From 9d8830a10e0764aa2168e4ccfbba3cbbc2510e79 Mon Sep 17 00:00:00 2001
From: vicsash <victorsash96@gmail.com>
Date: Tue, 14 May 2024 20:48:21 +0200
Subject: [PATCH] =?UTF-8?q?A=C3=B1adinedo=20limitaciones=20l=20los=20contr?=
 =?UTF-8?q?oladores=20para=20que=20un=20aluno,=20usuario=20normal,=20no=20?=
 =?UTF-8?q?puede=20borra,=20editar=20o=20crear=20cosas=20que=20no=20debe?=
 =?UTF-8?q?=20tener=20acceso.=20Es=20una=20medida=20pesonalizada=20como=20?=
 =?UTF-8?q?no=20podria=20conseguir=20que=20funcciona=20medidas=20normales?=
 =?UTF-8?q?=20@RolesAllowed=20y=20el=20alumnos=20solo=20puede=20editar=20s?=
 =?UTF-8?q?us=20datos=20y=20nada=20mas.=20Puede=20ver=20todas=20las=20list?=
 =?UTF-8?q?as=20pero=20no=20tiene=20autorizaci=C3=B3n=20a=20borar=20o=20cr?=
 =?UTF-8?q?ear.=20Pero=20solo=20puede=20editar=20su=20informacion?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controllers/BuscadorController.java       |  11 +-
 .../modelControllers/AlumnoController.java    |  20 +-
 .../modelControllers/CicloController.java     |  28 ++-
 .../modelControllers/ContactoController.java  |  28 ++-
 .../modelControllers/EmpressaController.java  |  29 ++-
 .../modelControllers/FamiliaController.java   |  29 ++-
 .../modelControllers/OfertaController.java    |  28 ++-
 .../modelControllers/SectorController.java    |  28 ++-
 .../modelControllers/SkillController.java     |  29 ++-
 .../modelControllers/SucursalController.java  |  30 ++-
 .../proyectofinal/models/empresas/Alumno.java |  10 +-
 .../templates/admin/alumno/create.html        |  14 +-
 .../templates/admin/alumno/update.html        |  15 +-
 .../resources/templates/buscador_admin.html   |  63 ++++++
 .../templates/user/alumno/create.html         | 205 ++++++++++++++++++
 15 files changed, 516 insertions(+), 51 deletions(-)
 create mode 100644 src/main/resources/templates/user/alumno/create.html

diff --git a/src/main/java/com/example/proyectofinal/controllers/BuscadorController.java b/src/main/java/com/example/proyectofinal/controllers/BuscadorController.java
index ee7ea71..e860ba0 100644
--- a/src/main/java/com/example/proyectofinal/controllers/BuscadorController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/BuscadorController.java
@@ -53,8 +53,15 @@ public class BuscadorController {
     private UsuarioService usuarioService;
 
     @GetMapping
-    public String buscador(){
-        return "buscador_admin";
+    public String buscador(Authentication authentication){
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (isAdmin) {
+            return "buscador_admin";
+        } else {
+            return "buscador_alumno";
+        }
     }
 
 
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/AlumnoController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/AlumnoController.java
index 393c6e9..cb12c3e 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/AlumnoController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/AlumnoController.java
@@ -10,10 +10,14 @@ import jakarta.annotation.security.RolesAllowed;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;
+import org.springframework.web.server.ResponseStatusException;
 
+import java.util.Collection;
 import java.util.List;
 import java.util.Optional;
 import java.util.Set;
@@ -35,7 +39,13 @@ public class AlumnoController {
 
 
     @GetMapping("/admin/alumno/create")
-    public String showCreateForm(Model model) {
+    public String showCreateForm(Model model, Authentication authentication) {
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         Alumno alumno = new Alumno();
         List<Ciclo> ciclos = cicloService.findAll();
         List<Skill> skills = skillService.findAll();
@@ -112,7 +122,13 @@ public class AlumnoController {
     }
 
     @GetMapping("/alumno/delete/{id}")
-    public ResponseEntity<String> deleteAlumno(@PathVariable Long id){
+    public ResponseEntity<String> deleteAlumno(@PathVariable Long id,Authentication authentication){
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         try{
             Alumno alumno = alumnoService.findById(id);
             String logIn = "alu." + alumno.getNombre() + alumno.getNia().substring(0, 3);
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/CicloController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/CicloController.java
index cef2d26..7e34bff 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/CicloController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/CicloController.java
@@ -8,10 +8,14 @@ import jakarta.annotation.security.RolesAllowed;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;
+import org.springframework.web.server.ResponseStatusException;
 
