|
|
@@ -8,6 +8,8 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|
|
import org.springframework.data.domain.Page;
|
|
|
import org.springframework.http.HttpStatus;
|
|
|
import org.springframework.http.ResponseEntity;
|
|
|
+import org.springframework.security.access.prepost.PostAuthorize;
|
|
|
+import org.springframework.security.access.prepost.PreAuthorize;
|
|
|
import org.springframework.web.bind.annotation.DeleteMapping;
|
|
|
import org.springframework.web.bind.annotation.GetMapping;
|
|
|
import org.springframework.web.bind.annotation.PathVariable;
|
|
|
@@ -30,6 +32,7 @@ public class BlogRestController {
|
|
|
@Autowired private BlogService blogService;
|
|
|
|
|
|
@GetMapping("posts")
|
|
|
+ @PreAuthorize("permitAll")
|
|
|
public PostsResponseDTO findPosts(@RequestBody PostsRequestDTO request) {
|
|
|
LOGGER.debug("View all posts");
|
|
|
Page<Post> pageData = blogService.findPosts(request);
|
|
|
@@ -38,6 +41,8 @@ public class BlogRestController {
|
|
|
}
|
|
|
|
|
|
@GetMapping("posts/{id}")
|
|
|
+ @PreAuthorize("isAuthenticated() and #postId < 10")
|
|
|
+ @PostAuthorize("returnObject.isPresent() and returnObject.get().id >= 1")
|
|
|
public Optional<Post> findPostById(@PathVariable("id") Integer id) {
|
|
|
LOGGER.debug("View Post id: "+id);
|
|
|
Optional<Post> post = blogService.findPostById(id);
|
|
|
@@ -45,6 +50,7 @@ public class BlogRestController {
|
|
|
}
|
|
|
|
|
|
@PostMapping("posts")
|
|
|
+ @PreAuthorize("hasRole('ADMIN') OR hasRole('USER')")
|
|
|
public ResponseEntity<Post> createPost(@RequestBody Post post) {
|
|
|
LOGGER.debug("Create post");
|
|
|
Post createdPost = blogService.createPost(post);
|
|
|
@@ -52,6 +58,7 @@ public class BlogRestController {
|
|
|
}
|
|
|
|
|
|
@DeleteMapping("posts/{id}")
|
|
|
+ @PreAuthorize("hasRole('ADMIN')")
|
|
|
public void deletePostById(@PathVariable("id") Integer id) {
|
|
|
LOGGER.debug("Delete Post id: "+id);
|
|
|
blogService.deletePost(id);
|
dagarcos