Fixed #103, Fixed #102

thomaswoehlke · thomaswoehlke · commit ced7506f8e31 · 2020-04-03T17:04:15.000+02:00
diff --git a/src/main/java/org/woehlke/simpleworklist/config/di/WebSecurityConfig.java b/src/main/java/org/woehlke/simpleworklist/config/di/WebSecurityConfig.java
@@ -58,13 +58,16 @@ public WebSecurityConfig(
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
-            .headers().disable()
+            .headers()
+            .disable()
             .authorizeRequests()
             .antMatchers(applicationProperties.getWebSecurity().getAntPatternsPublic())
             .permitAll()
             .anyRequest()
             .fullyAuthenticated()
             .and()
+            .csrf()
+            .and()
             .formLogin()
             .loginPage(applicationProperties.getWebSecurity().getLoginPage())
             .usernameParameter(applicationProperties.getWebSecurity().getUsernameParameter())
@@ -75,6 +78,8 @@ protected void configure(HttpSecurity http) throws Exception {
             .successHandler(loginSuccessHandler)
             .permitAll()
             .and()
+            .csrf()
+            .and()
             .logout()
             .logoutUrl(applicationProperties.getWebSecurity().getLogoutUrl())
             .deleteCookies(applicationProperties.getWebSecurity().getCookieNamesToClear())
diff --git a/src/main/java/org/woehlke/simpleworklist/project/ProjectController.java b/src/main/java/org/woehlke/simpleworklist/project/ProjectController.java
@@ -108,21 +108,47 @@ public final String addNewTopLevelProjectForm(
             Locale locale, Model model
     ){
         log.info("/project/add/new/project (GET)");
-        return addNewProject(rootProjectId, userSession, locale, model);
+        addNewProject(rootProjectId, userSession, locale, model);
+        return "project/addToplevel";
     }
 
 
-    @RequestMapping(path = "/add/new/project", method = RequestMethod.POST)
+    @RequestMapping(path = "/add/new/project", method = {RequestMethod.POST, RequestMethod.PUT})
     public final String addNewTopLevelProjectSave(
         @Valid Project project,
         @ModelAttribute("userSession") UserSessionBean userSession,
         BindingResult result,
         Locale locale, Model model
     ){
         log.info("/project/add/new/project (POST)");
-        return addNewProjectPersist( rootProjectId, userSession, project, result, locale, model );
+        return addNewProjectPersist( rootProjectId, userSession, project,
+            result, locale, model, "project/addToplevel");
     }
 
+    @RequestMapping(path = "/{projectId}/add/new/project", method = RequestMethod.GET)
+    public final String addNewSubProjectGet(
+        @PathVariable long projectId,
+        @ModelAttribute("userSession") UserSessionBean userSession,
+        Locale locale, Model model
+    ) {
+        log.info("private addNewProjectGet (GET) projectId="+projectId);
+        addNewProject(projectId, userSession, locale, model);
+        return "project/add";
+    }
+
+    @RequestMapping(path = "/{projectId}/add/new/project", method = {RequestMethod.POST, RequestMethod.PUT})
+    public final String addNewSubProjectPost(
+        @PathVariable long projectId,
+        @ModelAttribute("userSession") UserSessionBean userSession,
+        @Valid Project project,
+        BindingResult result,
+        Locale locale, Model model) {
+        log.info("private addNewProjectPost (POST) projectId="+projectId+" "+project.toString());
+        return addNewProjectPersist( projectId, userSession, project,
+            result, locale, model ,"project/add");
+    }
+
+
     @RequestMapping(path = "/{thisProjectId}/move/to/{targetProjectId}", method = RequestMethod.GET)
     public final String moveProject(
             @PathVariable("thisProjectId") Project thisProject,
@@ -243,7 +269,7 @@ public final String deleteProject(
     }
 
 
-    private final String addNewProject(
+    private final void addNewProject(
         long projectId,
         UserSessionBean userSession,
         Locale locale,
@@ -274,15 +300,15 @@ private final String addNewProject(
         model.addAttribute("breadcrumb", breadcrumb);
         model.addAttribute("thisProject", thisProject);
         model.addAttribute("project", project);
-        return "project/add";
     }
 
     private String addNewProjectPersist(
         long projectId,
         UserSessionBean userSession,
         Project project,
         BindingResult result,
-        Locale locale, Model model
+        Locale locale, Model model,
+        String template
     ){
         log.info("private addNewProjectPersist projectId="+projectId+" "+project.toString());
         Context context = super.getContext(userSession);
@@ -301,7 +327,7 @@ private String addNewProjectPersist(
             model.addAttribute("breadcrumb", breadcrumb);
             model.addAttribute("thisProject", thisProject);
             model.addAttribute("project", project);
-            return "project/add";
+            return template;
         } else {
             if (projectId == 0) {
                 if(userSession.getContextId()>0) {
@@ -324,28 +350,6 @@ private String addNewProjectPersist(
         }
     }
 
