Revision 60495
Added by Konstantina Galouni about 3 years ago
AdminPortalRelationsController.java | ||
---|---|---|
8 | 8 |
import org.apache.log4j.Logger; |
9 | 9 |
import org.springframework.beans.factory.annotation.Autowired; |
10 | 10 |
import org.springframework.web.bind.annotation.*; |
11 |
import org.springframework.security.access.prepost.PreAuthorize; |
|
11 | 12 |
|
12 | 13 |
import java.util.List; |
13 | 14 |
import java.util.Set; |
... | ... | |
39 | 40 |
public List<PortalEntity> getEntitiesForCommunity(@PathVariable PortalType portalType, |
40 | 41 |
@PathVariable(value = "pid") String pid) { |
41 | 42 |
//@RequestParam(value="entity", required=false) String entity) { |
43 |
Portal portal = portalService.getPortal(pid); |
|
44 |
portalService.checkPortalInfo(pid, portalType.name(), portal, pid, "pid"); |
|
42 | 45 |
return portalService.getEntitiesForPortal(pid, null); |
43 | 46 |
} |
44 | 47 |
|
45 |
// cannot handle MismatchingContent |
|
46 |
// @PreAuthorize("hasAnyAuthority(" + |
|
47 |
// "@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " + |
|
48 |
// "@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))") |
|
48 |
@PreAuthorize("hasAnyAuthority(" + |
|
49 |
"@AuthorizationService.PORTAL_ADMIN, " + |
|
50 |
"@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))") |
|
49 | 51 |
@RequestMapping(value = {"/{pid}/entity/toggle"}, method = RequestMethod.POST) |
50 | 52 |
public Portal toggleEntity(@PathVariable PortalType portalType, |
51 | 53 |
@PathVariable(value = "pid") String pid, |
... | ... | |
81 | 83 |
} |
82 | 84 |
|
83 | 85 |
Portal portal = portalService.getPortalById(divHelpContent.getPortal()); |
84 |
portalService.checkPortalInfo(pid, portalType.name(), portal, divHelpContent.getPortal()); |
|
86 |
portalService.checkPortalInfo(pid, portalType.name(), portal, divHelpContent.getPortal(), "id");
|
|
85 | 87 |
return divHelpContent; |
86 | 88 |
} |
87 | 89 |
|
88 |
// @PreAuthorize("hasAnyAuthority(" +
|
|
89 |
// "@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " +
|
|
90 |
// "@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))")
|
|
90 |
@PreAuthorize("hasAnyAuthority(" + |
|
91 |
"@AuthorizationService.PORTAL_ADMIN, " +
|
|
92 |
"@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))") |
|
91 | 93 |
@RequestMapping(value = "/{pid}/divhelpcontent/save", method = RequestMethod.POST) |
92 | 94 |
public DivHelpContent saveDivHelpContent(@PathVariable PortalType portalType, |
93 | 95 |
@PathVariable(value = "pid") String pid, |
94 | 96 |
@RequestBody DivHelpContent divHelpContent) { |
95 | 97 |
Portal portal = portalService.getPortal(divHelpContent.getPortal()); |
96 |
portalService.checkPortalInfo(pid, portalType.name(), portal, divHelpContent.getPortal()); |
|
98 |
portalService.checkPortalInfo(pid, portalType.name(), portal, divHelpContent.getPortal(), "pid");
|
|
97 | 99 |
divHelpContent.setPortal(portal.getId()); |
98 | 100 |
return divHelpContentService.insertOrUpdateDivHelpContent(divHelpContent); |
99 | 101 |
} |
100 | 102 |
|
101 |
// @PreAuthorize("hasAnyAuthority(" +
|
|
102 |
// "@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " +
|
|
103 |
// "@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))")
|
|
103 |
@PreAuthorize("hasAnyAuthority(" + |
|
104 |
"@AuthorizationService.PORTAL_ADMIN, " +
|
|
105 |
"@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))") |
|
104 | 106 |
@RequestMapping(value = "/{pid}/divhelpcontent/update", method = RequestMethod.POST) |
105 | 107 |
public DivHelpContent updateDivHelpContent(@PathVariable PortalType portalType, |
106 | 108 |
@PathVariable(value = "pid") String pid, |
107 | 109 |
@RequestBody DivHelpContent divHelpContent) { |
108 | 110 |
Portal portal = portalService.getPortalById(divHelpContent.getPortal()); |
109 |
portalService.checkPortalInfo(pid, portalType.name(), portal, divHelpContent.getPortal()); |
|
111 |
portalService.checkPortalInfo(pid, portalType.name(), portal, divHelpContent.getPortal(), "id");
|
|
110 | 112 |
return divHelpContentService.insertOrUpdateDivHelpContent(divHelpContent); |
111 | 113 |
} |
112 | 114 |
|
113 | 115 |
// cannot handle MismatchingContent |
114 |
// @PreAuthorize("hasAnyAuthority(" +
|
|
115 |
// "@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " +
|
|
116 |
// "@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))")
|
|
116 |
@PreAuthorize("hasAnyAuthority(" + |
|
117 |
"@AuthorizationService.PORTAL_ADMIN, " +
|
|
118 |
"@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))") |
|
117 | 119 |
@RequestMapping(value = "/{pid}/divhelpcontent/delete", method = RequestMethod.POST) |
118 | 120 |
public Boolean deleteDivHelpContents(@PathVariable PortalType portalType, |
119 | 121 |
@PathVariable(value = "pid") String pid, |
120 | 122 |
@RequestBody List<String> divHelpContents) throws Exception { |
121 |
return divHelpContentService.deleteDivHelpContents(divHelpContents); |
|
123 |
return divHelpContentService.deleteDivHelpContents(divHelpContents, pid, portalType);
|
|
122 | 124 |
} |
123 | 125 |
|
124 | 126 |
// cannot handle MismatchingContent |
125 |
// @PreAuthorize("hasAnyAuthority(" +
|
|
126 |
// "@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " +
|
|
127 |
// "@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))")
|
|
127 |
@PreAuthorize("hasAnyAuthority(" + |
|
128 |
"@AuthorizationService.PORTAL_ADMIN, " +
|
|
129 |
"@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))") |
|
128 | 130 |
@RequestMapping(value = "/{pid}/divhelpcontent/toggle", method = RequestMethod.POST) |
129 | 131 |
public List<String> toggleDivHelpContent(@PathVariable PortalType portalType, |
130 | 132 |
@PathVariable(value = "pid") String pid, |
131 | 133 |
@RequestBody List<String> divHelpContents, @RequestParam String status) throws Exception { |
132 |
return divHelpContentService.toggleDivHelpContent(divHelpContents, status); |
|
134 |
return divHelpContentService.toggleDivHelpContent(divHelpContents, status, pid, portalType);
|
|
133 | 135 |
} |
134 | 136 |
|
135 | 137 |
|
... | ... | |
192 | 194 |
// } |
193 | 195 |
|
194 | 196 |
// used |
195 |
// @PreAuthorize("hasAnyAuthority(" +
|
|
196 |
// "@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " +
|
|
197 |
// "@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))")
|
|
197 |
@PreAuthorize("hasAnyAuthority(" + |
|
198 |
"@AuthorizationService.PORTAL_ADMIN, " +
|
|
199 |
"@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))") |
|
198 | 200 |
@RequestMapping(value = {"/{pid}/page/toggle"}, method = RequestMethod.POST) |
199 | 201 |
public Portal togglePage(@PathVariable PortalType portalType, |
200 | 202 |
@PathVariable(value = "pid") String pid, |
201 | 203 |
@RequestBody List<String> pageIds, @RequestParam String status) throws Exception { |
202 |
return portalService.togglePage(pid, pageIds, status); |
|
204 |
return portalService.togglePage(pid, portalType.name(), pageIds, status);
|
|
203 | 205 |
} |
204 | 206 |
|
205 | 207 |
@RequestMapping(value = "/{pid}/page", method = RequestMethod.GET) |
... | ... | |
254 | 256 |
} |
255 | 257 |
|
256 | 258 |
Portal portal = portalService.getPortalById(pageHelpContent.getPortal()); |
257 |
portalService.checkPortalInfo(pid, portalType.name(), portal, pageHelpContent.getPortal()); |
|
259 |
portalService.checkPortalInfo(pid, portalType.name(), portal, pageHelpContent.getPortal(), "id");
|
|
258 | 260 |
return pageHelpContent; |
259 | 261 |
} |
260 | 262 |
|
261 |
// @PreAuthorize("hasAnyAuthority(" +
|
|
262 |
// "@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " +
|
|
263 |
// "@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))")
|
|
263 |
@PreAuthorize("hasAnyAuthority(" + |
|
264 |
"@AuthorizationService.PORTAL_ADMIN, " +
|
|
265 |
"@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))") |
|
264 | 266 |
@RequestMapping(value = "/{pid}/pagehelpcontent/save", method = RequestMethod.POST) |
265 | 267 |
public PageHelpContent insertPageHelpContent(@PathVariable PortalType portalType, |
266 | 268 |
@PathVariable(value = "pid") String pid, |
267 | 269 |
@RequestBody PageHelpContent pageHelpContent) { |
268 | 270 |
Portal portal = portalService.getPortal(pageHelpContent.getPortal()); |
269 |
portalService.checkPortalInfo(pid, portalType.name(), portal, pageHelpContent.getPortal()); |
|
271 |
portalService.checkPortalInfo(pid, portalType.name(), portal, pageHelpContent.getPortal(), "pid");
|
|
270 | 272 |
pageHelpContent.setPortal(portal.getId()); |
271 | 273 |
return pageHelpContentService.insertOrUpdatePageHelpContent(pageHelpContent); |
272 | 274 |
} |
273 | 275 |
|
274 |
// @PreAuthorize("hasAnyAuthority(" +
|
|
275 |
// "@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " +
|
|
276 |
// "@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))")
|
|
276 |
@PreAuthorize("hasAnyAuthority(" + |
|
277 |
"@AuthorizationService.PORTAL_ADMIN, " +
|
|
278 |
"@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))") |
|
277 | 279 |
@RequestMapping(value = "/{pid}/pagehelpcontent/update", method = RequestMethod.POST) |
278 | 280 |
public PageHelpContent updatePageHelpContent(@PathVariable PortalType portalType, |
279 | 281 |
@PathVariable(value = "pid") String pid, |
280 | 282 |
@RequestBody PageHelpContent pageHelpContent) { |
281 | 283 |
Portal portal = portalService.getPortalById(pageHelpContent.getPortal()); |
282 |
portalService.checkPortalInfo(pid, portalType.name(), portal, pageHelpContent.getPortal()); |
|
284 |
portalService.checkPortalInfo(pid, portalType.name(), portal, pageHelpContent.getPortal(), "id");
|
|
283 | 285 |
return pageHelpContentService.insertOrUpdatePageHelpContent(pageHelpContent); |
284 | 286 |
} |
285 | 287 |
|
286 | 288 |
// cannot handle MismatchingContent |
287 |
// @PreAuthorize("hasAnyAuthority(" +
|
|
288 |
// "@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " +
|
|
289 |
// "@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))")
|
|
289 |
@PreAuthorize("hasAnyAuthority(" + |
|
290 |
"@AuthorizationService.PORTAL_ADMIN, " +
|
|
291 |
"@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))") |
|
290 | 292 |
@RequestMapping(value = "/{pid}/pagehelpcontent/delete", method = RequestMethod.POST) |
291 | 293 |
public Boolean deletePageHelpContents(@PathVariable PortalType portalType, |
292 | 294 |
@PathVariable(value = "pid") String pid, |
293 | 295 |
@RequestBody List<String> pageHelpContents) throws Exception { |
294 |
return pageHelpContentService.deletePageHelpContents(pageHelpContents); |
|
296 |
return pageHelpContentService.deletePageHelpContents(pageHelpContents, pid, portalType);
