Project

General

Profile

« Previous | Next » 

Revision 57463

Changed security expressions to include the case that registeredBy is null

View differences:

modules/uoa-repository-manager-service/trunk/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java
75 75
    @RequestMapping(value = "/getRepositoryById/{id}", method = RequestMethod.GET,
76 76
            produces = MediaType.APPLICATION_JSON_VALUE)
77 77
    @ResponseBody
78
    @PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (returnObject.registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
78
    @PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((returnObject.registeredBy==authentication.userInfo.email or returnObject.registeredBy==null) and hasRole('ROLE_USER'))")
79 79
    public Repository getRepositoryById(@PathVariable("id") String id) throws JSONException,ResourceNotFoundException {
80 80
        return repositoryService.getRepositoryById(id);
81 81
    }
......
106 106
    @RequestMapping(value = "/getRepositoryInterface/{id}", method = RequestMethod.GET,
107 107
            produces = MediaType.APPLICATION_JSON_VALUE)
108 108
    @ResponseBody
109
    @PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#id).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
109
    @PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#id).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#id).registeredBy==null ) and hasRole('ROLE_USER'))")
110 110
    public List<RepositoryInterface> getRepositoryInterface(@PathVariable("id") String id) throws JSONException {
111 111
        return repositoryService.getRepositoryInterface(id);
112 112
    }
......
114 114
    @RequestMapping(value = "/addRepository", method = RequestMethod.POST,
115 115
            consumes = MediaType.APPLICATION_JSON_VALUE)
116 116
    @ResponseBody
117
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (#repository.registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
117
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((#repository.registeredBy==authentication.userInfo.email or returnObject.registeredBy==null) and hasRole('ROLE_USER'))")
118 118
    public Repository addRepository(@RequestParam("datatype") String datatype,
119 119
                                    @RequestBody Repository repository) throws Exception {
120 120

  
......
145 145
    @RequestMapping(value = "/updateRepository", method = RequestMethod.POST,
146 146
            consumes = MediaType.APPLICATION_JSON_VALUE)
147 147
    @ResponseBody
148
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (#repository.registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
148
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((#repository.registeredBy==authentication.userInfo.email or #repository.registeredBy==null) and hasRole('ROLE_USER'))")
149 149
    public Repository updateRepository(@RequestBody Repository repository,Authentication authentication) throws Exception {
150 150
        return repositoryService.updateRepository(repository, authentication);
151 151
    }
......
160 160
    @RequestMapping(value = "/addInterface", method = RequestMethod.POST,
161 161
            consumes = MediaType.APPLICATION_JSON_VALUE)
162 162
    @ResponseBody
163
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
163
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#repoId).registeredBy==null) and hasRole('ROLE_USER'))")
164 164
    public RepositoryInterface addRepositoryInterface(@RequestParam("datatype") String datatype,
165 165
                                                      @RequestParam("repoId") String repoId,
166 166
                                                      @RequestParam("registeredBy") String registeredBy,
......
217 217
    @RequestMapping(value = "/updateRepositoryInterface", method = RequestMethod.POST,
218 218
            consumes = MediaType.APPLICATION_JSON_VALUE)
219 219
    @ResponseBody
220
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
220
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#repoId).registeredBy==null) and hasRole('ROLE_USER'))")
221 221
    public RepositoryInterface updateRepositoryInterface(@RequestParam("repoId") String repoId,
222 222
                                                         @RequestParam("registeredBy") String registeredBy,
223 223
                                                         @RequestBody RepositoryInterface repositoryInterface) throws Exception {
modules/uoa-repository-manager-service/trunk/src/main/java/eu/dnetlib/repo/manager/controllers/PiWikController.java
48 48

  
49 49
    @RequestMapping(value = "/getPiwikSiteForRepo/{repositoryId}" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE)
50 50
    @ResponseBody
51
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#repositoryId).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
51
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#repositoryId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#repositoryId).registeredBy==null) and hasRole('ROLE_USER'))")
52 52
    public PiwikInfo getPiwikSiteForRepo(@PathVariable("repositoryId") String repositoryId) {
53 53
        return piWikService.getPiwikSiteForRepo(repositoryId);
54 54
    }
55 55

  
56 56
    @RequestMapping(value = "/savePiwikInfo" , method = RequestMethod.POST,produces = MediaType.APPLICATION_JSON_VALUE)
57
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
57
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy==null) and hasRole('ROLE_USER'))")
58 58
    public PiwikInfo savePiwikInfo(@RequestBody PiwikInfo piwikInfo) {
59 59
        return piWikService.savePiwikInfo(piwikInfo);
60 60
    }

Also available in: Unified diff