Revision 57463
Added by Ioannis Diplas over 4 years ago
RepositoryController.java | ||
---|---|---|
75 | 75 |
@RequestMapping(value = "/getRepositoryById/{id}", method = RequestMethod.GET, |
76 | 76 |
produces = MediaType.APPLICATION_JSON_VALUE) |
77 | 77 |
@ResponseBody |
78 |
@PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (returnObject.registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
|
|
78 |
@PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((returnObject.registeredBy==authentication.userInfo.email or returnObject.registeredBy==null) and hasRole('ROLE_USER'))")
|
|
79 | 79 |
public Repository getRepositoryById(@PathVariable("id") String id) throws JSONException,ResourceNotFoundException { |
80 | 80 |
return repositoryService.getRepositoryById(id); |
81 | 81 |
} |
... | ... | |
106 | 106 |
@RequestMapping(value = "/getRepositoryInterface/{id}", method = RequestMethod.GET, |
107 | 107 |
produces = MediaType.APPLICATION_JSON_VALUE) |
108 | 108 |
@ResponseBody |
109 |
@PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#id).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
|
|
109 |
@PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#id).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#id).registeredBy==null ) and hasRole('ROLE_USER'))")
|
|
110 | 110 |
public List<RepositoryInterface> getRepositoryInterface(@PathVariable("id") String id) throws JSONException { |
111 | 111 |
return repositoryService.getRepositoryInterface(id); |
112 | 112 |
} |
... | ... | |
114 | 114 |
@RequestMapping(value = "/addRepository", method = RequestMethod.POST, |
115 | 115 |
consumes = MediaType.APPLICATION_JSON_VALUE) |
116 | 116 |
@ResponseBody |
117 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (#repository.registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
|
|
117 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((#repository.registeredBy==authentication.userInfo.email or returnObject.registeredBy==null) and hasRole('ROLE_USER'))")
|
|
118 | 118 |
public Repository addRepository(@RequestParam("datatype") String datatype, |
119 | 119 |
@RequestBody Repository repository) throws Exception { |
120 | 120 |
|
... | ... | |
145 | 145 |
@RequestMapping(value = "/updateRepository", method = RequestMethod.POST, |
146 | 146 |
consumes = MediaType.APPLICATION_JSON_VALUE) |
147 | 147 |
@ResponseBody |
148 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (#repository.registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
|
|
148 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((#repository.registeredBy==authentication.userInfo.email or #repository.registeredBy==null) and hasRole('ROLE_USER'))")
|
|
149 | 149 |
public Repository updateRepository(@RequestBody Repository repository,Authentication authentication) throws Exception { |
150 | 150 |
return repositoryService.updateRepository(repository, authentication); |
151 | 151 |
} |
... | ... | |
160 | 160 |
@RequestMapping(value = "/addInterface", method = RequestMethod.POST, |
161 | 161 |
consumes = MediaType.APPLICATION_JSON_VALUE) |
162 | 162 |
@ResponseBody |
163 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
|
|
163 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#repoId).registeredBy==null) and hasRole('ROLE_USER'))")
|
|
164 | 164 |
public RepositoryInterface addRepositoryInterface(@RequestParam("datatype") String datatype, |
165 | 165 |
@RequestParam("repoId") String repoId, |
166 | 166 |
@RequestParam("registeredBy") String registeredBy, |
... | ... | |
217 | 217 |
@RequestMapping(value = "/updateRepositoryInterface", method = RequestMethod.POST, |
218 | 218 |
consumes = MediaType.APPLICATION_JSON_VALUE) |
219 | 219 |
@ResponseBody |
220 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
|
|
220 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#repoId).registeredBy==null) and hasRole('ROLE_USER'))")
|
|
221 | 221 |
public RepositoryInterface updateRepositoryInterface(@RequestParam("repoId") String repoId, |
222 | 222 |
@RequestParam("registeredBy") String registeredBy, |
223 | 223 |
@RequestBody RepositoryInterface repositoryInterface) throws Exception { |
Also available in: Unified diff
Changed security expressions to include the case that registeredBy is null