Project

General

Profile

« Previous | Next » 

Revision 57350

Added by Ioannis Diplas over 4 years ago

Moved permissions at the controller level

View differences:

RepositoryController.java
11 11 
import org.json.JSONException;
12 12 
import org.springframework.beans.factory.annotation.Autowired;
13 13 
import org.springframework.http.MediaType;
14 
import org.springframework.security.access.prepost.PostAuthorize;
15 
import org.springframework.security.access.prepost.PostFilter;
14 16 
import org.springframework.security.access.prepost.PreAuthorize;
15 17 
import org.springframework.security.core.Authentication;
18 
import org.springframework.security.core.context.SecurityContextHolder;
16 19 
import org.springframework.web.bind.annotation.*;
17 20 

  		




  18
  21
  
    
import javax.ws.rs.Path;


  		




  ......




  72
  75
  
    
    @RequestMapping(value = "/getRepositoryById/{id}", method = RequestMethod.GET,


  		




  73
  76
  
    
            produces = MediaType.APPLICATION_JSON_VALUE)


  		




  74
  77
  
    
    @ResponseBody


  		




  
  78
  
    
    @PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (returnObject.registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")


  		




  75
  79
  
    
    public Repository getRepositoryById(@PathVariable("id") String id) throws JSONException,ResourceNotFoundException {


  		




  76
  80
  
    
        return repositoryService.getRepositoryById(id);


  		




  77
  81
  
    
    }


  		




  ......




  102
  106
  
    
    @RequestMapping(value = "/getRepositoryInterface/{id}", method = RequestMethod.GET,


  		




  103
  107
  
    
            produces = MediaType.APPLICATION_JSON_VALUE)


  		




  104
  108
  
    
    @ResponseBody


  		




  
  109
  
    
    @PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#id).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")


  		




  105
  110
  
    
    public List<RepositoryInterface> getRepositoryInterface(@PathVariable("id") String id) throws JSONException {


  		




  106
  111
  
    
        return repositoryService.getRepositoryInterface(id);


  		




  107
  112
  
    
    }


  		




  ......




  109
  114
  
    
    @RequestMapping(value = "/addRepository", method = RequestMethod.POST,


  		




  110
  115
  
    
            consumes = MediaType.APPLICATION_JSON_VALUE)


  		




  111
  116
  
    
    @ResponseBody


  		




  112
  
  
    
//    @PreAuthorize("hasRole('ROLE_USER') and #repository.registeredBy == authentication.userInfo.email")


  		




  
  117
  
    
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (#repository.registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")


  		




  113
  118
  
    
    public Repository addRepository(@RequestParam("datatype") String datatype,


  		




  114
  119
  
    
                                    @RequestBody Repository repository) throws Exception {


  		




  115
  120
  
    

  		




  ......




  140
  145
  
    
    @RequestMapping(value = "/updateRepository", method = RequestMethod.POST,


  		




  141
  146
  
    
            consumes = MediaType.APPLICATION_JSON_VALUE)


  		




  142
  147
  
    
    @ResponseBody


  		




  
  148
  
    
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (#repository.registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")


  		




  143
  149
  
    
    public Repository updateRepository(@RequestBody Repository repository,Authentication authentication) throws Exception {


  		




  144
  150
  
    
        return repositoryService.updateRepository(repository, authentication);


  		




  145
  151
  
    
    }


  		




  ......




  154
  160
  
    
    @RequestMapping(value = "/addInterface", method = RequestMethod.POST,


  		




  155
  161
  
    
            consumes = MediaType.APPLICATION_JSON_VALUE)


  		




  156
  162
  
    
    @ResponseBody


  		




  157
  
  
    
    @PreAuthorize("hasRole('ROLE_USER') and #registeredBy == authentication.userInfo.email")


  		




  
  163
  
    
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")


  		




  158
  164
  
    
    public RepositoryInterface addRepositoryInterface(@RequestParam("datatype") String datatype,


  		




  159
  165
  
    
                                                      @RequestParam("repoId") String repoId,


  		




  160
  166
  
    
                                                      @RequestParam("registeredBy") String registeredBy,


  		




  ......




  211
  217
  
    
    @RequestMapping(value = "/updateRepositoryInterface", method = RequestMethod.POST,


  		




  212
  218
  
    
            consumes = MediaType.APPLICATION_JSON_VALUE)


  		




  213
  219
  
    
    @ResponseBody


  		




  214
  
  
    
    @PreAuthorize("hasRole('ROLE_USER') and #registeredBy == authentication.userInfo.email")


  		




  
  220
  
    
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")


  		




  215
  221
  
    
    public RepositoryInterface updateRepositoryInterface(@RequestParam("repoId") String repoId,


  		




  216
  222
  
    
                                                         @RequestParam("registeredBy") String registeredBy,


  		




  217
  223
  
    
                                                         @RequestBody RepositoryInterface repositoryInterface) throws Exception {


  		












Also available in:  Unified diff