Merge branch '95-block-user' into 'dev'

Resolve "Блокировка пользователя" Closes #95 See merge request romanov73/ng-tracker!110
5 years ago · b44bbaec75
parent 436c15e727 96d166d031
commit b44bbaec75
13 changed files with 121 additions and 4 deletions
--- a/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java
+++ b/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java
@ -13,8 +13,10 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+import ru.ulstu.core.model.AuthFailureHandler;
 import ru.ulstu.user.controller.UserController;
 import ru.ulstu.user.model.UserRoleConstants;
 import ru.ulstu.user.service.UserService;
@ -35,17 +37,20 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    private final AuthenticationSuccessHandler authenticationSuccessHandler;
    private final LogoutSuccessHandler logoutSuccessHandler;
    private final ApplicationProperties applicationProperties;
+    private final AuthenticationFailureHandler authenticationFailureHandler;

    public SecurityConfiguration(UserService userService,
                                 BCryptPasswordEncoder bCryptPasswordEncoder,
                                 AuthenticationSuccessHandler authenticationSuccessHandler,
                                 LogoutSuccessHandler logoutSuccessHandler,
-                                 ApplicationProperties applicationProperties) {
+                                 ApplicationProperties applicationProperties,
+                                 AuthFailureHandler authenticationFailureHandler) {
        this.userService = userService;
        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
        this.authenticationSuccessHandler = authenticationSuccessHandler;
        this.logoutSuccessHandler = logoutSuccessHandler;
        this.applicationProperties = applicationProperties;
+        this.authenticationFailureHandler = authenticationFailureHandler;
    }

    @Override
@ -66,6 +71,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
                    .antMatchers(UserController.ACTIVATE_URL).permitAll()
                    .antMatchers(Constants.PASSWORD_RESET_REQUEST_PAGE).permitAll()
                    .antMatchers(Constants.PASSWORD_RESET_PAGE).permitAll()
+                    .antMatchers("/users/block").permitAll()
                    .antMatchers(UserController.URL + UserController.REGISTER_URL).permitAll()
                    .antMatchers(UserController.URL + UserController.ACTIVATE_URL).permitAll()
                    .antMatchers(UserController.URL + UserController.PASSWORD_RESET_REQUEST_URL).permitAll()
@ -76,6 +82,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
                    .formLogin()
                    .loginPage("/login")
                    .successHandler(authenticationSuccessHandler)
+                    .failureHandler(authenticationFailureHandler)
                    .permitAll()
                    .and()
                    .logout()
--- a/src/main/java/ru/ulstu/core/model/AuthFailureHandler.java
+++ b/src/main/java/ru/ulstu/core/model/AuthFailureHandler.java
@ -0,0 +1,21 @@
+package ru.ulstu.core.model;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.stereotype.Component;
+import ru.ulstu.user.error.UserBlockedException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@Component
+public class AuthFailureHandler implements AuthenticationFailureHandler {
+    @Override
+    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
+                                        AuthenticationException ex) throws IOException {
+        if (ex.getClass() == UserBlockedException.class) {
+            response.sendRedirect("/users/block");
+        }
+    }
+}
--- a/src/main/java/ru/ulstu/user/controller/UserController.java
+++ b/src/main/java/ru/ulstu/user/controller/UserController.java
@ -175,4 +175,9 @@ public class UserController extends OdinController<UserListDto, UserDto> {
                                                            @RequestParam(value = "activity", required = false) String activity) {
        return new Response<>(userService.getActivitiesPings(userId, activity));
    }
+
+    @PostMapping("/block")
+    public void blockUser(@RequestParam("userId") Integer userId) {
+        userService.blockUser(userId);
+    }
 }
--- a/src/main/java/ru/ulstu/user/controller/UserMvcController.java
+++ b/src/main/java/ru/ulstu/user/controller/UserMvcController.java
@ -74,4 +74,8 @@ public class UserMvcController extends OdinController<UserListDto, UserDto> {
    @GetMapping("/pings")
    public void getPings() {
    }
+
+    @GetMapping("/block")
+    public void getBlock() {
+    }
 }
--- a/src/main/java/ru/ulstu/user/error/UserBlockedException.java
+++ b/src/main/java/ru/ulstu/user/error/UserBlockedException.java
@ -0,0 +1,9 @@
+package ru.ulstu.user.error;
+
+import org.springframework.security.core.AuthenticationException;
+
+public class UserBlockedException extends AuthenticationException {
+    public UserBlockedException(String message) {
+        super(message);
+    }
+}
--- a/src/main/java/ru/ulstu/user/model/User.java
+++ b/src/main/java/ru/ulstu/user/model/User.java
@ -12,6 +12,7 @@ import javax.persistence.Enumerated;
 import javax.persistence.JoinColumn;
 import javax.persistence.JoinTable;
 import javax.persistence.ManyToMany;
+import javax.persistence.ManyToOne;
 import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.TemporalType;
@ -91,6 +92,10 @@ public class User extends BaseEntity {
    @Temporal(TemporalType.TIMESTAMP)
    private Date birthDate;

+    @ManyToOne()
+    @JoinColumn(name = "blocker_id")
+    private User blocker;
+
    public enum UserDegree {
        CANDIDATE("Кандидат технических наук"),
        DOCTOR("Доктор технических наук");
@ -229,6 +234,14 @@ public class User extends BaseEntity {
        this.degree = degree;
    }

