RED-10224: Editing entities - Access is denied but updates value anyway
This commit is contained in:
parent
c8e8ebea8b
commit
6defb9be56
@ -189,8 +189,6 @@ public class DictionaryService {
|
|||||||
@PreAuthorize("hasAuthority('" + ADD_UPDATE_DOSSIER_DICTIONARY_TYPE + "')")
|
@PreAuthorize("hasAuthority('" + ADD_UPDATE_DOSSIER_DICTIONARY_TYPE + "')")
|
||||||
public void updateDossierType(String type, String dossierTemplateId, UpdateTypeValue typeValue, String dossierId, TypeEntity typeEntity) {
|
public void updateDossierType(String type, String dossierTemplateId, UpdateTypeValue typeValue, String dossierId, TypeEntity typeEntity) {
|
||||||
|
|
||||||
accessControlService.verifyUserIsDossierOwner(dossierId);
|
|
||||||
|
|
||||||
if (typeEntity.isDossierDictionaryOnly()) {
|
if (typeEntity.isDossierDictionaryOnly()) {
|
||||||
dictionaryManagementService.updateTypeValue(toTypeId(type, dossierTemplateId, dossierId),
|
dictionaryManagementService.updateTypeValue(toTypeId(type, dossierTemplateId, dossierId),
|
||||||
Type.builder()
|
Type.builder()
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user