Spring Security 변경

This commit is contained in:
현성필
2024-04-25 10:48:33 +09:00
parent 7d97628d38
commit 01e6b34cdd
8 changed files with 92 additions and 77 deletions
@@ -10,6 +10,7 @@ import com.eactive.testmaster.user.service.StaffUserService;
import org.apache.commons.lang3.StringUtils;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable;
import org.springframework.security.access.annotation.Secured;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.validation.BindingResult;
@@ -36,6 +37,7 @@ public class UserMgmtController {
}
@GetMapping("/list_view.do")
@Secured("ROLE_MANAGE_USER")
public String userList(@ModelAttribute("userSearch") UserSearch userSearch,
ModelMap model,
Pageable pageable) {
@@ -49,12 +51,14 @@ public class UserMgmtController {
}
@GetMapping("/create_view.do")
@Secured("ROLE_MANAGE_USER")
public String createView(ModelMap model) {
model.addAttribute("user", new StaffUser());
return STAFF_USER_EDIT;
}
@GetMapping("/update_view.do")
@Secured("ROLE_MANAGE_USER")
public String updateView(ModelMap model,
@RequestParam("userId") String userId) {
@@ -64,6 +68,7 @@ public class UserMgmtController {
}
@PostMapping("/register.do")
@Secured("ROLE_MANAGE_USER")
public String register(@ModelAttribute("user") UserRegisterDTO user,
BindingResult bindingResult,
ModelMap model) {
@@ -86,6 +91,7 @@ public class UserMgmtController {
@PostMapping("/update.do")
@Secured("ROLE_MANAGE_USER")
public String update(@RequestParam("esntlId") String esntlId,
@ModelAttribute("user") UserUpdateDTO user,
BindingResult bindingResult,
@@ -109,6 +115,7 @@ public class UserMgmtController {
@PostMapping("/delete.do")
@Secured("ROLE_MANAGE_USER")
public String delete(@ModelAttribute UserSearch modelSearch) {
modelSearch.getCheckedIdForDel().forEach(id -> {
if (!SecurityUtil.getCurrentUserEsntlId().equals(id)) { // 자기 자신은 삭제 불가