fix forms to automatically generate csrf tokens
Co-authored-by: Christoph <tobi@urpost.de>
This commit is contained in:
Christoph
@ -64,11 +64,7 @@ class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
|
||||
.antMatchers("/actuator/**")
|
||||
.hasRole("monitoring")
|
||||
.anyRequest()
|
||||
.permitAll()
|
||||
.and()
|
||||
.csrf()
|
||||
.ignoringAntMatchers("/gruppen2/createOrga")
|
||||
.ignoringAntMatchers("/gruppen2/details/members/addUsersFromCsv");
|
||||
.permitAll();
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -40,7 +40,7 @@
|
||||
<div class="row">
|
||||
<div class="col-10">
|
||||
<h1>Metadaten ändern</h1>
|
||||
<form action="/gruppen2/details/changeMetadata" method="post">
|
||||
<form method="post" th:action="@{/gruppen2/details/changeMetadata}">
|
||||
<div class="shadow-sm p-2"
|
||||
style=" border: 10px solid aliceblue; background: aliceblue">
|
||||
<div class="form-group">
|
||||
|
||||
@ -38,7 +38,8 @@
|
||||
<div class="row">
|
||||
<div class="col-10">
|
||||
<h1>Gruppenerstellung</h1>
|
||||
<form method="post" action="/gruppen2/createOrga" enctype="multipart/form-data">
|
||||
<form enctype="multipart/form-data" method="post"
|
||||
th:action="@{/gruppen2/createOrga}">
|
||||
<div class="shadow-sm p-2"
|
||||
style=" border: 10px solid aliceblue; background: aliceblue">
|
||||
<div class="form-group">
|
||||
|
||||
@ -37,8 +37,9 @@
|
||||
<div class="row">
|
||||
<div class="col-10">
|
||||
<h1>Gruppenerstellung</h1>
|
||||
<form method="post" action="/gruppen2/createStudent">
|
||||
<div class="shadow-sm p-2" style=" border: 10px solid aliceblue; border-radius: 5px; background: aliceblue">
|
||||
<form method="post" th:action="@{/gruppen2/createStudent}">
|
||||
<div class="shadow-sm p-2"
|
||||
style=" border: 10px solid aliceblue; border-radius: 5px; background: aliceblue">
|
||||
|
||||
<div class="form-group">
|
||||
<label for="titel">Titel</label>
|
||||
|
||||
@ -83,15 +83,16 @@
|
||||
style="background: #52a1eb; border: none; margin: 5px">
|
||||
<a style="color: white" th:href="@{/gruppen2}">Zurück</a>
|
||||
</button>
|
||||
<form action="/gruppen2/leaveGroup" method="post">
|
||||
<form method="post" th:action="@{/gruppen2/leaveGroup}">
|
||||
<button class="btn btn-danger" style="border-style: none; margin: 5px"
|
||||
th:name="group_id" th:value="${group.getId()}"
|
||||
type="submit">Gruppe verlassen
|
||||
</button>
|
||||
</form>
|
||||
<form action="/gruppen2/deleteGroup" method="post">
|
||||
<form method="post" th:action="@{/gruppen2/deleteGroup}">
|
||||
<button class="btn btn-danger" style="border-style: none; margin: 5px"
|
||||
th:name="group_id" th:value="${group.getId()}" th:if="${group.getRoles().get(user.getId()) == admin}"
|
||||
th:name="group_id" th:value="${group.getId()}"
|
||||
th:if="${group.getRoles().get(user.getId()) == admin}"
|
||||
type="submit">Gruppe löschen
|
||||
</button>
|
||||
</form>
|
||||
@ -132,7 +133,7 @@
|
||||
</div>
|
||||
<script>
|
||||
function copyLink() {
|
||||
var copyText = document.getElementById("groupLink");
|
||||
const copyText = document.getElementById("groupLink");
|
||||
|
||||
copyText.select();
|
||||
copyText.setSelectionRange(0, 99999);
|
||||
|
||||
@ -50,7 +50,7 @@
|
||||
</div>
|
||||
<div class="form-group mt-2">
|
||||
<div class="text-right">
|
||||
<form method="post" action="/gruppen2/detailsBeitreten">
|
||||
<form method="post" th:action="@{/gruppen2/detailsBeitreten}">
|
||||
<button class="btn btn-primary"
|
||||
style="background: #52a1eb; border-style: none;"
|
||||
th:href="@{/gruppen2/detailsBeitreten}"
|
||||
|
||||
@ -48,16 +48,19 @@
|
||||
</div>
|
||||
<div class="shadow p-2" style="border: 10px solid aliceblue; background: aliceblue">
|
||||
<div class="form-group pt-4" th:if="${account.getRoles().contains('orga')}">
|
||||
<form action="/gruppen2/details/members/addUsersFromCsv"
|
||||
<form th:action="@{/gruppen2/details/members/addUsersFromCsv}"
|
||||
enctype="multipart/form-data"
|
||||
method="post">
|
||||
<div class="input-group mb-3">
