Example 86 with PreAuthorize
use of org.springframework.security.access.prepost.PreAuthorize in project oc-explorer by devgateway.
the class UserDashboardRestController method getDefaultDashboardForCurrentUser.
@RequestMapping(method = { RequestMethod.POST, RequestMethod.GET }, value = "/userDashboards/search/getDefaultDashboardForCurrentUser")
@PreAuthorize("hasRole('ROLE_PROCURING_ENTITY')")
@ResponseBody
public ResponseEntity<?> getDefaultDashboardForCurrentUser(PersistentEntityResourceAssembler persistentEntityResourceAssembler) {
UserDashboard dashboard = repository.getDefaultDashboardForPersonId(getCurrentAuthenticatedPerson().getId());
if (dashboard == null) {
return ResponseEntity.ok().build();
}
Resource<Object> resource = persistentEntityResourceAssembler.toResource(dashboard);
return ResponseEntity.ok(resource);
}
Also used :
UserDashboard(org.devgateway.ocds.persistence.dao.UserDashboard)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
Example 87 with PreAuthorize
use of org.springframework.security.access.prepost.PreAuthorize in project oc-explorer by devgateway.
the class UserDashboardRestController method saveDashboardForCurrentUser.
@RequestMapping(method = { RequestMethod.POST, RequestMethod.GET }, value = "/userDashboards/saveDashboardForCurrentUser")
@PreAuthorize("hasRole('ROLE_PROCURING_ENTITY')")
public ResponseEntity<Void> saveDashboardForCurrentUser(@ModelAttribute @Valid UserDashboard userDashboard) {
Person person = personRepository.getOne(getCurrentAuthenticatedPerson().getId());
userDashboard.getUsers().add(person);
person.getDashboards().add(userDashboard);
repository.save(userDashboard);
return ResponseEntity.ok().build();
}
Also used :
Person(org.devgateway.toolkit.persistence.dao.Person)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 88 with PreAuthorize
use of org.springframework.security.access.prepost.PreAuthorize in project CzechIdMng by bcvsolutions.
the class IdmIdentityContractController method saveFormValues.
/**
* Saves entity's form values
*
* @param backendId
* @param formValues
* @return
*/
@ResponseBody
@PreAuthorize("hasAuthority('" + CoreGroupPermission.IDENTITYCONTRACT_UPDATE + "')")
@RequestMapping(value = "/{backendId}/form-values", method = RequestMethod.POST)
@ApiOperation(value = "Identity contract form definition - save values", nickname = "postIdentityContractFormValues", tags = { IdmIdentityContractController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITYCONTRACT_UPDATE, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITYCONTRACT_UPDATE, description = "") }) })
public Resource<?> saveFormValues(@ApiParam(value = "Identity's uuid identifier or username.", required = true) @PathVariable @NotNull String backendId, @ApiParam(value = "Code of form definition (default will be used if no code is given).", required = false, defaultValue = FormService.DEFAULT_DEFINITION_CODE) @RequestParam(name = "definitionCode", required = false) String definitionCode, @ApiParam(value = "Filled form data.", required = true) @RequestBody @Valid List<IdmFormValueDto> formValues) {
IdmIdentityContractDto dto = getDto(backendId);
if (dto == null) {
throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
}
//
checkAccess(dto, IdmBasePermission.UPDATE);
//
IdmFormDefinitionDto formDefinition = formDefinitionController.getDefinition(IdmIdentityContract.class, definitionCode);
//
return formDefinitionController.saveFormValues(dto, formDefinition, formValues);
}
Also used :
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
IdmFormDefinitionDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormDefinitionDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
ApiOperation(io.swagger.annotations.ApiOperation)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 89 with PreAuthorize
use of org.springframework.security.access.prepost.PreAuthorize in project CzechIdMng by bcvsolutions.
the class IdmIdentityController method getFormValues.
