Authentication and layouts

src/main/java/com/platform2easy/genesis/security/config/SecurityConfiguration.java

@@ -1,6 +1,7 @@
 package com.platform2easy.genesis.security.config;
 
 
+import com.platform2easy.genesis.domain.enums.UserRole;
 import com.platform2easy.genesis.security.filter.AuthorizationFilter;
 import lombok.AllArgsConstructor;
 import org.springframework.context.annotation.Bean;
@@ -34,6 +35,7 @@ public class SecurityConfiguration {
                 .authorizeHttpRequests(authorizationRegistry -> authorizationRegistry
                         .requestMatchers("/login", "/images/**", "/css/**").permitAll()
                         .requestMatchers(HttpMethod.POST, "/authentication/login").permitAll()
+                        .requestMatchers("/compra","/compra/**").hasRole(UserRole.ADMIN.toString())
                         .anyRequest().authenticated())
                 .addFilterBefore(authorizationFilter, UsernamePasswordAuthenticationFilter.class)
                 .formLogin(httpSecurityFormLoginConfigurer -> httpSecurityFormLoginConfigurer

src/main/resources/templates/error/403.html

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head th:insert="~{layout :: head}">
+    <meta charset="UTF-8">
+</head>
+<body class="d-flex flex-column min-vh-100">
+<nav th:insert="~{layout :: nav-top}"></nav>
+<main class="container text-center my-auto">
+    <h1 class="display-4">403</h1>
+    <p class="lead">Você não tem acesso a essa página.</p>
+    <a th:href="@{/}" class="btn btn-dark">Voltar para o início</a>
+</main>
+<footer th:insert="~{layout :: footer}"></footer>
+<div th:insert="~{layout :: script}"></div>
+</body>
+</html>

src/main/resources/templates/error/404.html

@@ -4,7 +4,7 @@
     <meta charset="UTF-8">
 </head>
 <body class="d-flex flex-column min-vh-100">
-<nav th:insert="~{login :: top}"></nav>
+<nav th:insert="~{layout :: nav-top}"></nav>
 <main class="container text-center my-auto">
     <h1 class="display-4">404</h1>
     <p class="lead">A página que você está procurando não foi encontrada.</p>

src/main/resources/templates/fragments/menu.html

@@ -0,0 +1,61 @@
+<!DOCTYPE html>
+<html lang="en" xmlns:th="http://www.w3.org/1999/xhtml" xmlns:sec="http://www.w3.org/1999/xhtml">
+<head>
+    <meta charset="UTF-8">
+    <title>Title</title>
+</head>
+<body>
+<nav th:fragment="nav-mobileMenu" class="col-md-2 bg-dark sidebar collapse d-md-block" id="mobileMenu">
+    <a th:href="@{/}">🏠 Início</a>
+    <a th:href="@{/user/listar}">👥 Usuários</a>
+
+    <a sec:authorize="hasRole('ADMIN')"
+       class="dropdown-toggle d-block text-white" data-bs-toggle="collapse" href="#compras-submenu"
+       role="button" aria-expanded="false" aria-controls="compras-submenu">
+        🏷️ Compras
+    </a>
+    <div class="collapse ms-2" id="compras-submenu">
+        <a th:href="@{/compra/listar}" class="d-block text-white">📋 Listar</a>
+        <a th:href="@{/compra}" class="d-block text-white">➕ Cadastrar</a>
+    </div>
+
+    <a class="dropdown-toggle d-block text-white" data-bs-toggle="collapse" href="#relatoriosSubmenu"
+       role="button" aria-expanded="false" aria-controls="relatoriosSubmenu">
+        📊 Relatórios
+    </a>
+    <div class="collapse ms-2" id="relatoriosSubmenu">
+        <a href="#" class="d-block text-white">➤ Vendas</a>
+        <a href="#" class="d-block text-white">➤ Estoque</a>
+    </div>
+
+    <a href="#">⚙️ Configurações</a>
+    <a th:href="@{/logout}">🚪 Sair</a>
+</nav><nav class="col-md-2 bg-dark sidebar collapse d-md-block" id="mobileMenu">
+    <a th:href="@{/}">🏠 Início</a>
+    <a th:href="@{/user/listar}">👥 Usuários</a>
+
+    <a sec:authorize="hasRole('ADMIN')"
+       class="dropdown-toggle d-block text-white" data-bs-toggle="collapse" href="#compras-submenu"
+       role="button" aria-expanded="false" aria-controls="compras-submenu">
+        🏷️ Compras
+    </a>
+    <div class="collapse ms-2" id="compras-submenu">
+        <a th:href="@{/compra/listar}" class="d-block text-white">📋 Listar</a>
+        <a th:href="@{/compra}" class="d-block text-white">➕ Cadastrar</a>
+    </div>
+
+    <a class="dropdown-toggle d-block text-white" data-bs-toggle="collapse" href="#relatoriosSubmenu"
+       role="button" aria-expanded="false" aria-controls="relatoriosSubmenu">
+        📊 Relatórios
+    </a>
+    <div class="collapse ms-2" id="relatoriosSubmenu">
+        <a href="#" class="d-block text-white">➤ Vendas</a>
+        <a href="#" class="d-block text-white">➤ Estoque</a>
+    </div>
+
+    <a href="#">⚙️ Configurações</a>
+    <a th:href="@{/logout}">🚪 Sair</a>
+</nav>
+
+</body>
+</html>

src/main/resources/templates/layout.html

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html lang="en"
       xmlns:th="http://www.thymeleaf.org"
-      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout">
+      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout" xmlns:sec="http://www.w3.org/1999/xhtml">
 <head th:fragment="head">
     <meta charset="UTF-8">
     <title>Too Easy</title>
@@ -13,12 +13,12 @@
 </head>
 <body class="d-flex flex-column min-vh-100">
 
-<nav class="navbar navbar-expand-md navbar-dark bg-dark sticky-top">
+<nav th:fragment="nav-top" class="navbar navbar-expand-md navbar-dark bg-dark sticky-top">
     <div class="container-fluid">
         <div class="navbar-brand">
             <img th:src="@{/images/too-easy-trade.png}" class="img-fluid" style="max-width: 100px;">
         </div>
-        <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#mobileMenu">
+        <button sec:authorize="isAuthenticated()" class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#mobileMenu">
             <span class="navbar-toggler-icon"></span>
         </button>
     </div>
@@ -26,30 +26,7 @@
 
 <div class="flex-grow-1 container-fluid">
     <div class="row h-100">
-        <nav class="col-md-2 bg-dark sidebar collapse d-md-block" id="mobileMenu">
-            <a th:href="@{/}">🏠 Início</a>
-            <a th:href="@{/user/listar}">👥 Usuários</a>
-
-            <a class="dropdown-toggle d-block text-white" data-bs-toggle="collapse" href="#compras-submenu"
-               role="button" aria-expanded="false" aria-controls="compras-submenu">
-                🏷️ Compras
-            </a>
-            <div class="collapse ms-2" id="compras-submenu">
-                <a th:href="@{/compra/listar}" class="d-block text-white">📋 Listar</a>
-                <a th:href="@{/compra}" class="d-block text-white">➕ Cadastrar</a>
-            </div>
-
-            <a class="dropdown-toggle d-block text-white" data-bs-toggle="collapse" href="#relatoriosSubmenu"
-               role="button" aria-expanded="false" aria-controls="relatoriosSubmenu">
-                📊 Relatórios
-            </a>
-            <div class="collapse ms-2" id="relatoriosSubmenu">
-                <a href="#" class="d-block text-white">➤ Vendas</a>
-                <a href="#" class="d-block text-white">➤ Estoque</a>
-            </div>
-
-            <a href="#">⚙️ Configurações</a>
-            <a th:href="@{/logout}">🚪 Sair</a>
+        <nav th:replace="~{fragments/menu :: nav-mobileMenu}">
         </nav>
         <main class="col-md-10 ms-sm-auto col-12 content-area" layout:fragment="main-content">
         </main>

src/main/resources/templates/login.html

@@ -5,16 +5,10 @@
 </head>
 <body class="bg-light">
 
-<div th:fragment="top" class="navbar navbar-expand-md navbar-dark bg-dark sticky-top">
-    <div class="container-fluid">
-        <div class="navbar-brand">
-            <img th:src="@{/images/too-easy-trade.png}" class="img-fluid" style="max-width: 100px;">
-        </div>
-    </div>
-</div>
+<nav th:insert="~{layout :: nav-top}"></nav>
 
 <div class="container d-flex justify-content-center align-items-center" style="height: 100vh;">
-    <form class="p-5 shadow bg-white rounded w-100" style="max-width: 500px;" method="post" th:action="@{/login}">
+    <form class="p-5 shadow bg-white rounded w-100" style="max-width: 400px;" method="post" th:action="@{/login}">
         <h4 class="mb-4">Login Admin</h4>
         <div class="mb-3">
             <input class="form-control" type="text" name="username" placeholder="Usuário">

src/main/resources/templates/users/list.html

@@ -23,7 +23,9 @@
             <tr th:each="user : ${users}">
                 <td th:text="${user.id}"></td>
                 <td th:text="${user.nome}"></td>
-                <td th:text="${user.role}"></td>
+                <td th:text="${user.role}">
+                    sel
+                </td>
                 <td>
                     <a th:href="@{'/user/editar/' + ${user.id}}" type="button" class="btn btn-outline-dark"
                        title="Editar">