dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #27364
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 13613: secure create, update, delete parts of apps web-api with ALL or M_dhis-web-maintenance-appmanager
------------------------------------------------------------
revno: 13613
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Tue 2014-01-07 14:11:40 +0100
message:
secure create, update, delete parts of apps web-api with ALL or M_dhis-web-maintenance-appmanager
modified:
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AppController.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AppController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AppController.java 2014-01-07 12:49:31 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AppController.java 2014-01-07 13:11:40 +0000
@@ -40,6 +40,7 @@
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.util.StreamUtils;
@@ -83,6 +84,7 @@
@RequestMapping( value = RESOURCE_PATH, method = RequestMethod.POST )
@ResponseStatus( HttpStatus.NO_CONTENT )
+ @PreAuthorize( "hasRole('ALL') or hasRole('M_dhis-web-maintenance-appmanager')" )
public void installApp( @RequestParam( "file" ) MultipartFile file, HttpServletRequest request ) throws IOException
{
File tempFile = File.createTempFile( "IMPORT_", "_ZIP" );
@@ -97,12 +99,14 @@
@RequestMapping( value = RESOURCE_PATH, method = RequestMethod.PUT )
@ResponseStatus( HttpStatus.NO_CONTENT )
+ @PreAuthorize( "hasRole('ALL') or hasRole('M_dhis-web-maintenance-appmanager')" )
public void reloadApps()
{
appManager.reloadApps();
}
@RequestMapping( value = "/apps/{app}/**", method = RequestMethod.GET )
+ @PreAuthorize( "hasRole('ALL') or hasRole('M_dhis-web-maintenance-appmanager')" )
public void renderApp( @PathVariable( "app" ) String app, HttpServletRequest request, HttpServletResponse response ) throws IOException, NotFoundException
{
Iterable<Resource> locations = Lists.newArrayList(
@@ -143,6 +147,7 @@
}
@RequestMapping( value = "/apps/{app}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('M_dhis-web-maintenance-appmanager')" )
public void deleteApp( @PathVariable( "app" ) String app, HttpServletRequest request, HttpServletResponse response ) throws NotFoundException
{
if ( !appManager.exists( app ) )