Changed security expressions to include the case that registeredBy is null
This commit is contained in:
parent
530aac4540
commit
c9d94fa4ab
|
|
@ -48,13 +48,13 @@ public class PiWikController {
|
|||
|
||||
@RequestMapping(value = "/getPiwikSiteForRepo/{repositoryId}" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#repositoryId).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#repositoryId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#repositoryId).registeredBy==null) and hasRole('ROLE_USER'))")
|
||||
public PiwikInfo getPiwikSiteForRepo(@PathVariable("repositoryId") String repositoryId) {
|
||||
return piWikService.getPiwikSiteForRepo(repositoryId);
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/savePiwikInfo" , method = RequestMethod.POST,produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy==null) and hasRole('ROLE_USER'))")
|
||||
public PiwikInfo savePiwikInfo(@RequestBody PiwikInfo piwikInfo) {
|
||||
return piWikService.savePiwikInfo(piwikInfo);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ public class RepositoryController {
|
|||
@RequestMapping(value = "/getRepositoryById/{id}", method = RequestMethod.GET,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (returnObject.registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
|
||||
@PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((returnObject.registeredBy==authentication.userInfo.email or returnObject.registeredBy==null) and hasRole('ROLE_USER'))")
|
||||
public Repository getRepositoryById(@PathVariable("id") String id) throws JSONException,ResourceNotFoundException {
|
||||
return repositoryService.getRepositoryById(id);
|
||||
}
|
||||
|
|
@ -106,7 +106,7 @@ public class RepositoryController {
|
|||
@RequestMapping(value = "/getRepositoryInterface/{id}", method = RequestMethod.GET,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#id).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
|
||||
@PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#id).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#id).registeredBy==null ) and hasRole('ROLE_USER'))")
|
||||
public List<RepositoryInterface> getRepositoryInterface(@PathVariable("id") String id) throws JSONException {
|
||||
return repositoryService.getRepositoryInterface(id);
|
||||
}
|
||||
|
|
@ -114,7 +114,7 @@ public class RepositoryController {
|
|||
@RequestMapping(value = "/addRepository", method = RequestMethod.POST,
|
||||
consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (#repository.registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((#repository.registeredBy==authentication.userInfo.email or returnObject.registeredBy==null) and hasRole('ROLE_USER'))")
|
||||
public Repository addRepository(@RequestParam("datatype") String datatype,
|
||||
@RequestBody Repository repository) throws Exception {
|
||||
|
||||
|
|
@ -145,7 +145,7 @@ public class RepositoryController {
|
|||
@RequestMapping(value = "/updateRepository", method = RequestMethod.POST,
|
||||
consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (#repository.registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((#repository.registeredBy==authentication.userInfo.email or #repository.registeredBy==null) and hasRole('ROLE_USER'))")
|
||||
public Repository updateRepository(@RequestBody Repository repository,Authentication authentication) throws Exception {
|
||||
return repositoryService.updateRepository(repository, authentication);
|
||||
}
|
||||
|
|
@ -160,7 +160,7 @@ public class RepositoryController {
|
|||
@RequestMapping(value = "/addInterface", method = RequestMethod.POST,
|
||||
consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#repoId).registeredBy==null) and hasRole('ROLE_USER'))")
|
||||
public RepositoryInterface addRepositoryInterface(@RequestParam("datatype") String datatype,
|
||||
@RequestParam("repoId") String repoId,
|
||||
@RequestParam("registeredBy") String registeredBy,
|
||||
|
|
@ -217,7 +217,7 @@ public class RepositoryController {
|
|||
@RequestMapping(value = "/updateRepositoryInterface", method = RequestMethod.POST,
|
||||
consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email and hasRole('ROLE_USER'))")
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#repoId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#repoId).registeredBy==null) and hasRole('ROLE_USER'))")
|
||||
public RepositoryInterface updateRepositoryInterface(@RequestParam("repoId") String repoId,
|
||||
@RequestParam("registeredBy") String registeredBy,
|
||||
@RequestBody RepositoryInterface repositoryInterface) throws Exception {
|
||||
|
|
|
|||
Loading…
Reference in New Issue