victor
/
GestEmpresa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ajustes al controladores de operaciones crud que usa el administrador

Browse Source
master
vicsash 5 months ago
parent 0a26208f41
commit fb30b05a8a
10 changed files with 133 additions and 210 deletions
Show Stats Download Patch File Download Diff File

58
src/main/java/com/example/proyectofinal/controllers/AdminController.java
Unescape View File

@ -37,30 +37,25 @@ public class AdminController {
@Autowired @Autowired
private AlumnoService alumnoService; private AlumnoService alumnoService;
@GetMapping("/admin/alta_admin_nuevo") private void checkUserRole(Authentication authentication) {
public String showCreateFormAdmin(Model model, Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
boolean isAdmin = authorities.stream() boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN")); .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) { if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página"); throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
} }
}
@GetMapping("/admin/alta_admin_nuevo")
public String showCreateFormAdmin(Model model, Authentication authentication) {
checkUserRole(authentication);
model.addAttribute("usuario", new Usuario()); // Add this line model.addAttribute("usuario", new Usuario()); // Add this line
return "admin/usuario/create"; return "admin/usuario/create";
} }
@PostMapping("/admin/alta_admin_nuevo") @PostMapping("/admin/alta_admin_nuevo")
public String saveNewAdmin(@ModelAttribute Usuario usuario, Authentication authentication) { public String saveNewAdmin(@ModelAttribute Usuario usuario, Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
usuario.setRol(usuarioService.getRolById(1)); usuario.setRol(usuarioService.getRolById(1));
if(usuarioService.getUserByLogInName(usuario.getNombreLogIn()) == null){ if(usuarioService.getUserByLogInName(usuario.getNombreLogIn()) == null){
usuarioService.createUsuario(usuario.getNombreUsuario(), usuario.getNombreLogIn(), usuario.getEmail(), usuario.getPassword(), usuario.getRol().getId()); usuarioService.createUsuario(usuario.getNombreUsuario(), usuario.getNombreLogIn(), usuario.getEmail(), usuario.getPassword(), usuario.getRol().getId());
return "redirect:/buscador?userCreated=true"; return "redirect:/buscador?userCreated=true";
@ -80,12 +75,7 @@ public class AdminController {
@GetMapping("/admin/editar_usuario") @GetMapping("/admin/editar_usuario")
public String showUpdateFormAdmin(Model model, Authentication authentication) { public String showUpdateFormAdmin(Model model, Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
List<Usuario> users = usuarioService.findAll(); List<Usuario> users = usuarioService.findAll();
model.addAttribute("users", users); model.addAttribute("users", users);
model.addAttribute("usuario", new Usuario()); model.addAttribute("usuario", new Usuario());
@ -94,12 +84,7 @@ public class AdminController {
//TODO add confirmation of if the user is a studen and if it is then cahnge the first email in alumno table //TODO add confirmation of if the user is a studen and if it is then cahnge the first email in alumno table
@PostMapping("/admin/update_usuario") @PostMapping("/admin/update_usuario")
public String updateUser(@ModelAttribute Usuario usuario, Authentication authentication) { public String updateUser(@ModelAttribute Usuario usuario, Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
Usuario existingUser = usuarioService.findUserById(usuario.getId()); Usuario existingUser = usuarioService.findUserById(usuario.getId());
if (existingUser == null) { if (existingUser == null) {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Este usuario no existe"); throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Este usuario no existe");
@ -150,19 +135,15 @@ public class AdminController {
@GetMapping("/admin/user/{id}") @GetMapping("/admin/user/{id}")
public ResponseEntity<Usuario> getUser(@PathVariable Long id) { public ResponseEntity<Usuario> getUser(@PathVariable Long id,Authentication authentication) {
checkUserRole(authentication);
Usuario usuario = usuarioService.findUserById(id); Usuario usuario = usuarioService.findUserById(id);
return ResponseEntity.ok(usuario); return ResponseEntity.ok(usuario);
} }
@GetMapping("/admin/delete_usuario") @GetMapping("/admin/delete_usuario")
public String showDeleteFormAdmin(Model model, Authentication authentication) { public String showDeleteFormAdmin(Model model, Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
List<Usuario> users = usuarioService.findAll(); List<Usuario> users = usuarioService.findAll();
model.addAttribute("users", users); model.addAttribute("users", users);
model.addAttribute("usuario", new Usuario()); model.addAttribute("usuario", new Usuario());
@ -171,12 +152,7 @@ public class AdminController {
@GetMapping("/admin/delete_usuario/{id}") @GetMapping("/admin/delete_usuario/{id}")
public ResponseEntity<String> deleteUser(@PathVariable Long id, Authentication authentication) { public ResponseEntity<String> deleteUser(@PathVariable Long id, Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
Usuario existingUser = usuarioService.findUserById(id); Usuario existingUser = usuarioService.findUserById(id);
if (existingUser == null) { if (existingUser == null) {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Este usuario no existe"); throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Este usuario no existe");
@ -201,19 +177,11 @@ public class AdminController {
@GetMapping("/admin/firstUser") @GetMapping("/admin/firstUser")
public String showAlterUserForm(Model model, Authentication authentication) { public String showAlterUserForm(Model model, Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
String username = authentication.getName(); String username = authentication.getName();
Usuario usuario = usuarioService.findByLogInName(username); Usuario usuario = usuarioService.findByLogInName(username);
model.addAttribute("usuario", usuario); model.addAttribute("usuario", usuario);
model.addAttribute("newPassword", ""); model.addAttribute("newPassword", "");
return "admin/usuario/first_login_admin"; return "admin/usuario/first_login_admin";
} }
} }

