mirror of
https://github.com/Frooodle/Stirling-PDF.git
synced 2025-08-11 13:48:37 +02:00
admin permission switch
This commit is contained in:
Anthony Stirling
parent
b049638f49
commit
a9def611f6
@ -32,7 +32,7 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!-- Admin Settings Banner (for admins only) -->
|
<!-- Admin Settings Banner (for admins only) -->
|
||||||
<div th:if="${role == 'ROLE_ADMIN'}" class="data-panel data-mb-3" style="background-color: var(--md-sys-color-secondary-container);">
|
<div th:if="${isSystemAdmin}" class="data-panel data-mb-3" style="background-color: var(--md-sys-color-secondary-container);">
|
||||||
<div class="data-body" style="display: flex; align-items: center; justify-content: space-between; padding: 1rem 1.5rem; background-color: var(--md-sys-color-secondary-container);">
|
<div class="data-body" style="display: flex; align-items: center; justify-content: space-between; padding: 1rem 1.5rem; background-color: var(--md-sys-color-secondary-container);">
|
||||||
<div style="display: flex; align-items: center; gap: 1rem;">
|
<div style="display: flex; align-items: center; gap: 1rem;">
|
||||||
<span class="material-symbols-rounded" style="font-size: 2rem; color: var(--md-sys-color-secondary);">
|
<span class="material-symbols-rounded" style="font-size: 2rem; color: var(--md-sys-color-secondary);">
|
||||||
|
|||||||
@ -33,7 +33,7 @@ public class AdminJobController {
|
|||||||
* @return Job statistics
|
* @return Job statistics
|
||||||
*/
|
*/
|
||||||
@GetMapping("/api/v1/admin/job/stats")
|
@GetMapping("/api/v1/admin/job/stats")
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
@PreAuthorize("@roleBasedAuthorizationService.canManageAllUsers()")
|
||||||
public ResponseEntity<JobStats> getJobStats() {
|
public ResponseEntity<JobStats> getJobStats() {
|
||||||
JobStats stats = taskManager.getJobStats();
|
JobStats stats = taskManager.getJobStats();
|
||||||
log.info(
|
log.info(
|
||||||
@ -49,7 +49,7 @@ public class AdminJobController {
|
|||||||
* @return Queue statistics
|
* @return Queue statistics
|
||||||
*/
|
*/
|
||||||
@GetMapping("/api/v1/admin/job/queue/stats")
|
@GetMapping("/api/v1/admin/job/queue/stats")
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
@PreAuthorize("@roleBasedAuthorizationService.canManageAllUsers()")
|
||||||
public ResponseEntity<?> getQueueStats() {
|
public ResponseEntity<?> getQueueStats() {
|
||||||
Map<String, Object> queueStats = jobQueue.getQueueStats();
|
Map<String, Object> queueStats = jobQueue.getQueueStats();
|
||||||
log.info("Admin requested queue stats: {} queued jobs", queueStats.get("queuedJobs"));
|
log.info("Admin requested queue stats: {} queued jobs", queueStats.get("queuedJobs"));
|
||||||
@ -62,7 +62,7 @@ public class AdminJobController {
|
|||||||
* @return A response indicating how many jobs were cleaned up
|
* @return A response indicating how many jobs were cleaned up
|
||||||
*/
|
*/
|
||||||
@PostMapping("/api/v1/admin/job/cleanup")
|
@PostMapping("/api/v1/admin/job/cleanup")
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
@PreAuthorize("@roleBasedAuthorizationService.canManageAllUsers()")
|
||||||
public ResponseEntity<?> cleanupOldJobs() {
|
public ResponseEntity<?> cleanupOldJobs() {
|
||||||
int beforeCount = taskManager.getJobStats().getTotalJobs();
|
int beforeCount = taskManager.getJobStats().getTotalJobs();
|
||||||
taskManager.cleanupOldJobs();
|
taskManager.cleanupOldJobs();
|
||||||
|
|||||||
@ -203,7 +203,7 @@ public class AccountWebController {
|
|||||||
return "login";
|
return "login";
|
||||||
}
|
}
|
||||||
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
@PreAuthorize("@roleBasedAuthorizationService.canManageAllUsers()")
|
||||||
@GetMapping("/usage")
|
@GetMapping("/usage")
|
||||||
public String showUsage() {
|
public String showUsage() {
|
||||||
if (!runningEE) {
|
if (!runningEE) {
|
||||||
@ -212,7 +212,7 @@ public class AccountWebController {
|
|||||||
return "usage";
|
return "usage";
|
||||||
}
|
}
|
||||||
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
@PreAuthorize("@roleBasedAuthorizationService.canManageAllUsers()")
|
||||||
@GetMapping("/adminSettings")
|
@GetMapping("/adminSettings")
|
||||||
public String showAddUserForm(
|
public String showAddUserForm(
|
||||||
HttpServletRequest request, Model model, Authentication authentication) {
|
HttpServletRequest request, Model model, Authentication authentication) {
|
||||||
@ -426,6 +426,11 @@ public class AccountWebController {
|
|||||||
model.addAttribute("username", username);
|
model.addAttribute("username", username);
|
||||||
model.addAttribute("messageType", messageType);
|
model.addAttribute("messageType", messageType);
|
||||||
model.addAttribute("role", user.get().getRolesAsString());
|
model.addAttribute("role", user.get().getRolesAsString());
|
||||||
|
model.addAttribute("isSystemAdmin", user.get().isSystemAdmin());
|
||||||
|
System.out.println("user.get().getRolesAsString()" + user.get().getRolesAsString());
|
||||||
|
|
||||||
|
System.out.println(
|
||||||
|
"isSystemAdmin\", user.get().isSystemAdmin()" + user.get().isSystemAdmin());
|
||||||
model.addAttribute("settings", settingsJson);
|
model.addAttribute("settings", settingsJson);
|
||||||
model.addAttribute("changeCredsFlag", user.get().isFirstLogin());
|
model.addAttribute("changeCredsFlag", user.get().isFirstLogin());
|
||||||
model.addAttribute("currentPage", "account");
|
model.addAttribute("currentPage", "account");
|
||||||
|
|||||||
@ -43,7 +43,7 @@ import stirling.software.proprietary.security.model.api.admin.UpdateSettingsRequ
|
|||||||
@Tag(name = "Admin Settings", description = "Admin-only Settings Management APIs")
|
@Tag(name = "Admin Settings", description = "Admin-only Settings Management APIs")
|
||||||
@RequestMapping("/api/v1/admin/settings")
|
@RequestMapping("/api/v1/admin/settings")
|
||||||
@RequiredArgsConstructor
|
@RequiredArgsConstructor
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
@PreAuthorize("@roleBasedAuthorizationService.canManageAllUsers()")
|
||||||
@Slf4j
|
@Slf4j
|
||||||
public class AdminSettingsController {
|
public class AdminSettingsController {
|
||||||
|
|
||||||
|
|||||||
@ -33,7 +33,7 @@ import stirling.software.proprietary.security.service.DatabaseService;
|
|||||||
@Slf4j
|
@Slf4j
|
||||||
@Controller
|
@Controller
|
||||||
@RequestMapping("/api/v1/database")
|
@RequestMapping("/api/v1/database")
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
@PreAuthorize("@roleBasedAuthorizationService.canManageAllUsers()")
|
||||||
@Conditional(H2SQLCondition.class)
|
@Conditional(H2SQLCondition.class)
|
||||||
@Tag(name = "Database", description = "Database APIs for backup, import, and management")
|
@Tag(name = "Database", description = "Database APIs for backup, import, and management")
|
||||||
@RequiredArgsConstructor
|
@RequiredArgsConstructor
|
||||||
|
|||||||
@ -207,7 +207,7 @@ public class UserController {
|
|||||||
return "redirect:/account";
|
return "redirect:/account";
|
||||||
}
|
}
|
||||||
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
@PreAuthorize("@roleBasedAuthorizationService.canManageAllUsers()")
|
||||||
@PostMapping("/admin/saveUser")
|
@PostMapping("/admin/saveUser")
|
||||||
public RedirectView saveUser(
|
public RedirectView saveUser(
|
||||||
@RequestParam(name = "username", required = true) String username,
|
@RequestParam(name = "username", required = true) String username,
|
||||||
@ -279,7 +279,7 @@ public class UserController {
|
|||||||
true);
|
true);
|
||||||
}
|
}
|
||||||
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
@PreAuthorize("@roleBasedAuthorizationService.canManageAllUsers()")
|
||||||
@PostMapping("/admin/changeRole")
|
@PostMapping("/admin/changeRole")
|
||||||
@Transactional
|
@Transactional
|
||||||
public RedirectView changeRole(
|
public RedirectView changeRole(
|
||||||
@ -342,7 +342,7 @@ public class UserController {
|
|||||||
true);
|
true);
|
||||||
}
|
}
|
||||||
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
@PreAuthorize("@roleBasedAuthorizationService.canManageAllUsers()")
|
||||||
@PostMapping("/admin/changeUserEnabled/{username}")
|
@PostMapping("/admin/changeUserEnabled/{username}")
|
||||||
public RedirectView changeUserEnabled(
|
public RedirectView changeUserEnabled(
|
||||||
@PathVariable("username") String username,
|
@PathVariable("username") String username,
|
||||||
@ -392,7 +392,7 @@ public class UserController {
|
|||||||
true);
|
true);
|
||||||
}
|
}
|
||||||
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
@PreAuthorize("@roleBasedAuthorizationService.canManageAllUsers()")
|
||||||
@PostMapping("/admin/deleteUser/{username}")
|
@PostMapping("/admin/deleteUser/{username}")
|
||||||
public RedirectView deleteUser(
|
public RedirectView deleteUser(
|
||||||
@PathVariable("username") String username, Authentication authentication) {
|
@PathVariable("username") String username, Authentication authentication) {
|
||||||
|
|||||||
@ -24,7 +24,7 @@ public class DatabaseWebController {
|
|||||||
|
|
||||||
private final DatabaseService databaseService;
|
private final DatabaseService databaseService;
|
||||||
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
@PreAuthorize("@roleBasedAuthorizationService.canManageAllUsers()")
|
||||||
@GetMapping("/database")
|
@GetMapping("/database")
|
||||||
public String database(HttpServletRequest request, Model model, Authentication authentication) {
|
public String database(HttpServletRequest request, Model model, Authentication authentication) {
|
||||||
String error = request.getParameter("error");
|
String error = request.getParameter("error");
|
||||||
|
|||||||
@ -36,7 +36,7 @@ public class TeamWebController {
|
|||||||
private final UserRepository userRepository;
|
private final UserRepository userRepository;
|
||||||
|
|
||||||
@GetMapping
|
@GetMapping
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
@PreAuthorize("@roleBasedAuthorizationService.canManageAllUsers()")
|
||||||
public String listTeams(HttpServletRequest request, Model model) {
|
public String listTeams(HttpServletRequest request, Model model) {
|
||||||
// Get teams with user counts using a DTO projection
|
// Get teams with user counts using a DTO projection
|
||||||
List<TeamWithUserCountDTO> allTeamsWithCounts = teamRepository.findAllTeamsWithUserCount();
|
List<TeamWithUserCountDTO> allTeamsWithCounts = teamRepository.findAllTeamsWithUserCount();
|
||||||
@ -87,7 +87,7 @@ public class TeamWebController {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@GetMapping("/{id}")
|
@GetMapping("/{id}")
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
@PreAuthorize("@roleBasedAuthorizationService.canManageAllUsers()")
|
||||||
public String viewTeamDetails(
|
public String viewTeamDetails(
|
||||||
HttpServletRequest request, @PathVariable("id") Long id, Model model) {
|
HttpServletRequest request, @PathVariable("id") Long id, Model model) {
|
||||||
// Get the team
|
// Get the team
|
||||||
|
|||||||
@ -37,7 +37,7 @@ class AppUpdateAuthService implements ShowAdminInterface {
|
|||||||
}
|
}
|
||||||
Optional<User> user = userRepository.findByUsername(authentication.getName());
|
Optional<User> user = userRepository.findByUsername(authentication.getName());
|
||||||
if (user.isPresent() && showUpdateOnlyAdmin) {
|
if (user.isPresent() && showUpdateOnlyAdmin) {
|
||||||
return "ROLE_ADMIN".equals(user.get().getRolesAsString());
|
return user.get().isSystemAdmin();
|
||||||
}
|
}
|
||||||
return showUpdate;
|
return showUpdate;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user