+import java.util.Collection;
 import java.util.List;
 
 @Controller
@@ -26,7 +30,13 @@ public class CicloController {
 
 
     @GetMapping("/admin/ciclo/create")
-    public String showCreateForm(Model model) {
+    public String showCreateForm(Model model, Authentication authentication) {
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         Ciclo ciclo = new Ciclo();
         List<Familia> familias = familiaService.findAllFamilias();
         Familia familia = new Familia();
@@ -56,7 +66,13 @@ public class CicloController {
 
 
     @GetMapping("/admin/ciclo/update/{id}")
-    public String showUpdateForm(Model model, @PathVariable Long id) {
+    public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) {
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         Ciclo ciclo = cicloService.findById(id);
         List<Familia> familias = familiaService.findAllFamilias();
         Familia familia = new Familia();
@@ -81,7 +97,13 @@ public class CicloController {
 
 
     @GetMapping("/ciclo/delete/{id}")
-    public ResponseEntity<String> deleteCiclo(@PathVariable Long id){
+    public ResponseEntity<String> deleteCiclo(@PathVariable Long id,Authentication authentication) {
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         try{
             cicloService.deleteById(id);
             return new ResponseEntity<>("El ciclo ha sido eliminado", HttpStatus.OK);
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/ContactoController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/ContactoController.java
index 7fe7d92..d41758c 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/ContactoController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/ContactoController.java
@@ -8,14 +8,18 @@ import jakarta.annotation.security.RolesAllowed;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.server.ResponseStatusException;
 
 
+import java.util.Collection;
 import java.util.List;
 
 @Controller
@@ -28,7 +32,13 @@ public class ContactoController {
     private EmpresaService empresaService;
 
     @GetMapping("/admin/contacto/create")
-    public String showCreateForm(Model model) {
+    public String showCreateForm(Model model, Authentication authentication) {
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         Contacto contacto = new Contacto();
         List<Empresa> empresas = empresaService.findAll();
         Empresa empresa = new Empresa();
@@ -58,7 +68,13 @@ public class ContactoController {
 
     @RolesAllowed({"ADMIN"})
     @GetMapping("/admin/contacto/update/{id}")
-    public String showUpdateForm(Model model, @PathVariable Long id) {
+    public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) {
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         Contacto contacto = contactosService.findById(id);
         Empresa empresa = new Empresa();
         List<Empresa> empresas = empresaService.findAll();
@@ -87,7 +103,13 @@ public class ContactoController {
 
 
     @GetMapping("/contacto/delete/{id}")
-    public ResponseEntity<String> deleteContacto(@PathVariable Long id){
+    public ResponseEntity<String> deleteContacto(@PathVariable Long id, Authentication authentication){
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         try{
             empresaService.deleteById(id);
             return new ResponseEntity<>("El contacto ha sido eliminado", HttpStatus.OK);
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/EmpressaController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/EmpressaController.java
index f09c1f1..cd170ce 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/EmpressaController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/EmpressaController.java
@@ -10,10 +10,14 @@ import jakarta.annotation.security.RolesAllowed;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;
+import org.springframework.web.server.ResponseStatusException;
 
+import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
@@ -40,7 +44,13 @@ public class EmpressaController {
 
 
     @GetMapping("/admin/empresa/create")
-    public String showCreateForm(Model model) {
+    public String showCreateForm(Model model, Authentication authentication) {
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         Empresa empresa = new Empresa();
         Sector sector = new Sector();
         List<Sector> sectores = sectorService.findAll();
@@ -68,10 +78,15 @@ public class EmpressaController {
     }
 
     @GetMapping("/admin/empresa/update/{id}")
-    public String showUpdateForm(Model model, @PathVariable Long id) {
+    public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) {
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         Empresa empresa = empresaService.findById(id);
         //System.out.println("Retrieved empresa: " + empresa); // Add logging here
-
         Sector sector = new Sector();
         List<Sector> sectores = sectorService.findAll();
         //System.out.println("Retrieved sectores: " + sectores); // Add logging here
@@ -101,7 +116,13 @@ public class EmpressaController {
 
