diff --git a/src/main/java/com/learning/yasminishop/cart/CartItemController.java b/src/main/java/com/learning/yasminishop/cart/CartItemController.java index e18e4e8..d3e3947 100644 --- a/src/main/java/com/learning/yasminishop/cart/CartItemController.java +++ b/src/main/java/com/learning/yasminishop/cart/CartItemController.java @@ -10,6 +10,7 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.springframework.http.HttpStatus; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import java.util.List; @@ -23,6 +24,7 @@ public class CartItemController { @PostMapping @ResponseStatus(HttpStatus.CREATED) + @PreAuthorize("hasRole('USER')") public APIResponse createCart(@Valid @RequestBody CartItemRequest cartItemRequest) { CartItemResponse cartItemResponse = cartItemService.create(cartItemRequest); return APIResponse.builder() @@ -32,6 +34,7 @@ public APIResponse createCart(@Valid @RequestBody CartItemRequ @GetMapping @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('USER')") public APIResponse> getAllCarts() { List cartItemResponses = cartItemService.getAll(); @@ -42,6 +45,7 @@ public APIResponse> getAllCarts() { @PutMapping("/{id}") @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('USER')") public APIResponse updateCart(@PathVariable String id, @Valid @RequestBody CartItemUpdate cartItemUpdate) { CartItemResponse cartItemResponses = cartItemService.update(id, cartItemUpdate); @@ -52,6 +56,7 @@ public APIResponse updateCart(@PathVariable String id, @Valid @DeleteMapping @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('USER')") public APIResponse deleteCart(@Valid @RequestBody CartItemIds cartItemIds) { cartItemService.delete(cartItemIds.getIds()); @@ -62,6 +67,7 @@ public APIResponse deleteCart(@Valid @RequestBody CartItemIds cartItemId @GetMapping("/get-by-ids") @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('USER')") public APIResponse> getCartItemsByIds(@RequestParam List ids) { List cartItemResponses = cartItemService.getCartByIds(ids); diff --git a/src/main/java/com/learning/yasminishop/cart/CartItemService.java b/src/main/java/com/learning/yasminishop/cart/CartItemService.java index 29da21d..0c76c14 100644 --- a/src/main/java/com/learning/yasminishop/cart/CartItemService.java +++ b/src/main/java/com/learning/yasminishop/cart/CartItemService.java @@ -13,7 +13,6 @@ import com.learning.yasminishop.user.UserRepository; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @@ -33,7 +32,6 @@ public class CartItemService { private final UserRepository userRepository; private final CartItemMapper cartItemMapper; - @PreAuthorize("hasRole('USER')") @Transactional public CartItemResponse create(CartItemRequest cartItemRequest) { @@ -61,7 +59,6 @@ public CartItemResponse create(CartItemRequest cartItemRequest) { } - @PreAuthorize("hasRole('USER')") public List getAll() { String email = SecurityContextHolder.getContext().getAuthentication().getName(); User user = userRepository.findByEmail(email).orElseThrow(() -> new AppException(ErrorCode.USER_NOT_FOUND)); @@ -73,7 +70,6 @@ public List getAll() { .toList(); } - @PreAuthorize("hasRole('USER')") @Transactional public CartItemResponse update(String cartId, CartItemUpdate cartItemUpdate) { @@ -97,7 +93,6 @@ public CartItemResponse update(String cartId, CartItemUpdate cartItemUpdate) { return cartItemMapper.toCartResponse(cartItem); } - @PreAuthorize("hasRole('USER')") @Transactional public void delete(List cartIds) { @@ -116,7 +111,6 @@ public void delete(List cartIds) { cartItemRepository.deleteAll(cartItems); } - @PreAuthorize("hasRole('USER')") @Transactional public List getCartByIds(List cartIds) { List cartItems = cartItemRepository.findAllById(cartIds); diff --git a/src/main/java/com/learning/yasminishop/category/CategoryController.java b/src/main/java/com/learning/yasminishop/category/CategoryController.java index f3a3498..d4e98b2 100644 --- a/src/main/java/com/learning/yasminishop/category/CategoryController.java +++ b/src/main/java/com/learning/yasminishop/category/CategoryController.java @@ -15,6 +15,7 @@ import org.springframework.data.domain.PageRequest; import org.springframework.data.domain.Pageable; import org.springframework.http.HttpStatus; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import java.util.List; @@ -29,6 +30,7 @@ public class CategoryController { @PostMapping @ResponseStatus(HttpStatus.CREATED) + @PreAuthorize("hasRole('ADMIN')") public APIResponse createCategory(@Valid @RequestBody CategoryCreation categoryCreation) { CategoryResponse categoryResponse = categoryService.create(categoryCreation); return APIResponse.builder() @@ -57,6 +59,7 @@ public APIResponse getCategoryBySlug(@PathVariable String slug @GetMapping("/{id}") @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('ADMIN')") public APIResponse getCategory(@PathVariable String id) { CategoryAdminResponse categoryAdminResponse = categoryService.getCategory(id); return APIResponse.builder() @@ -66,6 +69,7 @@ public APIResponse getCategory(@PathVariable String id) { @PatchMapping("/toggle-availability") @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('ADMIN')") public APIResponse toggleAvailability(@RequestBody CategoryIds categoryIds) { categoryService.toggleAvailability(categoryIds.getIds()); return APIResponse.builder() @@ -75,6 +79,7 @@ public APIResponse toggleAvailability(@RequestBody CategoryIds categoryI @DeleteMapping @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('ADMIN')") public APIResponse deleteCategories(@RequestBody CategoryIds categoryIds) { categoryService.delete(categoryIds.getIds()); return APIResponse.builder() @@ -85,6 +90,7 @@ public APIResponse deleteCategories(@RequestBody CategoryIds categoryIds @PutMapping("/{id}") @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('ADMIN')") public APIResponse updateCategory(@NotNull @NotEmpty @PathVariable String id, @Valid @RequestBody CategoryUpdate categoryUpdate) { CategoryResponse categoryResponse = categoryService.update(id, categoryUpdate); return APIResponse.builder() @@ -94,6 +100,7 @@ public APIResponse updateCategory(@NotNull @NotEmpty @PathVari @GetMapping("/admin") @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('ADMIN')") public APIResponse> getAllCategoriesForAdmin( @RequestParam(required = false) String name, @RequestParam(required = false) Boolean isAvailable, diff --git a/src/main/java/com/learning/yasminishop/category/CategoryService.java b/src/main/java/com/learning/yasminishop/category/CategoryService.java index c6bfd92..5eed603 100644 --- a/src/main/java/com/learning/yasminishop/category/CategoryService.java +++ b/src/main/java/com/learning/yasminishop/category/CategoryService.java @@ -14,7 +14,6 @@ import org.springframework.data.domain.Page; import org.springframework.data.domain.Pageable; import org.springframework.data.jpa.domain.Specification; -import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @@ -31,7 +30,6 @@ public class CategoryService { @Transactional - @PreAuthorize("hasRole('ADMIN')") public CategoryResponse create(CategoryCreation categoryCreation) { if (categoryRepository.existsBySlug(categoryCreation.getSlug())) { @@ -59,7 +57,6 @@ public CategoryResponse getBySlug(String slug) { return categoryMapper.toCategoryResponse(category); } - @PreAuthorize("hasRole('ADMIN')") public CategoryAdminResponse getCategory(String id) { Category category = categoryRepository.findById(id) .orElseThrow(() -> new AppException(ErrorCode.CATEGORY_NOT_FOUND)); @@ -68,7 +65,6 @@ public CategoryAdminResponse getCategory(String id) { } @Transactional - @PreAuthorize("hasRole('ADMIN')") public void delete(List ids) { List categories = categoryRepository.findAllById(ids); @@ -85,7 +81,6 @@ public void delete(List ids) { } @Transactional - @PreAuthorize("hasRole('ADMIN')") public void toggleAvailability(List ids) { List categories = categoryRepository.findAllById(ids); @@ -107,7 +102,6 @@ public void toggleAvailability(List ids) { @Transactional - @PreAuthorize("hasRole('ADMIN')") public CategoryResponse update(String id, CategoryUpdate categoryUpdate) { Category category = categoryRepository.findById(id) .orElseThrow(() -> new AppException(ErrorCode.CATEGORY_NOT_FOUND)); @@ -123,7 +117,6 @@ public CategoryResponse update(String id, CategoryUpdate categoryUpdate) { } - @PreAuthorize("hasRole('ADMIN')") public PaginationResponse