From eeaff918ae9b8285f37a5fddc58d30b7544d34e0 Mon Sep 17 00:00:00 2001 From: Pekka Helenius Date: Sat, 3 Oct 2020 16:10:52 +0300 Subject: [PATCH] Edit book form: add authority check Signed-off-by: Pekka Helenius --- .../com/fjordtek/bookstore/web/BookController.java | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/bookstore/src/main/java/com/fjordtek/bookstore/web/BookController.java b/bookstore/src/main/java/com/fjordtek/bookstore/web/BookController.java index d207808..662f092 100644 --- a/bookstore/src/main/java/com/fjordtek/bookstore/web/BookController.java +++ b/bookstore/src/main/java/com/fjordtek/bookstore/web/BookController.java @@ -14,6 +14,7 @@ import javax.validation.Valid; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.core.Authentication; import org.springframework.stereotype.Controller; import org.springframework.transaction.annotation.Transactional; import org.springframework.ui.Model; @@ -294,9 +295,12 @@ public class BookController { BindingResult bindingResultBook, @ModelAttribute ("hash_id") String bookHashId, HttpServletRequest requestData, - HttpServletResponse responseData + HttpServletResponse responseData, + Authentication authData ) { + String authorities = authData.getAuthorities().toString(); + BookHash bookHash = bookHashRepository.findByHashId(bookHashId); if (bookHash == null) { @@ -353,10 +357,10 @@ public class BookController { //authorRepository.save(book.getAuthor()); bookAuthorHelper.detectAndSaveUpdateAuthorForBook(book); - if (book.getPrice() == null) { - bookRepository.updateWithoutPriceAndWithoutPublish(book); - } else { + if (authorities.contains("MARKETING") ) { bookRepository.save(book); + } else { + bookRepository.updateWithoutPriceAndWithoutPublish(book); } httpServerLogger.log(requestData, responseData);