Commit 8c8bc8a2 authored by Artem Hrybeniuk's avatar Artem Hrybeniuk Committed by Matija Obreza
Browse files

Added Security Action for Crop

parent f63ef8f9
......@@ -29,6 +29,8 @@ public enum SecurityAction {
ViabilityTest,
/* Crop traits */
CropTrait, CropTraitObservation,
/* Crop */
Crop,
/* Requests */
Request, RequestItem,
/* Geography action */
......
......@@ -82,13 +82,13 @@ public class CropServiceImpl extends FilteredCRUDServiceImpl<Crop, CropFilter, C
}
@Override
@PreAuthorize("hasAuthority('GROUP_ADMINS')")
@PreAuthorize("hasAuthority('GROUP_ADMINS') or @ggceSec.actionAllowed('Crop', 'ADMINISTRATION')")
public CropAttach uploadFile(Crop entity, MultipartFile file, CropAttachmentRequest metadata) throws IOException, InvalidRepositoryPathException, InvalidRepositoryFileDataException {
return super.uploadFile(entity, file, metadata);
}
@Override
@PreAuthorize("hasAuthority('GROUP_ADMINS')")
@PreAuthorize("hasAuthority('GROUP_ADMINS') or @ggceSec.actionAllowed('Crop', 'DELETE')")
public CropAttach removeFile(Crop entity, Long attachmentId) {
return super.removeFile(entity, attachmentId);
}
......@@ -100,7 +100,7 @@ public class CropServiceImpl extends FilteredCRUDServiceImpl<Crop, CropFilter, C
}
@Override
@PreAuthorize("hasAuthority('GROUP_ADMINS')")
@PreAuthorize("hasAuthority('GROUP_ADMINS') or @ggceSec.actionAllowed('Crop', 'ADMINISTRATION')")
protected CropAttach createAttach(Crop entity, CropAttach source) {
CropAttach attach = new CropAttach();
attach.apply(source);
......@@ -114,14 +114,14 @@ public class CropServiceImpl extends FilteredCRUDServiceImpl<Crop, CropFilter, C
}
@Override
@PreAuthorize("hasAuthority('GROUP_ADMINS')")
@PreAuthorize("hasAuthority('GROUP_ADMINS') or @ggceSec.actionAllowed('Crop', 'ADMINISTRATION')")
public CropAttach update(CropAttach updated, CropAttach target) {
target.apply(updated);
return _lazyLoad(repository.save(target));
}
@Override
@PreAuthorize("hasAuthority('GROUP_ADMINS')")
@PreAuthorize("hasAuthority('GROUP_ADMINS') or @ggceSec.actionAllowed('Crop', 'DELETE')")
public CropAttach remove(CropAttach entity) {
return super.remove(entity);
}
......@@ -158,6 +158,7 @@ public class CropServiceImpl extends FilteredCRUDServiceImpl<Crop, CropFilter, C
@Override
@Transactional
@PreAuthorize("hasAuthority('GROUP_ADMINS') or @ggceSec.actionAllowed('Crop', 'ADMINISTRATION')")
public List<TaxonomyCropMap> addSpecies(Crop crop, List<TaxonomySpecies> species, String note) {
if (CollectionUtils.isEmpty(species)) {
return Collections.emptyList();
......@@ -180,6 +181,7 @@ public class CropServiceImpl extends FilteredCRUDServiceImpl<Crop, CropFilter, C
@Override
@Transactional
@PreAuthorize("hasAuthority('GROUP_ADMINS') or @ggceSec.actionAllowed('Crop', 'ADMINISTRATION')")
public List<TaxonomyCropMap> removeSpecies(Crop crop, List<TaxonomySpecies> species) {
if (CollectionUtils.isEmpty(species)) {
return Collections.emptyList();
......@@ -195,7 +197,7 @@ public class CropServiceImpl extends FilteredCRUDServiceImpl<Crop, CropFilter, C
@Override
@Transactional
@PreAuthorize("hasAuthority('GROUP_ADMINS')")
@PreAuthorize("hasAuthority('GROUP_ADMINS') or @ggceSec.actionAllowed('Crop', 'CREATE')")
public Crop create(final Crop source) {
LOG.debug("Create Crop. Input data {}", source);
Crop crop = new Crop();
......@@ -209,7 +211,7 @@ public class CropServiceImpl extends FilteredCRUDServiceImpl<Crop, CropFilter, C
@Override
@Transactional
@PreAuthorize("hasAuthority('GROUP_ADMINS')")
@PreAuthorize("hasAuthority('GROUP_ADMINS') or @ggceSec.actionAllowed('Crop', 'WRITE')")
public Crop update(final Crop input, Crop target) {
LOG.debug("Update Crop. Input data {}", input);
target.apply(input);
......@@ -220,7 +222,7 @@ public class CropServiceImpl extends FilteredCRUDServiceImpl<Crop, CropFilter, C
}
@Override
@PreAuthorize("hasAuthority('GROUP_ADMINS')")
@PreAuthorize("hasAuthority('GROUP_ADMINS') or @ggceSec.actionAllowed('Crop', 'DELETE')")
// This method is overridden because we need permission check
public Crop remove(Crop entity) {
return super.remove(entity);
......
......@@ -35,7 +35,6 @@ import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageRequest;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.test.context.support.WithUserDetails;
import javax.validation.ConstraintViolationException;
......@@ -104,12 +103,6 @@ public class CropServiceTest extends AbstractServicesTest {
assertThrows(NotFoundElement.class, () -> cropService.getCropDetails(null));
}
@Test(expected = AccessDeniedException.class)
@WithUserDetails(value = AbstractServicesTest.USER_CURATOR1)
public void failedToCreateTest() {
cropService.create(new Crop(CROP_NAME_1, CROP_NOTE_1));
}
@Test(expected = ConstraintViolationException.class)
public void failedToCreateTest2() {
cropService.create(new Crop(""));
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment