From 0a26208f41bcc5c277124353410429bf68372303 Mon Sep 17 00:00:00 2001 From: vicsash Date: Mon, 10 Jun 2024 20:33:23 +0200 Subject: [PATCH] Cambios al buscador_alumno y creacion de listas separadas par bajar mas la posibilidad de accesso no autorizado a funciones de crud de administrador. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Creacion de un triger para que cuando añaden un alumno por heidi, inert directo que crea un usuario. Tambien esta creado por defecto al iniciar la aplicacion por primera vez --- .../configuration/SecurityConfig.java | 37 ++- .../controllers/BuscadorController.java | 81 ++--- .../modelControllers/AlumnoController.java | 4 +- .../resources/templates/buscador_alumno.html | 15 - .../resources/templates/list_alu/ciclos.html | 229 ++++++++++++++ .../templates/list_alu/contactos.html | 255 ++++++++++++++++ .../templates/list_alu/empresas.html | 280 ++++++++++++++++++ .../resources/templates/list_alu/ofertas.html | 280 ++++++++++++++++++ .../templates/list_alu/sucursales.html | 241 +++++++++++++++ 9 files changed, 1354 insertions(+), 68 deletions(-) create mode 100644 src/main/resources/templates/list_alu/ciclos.html create mode 100644 src/main/resources/templates/list_alu/contactos.html create mode 100644 src/main/resources/templates/list_alu/empresas.html create mode 100644 src/main/resources/templates/list_alu/ofertas.html create mode 100644 src/main/resources/templates/list_alu/sucursales.html diff --git a/src/main/java/com/example/proyectofinal/configuration/SecurityConfig.java b/src/main/java/com/example/proyectofinal/configuration/SecurityConfig.java index 013744a..b96c155 100644 --- a/src/main/java/com/example/proyectofinal/configuration/SecurityConfig.java +++ b/src/main/java/com/example/proyectofinal/configuration/SecurityConfig.java @@ -10,6 +10,7 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.dao.DataAccessException; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; @@ -83,7 +84,6 @@ public class SecurityConfig{ // If the table is empty, insert 'READ', 'WRITE', and 'DELETE' jdbcTemplate.execute("INSERT INTO autoridad (nombre) VALUES ('READ'), ('WRITE'), ('DELETE')"); } - // Check if the rol table is empty Integer rolCount = jdbcTemplate.queryForObject("SELECT COUNT(*) FROM rol", Integer.class); if (rolCount != null && rolCount == 0) { @@ -106,21 +106,10 @@ public class SecurityConfig{ String sql = "INSERT INTO usuario (nombre_usuario, nombre_log_in, email, password, fk_rol) VALUES (?, ?, ?, ?, ?)"; jdbcTemplate.update(sql, "admin", "admin", "admin@example.com", "$2a$10$3B5KqGe7WIYVYmLBqGAHOuT0SrWgI1.J1kDj3v7TrJC65bU6P49cC", 1); createDefaultData(); + triggerCreate(); } } - /* public void createDefaultRolesAuthoritiesAndAdmin() { - try { - if (usuarioService.findByNombreUsuario("admin").isEmpty()) { - Rol adminRole = rolService.findByName("ADMIN"); - usuarioService.createUsuario("admin", "admin", - "admin@example.com", - "1234", - false, adminRole.getId()); - } - } catch (Exception e) { - logger.error("Exception in createDefaultRolesAuthoritiesAndAdmin: ", e); - } - }*/ + private void createDefaultData(){ jdbcTemplate.execute("INSERT INTO skills (nombre) VALUES ('Java')"); jdbcTemplate.execute("INSERT INTO skills (nombre) VALUES ('Microsoft XL')"); @@ -179,4 +168,24 @@ public class SecurityConfig{ jdbcTemplate.execute("INSERT INTO ciclos (nombre, codigo, fk_familia) VALUES ('G.S. ADMINISTRACIÓN Y FINANZAS','GSADMFIN', 3)"); jdbcTemplate.execute("INSERT INTO ciclos (nombre, codigo, fk_familia) VALUES ('G.M. GESTIÓN ADMINISTRATIVA SEMIPRESENCIAL','GMGADMSEMI', 3)"); } + + private void triggerCreate() { + String createTriggerSql = "CREATE DEFINER=`projfin`@`%` TRIGGER `new_user` AFTER INSERT ON `alumnos` " + + "FOR EACH ROW " + + "BEGIN " + + " INSERT INTO usuario (email, nombre_log_in, nombre_usuario, password, fk_rol) " + + " VALUES ( " + + " NEW.correo, " + + " NEW.correo, " + + " CONCAT_WS(' ', NEW.nombre, NEW.apellido, NEW.apellido2), " + + " '$2a$10$1OSyk1wLCHMKQ9yjnB4pkOxQzsjo1dSpixbVoJrpqWlYq4wQBRs9e', " + + " 2 " + + " ); " + + "END;"; + try { + jdbcTemplate.execute(createTriggerSql); + } catch (DataAccessException ex) { + logger.error("Error creating trigger: ", ex); + } + } } diff --git a/src/main/java/com/example/proyectofinal/controllers/BuscadorController.java b/src/main/java/com/example/proyectofinal/controllers/BuscadorController.java index 436e809..3bede30 100644 --- a/src/main/java/com/example/proyectofinal/controllers/BuscadorController.java +++ b/src/main/java/com/example/proyectofinal/controllers/BuscadorController.java @@ -9,6 +9,7 @@ import com.example.proyectofinal.servicios.empresa.*; import com.example.proyectofinal.servicios.user.UsuarioService; import jakarta.annotation.security.RolesAllowed; import org.springframework.data.domain.Page; +import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; @@ -21,6 +22,7 @@ import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.server.ResponseStatusException; import java.text.ParseException; import java.util.*; @@ -72,7 +74,6 @@ public class BuscadorController { } } - @GetMapping("/empresas/page/{pageNum}") public String searchEmpresasList(@PathVariable int pageNum, @RequestParam(defaultValue = "") String query, @@ -80,8 +81,8 @@ public class BuscadorController { @RequestParam(defaultValue = "nombre") String sortField, @RequestParam(defaultValue = "asc") String sortDir, @RequestParam String secondaryOption, - Model model){ - System.out.println("TEST SORT DIR " + sortDir); + Model model, + Authentication authentication) { String[] queryMultiWord = query.split(","); List queryList = new ArrayList<>(); for (String queryForList : queryMultiWord) { @@ -105,6 +106,13 @@ public class BuscadorController { model.addAttribute("secondaryOption", secondaryOption); model.addAttribute("isAdmin", usuarioService.isAdmin()); } + + Collection authorities = authentication.getAuthorities(); + boolean isAdmin = authorities.stream() + .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN")); + if (!isAdmin) { + return "list_alu/empresas"; + } return "/list/empresas"; } @@ -128,7 +136,6 @@ public class BuscadorController { return "/list/sectores"; } - @GetMapping("/contactos/page/{pageNum}") public String searchContactosList(@PathVariable int pageNum, @RequestParam(defaultValue = "") String query, @@ -136,7 +143,8 @@ public class BuscadorController { @RequestParam(defaultValue = "nombre") String sortField, @RequestParam(defaultValue = "asc") String sortDir, @RequestParam String secondaryOption, - Model model) { + Model model, + Authentication authentication) { String[] queryMultiWord = query.split(","); List queryList = new ArrayList<>(); for (String queryForList : queryMultiWord) { @@ -160,10 +168,15 @@ public class BuscadorController { model.addAttribute("secondaryOption", secondaryOption); model.addAttribute("isAdmin", usuarioService.isAdmin()); } + Collection authorities = authentication.getAuthorities(); + boolean isAdmin = authorities.stream() + .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN")); + if (!isAdmin) { + return "list_alu/contactos"; + } return "/list/contactos"; } - @GetMapping("/sucursales/page/{pageNum}") public String searchSucursalesList(@PathVariable int pageNum, @RequestParam(defaultValue = "") String query, @@ -171,7 +184,8 @@ public class BuscadorController { @RequestParam(defaultValue = "nombre") String sortField, @RequestParam(defaultValue = "asc") String sortDir, @RequestParam String secondaryOption, - Model model) { + Model model, + Authentication authentication) { String[] queryMultiWord = query.split(","); List queryList = new ArrayList<>(); for (String queryForList : queryMultiWord) { @@ -196,10 +210,15 @@ public class BuscadorController { model.addAttribute("secondaryOption", secondaryOption); model.addAttribute("isAdmin", usuarioService.isAdmin()); } + Collection authorities = authentication.getAuthorities(); + boolean isAdmin = authorities.stream() + .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN")); + if (!isAdmin) { + return "list_alu/sucursales"; + } return "/list/sucursales"; } - @GetMapping("/ofertas/page/{pageNum}") public String searchOfertasList(@PathVariable int pageNum, @RequestParam(defaultValue = "") String query, @@ -207,7 +226,8 @@ public class BuscadorController { @RequestParam(defaultValue = "nombre") String sortField, @RequestParam(defaultValue = "asc") String sortDir, @RequestParam(defaultValue = "") String secondaryOption, - Model model) throws ParseException { + Model model, + Authentication authentication) throws ParseException { String[] queryMultiWord = query.split(","); List queryList = new ArrayList<>(); for (String queryForList : queryMultiWord) { @@ -232,10 +252,15 @@ public class BuscadorController { model.addAttribute("secondaryOption", secondaryOption); model.addAttribute("isAdmin", usuarioService.isAdmin()); } + Collection authorities = authentication.getAuthorities(); + boolean isAdmin = authorities.stream() + .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN")); + if (!isAdmin) { + return "list_alu/ofertas"; + } return "/list/ofertas"; } - @GetMapping("/familias/page/{pageNum}") public String searchFamiliasList(@PathVariable int pageNum, @RequestParam(defaultValue = "") String query, @@ -257,7 +282,6 @@ public class BuscadorController { return "/list/familias"; } - @GetMapping("/ciclos/page/{pageNum}") public String searchCiclosList(@PathVariable int pageNum, @RequestParam(defaultValue = "") String query, @@ -265,7 +289,8 @@ public class BuscadorController { @RequestParam(defaultValue = "nombre") String sortField, @RequestParam(defaultValue = "asc") String sortDir, @RequestParam(defaultValue = "") String secondaryOption, - Model model) throws ParseException { + Model model, + Authentication authentication) { String[] queryMultiWord = query.split(","); List queryList = new ArrayList<>(); for (String queryForList : queryMultiWord) { @@ -290,10 +315,15 @@ public class BuscadorController { model.addAttribute("secondaryOption", secondaryOption); model.addAttribute("isAdmin", usuarioService.isAdmin()); } + Collection authorities = authentication.getAuthorities(); + boolean isAdmin = authorities.stream() + .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN")); + if (!isAdmin) { + return "list_alu/ciclos"; + } return "/list/ciclos"; } - @GetMapping("/alumnos/page/{pageNum}") public String searchAlumnosList(@PathVariable int pageNum, @RequestParam(defaultValue = "") String query, @@ -301,8 +331,8 @@ public class BuscadorController { @RequestParam(defaultValue = "nombre") String sortField, @RequestParam(defaultValue = "asc") String sortDir, @RequestParam(defaultValue = "") String secondaryOption, - Model model) { - + Model model, + Authentication authentication) { String[] queryMultiWord = query.split(","); List queryList = new ArrayList<>(); for (String queryForList : queryMultiWord) { @@ -326,7 +356,6 @@ public class BuscadorController { model.addAttribute("secondaryOption", secondaryOption); model.addAttribute("isAdmin", usuarioService.isAdmin()); } - return "/list/alumnos"; } @@ -338,7 +367,6 @@ public class BuscadorController { @RequestParam(defaultValue = "asc") String sortDir, @RequestParam(defaultValue = "") String secondaryOption, Model model) { - String[] word = query.split("\\b(y|o)\\b|[,/]"); List itemsPage = Arrays.asList(5, 10, 15, 20, 25, 50); Map attributes = new HashMap<>(); if (secondaryOption.equalsIgnoreCase("Todo")) { @@ -400,14 +428,12 @@ public class BuscadorController { } - @GetMapping("/sectores/search") public ResponseEntity> searchSectores(@RequestParam String query) { List sectors = sectorService.search(query); return ResponseEntity.ok(sectors); } - @GetMapping("/contactos/search") public ResponseEntity> searchContactos(@RequestParam String querySearchBar, @RequestParam String query, @RequestParam String secondaryOption) { if(secondaryOption.equalsIgnoreCase("Todo")){ @@ -419,7 +445,6 @@ public class BuscadorController { } } - @GetMapping("/sucursales/search") public ResponseEntity> searchSucursales(@RequestParam String querySearchBar, @RequestParam String query, @RequestParam String secondaryOption) { if(secondaryOption.equalsIgnoreCase("Todo")){ @@ -431,14 +456,12 @@ public class BuscadorController { } } - @GetMapping("/familias/search") public ResponseEntity> searchFamilias(@RequestParam String query) { List familias = familiaService.search(query); return ResponseEntity.ok(familias); } - @GetMapping("/ciclos/search") public ResponseEntity> searchCiclos(@RequestParam String querySearchBar, @RequestParam String query, @RequestParam String secondaryOption) { if(secondaryOption.equalsIgnoreCase("Todo")){ @@ -450,14 +473,12 @@ public class BuscadorController { } } - @GetMapping("/skills/search") public ResponseEntity> searchSkills(@RequestParam String query) { List ciclos = skillService.search(query); return ResponseEntity.ok(ciclos); } - @GetMapping("/alumnos/search") public ResponseEntity> searchAlumnos(@RequestParam String querySearchBar, @RequestParam String query, @RequestParam String secondaryOption) { List alumnos; @@ -482,18 +503,6 @@ public class BuscadorController { return ResponseEntity.ok(alumnos); } - private void printTest (List alumnos){ - for (Alumno alumno : alumnos) { - System.out.println("----------------------------"); - System.out.println(alumno.getNombre()); - for(Skill skill : alumno.getSkills()) { - System.out.println(skill.getNombre()); - } - System.out.println("----------------------------"); - } - - } - @GetMapping("/ofertas/search") public ResponseEntity> searchOfertas(@RequestParam String querySearchBar, @RequestParam String query, @RequestParam String secondaryOption) { List ofertas; diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/AlumnoController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/AlumnoController.java index 48f1ba5..510f3a8 100644 --- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/AlumnoController.java +++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/AlumnoController.java @@ -85,9 +85,7 @@ public class AlumnoController { nombreUsuarioBuilder.append(alumno.getApellido2().toLowerCase()); } String nombreUsuario = nombreUsuarioBuilder.toString(); - String nia = alumno.getNia(); - String firstThreeLetters = nia.substring(0, 3); - String nombreLogIn="alu." +alumno.getNombre()+firstThreeLetters; + String nombreLogIn=alumno.getCorreo(); String email = Optional.of(alumno.getCorreo()).orElse(alumno.getCorreo2()); Long newUser = usuarioService.findRolByName("USER"); usuarioService.createUsuario(nombreUsuario, nombreLogIn, email, password, newUser); diff --git a/src/main/resources/templates/buscador_alumno.html b/src/main/resources/templates/buscador_alumno.html index d3bf3e3..83d1444 100644 --- a/src/main/resources/templates/buscador_alumno.html +++ b/src/main/resources/templates/buscador_alumno.html @@ -107,12 +107,9 @@
@@ -239,9 +236,6 @@ case 'empresas': options = ['Todo', 'Sector','Keywords']; break; - case 'sectores': - options = ['Todo']; - break; case 'contactos': options = ['Todo', 'Empresa']; break; @@ -251,18 +245,9 @@ case'sucursales': options = ['Todo', 'Empresa','Localidad']; break; - case'skills': - options = ['Todo']; - break; - case'familias': - options = ['Todo']; - break; case'ciclos': options = ['Todo','Familia']; break; - case'alumnos': - options = ['Todo','Ciclo','Keywords']; - break; default: options = []; } diff --git a/src/main/resources/templates/list_alu/ciclos.html b/src/main/resources/templates/list_alu/ciclos.html new file mode 100644 index 0000000..f2ee088 --- /dev/null +++ b/src/main/resources/templates/list_alu/ciclos.html @@ -0,0 +1,229 @@ + + + + + + + + + + + Lista: Cilos + + + +
+ +