/**
* Returns filled form values
*
* @param backendId
* @return
*/
@ResponseBody
@RequestMapping(value = "/{backendId}/form-values", method = RequestMethod.GET)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.IDENTITY_READ + "')")
@ApiOperation(value = "Identity form definition - read values", nickname = "getIdentityFormValues", tags = { IdmIdentityController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITY_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITY_READ, description = "") }) })
public Resource<?> getFormValues(@ApiParam(value = "Identity's uuid identifier or username.", required = true) @PathVariable @NotNull String backendId, @ApiParam(value = "Code of form definition (default will be used if no code is given).", required = false, defaultValue = FormService.DEFAULT_DEFINITION_CODE) @RequestParam(name = "definitionCode", required = false) String definitionCode) {
IdmIdentityDto entity = getDto(backendId);
if (entity == null) {
throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
}
//
IdmFormDefinitionDto formDefinition = formDefinitionController.getDefinition(IdmIdentity.class, definitionCode);
//
return formDefinitionController.getFormValues(entity, formDefinition);
}
Also used :
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
IdmFormDefinitionDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormDefinitionDto)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
ApiOperation(io.swagger.annotations.ApiOperation)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 90 with PreAuthorize
use of org.springframework.security.access.prepost.PreAuthorize in project CzechIdMng by bcvsolutions.
the class IdmIdentityController method findRevision.
@ResponseBody
@RequestMapping(value = "/{backendId}/revisions/{revId}", method = RequestMethod.GET)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.IDENTITY_READ + "')")
@ApiOperation(value = "Identity audit - read revision detail", nickname = "getIdentityRevision", tags = { IdmIdentityController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITY_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITY_READ, description = "") }) })
public ResponseEntity<?> findRevision(@ApiParam(value = "Identity's uuid identifier or username.", required = true) @PathVariable("backendId") String backendId, @ApiParam(value = "Revision identifier.", required = true) @PathVariable("revId") Long revId) {
IdmIdentityDto originalEntity = getDto(backendId);
if (originalEntity == null) {
throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
}
checkAccess(originalEntity, IdmBasePermission.READ);
//
IdmIdentity revisionIdentity;
try {
revisionIdentity = this.auditService.findRevision(IdmIdentity.class, originalEntity.getId(), revId);
// checkAccess(revisionIdentity, IdmBasePermission.READ);
} catch (RevisionDoesNotExistException ex) {
throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("revision", revId), ex);
}
// TODO: dto
return new ResponseEntity<>(revisionIdentity, HttpStatus.OK);
}
Also used :
ResponseEntity(org.springframework.http.ResponseEntity)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
RevisionDoesNotExistException(org.hibernate.envers.exception.RevisionDoesNotExistException)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmIdentity(eu.bcvsolutions.idm.core.model.entity.IdmIdentity)
ApiOperation(io.swagger.annotations.ApiOperation)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Aggregations
PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)289
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)234
ResponseBody (org.springframework.web.bind.annotation.ResponseBody)88
ApiOperation (io.swagger.annotations.ApiOperation)70
ModelAndView (org.springframework.web.servlet.ModelAndView)51
ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)44
ResponseEntity (org.springframework.http.ResponseEntity)41
ResponseStatus (org.springframework.web.bind.annotation.ResponseStatus)40
WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)36
IOException (java.io.IOException)35
ServiceException (org.nhindirect.common.rest.exceptions.ServiceException)34
InputStream (java.io.InputStream)26
Date (java.util.Date)26
ArrayList (java.util.ArrayList)25
ImportSummary (org.hisp.dhis.dxf2.importsummary.ImportSummary)23
ConfigurationServiceException (org.nhindirect.config.service.ConfigurationServiceException)21
List (java.util.List)17
HttpHeaders (org.springframework.http.HttpHeaders)16
Grid (org.hisp.dhis.common.Grid)14
SearchDomainForm (org.nhindirect.config.ui.form.SearchDomainForm)14
