From 51256367f5fb5aa44e5e4e9597ea1867ffcd3bad Mon Sep 17 00:00:00 2001
From: alterdekim <alterwain@protonmail.com>
Date: Mon, 27 May 2024 02:37:44 +0300
Subject: [PATCH] admin panel start

---
 .../game/controller/AdminController.java      | 27 +++++++++++++++++++
 .../game/security/SpringSecurity.java         | 18 ++++++-------
 .../security/WebSocketSecurityConfig.java     |  2 +-
 .../game/service/UserServiceImpl.java         |  4 +--
 4 files changed, 39 insertions(+), 12 deletions(-)
 create mode 100644 src/main/java/com/alterdekim/game/controller/AdminController.java

diff --git a/src/main/java/com/alterdekim/game/controller/AdminController.java b/src/main/java/com/alterdekim/game/controller/AdminController.java
new file mode 100644
index 0000000..7176aa5
--- /dev/null
+++ b/src/main/java/com/alterdekim/game/controller/AdminController.java
@@ -0,0 +1,27 @@
+package com.alterdekim.game.controller;
+
+import com.alterdekim.game.entities.User;
+import com.alterdekim.game.service.UserServiceImpl;
+import com.alterdekim.game.util.AuthenticationUtil;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+
+@Slf4j
+@Controller
+public class AdminController {
+
+    @Autowired
+    private UserServiceImpl userService;
+
+    @GetMapping("/admin")
+    public String adminPanel(Model model) {
+        User u = AuthenticationUtil.authProfile(model, userService);
+        if( !u.getRoles().get(0).getName().equals("ROLE_ADMINISTRATOR") ) {
+            return "redirect:/games";
+        }
+        return "admin";
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/com/alterdekim/game/security/SpringSecurity.java b/src/main/java/com/alterdekim/game/security/SpringSecurity.java
index b3dc692..9475e55 100644
--- a/src/main/java/com/alterdekim/game/security/SpringSecurity.java
+++ b/src/main/java/com/alterdekim/game/security/SpringSecurity.java
@@ -34,15 +34,15 @@ public class SpringSecurity {
                 .authorizeHttpRequests((authorize) ->
                         authorize
                                 .requestMatchers("/async/**").permitAll()
-                                .requestMatchers("/image/**").hasAnyAuthority("ROLE_ADMIN")
-                                .requestMatchers("/game").hasAnyAuthority("ROLE_ADMIN")
-                                .requestMatchers("/games").hasAnyAuthority("ROLE_ADMIN")
-                                .requestMatchers("/profile/**").hasAnyAuthority("ROLE_ADMIN")
-                                .requestMatchers("/api/**").hasAnyAuthority("ROLE_ADMIN")
-                                .requestMatchers("/friends").hasAnyAuthority("ROLE_ADMIN")
-                                .requestMatchers("/followers").hasAnyAuthority("ROLE_ADMIN")
-                                .requestMatchers("/settings").hasAnyAuthority("ROLE_ADMIN")
-                                .requestMatchers("/websocket/**").hasAnyAuthority("ROLE_ADMIN")
+                                .requestMatchers("/image/**").hasAnyAuthority("ROLE_USER")
+                                .requestMatchers("/game").hasAnyAuthority("ROLE_USER")
+                                .requestMatchers("/games").hasAnyAuthority("ROLE_USER")
+                                .requestMatchers("/profile/**").hasAnyAuthority("ROLE_USER")
+                                .requestMatchers("/api/**").hasAnyAuthority("ROLE_USER")
+                                .requestMatchers("/friends").hasAnyAuthority("ROLE_USER")
+                                .requestMatchers("/followers").hasAnyAuthority("ROLE_USER")
+                                .requestMatchers("/settings").hasAnyAuthority("ROLE_USER")
+                                .requestMatchers("/websocket/**").hasAnyAuthority("ROLE_USER")
                                 .requestMatchers("/static/**").permitAll()
                                 .requestMatchers("/access-denied").permitAll()
                                 .requestMatchers("/signup").permitAll()
diff --git a/src/main/java/com/alterdekim/game/security/WebSocketSecurityConfig.java b/src/main/java/com/alterdekim/game/security/WebSocketSecurityConfig.java
index 31ba5ae..9be423d 100644
--- a/src/main/java/com/alterdekim/game/security/WebSocketSecurityConfig.java
+++ b/src/main/java/com/alterdekim/game/security/WebSocketSecurityConfig.java
@@ -14,6 +14,6 @@ public class WebSocketSecurityConfig {
 
     @Bean
     AuthorizationManager<Message<?>> messageAuthorizationManager(MessageMatcherDelegatingAuthorizationManager.Builder messages) {
-        return AuthorityAuthorizationManager.hasAnyAuthority("ROLE_ADMIN");
+        return AuthorityAuthorizationManager.hasAnyAuthority("ROLE_USER");
     }
 }
\ No newline at end of file
diff --git a/src/main/java/com/alterdekim/game/service/UserServiceImpl.java b/src/main/java/com/alterdekim/game/service/UserServiceImpl.java
index 876e198..9d14922 100644
--- a/src/main/java/com/alterdekim/game/service/UserServiceImpl.java
+++ b/src/main/java/com/alterdekim/game/service/UserServiceImpl.java
@@ -35,7 +35,7 @@ public class UserServiceImpl implements UserService {
         user.setDisplayName(userDto.getUsername());
         user.setAvatarId(0L);
         user.setPassword(passwordEncoder.encode(userDto.getPassword()));
-        Role role = roleRepository.findByName("ROLE_ADMIN");
+        Role role = roleRepository.findByName("ROLE_USER");
         if(role == null){
             role = checkRoleExist();
         }
@@ -68,7 +68,7 @@ public class UserServiceImpl implements UserService {
 
     private Role checkRoleExist() {
         Role role = new Role();
-        role.setName("ROLE_ADMIN");
+        role.setName("ROLE_USER");
         return roleRepository.save(role);
     }