Marmelator/persistence-service
1
0
Fork 0
Code Issues Pull Requests 17 Actions Packages Projects Releases 1.1k Wiki Activity

RED-5369: View dossier & access permissions are not working for dossier attributes controller #314

Merged
maverick.studer merged 1 commits from RED-5369 into master 2024-01-18 13:51:49 +01:00
Conversation 5 Commits 1 Files Changed 1 +4 -4
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
persistence-service-v1/persistence-service-external-api-impl-v1/src/main/java/com/iqser/red/persistence/service/v1/external/api/impl/controller/DossierAttributesController.java vendored
View File

@ -115,7 +115,7 @@ public class DossierAttributesController implements DossierAttributesResource {
}
@PreAuthorize("hasAuthority('" + WRITE_FILE_ATTRIBUTES + "')")
@PreAuthorize("hasAuthority('" + WRITE_FILE_ATTRIBUTES + "') && hasPermission(#dossierId, 'Dossier', 'ACCESS_OBJECT')")
public DossierAttributes setDossierAttributes(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody DossierAttributes dossierAttributes) {
accessControlService.verifyUserIsDossierOwner(dossierId);
@ -131,7 +131,7 @@ public class DossierAttributesController implements DossierAttributesResource {
}
@PreAuthorize("hasAuthority('" + WRITE_DOSSIER_ATTRIBUTES + "')")
@PreAuthorize("hasAuthority('" + WRITE_DOSSIER_ATTRIBUTES + "') && hasPermission(#dossierId, 'Dossier', 'ACCESS_OBJECT')")
public DossierAttributes addOrUpdateDossierAttribute(String dossierId, DossierAttribute dossierAttribute) {
accessControlService.verifyUserIsDossierOwner(dossierId);
@ -146,7 +146,7 @@ public class DossierAttributesController implements DossierAttributesResource {
}
@PreAuthorize("hasAuthority('" + READ_DOSSIER_ATTRIBUTES + "')")
@PreAuthorize("hasAuthority('" + READ_DOSSIER_ATTRIBUTES + "') && hasPermission(#dossierId, 'Dossier', 'VIEW_OBJECT')")
public DossierAttributes getDossierAttributes(String dossierId) {
var result = dossierAttributesManagementService.getDossierAttributes(dossierId);
@ -161,7 +161,7 @@ public class DossierAttributesController implements DossierAttributesResource {
}
@PreAuthorize("hasAuthority('" + WRITE_DOSSIER_ATTRIBUTES + "')")
@PreAuthorize("hasAuthority('" + WRITE_DOSSIER_ATTRIBUTES + "') && hasPermission(#dossierId, 'Dossier', 'ACCESS_OBJECT')")
public void deleteDossierAttribute(String dossierId, String dossierAttributeId) {
accessControlService.verifyUserIsDossierOwner(dossierId);