MaDgiK-CITE
/
argos
13
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

Fixes Security issues, where user could create DMP template.

This commit is contained in:
gkolokythas 2019-10-03 18:08:47 +03:00
parent d89beeaf0f
commit 1b36ad6c1a
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dmp-backend/web/src/main/java/eu/eudat/controllers/Admin.java
View File

@ -90,7 +90,7 @@ public class Admin extends BaseController {
@RequestMapping(method = RequestMethod.POST, value = {"/datasetprofiles/getPaged"}, produces = "application/json")
public @ResponseBody
ResponseEntity<ResponseItem<DataTableData<DatasetProfileListingModel>>> getPaged(@RequestBody DatasetProfileTableRequestItem datasetProfileTableRequestItem, Principal principal) throws Exception {
ResponseEntity<ResponseItem<DataTableData<DatasetProfileListingModel>>> getPaged(@RequestBody DatasetProfileTableRequestItem datasetProfileTableRequestItem, @ClaimedAuthorities(claims = {ADMIN}) Principal principal) throws Exception {
DataTableData<DatasetProfileListingModel> datasetProfileTableData = this.datasetProfileManager.getPaged(datasetProfileTableRequestItem);
return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem<DataTableData<DatasetProfileListingModel>>().status(ApiMessageCode.NO_MESSAGE).payload(datasetProfileTableData));
}
@ -116,7 +116,7 @@ public class Admin extends BaseController {
@Transactional
@RequestMapping(method = RequestMethod.DELETE, value = {"{id}"}, consumes = "application/json", produces = "application/json")
public @ResponseBody
ResponseEntity<ResponseItem<DatasetProfile>> inactivate(@PathVariable String id, Principal principal) {
ResponseEntity<ResponseItem<DatasetProfile>> inactivate(@PathVariable String id, @ClaimedAuthorities(claims = {ADMIN}) Principal principal) {
try {
eu.eudat.data.entities.DatasetProfile ret = AdminManager.inactivate(this.getApiContext().getOperationsContext().getDatabaseRepository().getDatasetProfileDao(), this.getApiContext().getOperationsContext().getDatabaseRepository().getDatasetDao(), id);
return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem<eu.eudat.models.data.admin.composite.DatasetProfile>().status(ApiMessageCode.SUCCESS_MESSAGE));

2
dmp-backend/web/src/main/java/eu/eudat/controllers/DMPProfileController.java
View File

@ -46,7 +46,7 @@ public class DMPProfileController extends BaseController {
@Transactional
@RequestMapping(method = RequestMethod.POST, consumes = "application/json", produces = "application/json")
public @ResponseBody
ResponseEntity<ResponseItem<DMPProfile>> createOrUpdate(@RequestBody DataManagementPlanProfileListingModel dataManagementPlan, Principal principal) throws Exception {
ResponseEntity<ResponseItem<DMPProfile>> createOrUpdate(@RequestBody DataManagementPlanProfileListingModel dataManagementPlan, @ClaimedAuthorities(claims = {ADMIN}) Principal principal) throws Exception {
this.dataManagementProfileManager.createOrUpdate(dataManagementPlan, principal);
return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem<DMPProfile>().status(ApiMessageCode.SUCCESS_MESSAGE).message("Created"));
}