anggara
2018-10-24 44620e685f6e232f0e1ac0a4a01eccc30c9cbc11
update CMS-privilege and dropdown logout
9 files modified
1 files added
113 ■■■■ changed files
unipin_cms_service/pom.xml 12 ●●●●● patch | view | raw | blame | history
unipin_cms_service/src/main/java/id/co/accessmobile/carrier/billing/unipin/cstools/controller/BillingHitController.java 2 ●●●●● patch | view | raw | blame | history
unipin_cms_service/src/main/java/id/co/accessmobile/carrier/billing/unipin/cstools/controller/BlacklistController.java 6 ●●●●● patch | view | raw | blame | history
unipin_cms_service/src/main/java/id/co/accessmobile/carrier/billing/unipin/cstools/controller/PurchaseController.java 2 ●●●●● patch | view | raw | blame | history
unipin_cms_service/src/main/java/id/co/accessmobile/carrier/billing/unipin/cstools/controller/RevenueController.java 2 ●●●●● patch | view | raw | blame | history
unipin_cms_service/src/main/java/id/co/accessmobile/carrier/billing/unipin/cstools/controller/UserTrackController.java 2 ●●●●● patch | view | raw | blame | history
unipin_cms_service/src/main/java/id/co/accessmobile/carrier/billing/unipin/cstools/security/CustomeAutenticationProvider.java 3 ●●●● patch | view | raw | blame | history
unipin_cms_service/src/main/java/id/co/accessmobile/carrier/billing/unipin/cstools/security/WebSecurityConfig.java 3 ●●●● patch | view | raw | blame | history
unipin_cms_service/src/main/resources/static/css/custom.css 35 ●●●●● patch | view | raw | blame | history
unipin_cms_service/src/main/resources/templates/index.html 46 ●●●●● patch | view | raw | blame | history
unipin_cms_service/pom.xml
....@@ -41,6 +41,18 @@
4141 <artifactId>unipin-bot-telegram-service</artifactId>
4242 <version>1.0</version>
4343 </dependency>
44
+ <dependency>
45
+ <groupId>org.thymeleaf</groupId>
46
+ <artifactId>thymeleaf-spring4</artifactId>
47
+ <version>${thymeleaf.version}</version>
48
+ <scope>compile</scope>
49
+ </dependency>
50
+
51
+ <dependency>
52
+ <groupId>org.thymeleaf.extras</groupId>
53
+ <artifactId>thymeleaf-extras-springsecurity4</artifactId>
54
+ <scope>compile</scope>
55
+ </dependency>
4456 </dependencies>
4557
4658
unipin_cms_service/src/main/java/id/co/accessmobile/carrier/billing/unipin/cstools/controller/BillingHitController.java
....@@ -5,6 +5,7 @@
55 import org.springframework.beans.factory.annotation.Autowired;
66 import org.springframework.http.HttpStatus;
77 import org.springframework.http.ResponseEntity;
8
+import org.springframework.security.access.prepost.PreAuthorize;
89 import org.springframework.stereotype.Controller;
910 import org.springframework.web.bind.annotation.RequestMapping;
1011 import org.springframework.web.bind.annotation.RequestMethod;
....@@ -26,6 +27,7 @@
2627 protected BillingHitRepository repository;
2728 protected SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd");
2829
30
+ @PreAuthorize("hasAnyAuthority('ADMIN' ,'CS','FINANCE')")
2931 @RequestMapping(value = "billing", method = RequestMethod.POST)
3032 public ResponseEntity<List<ViewBillingHit>> findAll(
3133 @RequestParam(value = "period_start", required = true) String from,
unipin_cms_service/src/main/java/id/co/accessmobile/carrier/billing/unipin/cstools/controller/BlacklistController.java
....@@ -6,6 +6,7 @@
66 import org.springframework.beans.factory.annotation.Autowired;
77 import org.springframework.http.HttpStatus;
88 import org.springframework.http.ResponseEntity;
9
+import org.springframework.security.access.prepost.PreAuthorize;
910 import org.springframework.stereotype.Controller;
1011 import org.springframework.web.bind.annotation.RequestMapping;
1112 import org.springframework.web.bind.annotation.RequestMethod;
....@@ -24,11 +25,12 @@
2425 @Autowired
2526 protected BlacklistRepository blacklistRepository;
2627
28
+ @PreAuthorize("hasAnyAuthority('ADMIN' ,'CS','FINANCE')")
2729 @RequestMapping(value = "/blacklist", method = RequestMethod.POST)
2830 public ResponseEntity<List<ViewBlacklist>> findAll() {
2931 return new ResponseEntity<List<ViewBlacklist>>(this.blacklistRepository.findAll(), HttpStatus.OK);
3032 }
31
-
33
+ @PreAuthorize("hasAnyAuthority('ADMIN' ,'CS','FINANCE')")
3234 @RequestMapping(value = "/blacklist/registration", method = RequestMethod.POST)
3335 public ResponseEntity<List<ViewBlacklist>> register(
3436 @RequestParam(value = "msisdn", required = true) String msisdn,
....@@ -44,7 +46,7 @@
4446 this.blacklistRepository.create(blacklist);
4547 return new ResponseEntity<List<ViewBlacklist>>(this.blacklistRepository.findAll(), HttpStatus.OK);
4648 }
47
-
49
+ @PreAuthorize("hasAnyAuthority('ADMIN' ,'CS','FINANCE')")
4850 @RequestMapping(value = "/blacklist/delete", method = RequestMethod.POST)
4951 public ResponseEntity<List<ViewBlacklist>> delete(@RequestParam(value = "msisdn", required = true) String msisdn) {
5052 this.blacklistRepository.delete(msisdn);
unipin_cms_service/src/main/java/id/co/accessmobile/carrier/billing/unipin/cstools/controller/PurchaseController.java
....@@ -5,6 +5,7 @@
55 import org.springframework.beans.factory.annotation.Autowired;
66 import org.springframework.http.HttpStatus;
77 import org.springframework.http.ResponseEntity;
8
+import org.springframework.security.access.prepost.PreAuthorize;
89 import org.springframework.stereotype.Controller;
910 import org.springframework.web.bind.annotation.RequestMapping;
1011 import org.springframework.web.bind.annotation.RequestMethod;
....@@ -26,6 +27,7 @@
2627 protected PurchaseRepository repository;
2728 protected SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd");
2829
30
+ @PreAuthorize("hasAnyAuthority('ADMIN' ,'CS','FINANCE')")
2931 @RequestMapping(value = "/purchase", method = RequestMethod.POST)
3032 public ResponseEntity<List<ViewPurchase>> findAll(
3133 @RequestParam(value = "period_start",required = true) String from,
unipin_cms_service/src/main/java/id/co/accessmobile/carrier/billing/unipin/cstools/controller/RevenueController.java
....@@ -5,6 +5,7 @@
55 import org.springframework.beans.factory.annotation.Autowired;
66 import org.springframework.http.HttpStatus;
77 import org.springframework.http.ResponseEntity;
8
+import org.springframework.security.access.prepost.PreAuthorize;
89 import org.springframework.stereotype.Controller;
910 import org.springframework.web.bind.annotation.RequestMapping;
1011 import org.springframework.web.bind.annotation.RequestMethod;
....@@ -27,6 +28,7 @@
2728
2829 protected SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd");
2930
31
+ @PreAuthorize("hasAnyAuthority('ADMIN' ,'CS','FINANCE')")
3032 @RequestMapping(value = "revenue",method = RequestMethod.POST)
3133 public ResponseEntity<List<ViewRevenue>> findAll(
3234 @RequestParam(value = "period_start",required = true) String from,
unipin_cms_service/src/main/java/id/co/accessmobile/carrier/billing/unipin/cstools/controller/UserTrackController.java
....@@ -8,6 +8,7 @@
88 import org.springframework.beans.factory.annotation.Autowired;
99 import org.springframework.http.HttpStatus;
1010 import org.springframework.http.ResponseEntity;
11
+import org.springframework.security.access.prepost.PreAuthorize;
1112 import org.springframework.stereotype.Controller;
1213 import org.springframework.web.bind.annotation.RequestMapping;
1314 import org.springframework.web.bind.annotation.RequestMethod;
....@@ -38,6 +39,7 @@
3839 protected SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd");
3940 protected SimpleDateFormat simpleDateFormatDetail = new SimpleDateFormat("yyyy-MM-dd HH-mm-ss");
4041
42
+ @PreAuthorize("hasAnyAuthority('ADMIN' ,'CS','FINANCE')")
4143 @RequestMapping(value = "/track", method = RequestMethod.POST)
4244 public ResponseEntity<List<UserTrack>> findAll(
4345 @RequestParam(value = "period_start", required = true) String from,