 
     @GetMapping("/empresa/delete/{id}")
-    public ResponseEntity<String> deleteEmpresa(@PathVariable Long id){
+    public ResponseEntity<String> deleteEmpresa(@PathVariable Long id,Authentication authentication){
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         try{
             empresaService.deleteById(id);
             return new ResponseEntity<>("La empresa ha sido eliminado", HttpStatus.OK);
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/FamiliaController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/FamiliaController.java
index 34e71b7..476ad46 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/FamiliaController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/FamiliaController.java
@@ -7,9 +7,14 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;
+import org.springframework.web.server.ResponseStatusException;
+
+import java.util.Collection;
 
 @Controller
 @RequestMapping()
@@ -19,7 +24,13 @@ public class FamiliaController {
 
 
     @GetMapping("/admin/familia/create")
-    public String showCreateForm(Model model) {
+    public String showCreateForm(Model model, Authentication authentication) {
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         Familia familia = new Familia();
         model.addAttribute("familia", familia);
         return "admin/familia/create";
@@ -43,7 +54,13 @@ public class FamiliaController {
 
 
     @GetMapping("/admin/familia/update/{id}")
-    public String showUpdateForm(Model model, @PathVariable Long id) {
+    public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) {
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         Familia familia = familiaService.findById(id);
         model.addAttribute("familia", familia);
         return "admin/familia/update";
@@ -62,7 +79,13 @@ public class FamiliaController {
 
 
     @GetMapping("/familia/delete/{id}")
-    public ResponseEntity<String> deleteFamilia(@PathVariable Long id){
+    public ResponseEntity<String> deleteFamilia(@PathVariable Long id,Authentication authentication){
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         try{
             familiaService.deleteById(id);
             return new ResponseEntity<>("La familia ha sido eliminado", HttpStatus.OK);
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/OfertaController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/OfertaController.java
index c7909f3..eca6414 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/OfertaController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/OfertaController.java
@@ -9,10 +9,14 @@ import jakarta.annotation.security.RolesAllowed;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;
+import org.springframework.web.server.ResponseStatusException;
 
+import java.util.Collection;
 import java.util.List;
 import java.util.Set;
 
@@ -33,7 +37,13 @@ public class OfertaController {
 
 
     @GetMapping("/admin/oferta/create")
-    public String showCreateForm(Model model) {
+    public String showCreateForm(Model model, Authentication authentication) {
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         Oferta oferta = new Oferta();
         List<Ciclo> ciclos = cicloService.findAll();
         List<Skill> skills = skillService.findAll();
@@ -69,7 +79,13 @@ public class OfertaController {
 
 
     @GetMapping("/admin/oferta/update/{id}")
-    public String showUpdateForm(Model model, @PathVariable Long id) {
+    public String showUpdateForm(Model model, @PathVariable Long id, Authentication authentication) {
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         Oferta oferta = ofertaService.findById(id);
         List<Ciclo> ciclos = cicloService.findAll();
         List<Skill> skills = skillService.findAll();
@@ -101,7 +117,13 @@ public class OfertaController {
 
 
     @GetMapping("/oferta/delete/{id}")
-    public ResponseEntity<String> deleteOferta(@PathVariable Long id){
+    public ResponseEntity<String> deleteOferta(@PathVariable Long id,Authentication authentication){
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         try{
             ofertaService.deleteById(id);
             return new ResponseEntity<>("La oferta ha sido eliminado", HttpStatus.OK);
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/SectorController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/SectorController.java
index 6755cfe..0834488 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/SectorController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/SectorController.java
@@ -8,10 +8,14 @@ import jakarta.annotation.security.RolesAllowed;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;
+import org.springframework.web.server.ResponseStatusException;
 
+import java.util.Collection;
 import java.util.HashSet;
 import java.util.Set;
 
@@ -34,7 +38,13 @@ public class SectorController {
 
 
     @GetMapping("/admin/sector/create")
-    public String showCreateForm(Model model) {
+    public String showCreateForm(Model model, Authentication authentication){
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         Sector sectores = new Sector();
         model.addAttribute("sector", sectores);
         return "admin/sector/create";
@@ -57,7 +67,13 @@ public class SectorController {
     }
 
     @GetMapping("/admin/sector/update/{id}")
-    public String showUpdateForm(Model model, @PathVariable Long id) {
+    public String showUpdateForm(Model model, @PathVariable Long id, Authentication authentication){
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         Sector sector = sectorService.findById(id);
         model.addAttribute("sector", sector);
         return "admin/sector/update";
@@ -76,7 +92,13 @@ public class SectorController {
 
