Fincer
/
java-bookstore
mirror of https://github.com/Fincer/java-bookstore
1
0
Fork 0
Code Issues 0 Releases 4 Wiki Activity
Browse Source

Simplify access control annotations, based on Spring docs 

Ref: https://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/el-access.html
Signed-off-by: Pekka Helenius <fincer89@hotmail.com>
v0.0.3-alpha
Pekka Helenius 4 years ago
parent
1c91b1de3e
commit
a176f7b1b3
2 changed files with 5 additions and 5 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -2
      bookstore/src/main/java/com/fjordtek/bookstore/web/BookController.java
  2. +3
    -3
      bookstore/src/main/resources/templates/booklist.html

+ 2
- 2
bookstore/src/main/java/com/fjordtek/bookstore/web/BookController.java View File

@ -249,7 +249,7 @@ public class BookController {
////////////////////////////// //////////////////////////////
// UPDATE BOOK // UPDATE BOOK
@PreAuthorize("hasAuthority('MARKETING') or hasAuthority('HELPDESK')")
@PreAuthorize("hasAnyAuthority('MARKETING', 'HELPDESK')")
@RequestMapping( @RequestMapping(
value = bookEditPageView + "/{hash_id}", value = bookEditPageView + "/{hash_id}",
method = RequestMethod.GET method = RequestMethod.GET
@ -284,7 +284,7 @@ public class BookController {
* Internally, we never use URL id as a reference for user modifications, * Internally, we never use URL id as a reference for user modifications,
* but just as an URL end point. * but just as an URL end point.
*/ */
@PreAuthorize("hasAuthority('MARKETING') or hasAuthority('HELPDESK')")
@PreAuthorize("hasAnyAuthority('MARKETING', 'HELPDESK')")
@RequestMapping( @RequestMapping(
value = bookEditPageView + "/{hash_id}", value = bookEditPageView + "/{hash_id}",
method = RequestMethod.POST method = RequestMethod.POST


+ 3
- 3
bookstore/src/main/resources/templates/booklist.html View File

@ -89,12 +89,12 @@ Idea of the following syntax used in this and other HTML document:
<th <th
th:text="${#messages.msgOrNull('page.text.list.actions')} ?: 'page.text.list.actions'" th:text="${#messages.msgOrNull('page.text.list.actions')} ?: 'page.text.list.actions'"
th:if="${#authorization.expression('hasAuthority(''MARKETING'') or hasAuthority(''HELPDESK'')')}"
th:if="${#authorization.expression('hasAnyAuthority(''MARKETING'', ''HELPDESK'')')}"
> >
page.text.list.actions page.text.list.actions
</th> </th>
<th th:unless="${#authorization.expression('hasAuthority(''MARKETING'') or hasAuthority(''HELPDESK'')')}">
<th th:unless="${#authorization.expression('hasAnyAuthority(''MARKETING'', ''HELPDESK'')')}">
</th> </th>
<th></th> <th></th>
@ -178,7 +178,7 @@ Idea of the following syntax used in this and other HTML document:
</td> </td>
<td> <td>
<a class="btn btn-warning" sec:authorize="hasAuthority('MARKETING') or hasAuthority('HELPDESK')"
<a class="btn btn-warning" sec:authorize="hasAnyAuthority('MARKETING', 'HELPDESK')"
th:href="@{__${editpage}__/{hash_id}(hash_id=${book.bookHash.hashId})}" th:href="@{__${editpage}__/{hash_id}(hash_id=${book.bookHash.hashId})}"
th:text="${#messages.msgOrNull('page.text.list.edit')} ?: 'page.text.list.edit'"> th:text="${#messages.msgOrNull('page.text.list.edit')} ?: 'page.text.list.edit'">
page.text.list.edit page.text.list.edit


Write Preview
Loading…
Cancel
Save