Projekt

Obecné

Profil

« Předchozí | Další » 

Revize 23feb2c7

Přidáno uživatelem Jakub Danek před více než 5 roky(ů)

re #37 disable csrf (for now, needs to be revised later whether needed or not)

Zobrazit rozdíly:

server/src/main/java/org/danekja/ymanager/business/ApiManager.java
1 1
package org.danekja.ymanager.business;
2 2

  
3
import org.danekja.ymanager.business.auth.AuthExpressions;
3 4
import org.danekja.ymanager.domain.*;
4 5
import org.danekja.ymanager.dto.DefaultSettings;
5 6
import org.danekja.ymanager.dto.*;
......
11 12
import org.slf4j.LoggerFactory;
12 13
import org.springframework.beans.factory.annotation.Autowired;
13 14
import org.springframework.dao.DataAccessException;
15
import org.springframework.security.access.prepost.PreAuthorize;
14 16
import org.springframework.stereotype.Component;
15 17

  
16 18
import java.time.LocalDate;
......
102 104
    }
103 105

  
104 106
    @Override
107
    @PreAuthorize(AuthExpressions.MASTER_SELF_ID_PARAM)
105 108
    public void createVacation(Long userId, VacationDay vacationDay) throws RESTFullException {
106 109

  
107 110
        if (vacationDay.getDate().isBefore(LocalDate.now())) {
server/src/main/java/org/danekja/ymanager/ws/rest/ApiController.java
5 5
import org.danekja.ymanager.business.Manager;
6 6
import org.danekja.ymanager.domain.RequestType;
7 7
import org.danekja.ymanager.domain.Status;
8
import org.danekja.ymanager.domain.User;
8 9
import org.danekja.ymanager.dto.BasicRequest;
9 10
import org.danekja.ymanager.dto.DefaultSettings;
10 11
import org.danekja.ymanager.dto.UserSettings;
......
13 14
import org.springframework.beans.factory.annotation.Autowired;
14 15
import org.springframework.http.HttpHeaders;
15 16
import org.springframework.http.ResponseEntity;
17
import org.springframework.security.core.Authentication;
16 18
import org.springframework.web.bind.annotation.*;
17 19
import org.springframework.web.multipart.MultipartFile;
18 20

  
......
111 113
    @RequestMapping(value = "/user/calendar/create", method=POST)
112 114
    public ResponseEntity userCalendarCreate(
113 115
            @RequestParam(value = "lang", required = false) String lang,
114
            @RequestBody VacationDay vacationDay)
116
            @RequestBody VacationDay vacationDay,
117
            Authentication auth)
115 118
    {
119
        //TODO make api endpoint contain userId in path as part of #39, also drop the create part of path
120
        //TODO drop the auth parameter afterwards
116 121
        return handle(Language.getLanguage(lang), () ->
117
                manager.createVacation(getUserId("me"), vacationDay)
122
                manager.createVacation(((User) auth.getPrincipal()).getId(), vacationDay)
118 123
        );
119 124
    }
120 125

  

Také k dispozici: Unified diff