 
     @GetMapping("/sector/delete/{id}")
-    public ResponseEntity<String> deleteSector(@PathVariable Long id){
+    public ResponseEntity<String> deleteSector(@PathVariable Long id,Authentication authentication){
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         try{
             sectorService.deleteById(id);
             return new ResponseEntity<>("El sector ha sido eliminado", HttpStatus.OK);
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/SkillController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/SkillController.java
index c48d55b..8aa57d0 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/SkillController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/SkillController.java
@@ -6,9 +6,14 @@ import jakarta.annotation.security.RolesAllowed;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;
+import org.springframework.web.server.ResponseStatusException;
+
+import java.util.Collection;
 
 @Controller
 @RequestMapping()
@@ -18,7 +23,13 @@ public class SkillController {
 
 
     @GetMapping("/admin/skill/create")
-    public String showCreateForm(Model model) {
+    public String showCreateForm(Model model, Authentication authentication) {
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         Skill skill = new Skill();
         model.addAttribute("skill", skill);
         return "admin/skill/create";
@@ -41,7 +52,13 @@ public class SkillController {
 
 
     @GetMapping("/admin/skill/update/{id}")
-    public String showUpdateForm(Model model, @PathVariable Long id) {
+    public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) {
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         Skill skill = skillService.findById(id);
         model.addAttribute("skill", skill);
         return "admin/skill/update";
@@ -60,7 +77,13 @@ public class SkillController {
 
 
     @GetMapping("/skill/delete/{id}")
-    public ResponseEntity<String> deleteSkill(@PathVariable Long id){
+    public ResponseEntity<String> deleteSkill(@PathVariable Long id,Authentication authentication){
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         try{
             skillService.deleteById(id);
             return new ResponseEntity<>("Skill ha sido eliminada", HttpStatus.OK);
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/SucursalController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/SucursalController.java
index bd8160b..44f4842 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/SucursalController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/SucursalController.java
@@ -8,13 +8,17 @@ import jakarta.annotation.security.RolesAllowed;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.server.ResponseStatusException;
 
+import java.util.Collection;
 import java.util.List;
 
 @Controller
@@ -27,7 +31,13 @@ public class SucursalController {
 
 
     @GetMapping("/admin/sucursal/create")
-    public String showCreateForm(Model model) {
+    public String showCreateForm(Model model, Authentication authentication) {
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         Sucursal sucursal = new Sucursal();
         Empresa empresa = new Empresa();
         List<Empresa> empresas = empresaService.findAll();
@@ -56,7 +66,13 @@ public class SucursalController {
 
 
     @GetMapping("/admin/sucursal/update/{id}")
-    public String showUpdateForm(Model model, @PathVariable Long id) {
+    public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) {
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
         Sucursal sucursal = sucursalService.findById(id);
         Empresa empresa = new Empresa();
         List<Empresa> empresas = empresaService.findAll();
@@ -82,8 +98,14 @@ public class SucursalController {
 
 
     @GetMapping("/sucursal/delete/{id}")
-    public ResponseEntity<String> deleteSucursal(@PathVariable Long id){
-        System.out.println("Attempting to delete Sucursal with ID: " + id);
+    public ResponseEntity<String> deleteSucursal(@PathVariable Long id,Authentication authentication){
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
+//        System.out.println("Attempting to delete Sucursal with ID: " + id);
         try{
             sucursalService.deleteById(id);
             return new ResponseEntity<>("La empresa ha sido eliminado", HttpStatus.OK);
diff --git a/src/main/java/com/example/proyectofinal/models/empresas/Alumno.java b/src/main/java/com/example/proyectofinal/models/empresas/Alumno.java
index 893ade2..1a09280 100644
--- a/src/main/java/com/example/proyectofinal/models/empresas/Alumno.java
+++ b/src/main/java/com/example/proyectofinal/models/empresas/Alumno.java
@@ -24,14 +24,14 @@ public class Alumno {
     private long id;
 
     @NonNull
-    @Column(length = 70)
+    @Column(length =100)
     private String nombre;
 
     @NonNull
-    @Column(length = 70)
+    @Column(length = 100)
     private String apellido;
 
-    @Column(length = 70)
+    @Column(length = 100)
     private String apellido2;
 
     @NonNull
@@ -48,15 +48,13 @@ public class Alumno {
     private String nia;
 
