Revision 57350
Added by Ioannis Diplas over 4 years ago
RepositoryController.java | ||
---|---|---|
11 | 11 |
import org.json.JSONException; |
12 | 12 |
import org.springframework.beans.factory.annotation.Autowired; |
13 | 13 |
import org.springframework.http.MediaType; |
14 |
import org.springframework.security.access.prepost.PostAuthorize; |
|
15 |
import org.springframework.security.access.prepost.PostFilter; |
|
14 | 16 |
import org.springframework.security.access.prepost.PreAuthorize; |
15 | 17 |
import org.springframework.security.core.Authentication; |
18 |
import org.springframework.security.core.context.SecurityContextHolder; |
|
16 | 19 |
import org.springframework.web.bind.annotation.*; |
17 | 20 |
|
18 | 21 |
import javax.ws.rs.Path; |
... | ... | |
72 | 75 |
@RequestMapping(value = "/getRepositoryById/{id}", method = RequestMethod.GET, |
73 | 76 |
produces = MediaType.APPLICATION_JSON_VALUE) |
74 | 77 |
@ResponseBody |
78 |
@PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (returnObject.registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))") |
|
75 | 79 |
public Repository getRepositoryById(@PathVariable("id") String id) throws JSONException,ResourceNotFoundException { |
76 | 80 |
return repositoryService.getRepositoryById(id); |
77 | 81 |
} |
... | ... | |
102 | 106 |
@RequestMapping(value = "/getRepositoryInterface/{id}", method = RequestMethod.GET, |
103 | 107 |
produces = MediaType.APPLICATION_JSON_VALUE) |
104 | 108 |
@ResponseBody |
109 |
@PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#id).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))") |
|
105 | 110 |
public List<RepositoryInterface> getRepositoryInterface(@PathVariable("id") String id) throws JSONException { |
106 | 111 |
return repositoryService.getRepositoryInterface(id); |
107 | 112 |
} |
... | ... | |
109 | 114 |
@RequestMapping(value = "/addRepository", method = RequestMethod.POST, |
110 | 115 |
consumes = MediaType.APPLICATION_JSON_VALUE) |
111 | 116 |
@ResponseBody |
112 |
// @PreAuthorize("hasRole('ROLE_USER') and #repository.registeredBy == authentication.userInfo.email")
|
|
117 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (#repository.registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
|
|
113 | 118 |
public Repository addRepository(@RequestParam("datatype") String datatype, |
114 | 119 |
@RequestBody Repository repository) throws Exception { |
115 | 120 |
|
... | ... | |
140 | 145 |
@RequestMapping(value = "/updateRepository", method = RequestMethod.POST, |
141 | 146 |
consumes = MediaType.APPLICATION_JSON_VALUE) |
142 | 147 |
@ResponseBody |
148 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (#repository.registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))") |
|
143 | 149 |
public Repository updateRepository(@RequestBody Repository repository,Authentication authentication) throws Exception { |
144 | 150 |
return repositoryService.updateRepository(repository, authentication); |
145 | 151 |
} |
... | ... | |
154 | 160 |
@RequestMapping(value = "/addInterface", method = RequestMethod.POST, |
155 | 161 |
consumes = MediaType.APPLICATION_JSON_VALUE) |
156 | 162 |
@ResponseBody |
157 |
@PreAuthorize("hasRole('ROLE_USER') and #registeredBy == authentication.userInfo.email")
|
|
163 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
|
|
158 | 164 |
public RepositoryInterface addRepositoryInterface(@RequestParam("datatype") String datatype, |
159 | 165 |
@RequestParam("repoId") String repoId, |
160 | 166 |
@RequestParam("registeredBy") String registeredBy, |
... | ... | |
211 | 217 |
@RequestMapping(value = "/updateRepositoryInterface", method = RequestMethod.POST, |
212 | 218 |
consumes = MediaType.APPLICATION_JSON_VALUE) |
213 | 219 |
@ResponseBody |
214 |
@PreAuthorize("hasRole('ROLE_USER') and #registeredBy == authentication.userInfo.email")
|
|
220 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
|
|
215 | 221 |
public RepositoryInterface updateRepositoryInterface(@RequestParam("repoId") String repoId, |
216 | 222 |
@RequestParam("registeredBy") String registeredBy, |
217 | 223 |
@RequestBody RepositoryInterface repositoryInterface) throws Exception { |
Also available in: Unified diff
Moved permissions at the controller level