unipin_cms_service/src/main/java/id/co/accessmobile/carrier/billing/unipin/cstools/security/CustomeAutenticationProvider.java
....@@ -12,6 +12,7 @@
1212 import org.springframework.security.core.Authentication;
1313 import org.springframework.security.core.AuthenticationException;
1414 import org.springframework.security.core.GrantedAuthority;
15
+import org.springframework.security.core.authority.AuthorityUtils;
1516 import org.springframework.security.core.authority.SimpleGrantedAuthority;
1617 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
1718 import org.springframework.stereotype.Component;
....@@ -40,7 +41,7 @@
4041 System.out.println(tblAccount.getPassword());
4142 System.out.println(new Gson().toJson(tblAccount));
4243 if (tblAccount != null && tblAccount.getStatus()== Status.ACTIVE && this.passwordEncoder.matches(password,tblAccount.getPassword())) {
43
- return new UsernamePasswordAuthenticationToken(username, tblAccount.getPriviledge(), this.getAuthority(tblAccount));
44
+ return new UsernamePasswordAuthenticationToken(username, tblAccount.getPriviledge(), AuthorityUtils.createAuthorityList(tblAccount.getPriviledge().toString()));
4445 } else {
4546 throw new
4647 BadCredentialsException("External System authentication failed");
unipin_cms_service/src/main/java/id/co/accessmobile/carrier/billing/unipin/cstools/security/WebSecurityConfig.java
....@@ -26,7 +26,8 @@
2626 .permitAll()
2727 .and()
2828 .logout()
29
- .permitAll();
29
+ .permitAll()
30
+ .and().antMatcher("/**").headers().frameOptions().disable();
3031 }
3132 @Override
3233 public void configure(WebSecurity web) throws Exception {
unipin_cms_service/src/main/resources/static/css/custom.css
....@@ -0,0 +1,35 @@
1
+
2
+.sidebar .user-info .info-container .user-helper-dropdown {
3
+ position: absolute;
4
+ right: -3px;
5
+ bottom: -12px;
6
+ -webkit-box-shadow: none;
7
+ -moz-box-shadow: none;
8
+ -ms-box-shadow: none;
9
+ box-shadow: none;
10
+ cursor: pointer;
11
+ color: #000;
12
+}
13
+
14
+.sidebar .user-info .info-container .user-helper-dropdown {
15
+ position: absolute;
16
+ right: -3px;
17
+ bottom: -12px;
18
+ -webkit-box-shadow: none;
19
+ -moz-box-shadow: none;
20
+ -ms-box-shadow: none;
21
+ background: none;
22
+ box-shadow: none;
23
+ cursor: pointer;
24
+ color: #000;
25
+}
26
+
27
+.sidebar .user-info {
28
+ padding: 20px 15px 12px 15px;
29
+ white-space: nowrap;
30
+ position: relative;
31
+ border-bottom: 1px solid #e9e9e9;
32
+ background: none;
33
+ height: 86px;
34
+ background-color: #fdfdfd;
35
+}
unipin_cms_service/src/main/resources/templates/index.html
....@@ -1,5 +1,6 @@
11 <!DOCTYPE html>
2
-<html xmlns:th="http://www.thymeleaf.org">
2
+<html xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
3
+
34 <head>
45 <meta name="_csrf" th:content="${_csrf.token}"/>
56 <meta name="_csrf_header" th:content="${_csrf.headerName}"/>
....@@ -32,6 +33,7 @@
3233 <link href="plugins/bootstrap-select/css/bootstrap-select.css" rel="stylesheet"/>
3334 <!-- Custom Css -->
3435 <link href="css/style.css" rel="stylesheet"/>
36
+ <link href="css/custom.css" rel="stylesheet"/>
3537 <!-- AdminBSB Themes. You can choose a theme from css/themes instead of get all themes -->
3638 <link href="css/themes/all-themes.css" rel="stylesheet"/>
3739 <script>
....@@ -57,15 +59,18 @@
5759 <aside id="leftsidebar" class="sidebar">
5860 <!-- User Info -->
5961 <div class="user-info">
60
- <div class="image">
62
+ <div style="float: left" class="image">
6163 <img src="images/user.png" width="48" height="48" alt="User"/>
6264 </div>
65
+ <div style="float: left" th:inline="text">
66
+ <h5>Welcome</h5>
67
+ <h6>[[${#httpServletRequest.remoteUser}]]</h6>
68
+ </div>
6369 <div class="info-container">
64
- <div class="name" message-toggle="dropdown" aria-haspopup="true" aria-expanded="false" th:inline="text">
65
- [[${#httpServletRequest.remoteUser}]]
70
+ <div class="name" message-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
