dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #17791
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 7217: added @PreAuthorize to CUD part of AbstractCrudController
------------------------------------------------------------
revno: 7217
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Wed 2012-06-06 14:48:05 +0200
message:
added @PreAuthorize to CUD part of AbstractCrudController
modified:
dhis-2/dhis-dxf2/src/main/java/org/hisp/dhis/dxf2/utils/JacksonUtils.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-dxf2/src/main/java/org/hisp/dhis/dxf2/utils/JacksonUtils.java'
--- dhis-2/dhis-dxf2/src/main/java/org/hisp/dhis/dxf2/utils/JacksonUtils.java 2012-06-06 12:25:46 +0000
+++ dhis-2/dhis-dxf2/src/main/java/org/hisp/dhis/dxf2/utils/JacksonUtils.java 2012-06-06 12:48:05 +0000
@@ -80,7 +80,6 @@
jsonMapper.getJsonFactory().enable( JsonGenerator.Feature.QUOTE_FIELD_NAMES );
xmlMapper.configure( ToXmlGenerator.Feature.WRITE_XML_DECLARATION, true );
-
// register view classes
viewClasses.put( "default", BasicView.class );
viewClasses.put( "basic", BasicView.class );
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java 2012-06-04 20:01:15 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java 2012-06-06 12:48:05 +0000
@@ -35,6 +35,7 @@
import org.hisp.dhis.system.util.ReflectionUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.ui.Model;
import org.springframework.util.StringUtils;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -108,12 +109,14 @@
//--------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, consumes = { "application/xml", "text/xml" } )
+ @PreAuthorize( "hasRole('ALL')" )
public void postXmlObject( HttpServletResponse response, HttpServletRequest request, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() );
}
@RequestMapping( method = RequestMethod.POST, consumes = "application/json" )
+ @PreAuthorize( "hasRole('ALL')" )
public void postJsonObject( HttpServletResponse response, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() );
@@ -125,6 +128,7 @@
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, consumes = { "application/xml", "text/xml" } )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
+ @PreAuthorize( "hasRole('ALL')" )
public void putXmlObject( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.PUT.toString() );
@@ -132,6 +136,7 @@
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, consumes = "application/json" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
+ @PreAuthorize( "hasRole('ALL')" )
public void putJsonObject( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.PUT.toString() );
@@ -143,6 +148,7 @@
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
+ @PreAuthorize( "hasRole('ALL')" )
public void deleteObject( @PathVariable( "uid" ) String uid ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.DELETE.toString() );
