Browse Source

Simplify access control annotations, based on Spring docs

Ref: https://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/el-access.html
Signed-off-by: Pekka Helenius <fincer89@hotmail.com>
v0.0.3-alpha
Pekka Helenius 4 years ago
parent
commit
a176f7b1b3
2 changed files with 5 additions and 5 deletions
  1. +2
    -2
      bookstore/src/main/java/com/fjordtek/bookstore/web/BookController.java
  2. +3
    -3
      bookstore/src/main/resources/templates/booklist.html

+ 2
- 2
bookstore/src/main/java/com/fjordtek/bookstore/web/BookController.java View File

@ -249,7 +249,7 @@ public class BookController {
//////////////////////////////
// UPDATE BOOK
@PreAuthorize("hasAuthority('MARKETING') or hasAuthority('HELPDESK')")
@PreAuthorize("hasAnyAuthority('MARKETING', 'HELPDESK')")
@RequestMapping(
value = bookEditPageView + "/{hash_id}",
method = RequestMethod.GET
@ -284,7 +284,7 @@ public class BookController {
* Internally, we never use URL id as a reference for user modifications,
* but just as an URL end point.
*/
@PreAuthorize("hasAuthority('MARKETING') or hasAuthority('HELPDESK')")
@PreAuthorize("hasAnyAuthority('MARKETING', 'HELPDESK')")
@RequestMapping(
value = bookEditPageView + "/{hash_id}",
method = RequestMethod.POST


+ 3
- 3
bookstore/src/main/resources/templates/booklist.html View File

@ -89,12 +89,12 @@ Idea of the following syntax used in this and other HTML document:
<th
th:text="${#messages.msgOrNull('page.text.list.actions')} ?: 'page.text.list.actions'"
th:if="${#authorization.expression('hasAuthority(''MARKETING'') or hasAuthority(''HELPDESK'')')}"
th:if="${#authorization.expression('hasAnyAuthority(''MARKETING'', ''HELPDESK'')')}"
>
page.text.list.actions
</th>
<th th:unless="${#authorization.expression('hasAuthority(''MARKETING'') or hasAuthority(''HELPDESK'')')}">
<th th:unless="${#authorization.expression('hasAnyAuthority(''MARKETING'', ''HELPDESK'')')}">
</th>
<th></th>
@ -178,7 +178,7 @@ Idea of the following syntax used in this and other HTML document:
</td>
<td>
<a class="btn btn-warning" sec:authorize="hasAuthority('MARKETING') or hasAuthority('HELPDESK')"
<a class="btn btn-warning" sec:authorize="hasAnyAuthority('MARKETING', 'HELPDESK')"
th:href="@{__${editpage}__/{hash_id}(hash_id=${book.bookHash.hashId})}"
th:text="${#messages.msgOrNull('page.text.list.edit')} ?: 'page.text.list.edit'">
page.text.list.edit


Loading…
Cancel
Save