MaDgIK
/
uoa-repository-manager-service
13
2
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Changed security expressions to include the case that registeredBy is null

This commit is contained in:
Ioannis Diplas 2019-10-29 10:16:13 +00:00
parent 530aac4540
commit c9d94fa4ab
2 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/eu/dnetlib/repo/manager/controllers/PiWikController.java
View File

@ -48,13 +48,13 @@ public class PiWikController {
@RequestMapping(value = "/getPiwikSiteForRepo/{repositoryId}" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE) @RequestMapping(value = "/getPiwikSiteForRepo/{repositoryId}" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody @ResponseBody
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#repositoryId).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))") @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#repositoryId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#repositoryId).registeredBy==null) and hasRole('ROLE_USER'))")
public PiwikInfo getPiwikSiteForRepo(@PathVariable("repositoryId") String repositoryId) { public PiwikInfo getPiwikSiteForRepo(@PathVariable("repositoryId") String repositoryId) {
return piWikService.getPiwikSiteForRepo(repositoryId); return piWikService.getPiwikSiteForRepo(repositoryId);
} }
@RequestMapping(value = "/savePiwikInfo" , method = RequestMethod.POST,produces = MediaType.APPLICATION_JSON_VALUE) @RequestMapping(value = "/savePiwikInfo" , method = RequestMethod.POST,produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))") @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy==null) and hasRole('ROLE_USER'))")
public PiwikInfo savePiwikInfo(@RequestBody PiwikInfo piwikInfo) { public PiwikInfo savePiwikInfo(@RequestBody PiwikInfo piwikInfo) {
return piWikService.savePiwikInfo(piwikInfo); return piWikService.savePiwikInfo(piwikInfo);
} }

12
src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java
View File

@ -75,7 +75,7 @@ public class RepositoryController {
@RequestMapping(value = "/getRepositoryById/{id}", method = RequestMethod.GET, @RequestMapping(value = "/getRepositoryById/{id}", method = RequestMethod.GET,
produces = MediaType.APPLICATION_JSON_VALUE) produces = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody @ResponseBody
@PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (returnObject.registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))") @PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((returnObject.registeredBy==authentication.userInfo.email or returnObject.registeredBy==null) and hasRole('ROLE_USER'))")
public Repository getRepositoryById(@PathVariable("id") String id) throws JSONException,ResourceNotFoundException { public Repository getRepositoryById(@PathVariable("id") String id) throws JSONException,ResourceNotFoundException {
return repositoryService.getRepositoryById(id); return repositoryService.getRepositoryById(id);
} }
@ -106,7 +106,7 @@ public class RepositoryController {
@RequestMapping(value = "/getRepositoryInterface/{id}", method = RequestMethod.GET, @RequestMapping(value = "/getRepositoryInterface/{id}", method = RequestMethod.GET,
produces = MediaType.APPLICATION_JSON_VALUE) produces = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody @ResponseBody
@PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#id).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))") @PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#id).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#id).registeredBy==null ) and hasRole('ROLE_USER'))")
public List<RepositoryInterface> getRepositoryInterface(@PathVariable("id") String id) throws JSONException { public List<RepositoryInterface> getRepositoryInterface(@PathVariable("id") String id) throws JSONException {
return repositoryService.getRepositoryInterface(id); return repositoryService.getRepositoryInterface(id);
} }
@ -114,7 +114,7 @@ public class RepositoryController {
@RequestMapping(value = "/addRepository", method = RequestMethod.POST, @RequestMapping(value = "/addRepository", method = RequestMethod.POST,
consumes = MediaType.APPLICATION_JSON_VALUE) consumes = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody @ResponseBody
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (#repository.registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))") @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((#repository.registeredBy==authentication.userInfo.email or returnObject.registeredBy==null) and hasRole('ROLE_USER'))")
public Repository addRepository(@RequestParam("datatype") String datatype, public Repository addRepository(@RequestParam("datatype") String datatype,
@RequestBody Repository repository) throws Exception { @RequestBody Repository repository) throws Exception {
@ -145,7 +145,7 @@ public class RepositoryController {
@RequestMapping(value = "/updateRepository", method = RequestMethod.POST, @RequestMapping(value = "/updateRepository", method = RequestMethod.POST,
consumes = MediaType.APPLICATION_JSON_VALUE) consumes = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody @ResponseBody
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (#repository.registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))") @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((#repository.registeredBy==authentication.userInfo.email or #repository.registeredBy==null) and hasRole('ROLE_USER'))")
public Repository updateRepository(@RequestBody Repository repository,Authentication authentication) throws Exception { public Repository updateRepository(@RequestBody Repository repository,Authentication authentication) throws Exception {
return repositoryService.updateRepository(repository, authentication); return repositoryService.updateRepository(repository, authentication);
} }
@ -160,7 +160,7 @@ public class RepositoryController {
@RequestMapping(value = "/addInterface", method = RequestMethod.POST, @RequestMapping(value = "/addInterface", method = RequestMethod.POST,
consumes = MediaType.APPLICATION_JSON_VALUE) consumes = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody @ResponseBody
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))") @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#repoId).registeredBy==null) and hasRole('ROLE_USER'))")
public RepositoryInterface addRepositoryInterface(@RequestParam("datatype") String datatype, public RepositoryInterface addRepositoryInterface(@RequestParam("datatype") String datatype,
@RequestParam("repoId") String repoId, @RequestParam("repoId") String repoId,
@RequestParam("registeredBy") String registeredBy, @RequestParam("registeredBy") String registeredBy,
@ -217,7 +217,7 @@ public class RepositoryController {
@RequestMapping(value = "/updateRepositoryInterface", method = RequestMethod.POST, @RequestMapping(value = "/updateRepositoryInterface", method = RequestMethod.POST,
consumes = MediaType.APPLICATION_JSON_VALUE) consumes = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody @ResponseBody
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))") @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#repoId).registeredBy==null) and hasRole('ROLE_USER'))")
public RepositoryInterface updateRepositoryInterface(@RequestParam("repoId") String repoId, public RepositoryInterface updateRepositoryInterface(@RequestParam("repoId") String repoId,
@RequestParam("registeredBy") String registeredBy, @RequestParam("registeredBy") String registeredBy,
@RequestBody RepositoryInterface repositoryInterface) throws Exception { @RequestBody RepositoryInterface repositoryInterface) throws Exception {