27
src/main/java/com/example/proyectofinal/controllers/modelControllers/AlumnoController.java
Unescape View File

@ -36,15 +36,18 @@ public class AlumnoController {
@Autowired @Autowired
UsuarioService usuarioService; UsuarioService usuarioService;
private void checkUserRole(Authentication authentication) {
@GetMapping("/admin/alumno/create")
public String showCreateForm(Model model, Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
boolean isAdmin = authorities.stream() boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN")); .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) { if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página"); throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
} }
}
@GetMapping("/admin/alumno/create")
public String showCreateForm(Model model, Authentication authentication) {
checkUserRole(authentication);
Alumno alumno = new Alumno(); Alumno alumno = new Alumno();
List<Ciclo> ciclos = cicloService.findAll(); List<Ciclo> ciclos = cicloService.findAll();
List<Skill> skills = skillService.findAll(); List<Skill> skills = skillService.findAll();
@ -56,8 +59,10 @@ public class AlumnoController {
@PostMapping("/alumno/save") @PostMapping("/alumno/save")
public ResponseEntity<String> saveAlumno(Alumno alumno, @RequestParam("ciclo") Long ciclo, @RequestParam("skills") List<Long> skills, @RequestParam("joinedKeywords") String keywords){ public ResponseEntity<String> saveAlumno(Alumno alumno, @RequestParam("ciclo") Long ciclo, @RequestParam("skills") List<Long> skills, @RequestParam("joinedKeywords") String keywords,
Authentication authentication){
try{ try{
checkUserRole(authentication);
//For some reason the transef of keywords from html to controllers is not done completely right //For some reason the transef of keywords from html to controllers is not done completely right
//due to the fact that the first character is always a comma, so we need to remove it //due to the fact that the first character is always a comma, so we need to remove it
if (keywords != null && !keywords.isEmpty() && keywords.charAt(0) == ',') { if (keywords != null && !keywords.isEmpty() && keywords.charAt(0) == ',') {
@ -98,7 +103,9 @@ public class AlumnoController {
@GetMapping("/admin/alumno/update/{id}") @GetMapping("/admin/alumno/update/{id}")
public String showUpdateForm(Model model, @PathVariable Long id) { public String showUpdateForm(Model model, @PathVariable Long id,
Authentication authentication) {
checkUserRole(authentication);
Alumno alumno = alumnoService.findById(id); Alumno alumno = alumnoService.findById(id);
List<Ciclo> ciclos = cicloService.findAll(); List<Ciclo> ciclos = cicloService.findAll();
List<Skill> skills = skillService.findAll(); List<Skill> skills = skillService.findAll();
@ -110,8 +117,9 @@ public class AlumnoController {
@PostMapping("/alumno/update") @PostMapping("/alumno/update")
public ResponseEntity<String> updateAlumno(Alumno alumno, @RequestParam("ciclo") Long ciclo, @RequestParam("skills") List<Long> skills,@RequestParam("joinedKeywords") String keywords){ public ResponseEntity<String> updateAlumno(Alumno alumno, @RequestParam("ciclo") Long ciclo, @RequestParam("skills") List<Long> skills,@RequestParam("joinedKeywords") String keywords,Authentication authentication){
try{ try{
checkUserRole(authentication);
if (keywords != null && !keywords.isEmpty() && keywords.charAt(0) == ',') { if (keywords != null && !keywords.isEmpty() && keywords.charAt(0) == ',') {
keywords = keywords.substring(1); keywords = keywords.substring(1);
} }
@ -151,12 +159,7 @@ public class AlumnoController {
@GetMapping("/alumno/delete/{id}") @GetMapping("/alumno/delete/{id}")
public ResponseEntity<String> deleteAlumno(@PathVariable Long id,Authentication authentication){ public ResponseEntity<String> deleteAlumno(@PathVariable Long id,Authentication authentication){
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
try{ try{
Alumno alumno = alumnoService.findById(id); Alumno alumno = alumnoService.findById(id);
String logIn = "alu." + alumno.getNombre() + alumno.getNia().substring(0, 3); String logIn = "alu." + alumno.getNombre() + alumno.getNia().substring(0, 3);

