Admin is able to set role and change display name to anyone

This commit is contained in:
Dmitry Isaenko 2024-01-02 20:02:25 +03:00
parent be50438b7a
commit 5d3664d148
5 changed files with 80 additions and 36 deletions

View file

@ -1,6 +1,6 @@
package ru.redrise.marinesco; package ru.redrise.marinesco;
import java.util.Collections; import java.util.List;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
@ -8,7 +8,6 @@ import jakarta.validation.constraints.NotEmpty;
import jakarta.validation.constraints.NotNull; import jakarta.validation.constraints.NotNull;
import jakarta.validation.constraints.Size; import jakarta.validation.constraints.Size;
import lombok.Data; import lombok.Data;
import ru.redrise.marinesco.data.RolesRepository;
import ru.redrise.marinesco.security.UserRole; import ru.redrise.marinesco.security.UserRole;
//TODO: refactor along with RegistrationForm.java //TODO: refactor along with RegistrationForm.java
@ -27,13 +26,15 @@ public class AdministatorAddUserForm {
@NotEmpty(message = "Display name could not be blank") @NotEmpty(message = "Display name could not be blank")
private String displayname; private String displayname;
private UserRole role; @NotNull
@Size(min=1, message="You must choose at least 1 role")
private List<UserRole> athorities;
public User toUser(PasswordEncoder passwordEncoder){ public User toUser(PasswordEncoder passwordEncoder){
return new User( return new User(
username, username,
passwordEncoder.encode(password), passwordEncoder.encode(password),
displayname, displayname,
Collections.singletonList(role)); athorities);
} }
} }

View file

@ -2,7 +2,6 @@ package ru.redrise.marinesco;
import java.util.List; import java.util.List;
import org.hibernate.annotations.ManyToAny;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import jakarta.persistence.Column; import jakarta.persistence.Column;
@ -37,7 +36,7 @@ public class User implements UserDetails{
private String displayname; private String displayname;
@ManyToMany(fetch = FetchType.EAGER) @ManyToMany(fetch = FetchType.EAGER)
private final List<UserRole> authorities; private List<UserRole> authorities;
public User(String username, String password, String displayname, List<UserRole> authorities){ public User(String username, String password, String displayname, List<UserRole> authorities){
this.username = username; this.username = username;
@ -66,11 +65,19 @@ public class User implements UserDetails{
return true; return true;
} }
public void setRole(UserRole role){ // TODO public void addRole(UserRole role){
this.authorities.add(role); this.authorities.add(role);
} }
public void removeRole(UserRole role){
this.authorities.remove(role);
}
public boolean isAdmin(){ public boolean isAdmin(){
return authorities.get(0).getAuthority().equals("ROLE_ADMIN"); for (UserRole athority : authorities){
if (athority.getAuthority().equals("ROLE_ADMIN"))
return true;
}
return false;
} }
} }

View file

@ -1,6 +1,7 @@
package ru.redrise.marinesco; package ru.redrise.marinesco;
import java.util.List; import java.util.List;
import java.util.stream.Collectors;
import lombok.Data; import lombok.Data;
import lombok.NoArgsConstructor; import lombok.NoArgsConstructor;
@ -16,12 +17,16 @@ public class UserGenerified {
private String name; private String name;
private String displayName; private String displayName;
private List<UserRole> role; private List<UserRole> athorities;
private List<UserRole> athoritiesLost;
public UserGenerified(User user){ public UserGenerified(User user, List<UserRole> allRolesList){
this.id = user.getId(); this.id = user.getId();
this.name = user.getUsername(); this.name = user.getUsername();
this.displayName = user.getDisplayname(); this.displayName = user.getDisplayname();
this.role = user.getAuthorities(); this.athorities = user.getAuthorities();
athoritiesLost = allRolesList.stream()
.filter(element -> !athorities.contains(element))
.collect(Collectors.toList());
} }
} }

