Commit 4b6cc968 authored by Matija Obreza's avatar Matija Obreza

VETTEDUSER can create team, ADMINISTRATOR can get widget info & other

things
parent 0d2ece96
......@@ -57,7 +57,7 @@ public class TeamServiceImpl implements TeamService {
@Override
@Transactional(readOnly = false)
@PreAuthorize("isAuthenticated()")
@PreAuthorize("isAuthenticated() and hasRole('VETTEDUSER')")
public Team addTeam(String name) {
final User user = SecurityContextUtil.getCurrentUser();
......
......@@ -60,6 +60,7 @@ public class UsersRestController extends BaseController {
@RequestMapping(value = "/users", method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE })
@ResponseBody
@PreAuthorize("hasRole('ADMINISTRATOR')")
public Object getUsers(@RequestParam(value = "startRow", required = false, defaultValue = "0") Integer startRow,
@RequestParam(value = "pageSize", required = false, defaultValue = "0") Integer pageSize) throws UserException {
return new UserList(userService.listWrapped(startRow, pageSize));
......@@ -67,6 +68,7 @@ public class UsersRestController extends BaseController {
@RequestMapping(value = "/users/{id}", method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE })
@ResponseBody
@PreAuthorize("hasRole('ADMINISTRATOR')")
public Object getUser(@PathVariable Long id) throws UserException {
return userService.getWrappedById(id);
}
......@@ -92,13 +94,14 @@ public class UsersRestController extends BaseController {
/* method = RequestMethod.DELETE) */
// only GET, POST, PUT allowed
method = RequestMethod.POST)
@PreAuthorize("hasRole('ADMINISTRATOR')")
@ResponseBody
public void removeUser(@RequestParam("id") Long userId) throws UserException {
userService.removeUserById(userId);
}
@RequestMapping(value = "/get_widget")
@PreAuthorize("isAuthenticated()")
@PreAuthorize("hasRole('ADMINISTRATOR')")
public String getWidget(Model model,@RequestParam(value = "clientId",required = false) String clientId) {
if (!clientId.equals("")){
......@@ -108,7 +111,7 @@ public class UsersRestController extends BaseController {
"var js, gjs = d.getElementsByTagName(s)[0];\n" +
"if (d.getElementById(id)) return;\n" +
"js = d.createElement(s); js.id = id;\n" +
"js.src = '"+baseUrl+"/api/genesys-api.js?client_id="+clientDetails.getClientId()+"&client_secret="+clientDetails.getClientSecret()+"';\n" +
"js.src = '"+baseUrl+"/webapi/genesys-webapi.js?client_id="+clientDetails.getClientId()+"&client_secret="+clientDetails.getClientSecret()+"';\n" +
"gjs.parentNode.insertBefore(js, gjs);\n" +
"}(document, 'script', 'genesys-api'));</script>";
......
......@@ -83,6 +83,7 @@ public class UserController extends RestController {
}
@RequestMapping(value = "/me/teams", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasRole('VETTEDUSER')")
public @ResponseBody
Object createTeam(@RequestBody TeamJson teamJson) {
final Validator validator = new Validator();
......
......@@ -82,9 +82,9 @@
<c:if test="${not user.hasRole('VETTEDUSER')}">
<a href="<c:url value="/profile/${user.uuid}/vetted-user"/> "class="btn btn-default"/>Vetted user</a>
</c:if>
</security:authorize>
<security:authorize access="isAuthenticated()">
<a href="#" data-toggle="modal" data-target="#myModal" class="btn btn-default get_widget" id="get_widget">Get Widget</a>
<security:authorize access="isAuthenticated()">
<a href="#" data-toggle="modal" data-target="#myModal" class="btn btn-default get_widget" id="get_widget">Get Widget</a>
</security:authorize>
</security:authorize>
</div>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment