add @PreAuthorize("hasAnyRole('VETTEDUSER','ADMINISTRATOR')")

#10515

add @PreAuthorize("hasAnyRole('VETTEDUSER','ADMINISTRATOR')")
#10515
61c0b948 · igoshin · Matija Obreza · 7dcc7af3 · 61c0b948 · 61c0b948
Commit 61c0b948 authored Feb 03, 2014 by igoshin Committed by Matija Obreza Feb 04, 2014
2 changed files
--- a/src/main/java/org/genesys2/server/servlet/controller/OAuthManagementController.java
+++ b/src/main/java/org/genesys2/server/servlet/controller/OAuthManagementController.java
@@ -81,15 +81,24 @@ public class OAuthManagementController extends BaseController {
 		return "redirect:/management/user/" + uuid + "/tokens";
    }

+    @PreAuthorize("hasAnyRole('VETTEDUSER','ADMINISTRATOR')")
    @RequestMapping("/addClient")
    public String addClientEntry() {
        return "/oauth/createclient";
    }

+    @PreAuthorize("hasAnyRole('VETTEDUSER','ADMINISTRATOR')")
    @RequestMapping("/createClient")
    public String createClientEntry(@RequestParam("clientId") String clientId,
                                    @RequestParam("clientSecret") String clientSecret,
                                    @RequestParam(value = "redirectUri", required = false) String redirectUri) {
+        OAuthClientDetails clientDetails = createOAuthClient(clientId, clientSecret, redirectUri);
+
+        clientDetailsService.addClientDetails(clientDetails);
+        return "redirect:/profile";
+    }
+
+    private OAuthClientDetails createOAuthClient(String clientId, String clientSecret, String redirectUri) {
        OAuthClientDetails clientDetails = new OAuthClientDetails();
        clientDetails.setClientId(clientId);
        clientDetails.setClientSecret(clientSecret);
@@ -103,9 +112,6 @@ public class OAuthManagementController extends BaseController {
        clientDetails.setRefreshTokenValiditySeconds(50 * 24 * 60 * 60);
        // 7 days
        clientDetails.setAccessTokenValiditySeconds(7 * 24 * 60 * 60);
-
-
-        clientDetailsService.addClientDetails(clientDetails);
-        return "redirect:/profile";
+        return clientDetails;
    }
 }
--- a/src/main/webapp/WEB-INF/jsp/user/profile.jsp
+++ b/src/main/webapp/WEB-INF/jsp/user/profile.jsp
@@ -75,7 +75,7 @@
                    <a href="<c:url value="/profile/${user.uuid}/send"/>"  class="btn btn-default"/>Send validation email</a>
                    </c:if>
                </security:authorize>
-                <security:authorize access="hasRole('ADMINISTRATOR') || (isAuthenticated() && principal.user.id == #user.id)">
+                <security:authorize access="hasAnyRole('VETTEDUSER','ADMINISTRATOR')">
                     <a href="<c:url value="/management/addClient" />" class="btn btn-default"><spring:message code="client.details.add" /></a>
                </security:authorize>
                <security:authorize access="hasRole('ADMINISTRATOR')">