Project

General

Profile

« Previous | Next » 

Revision 60495

Added by Konstantina Galouni about 3 years ago

[Trunk | Admin Tools Library]:
1. pom.xml: Added in dependency for spring security and and for uoa-authorization-library.
2. UoaAdminToolsLibraryApplication.java: import "AuthorizationConfiguration.class".
3. RolesUtils.java: Added folder handlers/utils and file handlers/utils/RolesUtils.java to get roles and info of user from authorization library.
4. AdminToolsLibraryExceptionsHandler.java: call setStatus of ExceptionResponse in handlers that status was not set | Use log.error instead of log.debug.
5. DivHelpContentService.java: Added checks and throw Exceptions in methods "deleteDivHelpContents()" and "toggleDivHelpContent()".
6. PageHelpContentService.java: Added checks and throw Exceptions in methods "deletePageHelpContents()" and "togglePageHelpContent()".
7. PortalService.java: Added checks and throw Exceptions in method "togglePage()".
8. EntityController.java: Added @PreAuthorize
Portal Admins: methods "insertEntity()" (/entity/save), "updateEntity()" (/entity/update), "deleteEntities()" (/entity/delete).
9. DivIdController.java: Added @PreAuthorize
Portal Admins: methods "insertDivId()" (/div/save), "updateDivId()" (/div/update), "deleteDivIds()" (/div/delete).
10. PageController.java: Added @PreAuthorize
Portal Admins: methods "insertPage()" (/page/save), "updatePage()" (/page/update), "deletePages()" (/page/delete).
11. AdminPortalRelationsController.java:
a. Added checks and throw Exceptions in methods "getEntitiesForCommunity()",
"getDivHelpContent()", "saveDivHelpContent()", "updateDivHelpContent()", "deleteDivHelpContents()", "toggleDivHelpContent()",
"togglePage()",
"getPageHelpContent()", "savePageHelpContent()", "updatePageHelpContent()", "deletePageHelpContents()", "togglePageHelpContent()"
b. Added @PreAuthorize
Portals Admin - Curators - Managers: "toggleEntity()" (/{portalType}/{pid}/entity/toggle),
"saveDivHelpContent()" (/{portalType}/{pid}/divhelpcontent/save), "updateDivHelpContent()" (/{portalType}/{pid}/divhelpcontent/update),
"deleteDivHelpContents()" (/{portalType}/{pid|/divhelpcontent/delete), "toggleDivHelpContent()" (/{portalType}/{pid|/divhelpcontent/toggle),
"togglePage()" (/{portalType}/{pid}/page/toggle),
"savePageHelpContent()" (/{portalType}/{pid}/pagehelpcontent/save), "updatePageHelpContent()" (/{portalType}/{pid}/pagehelpcontent/update),
"deletePageHelpContents()" (/{portalType}/{pid|/pagehelpcontent/delete), "togglePageHelpContent()" (/{portalType}/{pid|/pagehelpcontent/toggle)

View differences:

DivIdController.java
9 9 
import org.apache.log4j.Logger;
10 10 
import org.springframework.beans.factory.annotation.Autowired;
11 11 
import org.springframework.web.bind.annotation.*;
12 
import org.springframework.security.access.prepost.PreAuthorize;
12 13 

  		




  13
  14
  
    
@RestController


  		




  14
  15
  
    
@CrossOrigin(origins = "*")


  		




  ......




  53
  54
  
    
    }


  		




  54
  55
  
    

  		




  55
  56
  
    
    // used


  		




  56
  
  
    
//    @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")


  		




  
  57
  
    
    @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")


  		




  57
  58
  
    
    @RequestMapping(value = "/div/save", method = RequestMethod.POST)


  		




  58
  59
  
    
    public DivIdResponse insertDivId(@RequestBody DivIdResponse divIdResponse) {


  		




  59
  60
  
    
        return divIdService.insertDivId(divIdResponse);


  		




  60
  61
  
    
    }


  		




  61
  62
  
    

  		




  62
  63
  
    
    // used


  		




  63
  
  
    
//    @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")


  		




  
  64
  
    
    @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")


  		




  64
  65
  
    
    @RequestMapping(value = "/div/update", method = RequestMethod.POST)


  		




  65
  66
  
    
    public DivIdResponse updateDivId(@RequestBody DivIdResponse divIdResponse) {


  		




  66
  67
  
    
        return divIdService.updateDivId(divIdResponse);


  		




  67
  68
  
    
    }


  		




  68
  69
  
    

  		




  69
  70
  
    
    // used


  		




  70
  
  
    
//    @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")


  		




  
  71
  
    
    @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")


  		




  71
  72
  
    
    @RequestMapping(value = "/div/delete", method = RequestMethod.POST)


  		




  72
  73
  
    
    public Boolean deleteDivIds(@RequestBody List<String> divIds) throws Exception {


  		




  73
  74
  
    
        return divIdService.deleteDivIds(divIds);


  		












Also available in:  Unified diff