|
||||
<div class="custom-file">
|
||||
<input class="custom-file-input" id="file" th:name="file" type="file">
|
||||
<label class="custom-file-label" for="file">CSV Datei von Mitgliedern hochladen</label>
|
||||
<input class="custom-file-input" id="file" th:name="file"
|
||||
type="file">
|
||||
<label class="custom-file-label" for="file">CSV Datei von
|
||||
Mitgliedern hochladen</label>
|
||||
</div>
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-outline-secondary" style="background: #52a1eb; border-style: none"
|
||||
<button class="btn btn-outline-secondary"
|
||||
style="background: #52a1eb; border-style: none"
|
||||
th:name="group_id" th:value="${group.getId()}"
|
||||
type="submit">
|
||||
<a style="color: white">Hinzufügen</a>
|
||||
@ -67,12 +70,16 @@
|
||||
</form>
|
||||
</div>
|
||||
<div class="form-group pt-4">
|
||||
<form action="/gruppen2/details/members/changeMaximum" method="post">
|
||||
<form method="post" th:action="@{/gruppen2/details/members/changeMaximum}">
|
||||
<div class="input-group mb-3" id="userMaximum">
|
||||
<input class="form-control" placeholder="Maximale Teilnehmerzahl ändern..." th:name="maximum"
|
||||
type="number" th:min="${group.getMembers().size()}" max="10000">
|
||||
<input class="form-control"
|
||||
placeholder="Maximale Teilnehmerzahl ändern..."
|
||||
th:name="maximum"
|
||||
type="number" th:min="${group.getMembers().size()}"
|
||||
max="10000">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-outline-secondary" style="background: #52a1eb; border-style: none"
|
||||
<button class="btn btn-outline-secondary"
|
||||
style="background: #52a1eb; border-style: none"
|
||||
th:name="group_id" th:value="${group.getId()}"
|
||||
type="submit">
|
||||
<a style="color: white">Speichern</a>
|
||||
@ -99,21 +106,27 @@
|
||||
</td>
|
||||
<td>
|
||||
<div class="text-right btn-toolbar" style="float: right;" role="toolbar">
|
||||
<form action="/gruppen2/details/members/changeRole" method="post">
|
||||
<form method="post"
|
||||
th:action="@{/gruppen2/details/members/changeRole}">
|
||||
<input th:name="group_id" th:value="${group.getId()}"
|
||||
type="hidden">
|
||||
<input th:name="user_id" th:value="${member.getId()}"
|
||||
type="hidden">
|
||||
<button class="btn btn-warning btn-sm" type="submit" style="margin: 5px">Rolle
|
||||
<button class="btn btn-warning btn-sm" type="submit"
|
||||
style="margin: 5px">Rolle
|
||||
ändern
|
||||
</button>
|
||||
</form>
|
||||
<form action="/gruppen2/details/members/deleteUser" method="post">
|
||||
<form method="post"
|
||||
th:action="@{/gruppen2/details/members/deleteUser}">
|
||||
<input th:name="group_id" th:value="${group.getId()}"
|
||||
type="hidden">
|
||||
<input th:name="user_id" th:value="${member.getId()}"
|
||||
type="hidden">
|
||||
<button class="btn btn-danger btn-sm" style="margin: 5px" th:if='!${account.getName().equals(member.getId())}'>Mitglied entfernen</button>
|
||||
<button class="btn btn-danger btn-sm" style="margin: 5px"
|
||||
th:if='!${account.getName().equals(member.getId())}'>
|
||||
Mitglied entfernen
|
||||
</button>
|
||||
</form>
|
||||
</div>
|
||||
</td>
|
||||
|
||||
@ -33,7 +33,7 @@
|
||||
<div class="row">
|
||||
<div class="col-10">
|
||||
<h1>Meine Gruppen</h1>
|
||||
<form action="/" method="get">
|
||||
<form method="get" th:action="@{/}">
|
||||
<h3 style="color: dodgerblue; font-weight: bold; font-optical-sizing: auto">
|
||||
<small style="font-weight: normal; color: black">Mitglied in </small>
|
||||
<small style="font-weight: bold; color: black"
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
<h1>Gruppensuche</h1>
|
||||
<div class="shadow-sm p-2"
|
||||
style="border: 10px solid aliceblue; border-radius: 5px; background: aliceblue">
|
||||
<form action="/gruppen2/findGroup" method="get">
|
||||
<form method="get" th:action="@{/gruppen2/findGroup}">
|
||||
<div class="form-group">
|
||||
<label for="suchleiste">Suchbegriff:</label>
|
||||
<input class="form-control" id="suchleiste"
|
||||
|
||||
Reference in New Issue
Block a user