getAllCategoriesAdmin(String name, Boolean isAvailable, Pageable pageable) { Page categories = categoryRepository.findAll( diff --git a/src/main/java/com/learning/yasminishop/order/OrderController.java b/src/main/java/com/learning/yasminishop/order/OrderController.java index 37f224c..799eddd 100644 --- a/src/main/java/com/learning/yasminishop/order/OrderController.java +++ b/src/main/java/com/learning/yasminishop/order/OrderController.java @@ -12,6 +12,7 @@ import lombok.extern.slf4j.Slf4j; import org.springframework.data.domain.Pageable; import org.springframework.http.HttpStatus; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import java.util.List; @@ -28,6 +29,7 @@ public class OrderController { @PostMapping @ResponseStatus(HttpStatus.CREATED) + @PreAuthorize("hasRole('USER')") public APIResponse createOrder(@Valid @RequestBody OrderRequest orderRequest) { OrderResponse orderResponse = orderService.create(orderRequest); return APIResponse.builder() @@ -37,6 +39,7 @@ public APIResponse createOrder(@Valid @RequestBody OrderRequest o @GetMapping @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('USER')") public APIResponse> getAllOrders() { List orderResponse = orderService.getAllOrderByUser(); return APIResponse.>builder() @@ -55,6 +58,7 @@ public APIResponse getOrderById(@PathVariable String id) { @GetMapping("/admin") @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('ADMIN')") public APIResponse> getAllOrdersForAdmin(@Valid @ModelAttribute OrderFilter orderFilter) { Pageable pageable = pageSortUtility.createPageable(orderFilter.getPage(), @@ -71,6 +75,7 @@ public APIResponse> getAllOrdersForAdmin( @GetMapping("/{id}/admin") @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('ADMIN')") public APIResponse getOrderByIdForAdmin(@PathVariable String id) { OrderAdminResponse orderResponse = orderService.getOrderByIdForAdmin(id); return APIResponse.builder() @@ -80,6 +85,7 @@ public APIResponse getOrderByIdForAdmin(@PathVariable String @PatchMapping("/{id}/status") @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('ADMIN')") public APIResponse updateOrderStatus(@PathVariable String id, @RequestParam String status) { orderService.updateOrderStatus(id, status); return APIResponse.builder() diff --git a/src/main/java/com/learning/yasminishop/order/OrderService.java b/src/main/java/com/learning/yasminishop/order/OrderService.java index d49af31..3e64177 100644 --- a/src/main/java/com/learning/yasminishop/order/OrderService.java +++ b/src/main/java/com/learning/yasminishop/order/OrderService.java @@ -43,7 +43,6 @@ public class OrderService { @Transactional - @PreAuthorize("hasRole('USER')") public OrderResponse create(OrderRequest orderRequest) { // get the user @@ -75,7 +74,6 @@ public OrderResponse create(OrderRequest orderRequest) { } - @PreAuthorize("hasRole('USER')") public List getAllOrderByUser() { String email = SecurityContextHolder.getContext().getAuthentication().getName(); User user = userRepository.findByEmail(email).orElseThrow(() -> new AppException(ErrorCode.USER_NOT_FOUND)); @@ -86,7 +84,6 @@ public List getAllOrderByUser() { .toList(); } - @PreAuthorize("hasRole('ADMIN')") public PaginationResponse getAllOrders(OrderFilter orderFilter, Pageable pageable) { Page orders = orderRepository.findAll( @@ -113,7 +110,6 @@ public OrderResponse getOrderById(String id) { return orderMapper.toOrderResponse(order); } - @PreAuthorize("hasRole('ADMIN')") public OrderAdminResponse getOrderByIdForAdmin(String id) { Order order = orderRepository.findById(id).orElseThrow( () -> new AppException(ErrorCode.ORDER_NOT_FOUND) @@ -122,7 +118,6 @@ public OrderAdminResponse getOrderByIdForAdmin(String id) { } @Transactional - @PreAuthorize("hasRole('ADMIN')") public void updateOrderStatus(String id, String status) { Order order = orderRepository.findById(id).orElseThrow( () -> new AppException(ErrorCode.ORDER_NOT_FOUND) diff --git a/src/main/java/com/learning/yasminishop/product/ProductController.java b/src/main/java/com/learning/yasminishop/product/ProductController.java index a270b01..6f4f6ca 100644 --- a/src/main/java/com/learning/yasminishop/product/ProductController.java +++ b/src/main/java/com/learning/yasminishop/product/ProductController.java @@ -13,6 +13,7 @@ import lombok.extern.slf4j.Slf4j; import org.springframework.data.domain.Pageable; import org.springframework.http.HttpStatus; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; @@ -28,6 +29,7 @@ public class ProductController { @PostMapping @ResponseStatus(HttpStatus.CREATED) + @PreAuthorize("hasRole('ADMIN')") public APIResponse createProduct(@Valid @RequestBody ProductRequest productCreation) { ProductAdminResponse productResponse = productService.create(productCreation); return APIResponse.builder() @@ -47,6 +49,7 @@ public APIResponse getBySlug(@PathVariable String slug) { @GetMapping("/id/{id}") @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('ADMIN')") public APIResponse getById(@PathVariable String id) { log.info("Getting product by id: {}", id); ProductAdminResponse productResponse = productService.getById(id); @@ -57,6 +60,7 @@ public APIResponse getById(@PathVariable String id) { @GetMapping("/admin") @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('ADMIN')") public APIResponse> getAllForAdmin( @Valid @ModelAttribute ProductFilter productFilter) { @@ -91,6 +95,7 @@ public APIResponse> getAll( @PutMapping("/{id}") @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('ADMIN')") public APIResponse updateProduct(@PathVariable String id, @Valid @RequestBody ProductRequest productUpdate) { log.info("Updating product with id: {}", id); ProductAdminResponse productResponse = productService.update(id, productUpdate); @@ -101,6 +106,7 @@ public APIResponse updateProduct(@PathVariable String id, @PatchMapping("/toggle-availability") @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('ADMIN')") public APIResponse toggleAvailability(@RequestBody ProductIds productIds) { productService.toggleAvailability(productIds.getIds()); @@ -111,6 +117,7 @@ public APIResponse toggleAvailability(@RequestBody ProductIds productIds @DeleteMapping @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('ADMIN')") public APIResponse deleteProducts(@RequestBody ProductIds productIds) { productService.delete(productIds.getIds()); return APIResponse.builder() diff --git a/src/main/java/com/learning/yasminishop/product/ProductService.java b/src/main/java/com/learning/yasminishop/product/ProductService.java index 5886af7..4dcf2df 100644 --- a/src/main/java/com/learning/yasminishop/product/ProductService.java +++ b/src/main/java/com/learning/yasminishop/product/ProductService.java @@ -19,7 +19,6 @@ import org.springframework.data.domain.Page; import org.springframework.data.domain.Pageable; import org.springframework.data.jpa.domain.Specification; -import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @@ -70,7 +69,6 @@ public PaginationResponse getAllProducts( @Transactional - @PreAuthorize("hasRole('ADMIN')") public ProductAdminResponse create(ProductRequest productCreation) { if (productRepository.existsBySlug(productCreation.getSlug())) { @@ -111,7 +109,6 @@ public ProductResponse getBySlug(String slug) { return productMapper.toProductResponse(product); } - @PreAuthorize("hasRole('ADMIN')") public ProductAdminResponse getById(String id) { Product product = productRepository.findById(id) .orElseThrow(() -> new AppException(ErrorCode.PRODUCT_NOT_FOUND)); @@ -119,7 +116,6 @@ public ProductAdminResponse getById(String id) { return productMapper.toProductAdminResponse(product); } - @PreAuthorize("hasRole('ADMIN')") public PaginationResponse getAllProductsForAdmin( ProductFilter productFilter, Pageable pageable) { @@ -148,7 +144,6 @@ public PaginationResponse getAllProductsForAdmin( @Transactional - @PreAuthorize("hasRole('ADMIN')") public void toggleAvailability(List ids) { List products = productRepository.findAllById(ids); @@ -165,7 +160,6 @@ public void toggleAvailability(List ids) { @Transactional - @PreAuthorize("hasRole('ADMIN')") public ProductAdminResponse update(String id, ProductRequest productUpdate) { Product product = productRepository.findById(id) @@ -201,7 +195,6 @@ public ProductAdminResponse update(String id, ProductRequest productUpdate) { @Transactional - @PreAuthorize("hasRole('ADMIN')") public void delete(List ids) { List products = productRepository.findAllById(ids); diff --git a/src/main/java/com/learning/yasminishop/statistic/StatisticController.java b/src/main/java/com/learning/yasminishop/statistic/StatisticController.java index 24cc788..eaedbeb 100644 --- a/src/main/java/com/learning/yasminishop/statistic/StatisticController.java +++ b/src/main/java/com/learning/yasminishop/statistic/StatisticController.java @@ -5,6 +5,7 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.springframework.http.HttpStatus; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseStatus; @@ -21,6 +22,7 @@ public class StatisticController { @GetMapping @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('ADMIN')") public APIResponse getStatistics() { var statistics = statisticService.getStatistics(); diff --git a/src/main/java/com/learning/yasminishop/statistic/StatisticService.java b/src/main/java/com/learning/yasminishop/statistic/StatisticService.java index 07f1298..6c1f95d 100644 --- a/src/main/java/com/learning/yasminishop/statistic/StatisticService.java +++ b/src/main/java/com/learning/yasminishop/statistic/StatisticService.java @@ -14,7 +14,6 @@ import com.learning.yasminishop.user.UserRepository; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @@ -34,7 +33,6 @@ public class StatisticService { private final StatisticMapper statisticMapper; - @PreAuthorize("hasRole('ADMIN')") public StatisticResponse getStatistics() { Long totalActiveCustomers = userRepository.countByRoles_NameAndIsActive(PredefinedRole.USER_ROLE, true); diff --git a/src/main/java/com/learning/yasminishop/user/UserController.java b/src/main/java/com/learning/yasminishop/user/UserController.java index bc7ea7a..4ed54a3 100644 --- a/src/main/java/com/learning/yasminishop/user/UserController.java +++ b/src/main/java/com/learning/yasminishop/user/UserController.java @@ -11,6 +11,7 @@ import org.springframework.data.domain.PageRequest; import org.springframework.data.domain.Pageable; import org.springframework.http.HttpStatus; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.bind.annotation.*; @@ -35,6 +36,7 @@ public APIResponse getMyInfo(){ @GetMapping @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('ADMIN')") public APIResponse> getAllUsers( @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer itemsPerPage @@ -53,6 +55,7 @@ public APIResponse> getAllUsers( @PatchMapping("/{userId}/toggle-active") @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('ADMIN')") public APIResponse toggleActive(@PathVariable String userId){ UserAdminResponse userResponse = userService.toggleActive(userId); @@ -74,6 +77,7 @@ public APIResponse deleteUser(@PathVariable String userId){ @PutMapping("{userId}") @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasAuthority('UPDATE_DATA') or hasRole('ADMIN')") public APIResponse updateUser(@PathVariable String userId, @Valid @RequestBody UserUpdateRequest userUpdateRequest){ UserResponse userResponse = userService.updateUser(userId, userUpdateRequest); @@ -84,6 +88,7 @@ public APIResponse updateUser(@PathVariable String userId, @Valid @GetMapping("{userId}") @ResponseStatus(HttpStatus.OK) + @PreAuthorize("hasRole('ADMIN')") public APIResponse getUser(@PathVariable String userId){ UserResponse userResponse = userService.getUserById(userId); diff --git a/src/main/java/com/learning/yasminishop/user/UserService.java b/src/main/java/com/learning/yasminishop/user/UserService.java index f642fc3..b017a8a 100644 --- a/src/main/java/com/learning/yasminishop/user/UserService.java +++ b/src/main/java/com/learning/yasminishop/user/UserService.java @@ -41,7 +41,6 @@ public UserResponse getMyInfo() { return userMapper.toUserResponse(user); } - @PreAuthorize("hasRole('ADMIN')") public PaginationResponse getAllUsers(Pageable pageable) { Page users = userRepository.findAll(pageable); @@ -54,7 +53,6 @@ public PaginationResponse getAllUsers(Pageable pageable) { .build(); } - @PreAuthorize("hasRole('ADMIN')") @Transactional public UserAdminResponse toggleActive(String userId) { User user = userRepository.findById(userId) @@ -64,7 +62,6 @@ public UserAdminResponse toggleActive(String userId) { return userMapper.toUserAdminResponse(userRepository.save(user)); } - @PreAuthorize("hasAuthority('UPDATE_DATA') or hasRole('ADMIN')") @Transactional public UserResponse updateUser(String userId, UserUpdateRequest userUpdateRequest) { User user = userRepository.findById(userId) @@ -87,7 +84,6 @@ public void deleteUser(String userId) { userRepository.deleteById(userId); } - @PreAuthorize("hasRole('ADMIN')") public UserResponse getUserById(String userId) { User user = userRepository.findById(userId) .orElseThrow(() -> new AppException(ErrorCode.USER_NOT_FOUND)); diff --git a/src/main/java/com/learning/yasminishop/yasminiai/YasMiniAIController.java b/src/main/java/com/learning/yasminishop/yasminiai/YasMiniAIController.java index 15e2295..90b99de 100644 --- a/src/main/java/com/learning/yasminishop/yasminiai/YasMiniAIController.java +++ b/src/main/java/com/learning/yasminishop/yasminiai/YasMiniAIController.java @@ -4,6 +4,7 @@ import com.learning.yasminishop.product.dto.response.ProductResponse; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; @@ -19,6 +20,7 @@ public class YasMiniAIController { @PostMapping + @PreAuthorize("hasRole('USER')") public APIResponse> findCar(@RequestParam("file") MultipartFile file) { var response = yasMiniAIService.findCarByImage(file); @@ -29,6 +31,7 @@ public APIResponse> findCar(@RequestParam("file") Multipar @GetMapping("/{text}") + @PreAuthorize("hasRole('USER')") public APIResponse chat(@PathVariable String text) { String chatResponse = yasMiniAIService.generateText(text); return APIResponse.builder() @@ -37,6 +40,7 @@ public APIResponse chat(@PathVariable String text) { } @GetMapping("history/{text}") + @PreAuthorize("hasRole('USER')") public APIResponse> getChatHistory(@PathVariable String text) { var response = yasMiniAIService.generateTextWithHistory(text); diff --git a/src/main/java/com/learning/yasminishop/yasminiai/YasMiniAIService.java b/src/main/java/com/learning/yasminishop/yasminiai/YasMiniAIService.java index 472726b..b8607a0 100644 --- a/src/main/java/com/learning/yasminishop/yasminiai/YasMiniAIService.java +++ b/src/main/java/com/learning/yasminishop/yasminiai/YasMiniAIService.java @@ -14,7 +14,6 @@ import com.learning.yasminishop.product.mapper.ProductMapper; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.multipart.MultipartFile; @@ -37,7 +36,6 @@ public class YasMiniAIService { private final ProductMapper productMapper; - @PreAuthorize("hasRole('USER')") public String generateText(String prompt){ try { GenerateContentResponse generateContentResponse = chatSession.sendMessage(prompt); @@ -48,7 +46,6 @@ public String generateText(String prompt){ } } - @PreAuthorize("hasRole('USER')") public List generateTextWithHistory(String prompt){ try { this.chatSession.sendMessage(prompt); @@ -62,7 +59,6 @@ public List generateTextWithHistory(String prompt){ } } - @PreAuthorize("hasRole('USER')") public List findCarByImage(MultipartFile file){ try { var prompt = "Extract the name car to a list keyword and output them in JSON. If you don't find any information about the car, please output the list empty.\nExample response: [\"rolls\", \"royce\", \"wraith\"]"; diff --git a/src/test/java/com/learning/yasminishop/controller/UserControllerTest.java b/src/test/java/com/learning/yasminishop/controller/UserControllerTest.java index d9e4a2e..672b7be 100644 --- a/src/test/java/com/learning/yasminishop/controller/UserControllerTest.java +++ b/src/test/java/com/learning/yasminishop/controller/UserControllerTest.java @@ -150,7 +150,7 @@ void getMyInfo_unauthenticatedRequest_failure() throws Exception { @Test - @WithMockUser(username = "duongminhhieu@gmail.com", authorities = {"ADMIN"}) + @WithMockUser(username = "admin@test.com", roles = {"ADMIN"}) void getAllUsers_validRequest_success() throws Exception { // GIVEN @@ -286,7 +286,7 @@ void updateUser_dobInvalid_fail() throws Exception { @Test - @WithMockUser(username = "duongminhhieu@gmail.com", authorities = {"UPDATE_DATA"}) + @WithMockUser(username = "admin@local.com", roles = {"ADMIN"}) void getUser_validRequest_success() throws Exception { // GIVEN when(userService.getUserById("abc-123")).thenReturn(userResponse);