+    public User getBlocker() {
+        return blocker;
+    }
+
+    public void setBlocker(User blocker) {
+        this.blocker = blocker;
+    }
+
    public String getUserAbbreviate() {
        return String.format(USER_ABBREVIATE_TEMPLATE,
                lastName == null ? "" : lastName,
--- a/src/main/java/ru/ulstu/user/service/UserService.java
+++ b/src/main/java/ru/ulstu/user/service/UserService.java
@ -21,12 +21,10 @@ import ru.ulstu.core.jpa.OffsetablePageRequest;
 import ru.ulstu.core.model.BaseEntity;
 import ru.ulstu.core.model.UserActivity;
 import ru.ulstu.core.model.response.PageableItems;
-import ru.ulstu.grant.service.GrantService;
-import ru.ulstu.paper.service.PaperService;
 import ru.ulstu.ping.model.Ping;
 import ru.ulstu.ping.service.PingService;
-import ru.ulstu.project.service.ProjectService;
 import ru.ulstu.user.error.UserActivationError;
+import ru.ulstu.user.error.UserBlockedException;
 import ru.ulstu.user.error.UserEmailExistsException;
 import ru.ulstu.user.error.UserIdExistsException;
 import ru.ulstu.user.error.UserIsUndeadException;
@ -323,6 +321,9 @@ public class UserService implements UserDetailsService {
        if (!user.getActivated()) {
            throw new UserNotActivatedException();
        }
+        if (user.getBlocker() != null) {
+            throw new UserBlockedException(String.format("Вы заблокированы пользователем %s", user.getBlocker().getUserAbbreviate()));
+        }
        return new org.springframework.security.core.userdetails.User(user.getLogin(),
                user.getPassword(),
                Optional.ofNullable(user.getRoles()).orElse(Collections.emptySet()).stream()
@ -424,4 +425,10 @@ public class UserService implements UserDetailsService {
        }
        return activitiesPings;
    }
+
+    public void blockUser(int userId) {
+        User userToBlock = findById(userId);
+        userToBlock.setBlocker(getCurrentUser());
+        userRepository.save(userToBlock);
+    }
 }
--- a/src/main/resources/db/changelog-20190607_000002-schema.xml
+++ b/src/main/resources/db/changelog-20190607_000002-schema.xml
@ -0,0 +1,12 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
+    <changeSet author="arefyev" id="20190528_000000-3">
+        <addColumn tableName="users">
+            <column name="blocker_id" type="integer"/>
+        </addColumn>
+        <addForeignKeyConstraint baseTableName="users" baseColumnNames="blocker_id" constraintName="fk_blocker"
+                                 referencedTableName="users" referencedColumnNames="id"/>
+    </changeSet>
+</databaseChangeLog>
--- a/src/main/resources/db/changelog-master.xml
+++ b/src/main/resources/db/changelog-master.xml
@ -53,4 +53,5 @@
    <include file="db/changelog-20190529_000001-schema.xml"/>
    <include file="db/changelog-20190601_000001-schema.xml"/>
    <include file="db/changelog-20190605_000000-schema.xml"/>
+    <include file="db/changelog-20190607_000002-schema.xml"/>
 </databaseChangeLog>
--- a/src/main/resources/public/js/users.js
+++ b/src/main/resources/public/js/users.js
@ -120,6 +120,20 @@ function resetPassword() {
    })
 }

+function blockUser() {
+    userId = $('#userId').val();
+    $.ajax({
+        url:"/api/1.0/users/block?userId=" + userId,
+        contentType: "application/json; charset=utf-8",
+        method: "POST",
+        success: function() {
+            showFeedbackMessage("Пользователь заблокирован", MessageTypesEnum.SUCCESS)
+        },
+        error: function(errorData) {
+            showFeedbackMessage(errorData.responseJSON.error.message, MessageTypesEnum.WARNING)
+        }
+    })
+}

 function isEmailValid(email) {
    re = /\S+@\S+\.\S+/;
--- a/src/main/resources/templates/default.html
+++ b/src/main/resources/templates/default.html
@ -109,6 +109,7 @@
 <script src="/js/core.js"></script>
 <script src="/js/config.js"></script>
 <script src="/js/odin.js"></script>
+<script src="/js/users.js"></script>
 <script th:inline="javascript">

    /*<![CDATA[*/
--- a/src/main/resources/templates/users/block.html
+++ b/src/main/resources/templates/users/block.html
@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="en"
+      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
+      layout:decorator="default">
+<head>
+</head>
+<body>
+<div class="container" layout:fragment="content">
+    <section id="services">
+        <div class="container">
+            <div class="row">
+                <div class="col-lg-12 text-center">
+                    <h2 class="section-heading text-uppercase">Ваш аккаунт заблокирован</h2>
+                    <a href="/"><h3>Вернуться на страницу авторизации</h3></a>
+                </div>
+            </div>
+        </div>
+    </section>
+</div>
+</body>
+</html>
--- a/src/main/resources/templates/users/fragments/userDashboardFragment.html
+++ b/src/main/resources/templates/users/fragments/userDashboardFragment.html
@ -7,6 +7,7 @@
 <div th:fragment="userDashboard (user)" class="col-12 col-sm-12 col-md-12 col-lg-4 col-xl-3 dashboard-card">
    <div class="row">
        <div class="col col-10">
+            <input type="hidden" id="userId" th:value="${user.user.id}"/>
            <b><p th:text="${user.user.lastName} + ' ' + ${user.user.firstName} + ' ' + ${user.user.patronymic}"></p>
            </b>
            <i><p th:if="${user.conference != null}" th:text="'Сейчас на конференции ' + ${user.conference.title}"></p>
@ -15,6 +16,7 @@
                  th:text="'Сейчас на паре ' + ${user.lesson.nameOfLesson} + ' в аудитории ' + ${user.lesson.room}"></p>
            </i>
            <p th:if="${user.isOnline()}">Онлайн</p>
+            <button onclick="blockUser()">Заблокировать</button>
        </div>
    </div>
 </div>