6671 </div>
6772 <div class="btn-group user-helper-dropdown">
68
- <i class="material-icons" message-toggle="dropdown" aria-haspopup="true" aria-expanded="true">keyboard_arrow_down</i>
73
+ <i class="material-icons" data-toggle="dropdown" aria-haspopup="true" aria-expanded="true">keyboard_arrow_down</i>
6974 <ul class="dropdown-menu pull-right">
7075 <li><a href="javascript:void(0);"><i class="material-icons">person</i>Profile</a></li>
7176 <li role="seperator" class="divider"></li>
....@@ -87,31 +92,31 @@
8792 <div class="menu">
8893 <ul class="list">
8994 <li class="header">MAIN NAVIGATION</li>
90
- <li id="revenue_menu" class="active">
95
+ <li id="revenue_menu" class="active" sec:authorize="hasAnyAuthority('ADMIN','CS','FINANCE')" >
9196 <a th:href="'javascript:renderRevenue(\'content\',\''+${period_start}+'\',\''+${period_end}+'\',\'revenue_menu\')'">
9297 <i class="material-icons">money</i>
9398 <span>Revenue</span>
9499 </a>
95100 </li>
96
- <li id="blacklist_menu">
101
+ <li id="blacklist_menu" sec:authorize="hasAnyAuthority('ADMIN','CS','FINANCE')">
97102 <a th:href="'javascript:renderBlacklist(\'content\',\'blacklist_menu\')'">
98103 <i class="material-icons">contacts</i>
99104 <span>Blacklist</span>
100105 </a>
101106 </li>
102
- <li id="purchase_menu">
107
+ <li id="purchase_menu" sec:authorize="hasAnyAuthority('ADMIN','CS','FINANCE')">
103108 <a th:href="'javascript:renderPurchase(\'content\',\''+${period_start}+'\',\''+${period_end}+'\',\'purchase_menu\')'">
104109 <i class="material-icons">money</i>
105110 <span>Purchase</span>
106111 </a>
107112 </li>
108
- <li id="biling_menu">
113
+ <li id="biling_menu" sec:authorize="hasAnyAuthority('ADMIN','CS','FINANCE')">
109114 <a th:href="'javascript:renderBilling(\'content\',\''+${period_start}+'\',\''+${period_end}+'\',\'billing_menu\')'">
110115 <i class="material-icons">equalizer</i>
111116 <span>Billing Hit</span>
112117 </a>
113118 </li>
114
- <li id="track_menu">
119
+ <li id="track_menu" sec:authorize="hasAnyAuthority('ADMIN','CS','FINANCE')">
115120 <a th:href="'javascript:renderTrack(\'content\',\''+${period_start}+'\',\''+${period_end}+'\',\'track_menu\')'">
116121 <i class="material-icons">track_changes</i>
117122 <span>User Tracker</span>
....@@ -146,26 +151,33 @@
146151 <div class="card">
147152 <div class="header" id="header_search">
148153 <div class="row clearfix">
149
- <div class="col-sm-2">
150
- <div class="form-group">
154
+ <div class="col-md-11">
155
+ <div class="col-sm-6" id="period_start_area">
156
+ <div class="input-group">
157
+ <span class="input-group-addon">
158
+ <i class="material-icons">date_range</i>
159
+ </span>
151160 <div class="form-line">
152161 <input id="period_start" type="text" class="datetimepicker form-control"
153162 placeholder="Please choose starting period" th:value="${period_start}"/>
154163 </div>
155164 </div>
156165 </div>
157
-
158
- <div class="col-sm-2">
159
- <div class="form-group">
166
+ <div class="col-sm-6" id="period_end_area">
167
+ <div class="input-group">
168
+ <span class="input-group-addon">
169
+ <i class="material-icons">date_range</i>
170
+ </span>
160171 <div class="form-line">
161172 <input id="period_end" type="text" class="datetimepicker form-control"
162173 placeholder="Please choose ending period" th:value="${period_end}"/>
163174 </div>
164175 </div>
165176 </div>
166
- <div id="admin_header" class="col-sm-8" style="display: flex;justify-content: flex-end">
177
+ </div>
178
+ <div id="admin_header" class="col-md-1" style="display: flex;justify-content: flex-end">
167179 <div class="demo-radio-button">
168
- <button id="search_type_1" class="btn btn-info waves-effect">search</button>
180
+ <button id="search_type_1" class="btn btn-info waves-effect"><i class="material-icons">search</i><span>Search</span> </button>
169181 </div>
170182 </div>
171183 </div>