From a176f7b1b3a6e61e40fbb7bec8a33f97ba68a4eb Mon Sep 17 00:00:00 2001
From: Pekka Helenius <fincer89@hotmail.com>
Date: Sat, 3 Oct 2020 03:55:06 +0300
Subject: [PATCH] Simplify access control annotations, based on Spring docs

Ref: https://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/el-access.html

Signed-off-by: Pekka Helenius <fincer89@hotmail.com>
---
 .../java/com/fjordtek/bookstore/web/BookController.java     | 4 ++--
 bookstore/src/main/resources/templates/booklist.html        | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/bookstore/src/main/java/com/fjordtek/bookstore/web/BookController.java b/bookstore/src/main/java/com/fjordtek/bookstore/web/BookController.java
index ff1d6a4..22eae35 100644
--- a/bookstore/src/main/java/com/fjordtek/bookstore/web/BookController.java
+++ b/bookstore/src/main/java/com/fjordtek/bookstore/web/BookController.java
@@ -249,7 +249,7 @@ public class BookController {
 	//////////////////////////////
 	// UPDATE BOOK
 
-	@PreAuthorize("hasAuthority('MARKETING') or hasAuthority('HELPDESK')")
+	@PreAuthorize("hasAnyAuthority('MARKETING', 'HELPDESK')")
 	@RequestMapping(
 			value    = bookEditPageView + "/{hash_id}",
 			method   = RequestMethod.GET
@@ -284,7 +284,7 @@ public class BookController {
 	 * Internally, we never use URL id as a reference for user modifications,
 	 * but just as an URL end point.
 	*/
-	@PreAuthorize("hasAuthority('MARKETING') or hasAuthority('HELPDESK')")
+	@PreAuthorize("hasAnyAuthority('MARKETING', 'HELPDESK')")
 	@RequestMapping(
 			value    = bookEditPageView + "/{hash_id}",
 			method   = RequestMethod.POST
diff --git a/bookstore/src/main/resources/templates/booklist.html b/bookstore/src/main/resources/templates/booklist.html
index 57d8884..de092b9 100644
--- a/bookstore/src/main/resources/templates/booklist.html
+++ b/bookstore/src/main/resources/templates/booklist.html
@@ -89,12 +89,12 @@ Idea of the following syntax used in this and other HTML document:
 
 				<th
 				th:text="${#messages.msgOrNull('page.text.list.actions')} ?: 'page.text.list.actions'"
-				th:if="${#authorization.expression('hasAuthority(''MARKETING'') or hasAuthority(''HELPDESK'')')}"
+				th:if="${#authorization.expression('hasAnyAuthority(''MARKETING'', ''HELPDESK'')')}"
 				>
 				page.text.list.actions
 				</th>
 				
-				<th th:unless="${#authorization.expression('hasAuthority(''MARKETING'') or hasAuthority(''HELPDESK'')')}">
+				<th th:unless="${#authorization.expression('hasAnyAuthority(''MARKETING'', ''HELPDESK'')')}">
 				</th>
 
 				<th></th>
@@ -178,7 +178,7 @@ Idea of the following syntax used in this and other HTML document:
 				</td>
 
 				<td>
-					<a class="btn btn-warning" sec:authorize="hasAuthority('MARKETING') or hasAuthority('HELPDESK')"
+					<a class="btn btn-warning" sec:authorize="hasAnyAuthority('MARKETING', 'HELPDESK')"
 					th:href="@{__${editpage}__/{hash_id}(hash_id=${book.bookHash.hashId})}"
 					th:text="${#messages.msgOrNull('page.text.list.edit')} ?: 'page.text.list.edit'">
 					page.text.list.edit