Commit 8f66d824 authored by Artem Hrybeniuk's avatar Artem Hrybeniuk Committed by Matija Obreza
Browse files

Permission checks

parent 7ace3f3c
......@@ -162,22 +162,12 @@ public class PartnerServiceImpl extends FilteredCRUDServiceImpl<Partner, Partner
*/
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#input, 'write')")
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#target, 'write')")
public Partner update(Partner updated, Partner target) {
target.apply(updated);
return _lazyLoad(repository.save(target));
}
/**
* {@inheritDoc}
*/
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#input, 'write')")
public Partner update(Partner updated) {
return _lazyLoad(super.update(updated));
}
/**
* {@inheritDoc}
*/
......
......@@ -23,12 +23,14 @@ import org.genesys2.server.api.FilteredCRUDController;
import org.genesys2.server.model.impl.Country;
import org.genesys2.server.service.CountryService;
import org.genesys2.server.service.filter.CountryFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController("countryApi2")
@PreAuthorize("hasRole('ADMINISTRATOR')")
@RequestMapping(CountryController.API_URL)
@Api(tags = { "country" })
public class CountryController extends FilteredCRUDController<Country, CountryService, CountryFilter> {
......
......@@ -170,14 +170,15 @@ public class InstituteServiceImpl extends FilteredCRUDServiceImpl<FaoInstitute,
@Override
@PreAuthorize("hasRole('ADMINISTRATOR')")
public FaoInstitute create(FaoInstitute source) {
return _lazyLoad(repository.save(source));
}
@Override
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#target, 'ADMINISTRATION')")
public FaoInstitute update(FaoInstitute updated, FaoInstitute target) {
target.apply(updated);
return _lazyLoad(repository.save(target));
return update(target.getCode(), updated);
}
@Override
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment