Spring Security 변경
This commit is contained in:
@@ -10,6 +10,7 @@ import com.eactive.testmaster.user.service.StaffUserService;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.data.domain.Page;
|
||||
import org.springframework.data.domain.Pageable;
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.ModelMap;
|
||||
import org.springframework.validation.BindingResult;
|
||||
@@ -36,6 +37,7 @@ public class UserMgmtController {
|
||||
}
|
||||
|
||||
@GetMapping("/list_view.do")
|
||||
@Secured("ROLE_MANAGE_USER")
|
||||
public String userList(@ModelAttribute("userSearch") UserSearch userSearch,
|
||||
ModelMap model,
|
||||
Pageable pageable) {
|
||||
@@ -49,12 +51,14 @@ public class UserMgmtController {
|
||||
}
|
||||
|
||||
@GetMapping("/create_view.do")
|
||||
@Secured("ROLE_MANAGE_USER")
|
||||
public String createView(ModelMap model) {
|
||||
model.addAttribute("user", new StaffUser());
|
||||
return STAFF_USER_EDIT;
|
||||
}
|
||||
|
||||
@GetMapping("/update_view.do")
|
||||
@Secured("ROLE_MANAGE_USER")
|
||||
public String updateView(ModelMap model,
|
||||
@RequestParam("userId") String userId) {
|
||||
|
||||
@@ -64,6 +68,7 @@ public class UserMgmtController {
|
||||
}
|
||||
|
||||
@PostMapping("/register.do")
|
||||
@Secured("ROLE_MANAGE_USER")
|
||||
public String register(@ModelAttribute("user") UserRegisterDTO user,
|
||||
BindingResult bindingResult,
|
||||
ModelMap model) {
|
||||
@@ -86,6 +91,7 @@ public class UserMgmtController {
|
||||
|
||||
|
||||
@PostMapping("/update.do")
|
||||
@Secured("ROLE_MANAGE_USER")
|
||||
public String update(@RequestParam("esntlId") String esntlId,
|
||||
@ModelAttribute("user") UserUpdateDTO user,
|
||||
BindingResult bindingResult,
|
||||
@@ -109,6 +115,7 @@ public class UserMgmtController {
|
||||
|
||||
|
||||
@PostMapping("/delete.do")
|
||||
@Secured("ROLE_MANAGE_USER")
|
||||
public String delete(@ModelAttribute UserSearch modelSearch) {
|
||||
modelSearch.getCheckedIdForDel().forEach(id -> {
|
||||
if (!SecurityUtil.getCurrentUserEsntlId().equals(id)) { // 자기 자신은 삭제 불가
|
||||
|
||||
Reference in New Issue
Block a user