Commit 4b6cc968 authored by Matija Obreza's avatar Matija Obreza

VETTEDUSER can create team, ADMINISTRATOR can get widget info & other

things
parent 0d2ece96
...@@ -57,7 +57,7 @@ public class TeamServiceImpl implements TeamService { ...@@ -57,7 +57,7 @@ public class TeamServiceImpl implements TeamService {
@Override @Override
@Transactional(readOnly = false) @Transactional(readOnly = false)
@PreAuthorize("isAuthenticated()") @PreAuthorize("isAuthenticated() and hasRole('VETTEDUSER')")
public Team addTeam(String name) { public Team addTeam(String name) {
final User user = SecurityContextUtil.getCurrentUser(); final User user = SecurityContextUtil.getCurrentUser();
......
...@@ -60,6 +60,7 @@ public class UsersRestController extends BaseController { ...@@ -60,6 +60,7 @@ public class UsersRestController extends BaseController {
@RequestMapping(value = "/users", method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE }) @RequestMapping(value = "/users", method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE })
@ResponseBody @ResponseBody
@PreAuthorize("hasRole('ADMINISTRATOR')")
public Object getUsers(@RequestParam(value = "startRow", required = false, defaultValue = "0") Integer startRow, public Object getUsers(@RequestParam(value = "startRow", required = false, defaultValue = "0") Integer startRow,
@RequestParam(value = "pageSize", required = false, defaultValue = "0") Integer pageSize) throws UserException { @RequestParam(value = "pageSize", required = false, defaultValue = "0") Integer pageSize) throws UserException {
return new UserList(userService.listWrapped(startRow, pageSize)); return new UserList(userService.listWrapped(startRow, pageSize));
...@@ -67,6 +68,7 @@ public class UsersRestController extends BaseController { ...@@ -67,6 +68,7 @@ public class UsersRestController extends BaseController {
@RequestMapping(value = "/users/{id}", method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE }) @RequestMapping(value = "/users/{id}", method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE })
@ResponseBody @ResponseBody
@PreAuthorize("hasRole('ADMINISTRATOR')")
public Object getUser(@PathVariable Long id) throws UserException { public Object getUser(@PathVariable Long id) throws UserException {
return userService.getWrappedById(id); return userService.getWrappedById(id);
} }
...@@ -92,13 +94,14 @@ public class UsersRestController extends BaseController { ...@@ -92,13 +94,14 @@ public class UsersRestController extends BaseController {
/* method = RequestMethod.DELETE) */ /* method = RequestMethod.DELETE) */
// only GET, POST, PUT allowed // only GET, POST, PUT allowed
method = RequestMethod.POST) method = RequestMethod.POST)
@PreAuthorize("hasRole('ADMINISTRATOR')")
@ResponseBody @ResponseBody
public void removeUser(@RequestParam("id") Long userId) throws UserException { public void removeUser(@RequestParam("id") Long userId) throws UserException {
userService.removeUserById(userId); userService.removeUserById(userId);
} }
@RequestMapping(value = "/get_widget") @RequestMapping(value = "/get_widget")
@PreAuthorize("isAuthenticated()") @PreAuthorize("hasRole('ADMINISTRATOR')")
public String getWidget(Model model,@RequestParam(value = "clientId",required = false) String clientId) { public String getWidget(Model model,@RequestParam(value = "clientId",required = false) String clientId) {
if (!clientId.equals("")){ if (!clientId.equals("")){
...@@ -108,7 +111,7 @@ public class UsersRestController extends BaseController { ...@@ -108,7 +111,7 @@ public class UsersRestController extends BaseController {
"var js, gjs = d.getElementsByTagName(s)[0];\n" + "var js, gjs = d.getElementsByTagName(s)[0];\n" +
"if (d.getElementById(id)) return;\n" + "if (d.getElementById(id)) return;\n" +
"js = d.createElement(s); js.id = id;\n" + "js = d.createElement(s); js.id = id;\n" +
"js.src = '"+baseUrl+"/api/genesys-api.js?client_id="+clientDetails.getClientId()+"&client_secret="+clientDetails.getClientSecret()+"';\n" + "js.src = '"+baseUrl+"/webapi/genesys-webapi.js?client_id="+clientDetails.getClientId()+"&client_secret="+clientDetails.getClientSecret()+"';\n" +
"gjs.parentNode.insertBefore(js, gjs);\n" + "gjs.parentNode.insertBefore(js, gjs);\n" +
"}(document, 'script', 'genesys-api'));</script>"; "}(document, 'script', 'genesys-api'));</script>";
......
...@@ -83,6 +83,7 @@ public class UserController extends RestController { ...@@ -83,6 +83,7 @@ public class UserController extends RestController {
} }
@RequestMapping(value = "/me/teams", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE) @RequestMapping(value = "/me/teams", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasRole('VETTEDUSER')")
public @ResponseBody public @ResponseBody
Object createTeam(@RequestBody TeamJson teamJson) { Object createTeam(@RequestBody TeamJson teamJson) {
final Validator validator = new Validator(); final Validator validator = new Validator();
......
...@@ -82,9 +82,9 @@ ...@@ -82,9 +82,9 @@
<c:if test="${not user.hasRole('VETTEDUSER')}"> <c:if test="${not user.hasRole('VETTEDUSER')}">
<a href="<c:url value="/profile/${user.uuid}/vetted-user"/> "class="btn btn-default"/>Vetted user</a> <a href="<c:url value="/profile/${user.uuid}/vetted-user"/> "class="btn btn-default"/>Vetted user</a>
</c:if> </c:if>
</security:authorize> <security:authorize access="isAuthenticated()">
<security:authorize access="isAuthenticated()"> <a href="#" data-toggle="modal" data-target="#myModal" class="btn btn-default get_widget" id="get_widget">Get Widget</a>
<a href="#" data-toggle="modal" data-target="#myModal" class="btn btn-default get_widget" id="get_widget">Get Widget</a> </security:authorize>
</security:authorize> </security:authorize>
</div> </div>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment