Commit af5add88 authored by Matija Obreza's avatar Matija Obreza
Browse files

<security:authorize now handles ACL's hasPermission()

parent 5c014406
......@@ -58,4 +58,9 @@
<property name="maxPoolSize" value="16" />
</bean>
<!-- Has to be here, otherwise JSP TAGLIB doesn't pick it up -->
<bean id="webExpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler">
<property name="permissionEvaluator" ref="permissionEvaluator" />
</bean>
</beans>
......@@ -32,8 +32,8 @@
<sec:password-encoder ref="passwordEncoder" />
</sec:authentication-provider>
</sec:authentication-manager>
<bean name="securityExpressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
<bean id="securityExpressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
<property name="permissionEvaluator" ref="permissionEvaluator" />
</bean>
......@@ -58,6 +58,7 @@
<sec:logout logout-url="/logout" logout-success-url="/" />
<sec:access-denied-handler error-page="/access-denied?error=1" />
<sec:expression-handler ref="webExpressionHandler"/>
</sec:http>
</beans>
\ No newline at end of file
......@@ -11,7 +11,7 @@
<c:out value="${team.name}" />
</h1>
<security:authorize access="hasRole('ADMINISTRATOR') or hasPermission(team, 'WRITE')">
<security:authorize access="hasRole('ADMINISTRATOR') or hasPermission(#team, 'WRITE')">
<a href="<c:url value="/team/${team.uuid}/permissions" />" class="btn btn-default"> <spring:message code="edit-acl" /></a>
</security:authorize>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment