diff --git a/src/main/java/org/genesys/catalog/service/impl/DatasetServiceImpl.java b/src/main/java/org/genesys/catalog/service/impl/DatasetServiceImpl.java index dd6fcd8e68a12fda18237f37f6d36f29c29ffb21..e3364875f1e22624ad44d6dab15fd153520d0767 100644 --- a/src/main/java/org/genesys/catalog/service/impl/DatasetServiceImpl.java +++ b/src/main/java/org/genesys/catalog/service/impl/DatasetServiceImpl.java @@ -97,7 +97,7 @@ public class DatasetServiceImpl implements DatasetService { */ @Override @Transactional - @PreAuthorize("isAuthenticated()") + @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#source.owner, 'write')") public Dataset createDataset(final Dataset source) { LOG.info("Create Dataset. Input data {}", source); final DatasetVersions datasetVersions = new DatasetVersions(); @@ -229,7 +229,7 @@ public class DatasetServiceImpl implements DatasetService { * {@inheritDoc} */ @Override - @PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'read')") + @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'read')") public Dataset loadDataset(final Dataset input) { LOG.debug("Load Dataset. Input data {}", input); final Dataset dataset = datasetRepository.findOne(input.getId()); @@ -278,7 +278,7 @@ public class DatasetServiceImpl implements DatasetService { * {@inheritDoc} */ @Override - @PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'read')") + @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'read')") public Dataset loadDataset(final UUID uuid) { final Dataset dataset = datasetRepository.findByUuid(uuid); return lazyLoad(dataset); @@ -288,7 +288,7 @@ public class DatasetServiceImpl implements DatasetService { * {@inheritDoc} */ @Override - @PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'read')") + @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'read')") public Dataset loadDataset(final UUID uuid, final int version) { final Dataset dataset = datasetRepository.findByUuidAndVersion(uuid, version); return lazyLoad(dataset); @@ -345,7 +345,7 @@ public class DatasetServiceImpl implements DatasetService { * {@inheritDoc} */ @Override - @PreAuthorize("#dataset.published || hasPermission(#dataset, 'read')") + @PreAuthorize("#dataset.published || hasRole('ADMINISTRATOR') || hasPermission(#dataset, 'read')") public List listDatasetFiles(final Dataset dataset) throws NotFoundElement { return dataset.getRepositoryFiles(); } diff --git a/src/main/java/org/genesys/catalog/service/impl/DescriptorListServiceImpl.java b/src/main/java/org/genesys/catalog/service/impl/DescriptorListServiceImpl.java index 2bf6df4cd7a45c3e3e0b6019a6d1dcd683d3b2c6..c56416332d84bd0a46971390e0efb93100d838d0 100644 --- a/src/main/java/org/genesys/catalog/service/impl/DescriptorListServiceImpl.java +++ b/src/main/java/org/genesys/catalog/service/impl/DescriptorListServiceImpl.java @@ -85,7 +85,7 @@ public class DescriptorListServiceImpl implements DescriptorListService { */ @Transactional @Override - @PreAuthorize("isAuthenticated()") + @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#input.owner, 'write')") public DescriptorList createDescriptorList(final DescriptorList input) { LOG.info("Create descriptor list {}", input); @@ -233,19 +233,19 @@ public class DescriptorListServiceImpl implements DescriptorListService { } @Override - @PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')") + @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')") public DescriptorList getDescriptorList(final Long id) { return lazyLoad(descriptorListRepository.findOne(id)); } @Override - @PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')") + @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')") public DescriptorList getDescriptorList(final UUID uuid) { return lazyLoad(descriptorListRepository.findByUuid(uuid)); } @Override - @PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')") + @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')") public DescriptorList getDescriptorList(final UUID uuid, final int version) { return lazyLoad(descriptorListRepository.findByUuidAndVersion(uuid, version)); } @@ -278,7 +278,7 @@ public class DescriptorListServiceImpl implements DescriptorListService { } @Override - @PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')") + @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')") public DescriptorList loadDescriptorList(final DescriptorList input) { return loadDescriptorList(input.getUuid(), input.getVersion()); } diff --git a/src/main/java/org/genesys/catalog/service/impl/DescriptorServiceImpl.java b/src/main/java/org/genesys/catalog/service/impl/DescriptorServiceImpl.java index fce4bf5c2e8ff81bbde95b95c3245ec3625fac9b..0fba67958a971768e1180faff25bedc6a8d9e9b2 100644 --- a/src/main/java/org/genesys/catalog/service/impl/DescriptorServiceImpl.java +++ b/src/main/java/org/genesys/catalog/service/impl/DescriptorServiceImpl.java @@ -88,7 +88,7 @@ public class DescriptorServiceImpl implements DescriptorService { */ @Transactional @Override - @PreAuthorize("isAuthenticated()") + @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#input.owner, 'write')") public Descriptor createDescriptor(final Descriptor input) { LOG.info("Creating descriptor: {} - {}", input.getTitle(), input.getDataType()); @@ -177,7 +177,7 @@ public class DescriptorServiceImpl implements DescriptorService { * {@inheritDoc} */ @Override - @PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')") + @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')") public Descriptor getDescriptor(final UUID uuid) { return lazyLoad(descriptorRepository.findByUuid(uuid)); } @@ -189,7 +189,7 @@ public class DescriptorServiceImpl implements DescriptorService { * int) */ @Override - @PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'read')") + @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'read')") public Descriptor getDescriptor(final UUID uuid, final int version) { return lazyLoad(descriptorRepository.findByUuidAndVersion(uuid, version)); } @@ -352,8 +352,8 @@ public class DescriptorServiceImpl implements DescriptorService { * catalog.model.traits.Descriptor) */ @Override - @PreAuthorize("#descriptor.published || hasPermission(#descriptor, 'read')") - @PostFilter("filterObject==null || filterObject.published || hasPermission(filterObject, 'write')") + @PreAuthorize("#descriptor.published || hasRole('ADMINISTRATOR') || hasPermission(#descriptor, 'read')") + @PostFilter("hasRole('ADMINISTRATOR') || filterObject==null || filterObject.published || hasPermission(filterObject, 'write')") public List getDescriptorLists(final Descriptor descriptor) { final List list = descriptorRepository.listDescriptorLists(descriptor); list.forEach(d -> entityManager.detach(d)); @@ -368,7 +368,7 @@ public class DescriptorServiceImpl implements DescriptorService { */ @Override @PreAuthorize("#descriptor.published || hasPermission(#descriptor, 'read')") - @PostFilter("filterObject==null || filterObject.published || hasPermission(filterObject, 'write')") + @PostFilter("hasRole('ADMINISTRATOR') || filterObject==null || filterObject.published || hasPermission(filterObject, 'write')") public List getDatasets(final Descriptor descriptor) { final List list = descriptorRepository.listDatasets(descriptor); list.forEach(d -> entityManager.detach(d)); @@ -377,7 +377,7 @@ public class DescriptorServiceImpl implements DescriptorService { @Override @Transactional - @PreAuthorize("#descriptor.published || hasPermission(#descriptor, 'read')") + @PreAuthorize("#descriptor.published || hasRole('ADMINISTRATOR') || hasPermission(#descriptor, 'read')") public Descriptor nextVersion(final Descriptor descriptor, final boolean major) { final Descriptor source = reloadDescriptor(descriptor); LOG.info("Creating new version for descriptor uuid={} id={}", descriptor.getUuid(), descriptor.getId());