Examples with PreAuthorize - org.springframework.security.access.prepost.PreAuthorize

Example 91 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project CzechIdMng by bcvsolutions.

the class IdmIdentityController method getGrantedAuthotrities.

/**
 * Returns given identity's granted authorities
 *
 * @param backendId
 * @return list of granted authorities
 */
@ResponseBody
@RequestMapping(value = "/{backendId}/authorities", method = RequestMethod.GET)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.IDENTITY_READ + "')")
@ApiOperation(value = "Identity granted authorities", nickname = "getIdentityAuthorities", tags = { IdmIdentityController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITY_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITY_READ, description = "") }) })
public List<? extends GrantedAuthority> getGrantedAuthotrities(@ApiParam(value = "Identity's uuid identifier or username.", required = true) @PathVariable String backendId) {
    IdmIdentityDto identity = getDto(backendId);
    if (identity == null) {
        throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
    }
    checkAccess(identity, IdmBasePermission.READ);
    // 
    return grantedAuthoritiesFactory.getGrantedAuthorities(identity.getUsername());
}

Also used : ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 92 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project CzechIdMng by bcvsolutions.

the class IdmScriptController method backup.

@ResponseBody
@RequestMapping(value = "/{backendId}/backup", method = RequestMethod.GET)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.SCRIPT_READ + "')")
@ApiOperation(value = "Backup script", nickname = "backupScript", response = IdmScriptDto.class, tags = { IdmScriptController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.SCRIPT_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.SCRIPT_READ, description = "") }) }, notes = "Backup template to directory given in application properties.")
public ResponseEntity<?> backup(@ApiParam(value = "Script's uuid identifier or code.", required = true) @PathVariable @NotNull String backendId) {
    IdmScriptDto script = service.get(backendId);
    if (script == null) {
        throw new ResultCodeException(CoreResultCode.NOT_FOUND, backendId);
    }
    service.backup(script);
    return new ResponseEntity<>(toResource(script), HttpStatus.OK);
}

Also used : ResponseEntity(org.springframework.http.ResponseEntity) IdmScriptDto(eu.bcvsolutions.idm.core.api.dto.IdmScriptDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 93 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project CzechIdMng by bcvsolutions.

the class IdmTreeNodeController method saveFormValues.

/**
 * Saves entity's form values
 *
 * @param backendId
 * @param formValues
 * @return
 */
@ResponseBody
@PreAuthorize("hasAuthority('" + CoreGroupPermission.TREENODE_UPDATE + "')")
@RequestMapping(value = "/{backendId}/form-values", method = RequestMethod.POST)
@ApiOperation(value = "Tree node form definition - save values", nickname = "postTreeNodeFormValues", tags = { IdmTreeNodeController.TAG })
public Resource<?> saveFormValues(@ApiParam(value = "Node's uuid identifier.", required = true) @PathVariable @NotNull String backendId, @ApiParam(value = "Code of form definition (default will be used if no code is given).", required = false, defaultValue = FormService.DEFAULT_DEFINITION_CODE) @RequestParam(name = "definitionCode", required = false) String definitionCode, @RequestBody @Valid List<IdmFormValueDto> formValues) {
    IdmTreeNodeDto dto = getDto(backendId);
    if (dto == null) {
        throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
    }
    // 
    IdmFormDefinitionDto formDefinition = formDefinitionController.getDefinition(IdmTreeNode.class, definitionCode);
    // 
    return formDefinitionController.saveFormValues(dto, formDefinition, formValues);
}

Also used : ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdmFormDefinitionDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormDefinitionDto) IdmTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeNodeDto) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 94 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project CzechIdMng by bcvsolutions.

the class IdmTreeNodeController method findRevision.

@ResponseBody
@RequestMapping(value = "{backendId}/revisions/{revId}", method = RequestMethod.GET)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.AUDIT_READ + "')")
@ApiOperation(value = "Tree node audit - read revision detail", nickname = "getTreeNodeRevision", tags = { IdmTreeNodeController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.AUDIT_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.AUDIT_READ, description = "") }) })
public ResponseEntity<?> findRevision(@ApiParam(value = "Node's uuid identifier.", required = true) @PathVariable("backendId") String backendId, @ApiParam(value = "Revision identifier.", required = true) @PathVariable("revId") Long revId) {
    IdmTreeNodeDto treeNode = getDto(backendId);
    if (treeNode == null) {
        throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("treeNode", backendId));
    }
    IdmTreeNode revision;
    try {
        revision = this.auditService.findRevision(IdmTreeNode.class, treeNode.getId(), revId);
    } catch (RevisionDoesNotExistException ex) {
        throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("revision", revId), ex);
    }
    // TODO: dto
    return new ResponseEntity<>(revision, HttpStatus.OK);
}

Also used : ResponseEntity(org.springframework.http.ResponseEntity) IdmTreeNode(eu.bcvsolutions.idm.core.model.entity.IdmTreeNode) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) RevisionDoesNotExistException(org.hibernate.envers.exception.RevisionDoesNotExistException) IdmTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeNodeDto) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 95 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project CzechIdMng by bcvsolutions.

the class IdmTreeNodeController method findRevisions.

@ResponseBody
@RequestMapping(value = "{backendId}/revisions", method = RequestMethod.GET)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.AUDIT_READ + "')")
@ApiOperation(value = "Tree node audit - read all revisions", nickname = "getTreeNodeRevisions", tags = { IdmTreeNodeController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.AUDIT_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.AUDIT_READ, description = "") }) })
public Resources<?> findRevisions(@ApiParam(value = "Node's uuid identifier.", required = true) @PathVariable("backendId") String backendId, Pageable pageable) {
    IdmTreeNodeDto treeNode = getDto(backendId);
    if (treeNode == null) {
        throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("treeNode", backendId));
    }
    Page<IdmAuditDto> results = this.auditService.findRevisionsForEntity(IdmTreeNode.class.getSimpleName(), UUID.fromString(backendId), pageable);
    return toResources(results, IdmTreeNode.class);
}

Also used : IdmTreeNode(eu.bcvsolutions.idm.core.model.entity.IdmTreeNode) IdmAuditDto(eu.bcvsolutions.idm.core.api.audit.dto.IdmAuditDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdmTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeNodeDto) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)289 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)234 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)88 ApiOperation (io.swagger.annotations.ApiOperation)70 ModelAndView (org.springframework.web.servlet.ModelAndView)51 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)44 ResponseEntity (org.springframework.http.ResponseEntity)41 ResponseStatus (org.springframework.web.bind.annotation.ResponseStatus)40 WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)36 IOException (java.io.IOException)35 ServiceException (org.nhindirect.common.rest.exceptions.ServiceException)34 InputStream (java.io.InputStream)26 Date (java.util.Date)26 ArrayList (java.util.ArrayList)25 ImportSummary (org.hisp.dhis.dxf2.importsummary.ImportSummary)23 ConfigurationServiceException (org.nhindirect.config.service.ConfigurationServiceException)21 List (java.util.List)17 HttpHeaders (org.springframework.http.HttpHeaders)16 Grid (org.hisp.dhis.common.Grid)14 SearchDomainForm (org.nhindirect.config.ui.form.SearchDomainForm)14