29
src/main/java/com/example/proyectofinal/controllers/modelControllers/CicloController.java
Unescape View File

@ -28,15 +28,18 @@ public class CicloController {
@Autowired @Autowired
private FamiliaService familiaService; private FamiliaService familiaService;
private void checkUserRole(Authentication authentication) {
@GetMapping("/admin/ciclo/create")
public String showCreateForm(Model model, Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
boolean isAdmin = authorities.stream() boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN")); .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) { if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página"); throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
} }
}
@GetMapping("/admin/ciclo/create")
public String showCreateForm(Model model, Authentication authentication) {
checkUserRole(authentication);
Ciclo ciclo = new Ciclo(); Ciclo ciclo = new Ciclo();
List<Familia> familias = familiaService.findAllFamilias(); List<Familia> familias = familiaService.findAllFamilias();
Familia familia = new Familia(); Familia familia = new Familia();
@ -48,8 +51,9 @@ public class CicloController {
@PostMapping("/ciclo/save") @PostMapping("/ciclo/save")
public ResponseEntity<String> saveCiclo(Ciclo ciclo, @RequestParam("familia") Long familiaId){ public ResponseEntity<String> saveCiclo(Ciclo ciclo, @RequestParam("familia") Long familiaId,Authentication authentication){
try{ try{
checkUserRole(authentication);
Familia familia = familiaService.findById(familiaId); Familia familia = familiaService.findById(familiaId);
ciclo.setFamilia(familia); ciclo.setFamilia(familia);
if(cicloService.exists(ciclo) != null){ if(cicloService.exists(ciclo) != null){
@ -67,12 +71,7 @@ public class CicloController {
@GetMapping("/admin/ciclo/update/{id}") @GetMapping("/admin/ciclo/update/{id}")
public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) { public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
Ciclo ciclo = cicloService.findById(id); Ciclo ciclo = cicloService.findById(id);
List<Familia> familias = familiaService.findAllFamilias(); List<Familia> familias = familiaService.findAllFamilias();
Familia familia = new Familia(); Familia familia = new Familia();
@ -84,8 +83,9 @@ public class CicloController {
@PostMapping("/ciclo/update") @PostMapping("/ciclo/update")
public ResponseEntity<String> updateCiclo(Ciclo ciclo, @RequestParam("familia.id") Long familiaId){ public ResponseEntity<String> updateCiclo(Ciclo ciclo, @RequestParam("familia.id") Long familiaId,Authentication authentication){
try{ try{
checkUserRole(authentication);
Familia familia = familiaService.findById(familiaId); Familia familia = familiaService.findById(familiaId);
ciclo.setFamilia(familia); ciclo.setFamilia(familia);
cicloService.save(ciclo); cicloService.save(ciclo);
@ -98,12 +98,7 @@ public class CicloController {
@GetMapping("/ciclo/delete/{id}") @GetMapping("/ciclo/delete/{id}")
public ResponseEntity<String> deleteCiclo(@PathVariable Long id,Authentication authentication) { public ResponseEntity<String> deleteCiclo(@PathVariable Long id,Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
try{ try{
cicloService.deleteById(id); cicloService.deleteById(id);
return new ResponseEntity<>("El ciclo ha sido eliminado", HttpStatus.OK); return new ResponseEntity<>("El ciclo ha sido eliminado", HttpStatus.OK);

30
src/main/java/com/example/proyectofinal/controllers/modelControllers/ContactoController.java
Unescape View File

@ -31,14 +31,18 @@ public class ContactoController {
@Autowired @Autowired
private EmpresaService empresaService; private EmpresaService empresaService;
@GetMapping("/admin/contacto/create") private void checkUserRole(Authentication authentication) {
public String showCreateForm(Model model, Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
boolean isAdmin = authorities.stream() boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN")); .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) { if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página"); throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
} }
}
@GetMapping("/admin/contacto/create")
public String showCreateForm(Model model, Authentication authentication) {
checkUserRole(authentication);
Contacto contacto = new Contacto(); Contacto contacto = new Contacto();
List<Empresa> empresas = empresaService.findAll(); List<Empresa> empresas = empresaService.findAll();
Empresa empresa = new Empresa(); Empresa empresa = new Empresa();
@ -50,8 +54,10 @@ public class ContactoController {
@PostMapping("/contacto/save") @PostMapping("/contacto/save")
public ResponseEntity<String> saveContacto(Contacto contacto, @RequestParam("empresa.id") Long empresaId){ public ResponseEntity<String> saveContacto(Contacto contacto, @RequestParam("empresa.id") Long empresaId,
Authentication authentication){
try{ try{
checkUserRole(authentication);
Empresa existingEmpresa = empresaService.findById(empresaId); Empresa existingEmpresa = empresaService.findById(empresaId);
contacto.setEmpresa(existingEmpresa); contacto.setEmpresa(existingEmpresa);
if(contactosService.exists(contacto) != null){ if(contactosService.exists(contacto) != null){
@ -68,12 +74,7 @@ public class ContactoController {
@GetMapping("/admin/contacto/update/{id}") @GetMapping("/admin/contacto/update/{id}")
public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) { public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
Contacto contacto = contactosService.findById(id); Contacto contacto = contactosService.findById(id);
Empresa empresa = new Empresa(); Empresa empresa = new Empresa();
List<Empresa> empresas = empresaService.findAll(); List<Empresa> empresas = empresaService.findAll();
@ -85,8 +86,10 @@ public class ContactoController {
@PostMapping("/contacto/update") @PostMapping("/contacto/update")
public ResponseEntity<String> updateContacto(Contacto contacto, @RequestParam("empresa.id") Long empresaId){ public ResponseEntity<String> updateContacto(Contacto contacto, @RequestParam("empresa.id") Long empresaId,
Authentication authentication){
try{ try{
checkUserRole(authentication);
Empresa existingEmpresa = empresaService.findById(empresaId); Empresa existingEmpresa = empresaService.findById(empresaId);
if(existingEmpresa != null) { if(existingEmpresa != null) {
contacto.setEmpresa(existingEmpresa); contacto.setEmpresa(existingEmpresa);
@ -103,12 +106,7 @@ public class ContactoController {
@GetMapping("/contacto/delete/{id}") @GetMapping("/contacto/delete/{id}")
public ResponseEntity<String> deleteContacto(@PathVariable Long id, Authentication authentication){ public ResponseEntity<String> deleteContacto(@PathVariable Long id, Authentication authentication){
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
try{ try{
contactosService.deleteById(id); contactosService.deleteById(id);
return new ResponseEntity<>("El contacto ha sido eliminado", HttpStatus.OK); return new ResponseEntity<>("El contacto ha sido eliminado", HttpStatus.OK);

39
src/main/java/com/example/proyectofinal/controllers/modelControllers/EmpressaController.java
Unescape View File

@ -17,6 +17,8 @@ import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import org.springframework.web.server.ResponseStatusException; import org.springframework.web.server.ResponseStatusException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.util.Collection; import java.util.Collection;
import java.util.HashSet; import java.util.HashSet;
import java.util.List; import java.util.List;
@ -44,15 +46,18 @@ public class EmpressaController {
return "contactos"; return "contactos";
} }
private void checkUserRole(Authentication authentication) {
@GetMapping("/admin/empresa/create")
public String showCreateForm(Model model, Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
boolean isAdmin = authorities.stream() boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN")); .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) { if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página"); throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
} }
}
@GetMapping("/admin/empresa/create")
public String showCreateForm(Model model, Authentication authentication) {
checkUserRole(authentication);
Empresa empresa = new Empresa(); Empresa empresa = new Empresa();
Sector sector = new Sector(); Sector sector = new Sector();
List<Sector> sectores = sectorService.findAll(); List<Sector> sectores = sectorService.findAll();
@ -66,12 +71,7 @@ public class EmpressaController {
@PostMapping("/empresa/save") @PostMapping("/empresa/save")
public ResponseEntity<String> saveEmpresa(Empresa empresa, @RequestParam("sector.id") Long sectorId, @RequestParam("joinedKeywords") String keywords, Authentication authentication){ public ResponseEntity<String> saveEmpresa(Empresa empresa, @RequestParam("sector.id") Long sectorId, @RequestParam("joinedKeywords") String keywords, Authentication authentication){
try{ try{
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
if (keywords != null && !keywords.isEmpty() && keywords.charAt(0) == ',') { if (keywords != null && !keywords.isEmpty() && keywords.charAt(0) == ',') {
keywords = keywords.substring(1); keywords = keywords.substring(1);
} }
@ -92,12 +92,7 @@ public class EmpressaController {
@GetMapping("/admin/empresa/update/{id}") @GetMapping("/admin/empresa/update/{id}")
public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) { public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
Empresa empresa = empresaService.findById(id); Empresa empresa = empresaService.findById(id);
//System.out.println("Retrieved empresa: " + empresa); // Add logging here //System.out.println("Retrieved empresa: " + empresa); // Add logging here
Sector sector = new Sector(); Sector sector = new Sector();
@ -114,12 +109,7 @@ public class EmpressaController {
@PostMapping("/empresa/update") @PostMapping("/empresa/update")
public ResponseEntity<String> updateEmpresa(Empresa empresa, @RequestParam("sectorId") Long sectorId, @RequestParam("joinedKeywords") String keywords, Authentication authentication){ public ResponseEntity<String> updateEmpresa(Empresa empresa, @RequestParam("sectorId") Long sectorId, @RequestParam("joinedKeywords") String keywords, Authentication authentication){
try{ try{
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
if (keywords != null && !keywords.isEmpty() && keywords.charAt(0) == ',') { if (keywords != null && !keywords.isEmpty() && keywords.charAt(0) == ',') {
keywords = keywords.substring(1); keywords = keywords.substring(1);
} }
@ -143,12 +133,7 @@ public class EmpressaController {
@GetMapping("/empresa/delete/{id}") @GetMapping("/empresa/delete/{id}")
public ResponseEntity<String> deleteEmpresa(@PathVariable Long id,Authentication authentication){ public ResponseEntity<String> deleteEmpresa(@PathVariable Long id,Authentication authentication){
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
try{ try{
empresaService.deleteById(id); empresaService.deleteById(id);
return new ResponseEntity<>("La empresa ha sido eliminado", HttpStatus.OK); return new ResponseEntity<>("La empresa ha sido eliminado", HttpStatus.OK);

29
src/main/java/com/example/proyectofinal/controllers/modelControllers/FamiliaController.java
Unescape View File

@ -22,15 +22,18 @@ public class FamiliaController {
@Autowired @Autowired
private FamiliaService familiaService; private FamiliaService familiaService;
private void checkUserRole(Authentication authentication) {
@GetMapping("/admin/familia/create")
public String showCreateForm(Model model, Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
boolean isAdmin = authorities.stream() boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN")); .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) { if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página"); throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
} }
}
@GetMapping("/admin/familia/create")
public String showCreateForm(Model model, Authentication authentication) {
checkUserRole(authentication);
Familia familia = new Familia(); Familia familia = new Familia();
model.addAttribute("familia", familia); model.addAttribute("familia", familia);
return "admin/familia/create"; return "admin/familia/create";
@ -38,8 +41,9 @@ public class FamiliaController {
@PostMapping("/familia/save") @PostMapping("/familia/save")
public ResponseEntity<String> saveFamilia(Familia familia){ public ResponseEntity<String> saveFamilia(Familia familia,Authentication authentication){
try{ try{
checkUserRole(authentication);
if(familiaService.findByName(familia.getNombre()) != null){ if(familiaService.findByName(familia.getNombre()) != null){
System.out.println("Este familia ya existe en la base de datos"); System.out.println("Este familia ya existe en la base de datos");
return new ResponseEntity<>("Este familia ya existe en la base de datos", HttpStatus.BAD_REQUEST); return new ResponseEntity<>("Este familia ya existe en la base de datos", HttpStatus.BAD_REQUEST);
@ -55,12 +59,7 @@ public class FamiliaController {
@GetMapping("/admin/familia/update/{id}") @GetMapping("/admin/familia/update/{id}")
public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) { public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
Familia familia = familiaService.findById(id); Familia familia = familiaService.findById(id);
model.addAttribute("familia", familia); model.addAttribute("familia", familia);
return "admin/familia/update"; return "admin/familia/update";
@ -68,8 +67,9 @@ public class FamiliaController {
@PostMapping("/familia/update") @PostMapping("/familia/update")
public ResponseEntity<String> updateFamilia(Familia familia){ public ResponseEntity<String> updateFamilia(Familia familia,Authentication authentication){
try{ try{
checkUserRole(authentication);
familiaService.save(familia); familiaService.save(familia);
return new ResponseEntity<>("La familia ha sido actualizado con exito", HttpStatus.OK); return new ResponseEntity<>("La familia ha sido actualizado con exito", HttpStatus.OK);
}catch (Exception e) { }catch (Exception e) {
@ -80,13 +80,8 @@ public class FamiliaController {
@GetMapping("/familia/delete/{id}") @GetMapping("/familia/delete/{id}")
public ResponseEntity<String> deleteFamilia(@PathVariable Long id,Authentication authentication){ public ResponseEntity<String> deleteFamilia(@PathVariable Long id,Authentication authentication){
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
try{ try{
checkUserRole(authentication);
familiaService.deleteById(id); familiaService.deleteById(id);
return new ResponseEntity<>("La familia ha sido eliminado", HttpStatus.OK); return new ResponseEntity<>("La familia ha sido eliminado", HttpStatus.OK);
}catch (Exception e){ }catch (Exception e){

36
src/main/java/com/example/proyectofinal/controllers/modelControllers/OfertaController.java
Unescape View File

@ -35,14 +35,18 @@ public class OfertaController {
@Autowired @Autowired
private CicloService cicloService; private CicloService cicloService;
@GetMapping("/admin/oferta/create") private void checkUserRole(Authentication authentication) {
public String showCreateForm(Model model, Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
boolean isAdmin = authorities.stream() boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN")); .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) { if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página"); throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
} }
}
@GetMapping("/admin/oferta/create")
public String showCreateForm(Model model, Authentication authentication) {
checkUserRole(authentication);
Oferta oferta = new Oferta(); Oferta oferta = new Oferta();
List<Ciclo> ciclos = cicloService.findAll(); List<Ciclo> ciclos = cicloService.findAll();
List<Skill> skills = skillService.findAll(); List<Skill> skills = skillService.findAll();
@ -56,8 +60,10 @@ public class OfertaController {
@PostMapping("/oferta/save") @PostMapping("/oferta/save")
public ResponseEntity<String> saveOferta(Oferta oferta, @RequestParam("ciclo") Long ciclo, @RequestParam("sucursal") Long sucursal, @RequestParam("skills") List<Long> skills){ public ResponseEntity<String> saveOferta(Oferta oferta, @RequestParam("ciclo") Long ciclo, @RequestParam("sucursal") Long sucursal, @RequestParam("skills") List<Long> skills,
Authentication authentication){
try{ try{
checkUserRole(authentication);
Ciclo cicloEntity = cicloService.findById(ciclo); Ciclo cicloEntity = cicloService.findById(ciclo);
Sucursal sucursalEntity = sucursalService.findById(sucursal); Sucursal sucursalEntity = sucursalService.findById(sucursal);
Set<Skill> skillEntities = skillService.findAllByIds(skills); Set<Skill> skillEntities = skillService.findAllByIds(skills);
@ -80,12 +86,7 @@ public class OfertaController {
@GetMapping("/admin/oferta/update/{id}") @GetMapping("/admin/oferta/update/{id}")
public String showUpdateForm(Model model, @PathVariable Long id, Authentication authentication) { public String showUpdateForm(Model model, @PathVariable Long id, Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
Oferta oferta = ofertaService.findById(id); Oferta oferta = ofertaService.findById(id);
List<Ciclo> ciclos = cicloService.findAll(); List<Ciclo> ciclos = cicloService.findAll();
List<Skill> skills = skillService.findAll(); List<Skill> skills = skillService.findAll();
@ -99,8 +100,10 @@ public class OfertaController {
@PostMapping("/oferta/update") @PostMapping("/oferta/update")
public ResponseEntity<String> updateOferta(Oferta oferta, @RequestParam("ciclo") Long ciclo, @RequestParam("sucursal") Long sucursal, @RequestParam("skills") List<Long> skills){ public ResponseEntity<String> updateOferta(Oferta oferta, @RequestParam("ciclo") Long ciclo, @RequestParam("sucursal") Long sucursal, @RequestParam("skills") List<Long> skills,
Authentication authentication){
try{ try{
checkUserRole(authentication);
Ciclo cicloEntity = cicloService.findById(ciclo); Ciclo cicloEntity = cicloService.findById(ciclo);
Sucursal sucursalEntity = sucursalService.findById(sucursal); Sucursal sucursalEntity = sucursalService.findById(sucursal);
Set<Skill> skillEntities = skillService.findAllByIds(skills); Set<Skill> skillEntities = skillService.findAllByIds(skills);
@ -117,23 +120,12 @@ public class OfertaController {
@GetMapping("/oferta/delete/{id}") @GetMapping("/oferta/delete/{id}")
public ResponseEntity<String> deleteOferta(@PathVariable Long id,Authentication authentication){ public ResponseEntity<String> deleteOferta(@PathVariable Long id,Authentication authentication){
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
try{ try{
checkUserRole(authentication);
ofertaService.deleteById(id); ofertaService.deleteById(id);
return new ResponseEntity<>("La oferta ha sido eliminada", HttpStatus.OK); return new ResponseEntity<>("La oferta ha sido eliminada", HttpStatus.OK);
}catch (Exception e){ }catch (Exception e){
return new ResponseEntity<>(e.getMessage(), HttpStatus.INTERNAL_SERVER_ERROR); return new ResponseEntity<>(e.getMessage(), HttpStatus.INTERNAL_SERVER_ERROR);
} }
} }
@GetMapping("api/distinct-years")
@ResponseBody
public List<Integer> getDistinctYears() {
return ofertaService.findDistinctYears();
}
} }

35
src/main/java/com/example/proyectofinal/controllers/modelControllers/SectorController.java
Unescape View File

