: [Authority.ADMIN] },
     },
     {
       path: 'user-account/:userAccountId/view',
       name: 'UserAccountView',
       component: UserAccountDetails,
-      meta: { authorities: [Authority.USER] },
+      meta: { authorities: [Authority.ADMIN] },
     },
     // jhipster-needle-add-entity-to-router - JHipster will add entities to the router here
   ],