View file

@ -10,6 +10,7 @@ import org.springframework.ui.Model;
import org.springframework.validation.Errors; import org.springframework.validation.Errors;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
@ -21,7 +22,6 @@ import ru.redrise.marinesco.UserGenerified;
import ru.redrise.marinesco.data.RolesRepository; import ru.redrise.marinesco.data.RolesRepository;
import ru.redrise.marinesco.data.UserRepository; import ru.redrise.marinesco.data.UserRepository;
//TODO
@Slf4j @Slf4j
@Controller @Controller
@RequestMapping("/manage_users") @RequestMapping("/manage_users")
@ -55,15 +55,19 @@ public class ManageUsersController {
public void addUsers(Model model) { public void addUsers(Model model) {
Iterable<User> users = userRepository.findAll(); Iterable<User> users = userRepository.findAll();
List<UserGenerified> usersGen = new ArrayList<>(); List<UserGenerified> usersGen = new ArrayList<>();
List<UserRole> allRolesList = new ArrayList<>();
rolesRepository.findAll().forEach(allRolesList::add);
for (User user : users) { for (User user : users) {
usersGen.add(new UserGenerified(user)); usersGen.add(new UserGenerified(user, allRolesList));
} }
model.addAttribute("USR", usersGen); model.addAttribute("users", usersGen);
} }
@ModelAttribute @ModelAttribute
public void addRoles(Model model) { public void addRoles(Model model) {
Iterable<UserRole> roles = rolesRepository.findAll(); Iterable<UserRole> roles = rolesRepository.findAll();
model.addAttribute("roles", roles); model.addAttribute("rolesSet", roles);
} }
@GetMapping @GetMapping
@ -71,15 +75,31 @@ public class ManageUsersController {
return "manage_users"; return "manage_users";
} }
@PostMapping("/delete") @GetMapping("/delete/{id}")
public String processDelete(UserGenerified userGenerified) { public String delete(@PathVariable("id") String id) {
log.info(userGenerified.toString()); try {
long userId = Long.parseLong(id);
userRepository.deleteById(userGenerified.getId()); userRepository.deleteById(userId);
} catch (Exception e) {
log.error(id, e);
}
return "redirect:/manage_users"; return "redirect:/manage_users";
} }
@PostMapping("/update")
public String updateRoles(UserGenerified userGenerified) {
User user = userRepository.findById(userGenerified.getId()).get();
if (user == null)
return "redirect:/manage_users";
user.setAuthorities(userGenerified.getAthorities());
user.setDisplayname(userGenerified.getDisplayName());
userRepository.save(user);
return "redirect:/manage_users";
}
@PostMapping @PostMapping
public String processNewUser(@Valid AdministatorAddUserForm form, Errors errors, Model model) { public String processNewUser(@Valid AdministatorAddUserForm form, Errors errors, Model model) {
if (userRepository.findByUsername(form.getUsername()) != null) { if (userRepository.findByUsername(form.getUsername()) != null) {
@ -92,7 +112,8 @@ public class ManageUsersController {
} }
User user = userRepository.save(form.toUser(passwordEncoder)); User user = userRepository.save(form.toUser(passwordEncoder));
log.info("Added user {} {} {}", user.getId(), user.getUsername(), user.getDisplayname(), user.getAuthorities().get(0)); log.info("Added user {} {} {}", user.getId(), user.getUsername(), user.getDisplayname(),
user.getAuthorities().get(0));
// Reloads page therefore new records appears // Reloads page therefore new records appears
return "redirect:/manage_users"; return "redirect:/manage_users";
} }

View file

@ -14,22 +14,29 @@
<div class="container base"> <div class="container base">
<h1 th:text="${header_text}"></h1> <h1 th:text="${header_text}"></h1>
<p> <p>
<div th:each="user : ${USR}"> <div th:each="user : ${users}">
<span th:text="${user.id+' '+user.name+' '+user.displayName}+' ROLES: '">user</span> <form method="POST" th:action="@{/manage_users/update}" th:object="${userGenerified}">
<span th:each="role : ${user.role}"> <span th:text="${user.id + '. '}"></span>
<span th:text="'[ '+${role.id+' '+role.name+' '+role.type}+' ]'">user</span> <span th:text="${user.name}"></span>
</span>
<form method="POST" th:action="@{/manage_users/delete}" th:object="${userGenerified}">
<input type="hidden" th:value="${user.id}" name="id" /> <input type="hidden" th:value="${user.id}" name="id" />
<input type="hidden" th:value="${user.name}" name="name" /> <input type="hidden" th:value="${user.name}" name="name" />
<input type="hidden" th:value="${user.displayName}" name="displayName" /> <br />
<span th:each="role : ${user.role}"> Display name:
<input type="hidden" th:value="${role.id}" th:attr="name='role'" /> <input type="text" th:value="${user.displayName}" name="displayName" />
</span> <br /><br /><b>Roles:</b>
<div th:each="athorities : ${user.athorities}">
<input name="athorities" type="checkbox" th:value="${athorities.id}" th:checked="true" />
<span th:text="${athorities.name}"></span><br />
</div>
<div th:each="athorities : ${user.athoritiesLost}">
<input name="athorities" type="checkbox" th:value="${athorities.id}" />
<span th:text="${athorities.name}"></span><br />
</div>
<button>Delete</button> <button>Update</button><a th:href="'/manage_users/delete/' + ${user.id}">Delete</a>
</form> </form>
<br /> <br />
<hr>
</div> </div>
<hr> <hr>
<b>Add user</b> <b>Add user</b>
@ -53,10 +60,13 @@
<input type="text" name="displayname" id="displayname" size="50%" /><br /> <input type="text" name="displayname" id="displayname" size="50%" /><br />
<br /> <br />
<label for="role">Role: </label> <b>Roles:</b>
<select name="role"> <br />
<option th:each="role : ${roles}" th:value="${role.id}" th:text="${role.name}" ></option> <span class="validationError" th:if="${#fields.hasErrors('athorities')}" th:errors="*{athorities}"></span>
</select> <div th:each="athorities : ${rolesSet}">
<input th:field="*{athorities}" type="checkbox" th:value="${athorities.id}" />
<span th:text="${athorities.name}"></span><br />
</div>
<p> <p>
<button class="sign" type="submit">Add user</button> <button class="sign" type="submit">Add user</button>