+ + Listado de Ciclos +

+ +
+ + +
+
+ +
+
+ + +
+
+
+ + + + + + + + + + + + + + +
+ + Nombre + + + + Codigo + + + + Familia + +
+ [[${ciclo.nombre}]] + [[${ciclo.codigo}]][[${ciclo.familia.nombre}]]
+
+
+ +
+ + + + + + + \ No newline at end of file diff --git a/src/main/resources/templates/list_alu/contactos.html b/src/main/resources/templates/list_alu/contactos.html new file mode 100644 index 0000000..63def3e --- /dev/null +++ b/src/main/resources/templates/list_alu/contactos.html @@ -0,0 +1,255 @@ + + + + + + + + + + + Lista: Contactos + + + +
+ +

+ + Listado de Contactos +

+ +
+ + +
+
+ +
+
+ + +
+
+ +
+ + + + + + + + + + + + + + + + + + + + + +
+ + Nombre + + + + Apellido + + + + Apellido2 + + + + Correo + + + + Telefono + + + + Empresa + +
+ [[${contacto.nombre}]] + [[${contacto.apellido}]][[${contacto.apellido2}]][[${contacto.correo}]][[${contacto.telefono}]][[${contacto.empresa.nombre}]]
+
+ +
+ +
+ + + + + + + \ No newline at end of file diff --git a/src/main/resources/templates/list_alu/empresas.html b/src/main/resources/templates/list_alu/empresas.html new file mode 100644 index 0000000..aec5e8b --- /dev/null +++ b/src/main/resources/templates/list_alu/empresas.html @@ -0,0 +1,280 @@ + + + + + + + + + + + Lista Empresas + + + +
+ +

+ + Listado de Empresas +

+ +
+ + +
+
+ +
+
+ + +
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + +
+ + Nombre + + + + Cif + + + + Correo + + + + Telefono + + + + Keywords + + + + Sector + +
+ [[${empresa.nombre}]] + [[${empresa.cif}]][[${empresa.correo}]][[${empresa.telefono}]] +
+ [[${empresa.keywords}]] +
+ 		+
+ [[${empresa.sector.nombre}]] +
+
+
+
+ +
+ + + + + + + \ No newline at end of file diff --git a/src/main/resources/templates/list_alu/ofertas.html b/src/main/resources/templates/list_alu/ofertas.html new file mode 100644 index 0000000..3348ac0 --- /dev/null +++ b/src/main/resources/templates/list_alu/ofertas.html @@ -0,0 +1,280 @@ + + + + + + + + + + + Lista Ofertas + + + +
+ +

+ + Listado de Ofertas +

+ +
+ + +
+
+ +
+
+ + +
+
+ +
+ + + + + + + + + + + + + + + + + + + + + +
+ + Nombre + + + + Fecha + + + + Descripcion + + + + Sucursal + + + + Ciclo + + + Skills +
+ [[${oferta.nombre}]] + [[${oferta.fecha}]][[${oferta.descripcion}]][[${oferta.sucursal.nombre}]] +
+ [[${oferta.ciclo.nombre}]] +
+ 		+
+ +
+
+
+
+ +
+ + + + + + + \ No newline at end of file diff --git a/src/main/resources/templates/list_alu/sucursales.html b/src/main/resources/templates/list_alu/sucursales.html new file mode 100644 index 0000000..5d7e4c7 --- /dev/null +++ b/src/main/resources/templates/list_alu/sucursales.html @@ -0,0 +1,241 @@ + + + + + + + + + + + Lista Sucursales + + + +
+

+ + Listado de Sucursales +

+ +
+ + +
+
+ +
+
+ + +
+
+ +
+ + + + + + + + + + + + + + + + + + + +
+ + Nombre + + + + Localidad + + + + Direccion + + + + Sede Central + + + + Empresa + +
+ [[${sucursal.nombre}]] + [[${sucursal.localidad}]][[${sucursal.direccion}]][[${sucursal.empresa.nombre}]]
+
+
+ +
+ + + + + + + \ No newline at end of file