@ -28,6 +28,14 @@ public class SectorController {
@Autowired @Autowired
private SectorService sectorService; private SectorService sectorService;
private void checkUserRole(Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
}
@GetMapping("sector/{id}") @GetMapping("sector/{id}")
public String getEmpressaBySector(@PathVariable Long id, Model model) { public String getEmpressaBySector(@PathVariable Long id, Model model) {
@ -39,12 +47,7 @@ public class SectorController {
@GetMapping("/admin/sector/create") @GetMapping("/admin/sector/create")
public String showCreateForm(Model model, Authentication authentication){ public String showCreateForm(Model model, Authentication authentication){
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
Sector sectores = new Sector(); Sector sectores = new Sector();
model.addAttribute("sector", sectores); model.addAttribute("sector", sectores);
return "admin/sector/create"; return "admin/sector/create";
@ -52,8 +55,9 @@ public class SectorController {
@PostMapping("/sector/save") @PostMapping("/sector/save")
public ResponseEntity<String> saveSector(Sector sector){ public ResponseEntity<String> saveSector(Sector sector,Authentication authentication){
try{ try{
checkUserRole(authentication);
if(sectorService.findByName(sector.getNombre()) != null){ if(sectorService.findByName(sector.getNombre()) != null){
System.out.println("Este sector ya existe en la base de datos"); System.out.println("Este sector ya existe en la base de datos");
return new ResponseEntity<>("Este sector ya existe en la base de datos", HttpStatus.BAD_REQUEST); return new ResponseEntity<>("Este sector ya existe en la base de datos", HttpStatus.BAD_REQUEST);
@ -68,12 +72,7 @@ public class SectorController {
@GetMapping("/admin/sector/update/{id}") @GetMapping("/admin/sector/update/{id}")
public String showUpdateForm(Model model, @PathVariable Long id, Authentication authentication){ public String showUpdateForm(Model model, @PathVariable Long id, Authentication authentication){
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
Sector sector = sectorService.findById(id); Sector sector = sectorService.findById(id);
model.addAttribute("sector", sector); model.addAttribute("sector", sector);
return "admin/sector/update"; return "admin/sector/update";
@ -81,8 +80,9 @@ public class SectorController {
@PostMapping("/sector/update") @PostMapping("/sector/update")
public ResponseEntity<String> updateSector(Sector sector){ public ResponseEntity<String> updateSector(Sector sector, Authentication authentication){
try{ try{
checkUserRole(authentication);
sectorService.save(sector); sectorService.save(sector);
return new ResponseEntity<>("El sector ha sido actualizado", HttpStatus.OK); return new ResponseEntity<>("El sector ha sido actualizado", HttpStatus.OK);
}catch (Exception e) { }catch (Exception e) {
@ -93,13 +93,8 @@ public class SectorController {
@GetMapping("/sector/delete/{id}") @GetMapping("/sector/delete/{id}")
public ResponseEntity<String> deleteSector(@PathVariable Long id,Authentication authentication){ public ResponseEntity<String> deleteSector(@PathVariable Long id,Authentication authentication){
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
try{ try{
checkUserRole(authentication);
sectorService.deleteById(id); sectorService.deleteById(id);
return new ResponseEntity<>("El sector ha sido eliminado", HttpStatus.OK); return new ResponseEntity<>("El sector ha sido eliminado", HttpStatus.OK);
}catch (Exception e){ }catch (Exception e){

29
src/main/java/com/example/proyectofinal/controllers/modelControllers/SkillController.java
Unescape View File

@ -21,15 +21,18 @@ public class SkillController {
@Autowired @Autowired
private SkillService skillService; private SkillService skillService;
private void checkUserRole(Authentication authentication) {
@GetMapping("/admin/skill/create")
public String showCreateForm(Model model, Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
boolean isAdmin = authorities.stream() boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN")); .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) { if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página"); throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
} }
}
@GetMapping("/admin/skill/create")
public String showCreateForm(Model model, Authentication authentication) {
checkUserRole(authentication);
Skill skill = new Skill(); Skill skill = new Skill();
model.addAttribute("skill", skill); model.addAttribute("skill", skill);
return "admin/skill/create"; return "admin/skill/create";
@ -37,8 +40,9 @@ public class SkillController {
@PostMapping("/skill/save") @PostMapping("/skill/save")
public ResponseEntity<String> saveSkill(Skill skill){ public ResponseEntity<String> saveSkill(Skill skill,Authentication authentication){
try{ try{
checkUserRole(authentication);
if(skillService.findByName(skill.getNombre()) != null){ if(skillService.findByName(skill.getNombre()) != null){
return new ResponseEntity<>("Este skill ya existe en la base de datos", HttpStatus.BAD_REQUEST); return new ResponseEntity<>("Este skill ya existe en la base de datos", HttpStatus.BAD_REQUEST);
}else { }else {
@ -53,12 +57,7 @@ public class SkillController {
@GetMapping("/admin/skill/update/{id}") @GetMapping("/admin/skill/update/{id}")
public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) { public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
Skill skill = skillService.findById(id); Skill skill = skillService.findById(id);
model.addAttribute("skill", skill); model.addAttribute("skill", skill);
return "admin/skill/update"; return "admin/skill/update";
@ -66,8 +65,9 @@ public class SkillController {
@PostMapping("/skill/update") @PostMapping("/skill/update")
public ResponseEntity<String> updateSkill(Skill skill){ public ResponseEntity<String> updateSkill(Skill skill, Authentication authentication){
try{ try{
checkUserRole(authentication);
skillService.save(skill); skillService.save(skill);
return new ResponseEntity<>("El skill fue renovado", HttpStatus.OK); return new ResponseEntity<>("El skill fue renovado", HttpStatus.OK);
}catch (Exception e) { }catch (Exception e) {
@ -78,13 +78,8 @@ public class SkillController {
@GetMapping("/skill/delete/{id}") @GetMapping("/skill/delete/{id}")
public ResponseEntity<String> deleteSkill(@PathVariable Long id,Authentication authentication){ public ResponseEntity<String> deleteSkill(@PathVariable Long id,Authentication authentication){
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
try{ try{
checkUserRole(authentication);
skillService.deleteById(id); skillService.deleteById(id);
return new ResponseEntity<>("Skill ha sido eliminada", HttpStatus.OK); return new ResponseEntity<>("Skill ha sido eliminada", HttpStatus.OK);
}catch (Exception e){ }catch (Exception e){