|
|
295 | 297 |
} |
296 | 298 |
|
297 | 299 |
// cannot handle MismatchingContent |
298 |
// @PreAuthorize("hasAnyAuthority(" +
|
|
299 |
// "@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " +
|
|
300 |
// "@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))")
|
|
300 |
@PreAuthorize("hasAnyAuthority(" + |
|
301 |
"@AuthorizationService.PORTAL_ADMIN, " +
|
|
302 |
"@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))") |
|
301 | 303 |
@RequestMapping(value = "/{pid}/pagehelpcontent/toggle", method = RequestMethod.POST) |
302 | 304 |
public List<String> togglePageHelpContent(@PathVariable PortalType portalType, |
303 | 305 |
@PathVariable(value = "pid") String pid, |
304 | 306 |
@RequestBody List<String> pageHelpContents, @RequestParam String status) throws Exception { |
305 |
return pageHelpContentService.togglePageHelpContent(pageHelpContents, status); |
|
307 |
return pageHelpContentService.togglePageHelpContent(pageHelpContents, status, pid, portalType);
|
|
306 | 308 |
} |
307 | 309 |
|
308 | 310 |
} |
Also available in: Unified diff
[Trunk | Admin Tools Library]:
1. pom.xml: Added in dependency for spring security and and for uoa-authorization-library.
2. UoaAdminToolsLibraryApplication.java: import "AuthorizationConfiguration.class".
3. RolesUtils.java: Added folder handlers/utils and file handlers/utils/RolesUtils.java to get roles and info of user from authorization library.
4. AdminToolsLibraryExceptionsHandler.java: call setStatus of ExceptionResponse in handlers that status was not set | Use log.error instead of log.debug.
5. DivHelpContentService.java: Added checks and throw Exceptions in methods "deleteDivHelpContents()" and "toggleDivHelpContent()".
6. PageHelpContentService.java: Added checks and throw Exceptions in methods "deletePageHelpContents()" and "togglePageHelpContent()".
7. PortalService.java: Added checks and throw Exceptions in method "togglePage()".
8. EntityController.java: Added @PreAuthorize
Portal Admins: methods "insertEntity()" (/entity/save), "updateEntity()" (/entity/update), "deleteEntities()" (/entity/delete).
9. DivIdController.java: Added @PreAuthorize
Portal Admins: methods "insertDivId()" (/div/save), "updateDivId()" (/div/update), "deleteDivIds()" (/div/delete).
10. PageController.java: Added @PreAuthorize
Portal Admins: methods "insertPage()" (/page/save), "updatePage()" (/page/update), "deletePages()" (/page/delete).
11. AdminPortalRelationsController.java:
a. Added checks and throw Exceptions in methods "getEntitiesForCommunity()",
"getDivHelpContent()", "saveDivHelpContent()", "updateDivHelpContent()", "deleteDivHelpContents()", "toggleDivHelpContent()",
"togglePage()",
"getPageHelpContent()", "savePageHelpContent()", "updatePageHelpContent()", "deletePageHelpContents()", "togglePageHelpContent()"
b. Added @PreAuthorize
Portals Admin - Curators - Managers: "toggleEntity()" (/{portalType}/{pid}/entity/toggle),
"saveDivHelpContent()" (/{portalType}/{pid}/divhelpcontent/save), "updateDivHelpContent()" (/{portalType}/{pid}/divhelpcontent/update),
"deleteDivHelpContents()" (/{portalType}/{pid|/divhelpcontent/delete), "toggleDivHelpContent()" (/{portalType}/{pid|/divhelpcontent/toggle),
"togglePage()" (/{portalType}/{pid}/page/toggle),
"savePageHelpContent()" (/{portalType}/{pid}/pagehelpcontent/save), "updatePageHelpContent()" (/{portalType}/{pid}/pagehelpcontent/update),
"deletePageHelpContents()" (/{portalType}/{pid|/pagehelpcontent/delete), "togglePageHelpContent()" (/{portalType}/{pid|/pagehelpcontent/toggle)