Marmelator/persistence-service
1
0
Fork 0
Code Issues Pull Requests 17 Actions Packages Projects Releases 1.1k Wiki Activity

Merge branch 'RED-5369' into 'master'

Browse Source 
RED-5369: View dossier & access permissions are not working for dossier attributes controller

Closes RED-5369

See merge request redactmanager/persistence-service!314
This commit is contained in:
Maverick Studer 2024-01-18 13:51:49 +01:00
commit 5d13696cec
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
persistence-service-v1/persistence-service-external-api-impl-v1/src/main/java/com/iqser/red/persistence/service/v1/external/api/impl/controller/DossierAttributesController.java vendored
View File

@ -115,7 +115,7 @@ public class DossierAttributesController implements DossierAttributesResource {
}
@PreAuthorize("hasAuthority('" + WRITE_FILE_ATTRIBUTES + "')")
@PreAuthorize("hasAuthority('" + WRITE_FILE_ATTRIBUTES + "') && hasPermission(#dossierId, 'Dossier', 'ACCESS_OBJECT')")
public DossierAttributes setDossierAttributes(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody DossierAttributes dossierAttributes) {
accessControlService.verifyUserIsDossierOwner(dossierId);
@ -131,7 +131,7 @@ public class DossierAttributesController implements DossierAttributesResource {
}
@PreAuthorize("hasAuthority('" + WRITE_DOSSIER_ATTRIBUTES + "')")
@PreAuthorize("hasAuthority('" + WRITE_DOSSIER_ATTRIBUTES + "') && hasPermission(#dossierId, 'Dossier', 'ACCESS_OBJECT')")
public DossierAttributes addOrUpdateDossierAttribute(String dossierId, DossierAttribute dossierAttribute) {
accessControlService.verifyUserIsDossierOwner(dossierId);
@ -146,7 +146,7 @@ public class DossierAttributesController implements DossierAttributesResource {
}
@PreAuthorize("hasAuthority('" + READ_DOSSIER_ATTRIBUTES + "')")
@PreAuthorize("hasAuthority('" + READ_DOSSIER_ATTRIBUTES + "') && hasPermission(#dossierId, 'Dossier', 'VIEW_OBJECT')")
public DossierAttributes getDossierAttributes(String dossierId) {
var result = dossierAttributesManagementService.getDossierAttributes(dossierId);
@ -161,7 +161,7 @@ public class DossierAttributesController implements DossierAttributesResource {
}
@PreAuthorize("hasAuthority('" + WRITE_DOSSIER_ATTRIBUTES + "')")
@PreAuthorize("hasAuthority('" + WRITE_DOSSIER_ATTRIBUTES + "') && hasPermission(#dossierId, 'Dossier', 'ACCESS_OBJECT')")
public void deleteDossierAttribute(String dossierId, String dossierAttributeId) {
accessControlService.verifyUserIsDossierOwner(dossierId);