Revize 23feb2c7
Přidáno uživatelem Jakub Danek před více než 5 roky(ů)
| server/src/main/java/org/danekja/ymanager/business/ApiManager.java | ||
|---|---|---|
| 1 | 1 |
package org.danekja.ymanager.business; |
| 2 | 2 |
|
| 3 |
import org.danekja.ymanager.business.auth.AuthExpressions; |
|
| 3 | 4 |
import org.danekja.ymanager.domain.*; |
| 4 | 5 |
import org.danekja.ymanager.dto.DefaultSettings; |
| 5 | 6 |
import org.danekja.ymanager.dto.*; |
| ... | ... | |
| 11 | 12 |
import org.slf4j.LoggerFactory; |
| 12 | 13 |
import org.springframework.beans.factory.annotation.Autowired; |
| 13 | 14 |
import org.springframework.dao.DataAccessException; |
| 15 |
import org.springframework.security.access.prepost.PreAuthorize; |
|
| 14 | 16 |
import org.springframework.stereotype.Component; |
| 15 | 17 |
|
| 16 | 18 |
import java.time.LocalDate; |
| ... | ... | |
| 102 | 104 |
} |
| 103 | 105 |
|
| 104 | 106 |
@Override |
| 107 |
@PreAuthorize(AuthExpressions.MASTER_SELF_ID_PARAM) |
|
| 105 | 108 |
public void createVacation(Long userId, VacationDay vacationDay) throws RESTFullException {
|
| 106 | 109 |
|
| 107 | 110 |
if (vacationDay.getDate().isBefore(LocalDate.now())) {
|
| server/src/main/java/org/danekja/ymanager/ws/rest/ApiController.java | ||
|---|---|---|
| 5 | 5 |
import org.danekja.ymanager.business.Manager; |
| 6 | 6 |
import org.danekja.ymanager.domain.RequestType; |
| 7 | 7 |
import org.danekja.ymanager.domain.Status; |
| 8 |
import org.danekja.ymanager.domain.User; |
|
| 8 | 9 |
import org.danekja.ymanager.dto.BasicRequest; |
| 9 | 10 |
import org.danekja.ymanager.dto.DefaultSettings; |
| 10 | 11 |
import org.danekja.ymanager.dto.UserSettings; |
| ... | ... | |
| 13 | 14 |
import org.springframework.beans.factory.annotation.Autowired; |
| 14 | 15 |
import org.springframework.http.HttpHeaders; |
| 15 | 16 |
import org.springframework.http.ResponseEntity; |
| 17 |
import org.springframework.security.core.Authentication; |
|
| 16 | 18 |
import org.springframework.web.bind.annotation.*; |
| 17 | 19 |
import org.springframework.web.multipart.MultipartFile; |
| 18 | 20 |
|
| ... | ... | |
| 111 | 113 |
@RequestMapping(value = "/user/calendar/create", method=POST) |
| 112 | 114 |
public ResponseEntity userCalendarCreate( |
| 113 | 115 |
@RequestParam(value = "lang", required = false) String lang, |
| 114 |
@RequestBody VacationDay vacationDay) |
|
| 116 |
@RequestBody VacationDay vacationDay, |
|
| 117 |
Authentication auth) |
|
| 115 | 118 |
{
|
| 119 |
//TODO make api endpoint contain userId in path as part of #39, also drop the create part of path |
|
| 120 |
//TODO drop the auth parameter afterwards |
|
| 116 | 121 |
return handle(Language.getLanguage(lang), () -> |
| 117 |
manager.createVacation(getUserId("me"), vacationDay)
|
|
| 122 |
manager.createVacation(((User) auth.getPrincipal()).getId(), vacationDay)
|
|
| 118 | 123 |
); |
| 119 | 124 |
} |
| 120 | 125 |
|
Také k dispozici: Unified diff
re #37 disable csrf (for now, needs to be revised later whether needed or not)