use of org.springframework.security.access.prepost.PreAuthorize in project oc-explorer by devgateway.
the class UserDashboardRestController method getDefaultDashboardForCurrentUser.
@RequestMapping(method = { RequestMethod.POST, RequestMethod.GET }, value = "/userDashboards/search/getDefaultDashboardForCurrentUser")
@PreAuthorize("hasRole('ROLE_PROCURING_ENTITY')")
@ResponseBody
public ResponseEntity<?> getDefaultDashboardForCurrentUser(PersistentEntityResourceAssembler persistentEntityResourceAssembler) {
UserDashboard dashboard = repository.getDefaultDashboardForPersonId(getCurrentAuthenticatedPerson().getId());
if (dashboard == null) {
return ResponseEntity.ok().build();
}
Resource<Object> resource = persistentEntityResourceAssembler.toResource(dashboard);
return ResponseEntity.ok(resource);
}
use of org.springframework.security.access.prepost.PreAuthorize in project oc-explorer by devgateway.
the class UserDashboardRestController method saveDashboardForCurrentUser.
@RequestMapping(method = { RequestMethod.POST, RequestMethod.GET }, value = "/userDashboards/saveDashboardForCurrentUser")
@PreAuthorize("hasRole('ROLE_PROCURING_ENTITY')")
public ResponseEntity<Void> saveDashboardForCurrentUser(@ModelAttribute @Valid UserDashboard userDashboard) {
Person person = personRepository.getOne(getCurrentAuthenticatedPerson().getId());
userDashboard.getUsers().add(person);
person.getDashboards().add(userDashboard);
repository.save(userDashboard);
return ResponseEntity.ok().build();
}
use of org.springframework.security.access.prepost.PreAuthorize in project CzechIdMng by bcvsolutions.
the class IdmIdentityContractController method saveFormValues.
/**
* Saves entity's form values
*
* @param backendId
* @param formValues
* @return
*/
@ResponseBody
@PreAuthorize("hasAuthority('" + CoreGroupPermission.IDENTITYCONTRACT_UPDATE + "')")
@RequestMapping(value = "/{backendId}/form-values", method = RequestMethod.POST)
@ApiOperation(value = "Identity contract form definition - save values", nickname = "postIdentityContractFormValues", tags = { IdmIdentityContractController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITYCONTRACT_UPDATE, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITYCONTRACT_UPDATE, description = "") }) })
public Resource<?> saveFormValues(@ApiParam(value = "Identity's uuid identifier or username.", required = true) @PathVariable @NotNull String backendId, @ApiParam(value = "Code of form definition (default will be used if no code is given).", required = false, defaultValue = FormService.DEFAULT_DEFINITION_CODE) @RequestParam(name = "definitionCode", required = false) String definitionCode, @ApiParam(value = "Filled form data.", required = true) @RequestBody @Valid List<IdmFormValueDto> formValues) {
IdmIdentityContractDto dto = getDto(backendId);
if (dto == null) {
throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
}
//
checkAccess(dto, IdmBasePermission.UPDATE);
//
IdmFormDefinitionDto formDefinition = formDefinitionController.getDefinition(IdmIdentityContract.class, definitionCode);
//
return formDefinitionController.saveFormValues(dto, formDefinition, formValues);
}
use of org.springframework.security.access.prepost.PreAuthorize in project CzechIdMng by bcvsolutions.
the class IdmIdentityController method getFormValues.
/**
* Returns filled form values
*
* @param backendId
* @return
*/
@ResponseBody
@RequestMapping(value = "/{backendId}/form-values", method = RequestMethod.GET)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.IDENTITY_READ + "')")
@ApiOperation(value = "Identity form definition - read values", nickname = "getIdentityFormValues", tags = { IdmIdentityController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITY_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITY_READ, description = "") }) })
public Resource<?> getFormValues(@ApiParam(value = "Identity's uuid identifier or username.", required = true) @PathVariable @NotNull String backendId, @ApiParam(value = "Code of form definition (default will be used if no code is given).", required = false, defaultValue = FormService.DEFAULT_DEFINITION_CODE) @RequestParam(name = "definitionCode", required = false) String definitionCode) {
IdmIdentityDto entity = getDto(backendId);
if (entity == null) {
throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
}
//
IdmFormDefinitionDto formDefinition = formDefinitionController.getDefinition(IdmIdentity.class, definitionCode);
//
return formDefinitionController.getFormValues(entity, formDefinition);
}
use of org.springframework.security.access.prepost.PreAuthorize in project CzechIdMng by bcvsolutions.
the class IdmIdentityController method findRevision.
@ResponseBody
@RequestMapping(value = "/{backendId}/revisions/{revId}", method = RequestMethod.GET)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.IDENTITY_READ + "')")
@ApiOperation(value = "Identity audit - read revision detail", nickname = "getIdentityRevision", tags = { IdmIdentityController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITY_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITY_READ, description = "") }) })
public ResponseEntity<?> findRevision(@ApiParam(value = "Identity's uuid identifier or username.", required = true) @PathVariable("backendId") String backendId, @ApiParam(value = "Revision identifier.", required = true) @PathVariable("revId") Long revId) {
IdmIdentityDto originalEntity = getDto(backendId);
if (originalEntity == null) {
throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
}
checkAccess(originalEntity, IdmBasePermission.READ);
//
IdmIdentity revisionIdentity;
try {
revisionIdentity = this.auditService.findRevision(IdmIdentity.class, originalEntity.getId(), revId);
// checkAccess(revisionIdentity, IdmBasePermission.READ);
} catch (RevisionDoesNotExistException ex) {
throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("revision", revId), ex);
}
// TODO: dto
return new ResponseEntity<>(revisionIdentity, HttpStatus.OK);
}
Aggregations