     @NonNull
-    @Column(length = 45)
+    @Column(length = 8)
     private String dni;
 
     @NonNull
     @Column(length = 100)
     private String correo;
 
-    //TODO add domiciollo 200
-
     @Column(length = 100)
     private String correo2;
 
diff --git a/src/main/resources/templates/admin/alumno/create.html b/src/main/resources/templates/admin/alumno/create.html
index 41dafbd..2443888 100644
--- a/src/main/resources/templates/admin/alumno/create.html
+++ b/src/main/resources/templates/admin/alumno/create.html
@@ -58,21 +58,21 @@
         <div class ="form-group row">
             <label class="col-sm-3 col-form-label" for="nombre">Nombre</label>
             <div class = "col-sm-9">
-                <input type="text" th:field="*{nombre}" required minlength="2" maxlength="75" class="form-control" id="nombre">
+                <input type="text" th:field="*{nombre}" required minlength="1" maxlength="100" class="form-control" id="nombre">
             </div>
         </div>
 
         <div class ="form-group row">
             <label class="col-sm-3 col-form-label" for="cif">Apellido</label>
             <div class = "col-sm-9">
-                <input type="text" th:field="*{apellido}" required minlength="2" maxlength="75" title="Entra un nombre" class="form-control" id="cif">
+                <input type="text" th:field="*{apellido}" required minlength="1" maxlength="100" title="Entra un nombre" class="form-control" id="cif">
             </div>
         </div>
 
         <div class ="form-group row">
             <label class="col-sm-3 col-form-label" for="apellido2">Apellido2</label>
             <div class = "col-sm-9">
-                <input type="text" th:field="*{apellido2}" minlength="2" maxlength="75" class="form-control" id="apellido2">
+                <input type="text" th:field="*{apellido2}" required minlength="1" maxlength="100" class="form-control" id="apellido2">
             </div>
         </div>
 
@@ -98,28 +98,28 @@
             <label class="col-sm-3 col-form-label" for="nia">Nia</label>
             <div class = "col-sm-9">
                 <!--TODO: Añadir validacion de nia-->
-                <input type="text" th:field="*{nia}"   title="Entra un nia correcto" class="form-control" id="nia">
+                <input type="text" th:field="*{nia}"   required minlength="8" maxlength="8" title="Entra un nia correcto" class="form-control" id="nia">
             </div>
         </div>
 
         <div class="form-group row">
             <label class="col-sm-3 col-form-label" for="dni">DNI/NIE</label>
             <div class="col-sm-9">
-                <input type="text" th:field="*{dni}" required class="form-control" id="dni" title="Introduce DNI/NIE">
+                <input type="text" th:field="*{dni}" required minlength="8" maxlength="8" class="form-control" id="dni" title="Introduce DNI/NIE">
             </div>
         </div>
 
         <div class="form-group row">
             <label class="col-sm-3 col-form-label" for="correo">Correo</label>
             <div class="col-sm-9">
-                <input type="email" th:field="*{correo}" required class="form-control" id="correo" title="Introduce correo">
+                <input type="email" th:field="*{correo}" required minlength="5" maxlength="100" class="form-control" id="correo" title="Introduce correo">
             </div>
         </div>
 
         <div class="form-group row">
             <label class="col-sm-3 col-form-label" for="correo2">Correo2</label>
             <div class="col-sm-9">
-                <input type="email" th:field="*{correo2}" class="form-control" id="correo2" title="Introduce correo alternativo">
+                <input type="email" th:field="*{correo2}" required minlength="5" maxlength="100" class="form-control" id="correo2" title="Introduce correo alternativo">
             </div>
         </div>
 
diff --git a/src/main/resources/templates/admin/alumno/update.html b/src/main/resources/templates/admin/alumno/update.html
index cdc103e..cba611f 100644
--- a/src/main/resources/templates/admin/alumno/update.html
+++ b/src/main/resources/templates/admin/alumno/update.html
@@ -59,21 +59,21 @@
         <div class ="form-group row">
             <label class="col-sm-3 col-form-label" for="nombre">Nombre</label>
             <div class = "col-sm-9">
-                <input type="text" th:field="*{nombre}" required minlength="2" maxlength="75" class="form-control" id="nombre">
+                <input type="text" th:field="*{nombre}" required minlength="1" maxlength="100" class="form-control" id="nombre">
             </div>
         </div>
 
