Revision 60495
Added by Konstantina Galouni about 3 years ago
DivIdController.java | ||
---|---|---|
9 | 9 |
import org.apache.log4j.Logger; |
10 | 10 |
import org.springframework.beans.factory.annotation.Autowired; |
11 | 11 |
import org.springframework.web.bind.annotation.*; |
12 |
import org.springframework.security.access.prepost.PreAuthorize; |
|
12 | 13 |
|
13 | 14 |
@RestController |
14 | 15 |
@CrossOrigin(origins = "*") |
... | ... | |
53 | 54 |
} |
54 | 55 |
|
55 | 56 |
// used |
56 |
// @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")
|
|
57 |
@PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
|
|
57 | 58 |
@RequestMapping(value = "/div/save", method = RequestMethod.POST) |
58 | 59 |
public DivIdResponse insertDivId(@RequestBody DivIdResponse divIdResponse) { |
59 | 60 |
return divIdService.insertDivId(divIdResponse); |
60 | 61 |
} |
61 | 62 |
|
62 | 63 |
// used |
63 |
// @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")
|
|
64 |
@PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
|
|
64 | 65 |
@RequestMapping(value = "/div/update", method = RequestMethod.POST) |
65 | 66 |
public DivIdResponse updateDivId(@RequestBody DivIdResponse divIdResponse) { |
66 | 67 |
return divIdService.updateDivId(divIdResponse); |
67 | 68 |
} |
68 | 69 |
|
69 | 70 |
// used |
70 |
// @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")
|
|
71 |
@PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
|
|
71 | 72 |
@RequestMapping(value = "/div/delete", method = RequestMethod.POST) |
72 | 73 |
public Boolean deleteDivIds(@RequestBody List<String> divIds) throws Exception { |
73 | 74 |
return divIdService.deleteDivIds(divIds); |
Also available in: Unified diff
[Trunk | Admin Tools Library]:
1. pom.xml: Added in dependency for spring security and and for uoa-authorization-library.
2. UoaAdminToolsLibraryApplication.java: import "AuthorizationConfiguration.class".
3. RolesUtils.java: Added folder handlers/utils and file handlers/utils/RolesUtils.java to get roles and info of user from authorization library.
4. AdminToolsLibraryExceptionsHandler.java: call setStatus of ExceptionResponse in handlers that status was not set | Use log.error instead of log.debug.
5. DivHelpContentService.java: Added checks and throw Exceptions in methods "deleteDivHelpContents()" and "toggleDivHelpContent()".
6. PageHelpContentService.java: Added checks and throw Exceptions in methods "deletePageHelpContents()" and "togglePageHelpContent()".
7. PortalService.java: Added checks and throw Exceptions in method "togglePage()".
8. EntityController.java: Added @PreAuthorize
Portal Admins: methods "insertEntity()" (/entity/save), "updateEntity()" (/entity/update), "deleteEntities()" (/entity/delete).
9. DivIdController.java: Added @PreAuthorize
Portal Admins: methods "insertDivId()" (/div/save), "updateDivId()" (/div/update), "deleteDivIds()" (/div/delete).
10. PageController.java: Added @PreAuthorize
Portal Admins: methods "insertPage()" (/page/save), "updatePage()" (/page/update), "deletePages()" (/page/delete).
11. AdminPortalRelationsController.java:
a. Added checks and throw Exceptions in methods "getEntitiesForCommunity()",
"getDivHelpContent()", "saveDivHelpContent()", "updateDivHelpContent()", "deleteDivHelpContents()", "toggleDivHelpContent()",
"togglePage()",
"getPageHelpContent()", "savePageHelpContent()", "updatePageHelpContent()", "deletePageHelpContents()", "togglePageHelpContent()"
b. Added @PreAuthorize
Portals Admin - Curators - Managers: "toggleEntity()" (/{portalType}/{pid}/entity/toggle),
"saveDivHelpContent()" (/{portalType}/{pid}/divhelpcontent/save), "updateDivHelpContent()" (/{portalType}/{pid}/divhelpcontent/update),
"deleteDivHelpContents()" (/{portalType}/{pid|/divhelpcontent/delete), "toggleDivHelpContent()" (/{portalType}/{pid|/divhelpcontent/toggle),
"togglePage()" (/{portalType}/{pid}/page/toggle),
"savePageHelpContent()" (/{portalType}/{pid}/pagehelpcontent/save), "updatePageHelpContent()" (/{portalType}/{pid}/pagehelpcontent/update),
"deletePageHelpContents()" (/{portalType}/{pid|/pagehelpcontent/delete), "togglePageHelpContent()" (/{portalType}/{pid|/pagehelpcontent/toggle)