Revize 23feb2c7
Přidáno uživatelem Jakub Danek před více než 5 roky(ů)
server/src/main/java/org/danekja/ymanager/business/ApiManager.java | ||
---|---|---|
1 | 1 |
package org.danekja.ymanager.business; |
2 | 2 |
|
3 |
import org.danekja.ymanager.business.auth.AuthExpressions; |
|
3 | 4 |
import org.danekja.ymanager.domain.*; |
4 | 5 |
import org.danekja.ymanager.dto.DefaultSettings; |
5 | 6 |
import org.danekja.ymanager.dto.*; |
... | ... | |
11 | 12 |
import org.slf4j.LoggerFactory; |
12 | 13 |
import org.springframework.beans.factory.annotation.Autowired; |
13 | 14 |
import org.springframework.dao.DataAccessException; |
15 |
import org.springframework.security.access.prepost.PreAuthorize; |
|
14 | 16 |
import org.springframework.stereotype.Component; |
15 | 17 |
|
16 | 18 |
import java.time.LocalDate; |
... | ... | |
102 | 104 |
} |
103 | 105 |
|
104 | 106 |
@Override |
107 |
@PreAuthorize(AuthExpressions.MASTER_SELF_ID_PARAM) |
|
105 | 108 |
public void createVacation(Long userId, VacationDay vacationDay) throws RESTFullException { |
106 | 109 |
|
107 | 110 |
if (vacationDay.getDate().isBefore(LocalDate.now())) { |
server/src/main/java/org/danekja/ymanager/ws/rest/ApiController.java | ||
---|---|---|
5 | 5 |
import org.danekja.ymanager.business.Manager; |
6 | 6 |
import org.danekja.ymanager.domain.RequestType; |
7 | 7 |
import org.danekja.ymanager.domain.Status; |
8 |
import org.danekja.ymanager.domain.User; |
|
8 | 9 |
import org.danekja.ymanager.dto.BasicRequest; |
9 | 10 |
import org.danekja.ymanager.dto.DefaultSettings; |
10 | 11 |
import org.danekja.ymanager.dto.UserSettings; |
... | ... | |
13 | 14 |
import org.springframework.beans.factory.annotation.Autowired; |
14 | 15 |
import org.springframework.http.HttpHeaders; |
15 | 16 |
import org.springframework.http.ResponseEntity; |
17 |
import org.springframework.security.core.Authentication; |
|
16 | 18 |
import org.springframework.web.bind.annotation.*; |
17 | 19 |
import org.springframework.web.multipart.MultipartFile; |
18 | 20 |
|
... | ... | |
111 | 113 |
@RequestMapping(value = "/user/calendar/create", method=POST) |
112 | 114 |
public ResponseEntity userCalendarCreate( |
113 | 115 |
@RequestParam(value = "lang", required = false) String lang, |
114 |
@RequestBody VacationDay vacationDay) |
|
116 |
@RequestBody VacationDay vacationDay, |
|
117 |
Authentication auth) |
|
115 | 118 |
{ |
119 |
//TODO make api endpoint contain userId in path as part of #39, also drop the create part of path |
|
120 |
//TODO drop the auth parameter afterwards |
|
116 | 121 |
return handle(Language.getLanguage(lang), () -> |
117 |
manager.createVacation(getUserId("me"), vacationDay)
|
|
122 |
manager.createVacation(((User) auth.getPrincipal()).getId(), vacationDay)
|
|
118 | 123 |
); |
119 | 124 |
} |
120 | 125 |
|
Také k dispozici: Unified diff
re #37 disable csrf (for now, needs to be revised later whether needed or not)