use of org.springframework.security.access.prepost.PostAuthorize in project ArachneCentralAPI by OHDSI.
the class OrganizationServiceImpl method update.
@Override
@Transactional
@PreAuthorize("hasPermission(#organization, 'Organization', " + "T(com.odysseusinc.arachne.portal.security.ArachnePermission).UPDATE_ORGANIZATION)")
@PostAuthorize("@ArachnePermissionEvaluator.addPermissions(principal, returnObject )")
public Organization update(Organization organization) {
final Organization exist = getByName(organization.getName());
final String name = organization.getName();
if (Objects.nonNull(name)) {
exist.setName(name);
}
final Organization saved = organizationRepository.save(exist);
logger.info("{} updated", saved);
return saved;
}
use of org.springframework.security.access.prepost.PostAuthorize in project xm-ms-entity by xm-online.
the class XmEntitySpecResource method getTypeSpec.
/**
* GET /xm-entity-specs/:key : get the "key" typeSpec.
*
* @param key the key of the typeSpec to retrieve
* @return the ResponseEntity with status 200 (OK) and with body the typeSpec, or with status 404 (Not Found)
*/
@GetMapping("/xm-entity-specs/{key}")
@Timed
@PostAuthorize("hasPermission({'returnObject': returnObject.body}, 'XMENTITY_SPEC.GET_LIST.ITEM')")
public ResponseEntity<TypeSpec> getTypeSpec(@PathVariable String key) {
log.debug("REST request to get TypeSpec : {}", key);
TypeSpec typeSpec = xmEntitySpecService.findTypeByKey(key);
return RespContentUtil.wrapOrNotFound(Optional.ofNullable(typeSpec));
}
Aggregations