Revision 60501
Added by Konstantina Galouni about 3 years ago
| CuratorController.java | ||
|---|---|---|
| 3 | 3 |
import eu.dnetlib.uoaadmintools.dao.CuratorDAO; |
| 4 | 4 |
import eu.dnetlib.uoaadmintools.entities.curator.Curator; |
| 5 | 5 |
import eu.dnetlib.uoaadmintools.entities.curator.CuratorResponse; |
| 6 |
import eu.dnetlib.uoaadmintoolslibrary.handlers.utils.RolesUtils; |
|
| 6 | 7 |
import org.apache.log4j.Logger; |
| 7 | 8 |
import org.springframework.beans.factory.annotation.Autowired; |
| 9 |
import org.springframework.security.access.prepost.PreAuthorize; |
|
| 8 | 10 |
import org.springframework.web.bind.annotation.*; |
| 9 | 11 |
|
| 10 | 12 |
import java.util.ArrayList; |
| ... | ... | |
| 19 | 21 |
@Autowired |
| 20 | 22 |
private CuratorDAO curatorDAO; |
| 21 | 23 |
|
| 24 |
@Autowired |
|
| 25 |
private RolesUtils rolesUtils; |
|
| 22 | 26 |
|
| 23 | 27 |
/** |
| 24 | 28 |
* Return a list with curator. If list of emails does not existed return all curators, else return |
| ... | ... | |
| 51 | 55 |
* @param id |
| 52 | 56 |
* @return |
| 53 | 57 |
*/ |
| 58 |
@PreAuthorize("isAuthenticated()")
|
|
| 54 | 59 |
@RequestMapping(value = "/curator/{id}", method = RequestMethod.GET)
|
| 55 | 60 |
public Curator getCuratorById(@PathVariable String id) {
|
| 56 | 61 |
return curatorDAO.findById(id); |
| ... | ... | |
| 62 | 67 |
* @param curator |
| 63 | 68 |
* @return |
| 64 | 69 |
*/ |
| 70 |
@PreAuthorize("isAuthenticated()")
|
|
| 65 | 71 |
@RequestMapping(value = "/curator", method = RequestMethod.POST) |
| 66 | 72 |
public Curator insertCurator(@RequestBody Curator curator) {
|
| 73 |
String aaiId = rolesUtils.getAaiId(); |
|
| 74 |
curator.setId(aaiId); |
|
| 67 | 75 |
return curatorDAO.save(curator); |
| 68 | 76 |
} |
| 69 | 77 |
|
| ... | ... | |
| 73 | 81 |
* |
| 74 | 82 |
* @param emails |
| 75 | 83 |
*/ |
| 84 |
@PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
|
|
| 76 | 85 |
@RequestMapping(value = "/curator", method = RequestMethod.DELETE) |
| 77 | 86 |
public void deleteCurators(@RequestBody(required = false) Optional<List<String>> emails) {
|
| 78 | 87 |
if(emails.isPresent()) {
|
Also available in: Unified diff
[Trunk | Admin Tools]:
1. pom.xml: Added dependency for spring security.
2. UoaAdminToolsApplication.java: Import AuthorizationConfiguration.class | Remove SecurityConfig.class from @EnableConfigurationProperties.
3. UoaAdminToolsConfiguration.java: Comment "addInterceptors()" method calling AuthorizationHandler with SecurityConfig.
4. SecurityConfig.java & AuthorizationHandler.java & AuthorizationUtils.java & CommunityInfo.java & UserInfo.java: Commented all contents of these files (files will be deleted in coming commit).
5. PortalSubscribersController.java: Comment imports from commeted files.
6. Notifications.java: Added field "aaiId" get getters and setters.
7. NotificationsController.java:
a. Method "getNotifications()" is replaced by "getNotificationsForUser()" (/community/{pid}/notifications) - returns notification settings only for user who made the request (uoa-authorization-li$
b. Path changed for method "getNotifications()": /community/{pid}/notifications/all
c. Remove "@RequestBody String email" parameter from method "deleteNotification()" - get email from user who made the request (uoa-authorization-library).
d. In method "saveNotification()" get aaiId and email from user who made the request (uoa-authorization-library).
e. Added checks and throw Exceptions in all methods.
f. Added @PreAuthorize
Portal Admins: "getNotifications()" (/community/{pid}/notifications/all)
Portal Admins - Curators - Managers: "getNotificationsForUser()" (/community/{pid}/notifications), "deleteNotification()" (/community/{pid}/notifications), "saveNotification()" (/communit$
8. ExploreController.java:
a. Added checks and throw Exceptions in all methods.
b. Added @PreAuthorize
Portal Admins: "updateExplore()" (/explore/update), "insertExplore()" (/explore/save), "deleteExplore()" (/explore/delete).
9. ConnectController.java:
a. Added checks and throw Exceptions in all methods.
b. Added @PreAuthorize
Portal Admins: "updateConnect()" (/connect/update), "insertConnect()" (/connect/save), "deleteConnect()" (/connect/delete).
c. Commented methods "getLayoutForConnect()" and "updateLayoutForConnect()" (/connect/{pid}/layout).
10. CommunityController.java:
a. Added checks and throw Exceptions in all methods.
b. Added @PreAuthorize
Portal Admins: "updateCommunity()" (/community/update), "insertCommunity()" (/community/save), "deleteCommunity()" (/community/delete).
Portal Admin - Curators - Managers: "updateLayoutForCommunity()" (/community/{pid}/layout).
11. CuratorController.java:
a. In "insertCurator() (/curator) set _id field with aaiId from user who made the request (uoa-authorization-library).
b. Added @PreAuthorize
Authenticated users: "getCuratorById()" (/curator/{id}), "insertCurator()" (/curator).
Portal Admins: "deleteCurators()" (/curator).