fixed (?) interface role checking
This commit is contained in:
parent
35825693ce
commit
702abc38e6
|
@ -163,13 +163,13 @@ public class RepositoryController {
|
|||
@RequestMapping(value = "/updateRepository", method = RequestMethod.POST,
|
||||
consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#repository.id)")
|
||||
@PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOfInterface(#repository.id)")
|
||||
public Repository updateRepository(@RequestBody Repository repository, Authentication authentication) throws Exception {
|
||||
return repositoryService.updateRepository(repository, authentication);
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/deleteInterface/", method = RequestMethod.DELETE)
|
||||
@PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)")
|
||||
@PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOfInterface(#id)")
|
||||
public void deleteRepositoryInterface(@RequestParam("id") String id,
|
||||
@RequestParam("registeredBy") String registeredBy) {
|
||||
repositoryService.deleteRepositoryInterface(id, registeredBy);
|
||||
|
|
|
@ -21,6 +21,11 @@ public interface AuthorizationService {
|
|||
*/
|
||||
boolean isMemberOf(String id);
|
||||
|
||||
/**
|
||||
* @param id repository interface Id to check.
|
||||
* @return Checks if a user is a member of a repository interface.
|
||||
*/
|
||||
boolean isMemberOfInterface(String id);
|
||||
|
||||
/**
|
||||
* Returns a list of admins of the resource.
|
||||
|
|
|
@ -53,7 +53,16 @@ public class AuthorizationServiceImpl implements AuthorizationService {
|
|||
public boolean isMemberOf(String repoId) {
|
||||
String repoRole = roleMappingService.convertRepoIdToEncodedAuthorityId(repoId);
|
||||
return SecurityContextHolder.getContext().getAuthentication().getAuthorities()
|
||||
.parallelStream().anyMatch(authority -> authority.toString().equals(repoRole));
|
||||
.stream().anyMatch(authority -> authority.toString().equals(repoRole));
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isMemberOfInterface(String interfaceId) {
|
||||
|
||||
//TODO blame Konstantinos Spyrou. He forced my hand...
|
||||
String repoId = interfaceId.split("::")[1] + "::" + interfaceId.split("::")[2];
|
||||
|
||||
return isMemberOf(repoId);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
Loading…
Reference in New Issue