31
src/main/java/com/example/proyectofinal/controllers/modelControllers/SucursalController.java
Unescape View File

@ -32,14 +32,18 @@ public class SucursalController {
@Autowired @Autowired
private EntityManager entityManager; private EntityManager entityManager;
@GetMapping("/admin/sucursal/create") private void checkUserRole(Authentication authentication) {
public String showCreateForm(Model model, Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
boolean isAdmin = authorities.stream() boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN")); .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) { if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página"); throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
} }
}
@GetMapping("/admin/sucursal/create")
public String showCreateForm(Model model, Authentication authentication) {
checkUserRole(authentication);
Sucursal sucursal = new Sucursal(); Sucursal sucursal = new Sucursal();
Empresa empresa = new Empresa(); Empresa empresa = new Empresa();
List<Empresa> empresas = empresaService.findAll(); List<Empresa> empresas = empresaService.findAll();
@ -51,8 +55,10 @@ public class SucursalController {
@PostMapping("/sucursal/save") @PostMapping("/sucursal/save")
public ResponseEntity<String> saveSucursal(Sucursal sucursal, @RequestParam("empresa.id") Long empresaId, @RequestParam("sedeCentral") boolean sedeCentral){ public ResponseEntity<String> saveSucursal(Sucursal sucursal, @RequestParam("empresa.id") Long empresaId, @RequestParam("sedeCentral") boolean sedeCentral,
Authentication authentication){
try{ try{
checkUserRole(authentication);
Empresa existingEmpresa = empresaService.findById(empresaId); Empresa existingEmpresa = empresaService.findById(empresaId);
sucursal.setEmpresa(existingEmpresa); sucursal.setEmpresa(existingEmpresa);
sucursal.setSedeCentral(sedeCentral); sucursal.setSedeCentral(sedeCentral);
@ -78,12 +84,7 @@ public class SucursalController {
@GetMapping("/admin/sucursal/update/{id}") @GetMapping("/admin/sucursal/update/{id}")
public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) { public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); checkUserRole(authentication);
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
Sucursal sucursal = sucursalService.findById(id); Sucursal sucursal = sucursalService.findById(id);
Empresa empresa = new Empresa(); Empresa empresa = new Empresa();
List<Empresa> empresas = empresaService.findAll(); List<Empresa> empresas = empresaService.findAll();
@ -96,8 +97,10 @@ public class SucursalController {
@PostMapping("/sucursal/update") @PostMapping("/sucursal/update")
public ResponseEntity<String> updateSucursal(Sucursal sucursal, @RequestParam("empresa.id") Long empresaId, @RequestParam("sedeCentral") boolean sedeCentral){ public ResponseEntity<String> updateSucursal(Sucursal sucursal, @RequestParam("empresa.id") Long empresaId, @RequestParam("sedeCentral") boolean sedeCentral,
Authentication authentication){
try{ try{
checkUserRole(authentication);
entityManager.detach(sucursal); entityManager.detach(sucursal);
Empresa existingEmpresa = empresaService.findById(empresaId); Empresa existingEmpresa = empresaService.findById(empresaId);
sucursal.setEmpresa(existingEmpresa); sucursal.setEmpresa(existingEmpresa);
@ -128,14 +131,8 @@ public class SucursalController {
@GetMapping("/sucursal/delete/{id}") @GetMapping("/sucursal/delete/{id}")
public ResponseEntity<String> deleteSucursal(@PathVariable Long id,Authentication authentication){ public ResponseEntity<String> deleteSucursal(@PathVariable Long id,Authentication authentication){
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
boolean isAdmin = authorities.stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
if (!isAdmin) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
}
// System.out.println("Attempting to delete Sucursal with ID: " + id);
try{ try{
checkUserRole(authentication);
sucursalService.deleteById(id); sucursalService.deleteById(id);
return new ResponseEntity<>("Sucursal borrada con exito", HttpStatus.OK); return new ResponseEntity<>("Sucursal borrada con exito", HttpStatus.OK);
}catch (Exception e){ }catch (Exception e){

Write Preview
Loading…
Cancel
Save

Powered by INFORMATICA.FP.EDU.ES.