         <div class ="form-group row">
             <label class="col-sm-3 col-form-label" for="cif">Apellido</label>
             <div class = "col-sm-9">
-                <input type="text" th:field="*{apellido}" required minlength="2" maxlength="75" title="Entra un nombre" class="form-control" id="cif">
+                <input type="text" th:field="*{apellido}" required minlength="1" maxlength="100" title="Entra un nombre" class="form-control" id="cif">
             </div>
         </div>
 
         <div class ="form-group row">
             <label class="col-sm-3 col-form-label" for="apellido2">Apellido2</label>
             <div class = "col-sm-9">
-                <input type="text" th:field="*{apellido2}" minlength="2" maxlength="75" class="form-control" id="apellido2">
+                <input type="text" th:field="*{apellido2}" required minlength="1" maxlength="100" class="form-control" id="apellido2">
             </div>
         </div>
 
@@ -98,29 +98,28 @@
         <div class ="form-group row">
             <label class="col-sm-3 col-form-label" for="nia">Nia</label>
             <div class = "col-sm-9">
-                <!--TODO: Añadir validacion de nia-->
-                <input type="text" th:field="*{nia}"   title="Entra un nia correcto" class="form-control" id="nia">
+                <input type="text" th:field="*{nia}"   required minlength="8" maxlength="8" title="Entra un nia correcto" class="form-control" id="nia">
             </div>
         </div>
 
         <div class="form-group row">
             <label class="col-sm-3 col-form-label" for="dni">DNI/NIE</label>
             <div class="col-sm-9">
-                <input type="text" th:field="*{dni}" required class="form-control" id="dni" title="Introduce DNI/NIE">
+                <input type="text" th:field="*{dni}" required minlength="8" maxlength="8" class="form-control" id="dni" title="Introduce DNI/NIE">
             </div>
         </div>
 
         <div class="form-group row">
             <label class="col-sm-3 col-form-label" for="correo">Correo</label>
             <div class="col-sm-9">
-                <input type="email" th:field="*{correo}" required class="form-control" id="correo" title="Introduce correo">
+                <input type="email" th:field="*{correo}"  required minlength="5" maxlength="100" class="form-control" id="correo" title="Introduce correo">
             </div>
         </div>
 
         <div class="form-group row">
             <label class="col-sm-3 col-form-label" for="correo2">Correo2</label>
             <div class="col-sm-9">
-                <input type="email" th:field="*{correo2}" class="form-control" id="correo2" title="Introduce correo alternativo">
+                <input type="email" th:field="*{correo2}"  required minlength="5" maxlength="100"class="form-control" id="correo2" title="Introduce correo alternativo">
             </div>
         </div>
 
diff --git a/src/main/resources/templates/buscador_admin.html b/src/main/resources/templates/buscador_admin.html
index d1b2943..1e340f3 100644
--- a/src/main/resources/templates/buscador_admin.html
+++ b/src/main/resources/templates/buscador_admin.html
@@ -50,14 +50,55 @@
         #date{
             margin-top: 15px;
         }
+        #user{
+            position: relative;
+            margin-left: 50px;
+            padding: 0px;
+            background-color: #dddddd;
+            width: 50px; /* Adjust as needed */
+            height: 50px; /* Adjust as needed */
+            display: flex;
+            flex-direction: column; /* New property */
+            align-items: center; /* Vertically center the contents */
+            justify-content: center; /* Horizontally center the contents */
+            text-align: center; /* Center the text */
+        }
+
+        #user-icon {
+            width: 22px; /* Adjust as needed */
+            height: 22px; /* Adjust as needed */
+        }
+
+        #user p {
+            font-size: 10px; /* Adjust as needed */
+        }
+
+        .modal-content  p{
+            background-color: antiquewhite;
+        }
+
     </style>
 </head>
 <body >
 <div class="header">
+    <div id="user">
+        <i class="fas fa-user" id="user-icon"></i>
+        <p>Usuario</p>
+    </div>
+
     <h1>PAGINA PRINCIPAL</h1>
     <a href="/logout" class="logout-button"><i class="fas fa-door-open"></i></a>
 </div>
 
+<div id="userModal" class="modal">
+    <div class="modal-content">
+        <span class="close">&times;</span>
+        <p onclick="createUser()">Dar alta a nuevo usuario</p>
+        <p onclick="editUser()">Editar este usuario</p>
+        <p onclick="deleteUser()">Borrar usuario</p>
+    </div>
+</div>
+
 <div class="form-container" style="display: flex; justify-content: center; align-items: center; height: calc(100vh - 60px);">
     <form action="/buscador/" method="get" id="searchForm" onsubmit="submitForm()">
         <div class="search-container" id="searchContainer">
@@ -87,6 +128,28 @@
 </div>
 
