Browse Source

Use logical Spring component BookAuth to retrieve Authorities;

un-hardcode rest MARKETING authority names
Signed-off-by: Pekka Helenius <fincer89@hotmail.com>
v0.0.3-alpha
Pekka Helenius 4 years ago
parent
commit
249ff1f052
1 changed files with 8 additions and 8 deletions
  1. +8
    -8
      bookstore/src/main/java/com/fjordtek/bookstore/web/BookController.java

+ 8
- 8
bookstore/src/main/java/com/fjordtek/bookstore/web/BookController.java View File

@ -160,7 +160,7 @@ public class BookController {
////////////////////////////// //////////////////////////////
// ADD BOOK // ADD BOOK
@PreAuthorize("hasAuthority('MARKETING')")
@PreAuthorize("hasAuthority(@BookAuth.SALES)")
@RequestMapping( @RequestMapping(
value = "${page.url.add}", value = "${page.url.add}",
method = { RequestMethod.GET, RequestMethod.PUT } method = { RequestMethod.GET, RequestMethod.PUT }
@ -180,7 +180,7 @@ public class BookController {
return env.getProperty("page.url.add"); return env.getProperty("page.url.add");
} }
@PreAuthorize("hasAuthority('MARKETING')")
@PreAuthorize("hasAuthority(@BookAuth.SALES)")
@RequestMapping( @RequestMapping(
value = "${page.url.add}", value = "${page.url.add}",
method = RequestMethod.POST method = RequestMethod.POST
@ -233,7 +233,7 @@ public class BookController {
// DELETE BOOK // DELETE BOOK
@Transactional @Transactional
@PreAuthorize("hasAuthority('ADMIN')")
@PreAuthorize("hasAuthority(@BookAuth.ADMIN)")
@RequestMapping( @RequestMapping(
value = "${page.url.delete}" + "/{hash_id}", value = "${page.url.delete}" + "/{hash_id}",
method = RequestMethod.GET method = RequestMethod.GET
@ -266,7 +266,7 @@ public class BookController {
////////////////////////////// //////////////////////////////
// UPDATE BOOK // UPDATE BOOK
@PreAuthorize("hasAnyAuthority('MARKETING', 'HELPDESK')")
@PreAuthorize("hasAnyAuthority(@BookAuth.SALES, @BookAuth.HELPDESK)")
@RequestMapping( @RequestMapping(
value = "${page.url.edit}" + "/{hash_id}", value = "${page.url.edit}" + "/{hash_id}",
method = RequestMethod.GET method = RequestMethod.GET
@ -291,7 +291,7 @@ public class BookController {
* Prevent other than MARKETING users to access hidden book * Prevent other than MARKETING users to access hidden book
* data even if they knew hash id. * data even if they knew hash id.
*/ */
if (!book.getPublish() && !authorities.contains("MARKETING") ) {
if (!book.getPublish() && !authorities.contains(env.getProperty("auth.authority.sales")) ) {
//responseData.setStatus(HttpServletResponse.SC_BAD_REQUEST); //responseData.setStatus(HttpServletResponse.SC_BAD_REQUEST);
return "redirect:" + env.getProperty("page.url.list"); return "redirect:" + env.getProperty("page.url.list");
} }
@ -313,7 +313,7 @@ public class BookController {
* Internally, we never use URL id as a reference for user modifications, * Internally, we never use URL id as a reference for user modifications,
* but just as an URL end point. * but just as an URL end point.
*/ */
@PreAuthorize("hasAnyAuthority('MARKETING', 'HELPDESK')")
@PreAuthorize("hasAnyAuthority(@BookAuth.SALES, @BookAuth.HELPDESK)")
@RequestMapping( @RequestMapping(
value = "${page.url.edit}" + "/{hash_id}", value = "${page.url.edit}" + "/{hash_id}",
method = RequestMethod.POST method = RequestMethod.POST
@ -382,7 +382,7 @@ public class BookController {
* Prevent other than MARKETING users to access hidden book * Prevent other than MARKETING users to access hidden book
* data even if they knew hash id. * data even if they knew hash id.
*/ */
if (!book.getPublish() && !authorities.contains("MARKETING") ) {
if (!book.getPublish() && !authorities.contains(env.getProperty("auth.authority.sales")) ) {
//responseData.setStatus(HttpServletResponse.SC_BAD_REQUEST); //responseData.setStatus(HttpServletResponse.SC_BAD_REQUEST);
return "redirect:" + env.getProperty("page.url.list"); return "redirect:" + env.getProperty("page.url.list");
} }
@ -394,7 +394,7 @@ public class BookController {
//authorRepository.save(book.getAuthor()); //authorRepository.save(book.getAuthor());
bookAuthorHelper.detectAndSaveUpdateAuthorForBook(book); bookAuthorHelper.detectAndSaveUpdateAuthorForBook(book);
if (authorities.contains("MARKETING") ) {
if (authorities.contains(env.getProperty("auth.authority.sales")) ) {
bookRepository.save(book); bookRepository.save(book);
} else { } else {
bookRepository.updateWithoutPriceAndWithoutPublish(book); bookRepository.updateWithoutPriceAndWithoutPublish(book);


Loading…
Cancel
Save