-    @RequestMapping(path = "/{projectId}/add/new/project", method = RequestMethod.GET)
-    public final String addNewProjectGet(
-            @PathVariable long projectId,
-            @ModelAttribute("userSession") UserSessionBean userSession,
-            Locale locale, Model model
-    ) {
-        log.info("private addNewProjectGet (GET) projectId="+projectId);
-        return addNewProject(projectId, userSession, locale, model);
-    }
-
-    @RequestMapping(path = "/{projectId}/add/new/project",
-            method = RequestMethod.POST)
-    public final String addNewProjectPost(
-            @PathVariable long projectId,
-            @ModelAttribute("userSession") UserSessionBean userSession,
-            @Valid Project project,
-            BindingResult result,
-            Locale locale, Model model) {
-        log.info("private addNewProjectPost (POST) projectId="+projectId+" "+project.toString());
-        return addNewProjectPersist( projectId, userSession, project, result, locale, model );
-    }
-
     @RequestMapping(path = "/task/{sourceTaskId}/changeorderto/{destinationTaskId}", method = RequestMethod.GET)
     public String changeTaskOrderIdWithinAProject(
             @PathVariable("sourceTaskId") Task sourceTask,
diff --git a/src/main/resources/templates/project/add.html b/src/main/resources/templates/project/add.html
@@ -19,7 +19,7 @@ <h1>
 
 <div th:fragment="mytwcontent">
 	<div>
-	<form id="formId" th:action="@{/project/addchild/{id}(id=${thisProjectId})}" th:object="${project}" method="post">
+	<form id="formId" th:action="@{/project/{id}/add/new/project(id=${thisProject.id})}" th:object="${project}" method="post">
 		<div class="form-group">
 			<label th:for="${#ids.next('name')}" class="control-label">Name</label>
 			<input type="text" th:field="*{name}" class="form-control" />
diff --git a/src/main/resources/templates/project/addToplevel.html b/src/main/resources/templates/project/addToplevel.html
@@ -0,0 +1,70 @@
+<!DOCTYPE html>
+<html th:lang="${#locale.language}"
+	  xmlns="http://www.w3.org/1999/xhtml"
+	  xmlns:th="http://www.thymeleaf.org"
+	  xmlns:sec="http://www.thymeleaf.org/extras/spring-security"
+	  xmlns:sd="http://www.thymeleaf.org/spring-data">
+<head th:replace="layout/page :: tw-page-head(headtitle=~{::title},links=~{},refreshMessages=false)">
+	<title th:text="'SimpleWorklist | ' + #{project.add.h1}">Title</title>
+</head>
+<body th:replace="layout/page :: tw-page-body(twcontent=~{::mytwcontent},twtitle=~{::mytwtitle},scripts=~{::script})">
+
+<div th:fragment="mytwtitle">
+	<!-- New Project Form -->
+	<h1>
+		<i class="fas fa-folder-open"></i> &nbsp;
+		<span th:utext="#{project.add.h1}">Add Project</span>
+	</h1>
+</div>
+
+<div th:fragment="mytwcontent">
+	<div>
+	<form id="formId" th:action="@{/project/add/new/project}" th:object="${project}" method="post">
+		<div class="form-group">
+			<label th:for="${#ids.next('name')}" class="control-label">Name</label>
+			<input type="text" th:field="*{name}" class="form-control" />
+			<div>
+				<div th:each="err : ${#fields.errors('name')}" th:text="${err}" class="alert alert-danger"></div>
+			</div>
+		</div>
+		<div class="form-group">
+			<label th:for="textEditor"  class="control-label">
+				<span th:utext="#{project.add.description}">Description</span>
+			</label>
+			<textarea id="textEditor" name="textEditor" rows="10" cols="50" th:field="*{description}" class="form-control"></textarea>
+			<div>
+				<div th:each="err : ${#fields.errors('description')}" th:text="${err}" class="alert alert-danger"></div>
+			</div>
+		</div>
+		<div class="form-group">
+			<label th:for="${#ids.next('context.id')}" class="control-label">
+				<span th:utext="#{project.edit.context}">Area</span>
+			</label>
+			<select th:field="*{context.id}">
+				<option th:each="areaOption : ${contexts}"
+						th:value="${areaOption.id}"
+						th:text="${locale == 'de' ? areaOption.nameDe : areaOption.nameEn}">Wireframe</option>
+			</select>
+			<div>
+				<div th:each="err : ${#fields.errors('context.id')}" th:text="${err}" class="alert alert-danger"></div>
+			</div>
+		</div>
+		<button id="createNewProject" type="submit" class="btn btn-primary">
+			<i class="fas fa-save"></i>
+			<span th:utext="#{project.add.button}">Add Project</span>
+		</button>
+        <input type="hidden"
+               name="${_csrf.parameterName}"
+               value="${_csrf.token}"/>
+	</form>
+	</div>
+	<!-- Document Window End -->
+
+</div>
+
+	<script th:src="@{/webjars/ckeditor/4.11.3/full/ckeditor.js}"></script>
+	<script th:inline="javascript">
+		CKEDITOR.replace( 'textEditor' );
+	</script>
+</body>
+</html>
