Browse Source

Edit book form: add authority check

Signed-off-by: Pekka Helenius <fincer89@hotmail.com>
v0.0.3-alpha
Pekka Helenius 4 years ago
parent
commit
eeaff918ae
1 changed files with 8 additions and 4 deletions
  1. +8
    -4
      bookstore/src/main/java/com/fjordtek/bookstore/web/BookController.java

+ 8
- 4
bookstore/src/main/java/com/fjordtek/bookstore/web/BookController.java View File

@ -14,6 +14,7 @@ import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Transactional; import org.springframework.transaction.annotation.Transactional;
import org.springframework.ui.Model; import org.springframework.ui.Model;
@ -294,9 +295,12 @@ public class BookController {
BindingResult bindingResultBook, BindingResult bindingResultBook,
@ModelAttribute ("hash_id") String bookHashId, @ModelAttribute ("hash_id") String bookHashId,
HttpServletRequest requestData, HttpServletRequest requestData,
HttpServletResponse responseData
HttpServletResponse responseData,
Authentication authData
) { ) {
String authorities = authData.getAuthorities().toString();
BookHash bookHash = bookHashRepository.findByHashId(bookHashId); BookHash bookHash = bookHashRepository.findByHashId(bookHashId);
if (bookHash == null) { if (bookHash == null) {
@ -353,10 +357,10 @@ public class BookController {
//authorRepository.save(book.getAuthor()); //authorRepository.save(book.getAuthor());
bookAuthorHelper.detectAndSaveUpdateAuthorForBook(book); bookAuthorHelper.detectAndSaveUpdateAuthorForBook(book);
if (book.getPrice() == null) {
bookRepository.updateWithoutPriceAndWithoutPublish(book);
} else {
if (authorities.contains("MARKETING") ) {
bookRepository.save(book); bookRepository.save(book);
} else {
bookRepository.updateWithoutPriceAndWithoutPublish(book);
} }
httpServerLogger.log(requestData, responseData); httpServerLogger.log(requestData, responseData);


Loading…
Cancel
Save