 <script>
+    //MODAL
+    // Get the modal
+    var modal = document.getElementById("userModal");
+    // Get the button that opens the modal
+    var btn = document.getElementById("user");
+    // Get the <span> element that closes the modal
+    var span = document.getElementsByClassName("close")[0];
+    // When the user clicks the button, open the modal
+    btn.onclick = function() {
+        modal.style.display = "block";
+    }
+    // When the user clicks on <span> (x), close the modal
+    span.onclick = function() {
+        modal.style.display = "none";
+    }
+
+    // When the user clicks anywhere outside of the modal, close it
+    window.onclick = function(event) {
+        if (event.target == modal) {
+            modal.style.display = "none";
+        }
+    }
     // Get reference to the date picker
     var datePicker = document.getElementById('datePicker');
 
diff --git a/src/main/resources/templates/user/alumno/create.html b/src/main/resources/templates/user/alumno/create.html
new file mode 100644
index 0000000..2443888
--- /dev/null
+++ b/src/main/resources/templates/user/alumno/create.html
@@ -0,0 +1,205 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Creacion: Alumno</title>
+    <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.15.4/css/all.css">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.css">
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js"></script>
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
+    <link rel="stylesheet" type="text/css" th:href="@{/top.css}">
+    <link href="https://cdn.jsdelivr.net/npm/select2@4.1.0-beta.1/dist/css/select2.min.css" rel="stylesheet" />
+    <script src="https://cdn.jsdelivr.net/npm/select2@4.1.0-beta.1/dist/js/select2.min.js"></script>
+    <style>
+        form {
+            display: flex;
+            flex-direction: column;
+            justify-content: space-around;
+            align-items: center;
+            width: 100%;
+            max-width: none;
+            margin: auto;
+            padding: 25px;
+            margin-top: 100px;
+        }
+
+        .btn {
+            margin-top: 25px;
+            margin-right: 5px;
+            width: 120px;
+            height: 40px;
+            font-family: Verdana;
+        }
+        form input[type="submit"], form input[type="button"] {
+            width: 100px;
+        }
+        form input[type="text"]{
+            width: 75%;
+        }
+        form label{
+            font-size: 20px;
+            margin-bottom: 10px;
+            font-family: Verdana, Geneva, Tahoma, sans-serif;
+        }
+
+        body, h1 {
+            margin: 0;
+            padding: 0;
+            width: 100%;
+            box-sizing: border-box;
+        }
+    </style>
+</head>
+<body>
+<h1>Añadir Alumno<a href="/logout" class="logout-button"><i class="fas fa-door-open"></i></a></h1>
+
+<form th:action="@{/contacto/save}" method="post" enctype="multipart/form-data" th:object="${alumno}">
+    <div class="p-3">
+        <div class ="form-group row">
+            <label class="col-sm-3 col-form-label" for="nombre">Nombre</label>
+            <div class = "col-sm-9">
+                <input type="text" th:field="*{nombre}" required minlength="1" maxlength="100" class="form-control" id="nombre">
+            </div>
+        </div>
+
+        <div class ="form-group row">
+            <label class="col-sm-3 col-form-label" for="cif">Apellido</label>
+            <div class = "col-sm-9">
+                <input type="text" th:field="*{apellido}" required minlength="1" maxlength="100" title="Entra un nombre" class="form-control" id="cif">
+            </div>
+        </div>
+
+        <div class ="form-group row">
+            <label class="col-sm-3 col-form-label" for="apellido2">Apellido2</label>
+            <div class = "col-sm-9">
+                <input type="text" th:field="*{apellido2}" required minlength="1" maxlength="100" class="form-control" id="apellido2">
+            </div>
+        </div>
+
+        <div class ="form-group row">
+            <label class="col-sm-3 col-form-label" for="fechaNacimiento">Fecha de Nacimiento</label>
+            <div class = "col-sm-9">
+                <input type="date" th:field="*{fechaNacimiento}" required class="form-control" id="fechaNacimiento" title="Introduce fecha">
+            </div>
+        </div>
+
+        <div class="form-group row">
+            <label class="col-sm-3 col-form-label" for="genero">Genero</label>
+            <div class="col-sm-9">
+                <select th:field="*{genero}" class="form-control" id="genero" required>
+                    <option value="">Selecciona un genero</option>
+                    <option value="Mujer">Mujer</option>
+                    <option value="Varon">Varon</option>
+                </select>
+            </div>
+        </div>
+
+        <div class ="form-group row">
+            <label class="col-sm-3 col-form-label" for="nia">Nia</label>
+            <div class = "col-sm-9">
+                <!--TODO: Añadir validacion de nia-->
+                <input type="text" th:field="*{nia}"   required minlength="8" maxlength="8" title="Entra un nia correcto" class="form-control" id="nia">
+            </div>
+        </div>
+
+        <div class="form-group row">
+            <label class="col-sm-3 col-form-label" for="dni">DNI/NIE</label>
+            <div class="col-sm-9">
+                <input type="text" th:field="*{dni}" required minlength="8" maxlength="8" class="form-control" id="dni" title="Introduce DNI/NIE">
+            </div>
+        </div>
+
+        <div class="form-group row">
+            <label class="col-sm-3 col-form-label" for="correo">Correo</label>
+            <div class="col-sm-9">
+                <input type="email" th:field="*{correo}" required minlength="5" maxlength="100" class="form-control" id="correo" title="Introduce correo">
+            </div>
+        </div>
+
+        <div class="form-group row">
+            <label class="col-sm-3 col-form-label" for="correo2">Correo2</label>
+            <div class="col-sm-9">
+                <input type="email" th:field="*{correo2}" required minlength="5" maxlength="100" class="form-control" id="correo2" title="Introduce correo alternativo">
+            </div>
+        </div>
+
+        <div class="form-group row">
+            <label class="col-sm-3 col-form-label" for="nacionalidad">Nacionalidad</label>
+            <div class="col-sm-9">
+                <input type="text" th:field="*{nacionalidad}" class="form-control" id="nacionalidad" title="Introduce nacionalidad">
+            </div>
+        </div>
+
+        <div class="form-group row">
+            <label class="col-sm-3 col-form-label" for="keywords">Keywords</label>
+            <div class="col-sm-9">
+                <input type="text" th:field="*{keywords}" class="form-control" id="keywords" title="Introduce keywords">
+            </div>
+        </div>
+
+        <!-- Ciclos -->
+        <div class="form-group row">
+            <label class="col-sm-3 col-form-label" for="ciclo">Ciclo</label>
+            <div class="col-sm-9">
+                <select th:field="*{ciclo.id}" class="form-control" id="ciclo">
+                    <option th:each="ciclo : ${ciclos}" th:value="${ciclo.id}" th:text="${ciclo.nombre}"></option>
+                </select>
+            </div>
+        </div>
+
+        <div class="skills-container">
+            <h2>Select Skills</h2>
+            <select id="skills" multiple>
+                <option th:each="skill : ${skills}" th:value="${skill.id}" th:text="${skill.nombre}"></option>
+            </select>
+        </div>
+
+        <div class="text-center">
+            <input type="submit" value="Guardar" class="btn"/>
+            <input type="button" value="Cancelar"  id="btnCancelar" class="btn" onclick="goBack()"/>
+        </div>
+    </div>
+</form>
+<script>
+    $(document).ready(function() {
+        $('#skills').select2();
+    });
+
+    function goBack() {
+        window.history.back();
+    }
+    $(document).ready(function () {
+        $("form").on("submit", function (event) {
+            event.preventDefault();
+
+            var formDataArray = $(this).serializeArray();
+            formDataArray.push({name: 'ciclo', value: $('#ciclo').val()});
+            formDataArray.push({name: 'skills', value: $('#skills').val()});
+
+            $.ajax({
+                url: '/alumno/save',
+                type: 'post',
+                data: $.param(formDataArray),
+                success: function (message) {
+                    if(message === "El alumno fue guardado con exito") {
+                        alert("El alumno fue guardado con exito")
+                        window.history.go(-1);
+                    } else if(message === "El alumno ya existe"){
+                        alert("El alumno ya existe");
+                        window.history.go(-1);
+                    }else{
+                        alert("Error, consulte a los informaticos")
+                        window.history.go(-1)
+                    }
+                },
+                error: function (jqXHR) {
+                    alert(jqXHR.responseText);
+                    window.history.back();
+                }
+            });
+        });
+    });
+
+</script>
+</body>
+</html>
\ No newline at end of file