dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 21512: Auth

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Tue, 22 Dec 2015 12:50:39 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 21512
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Tue 2015-12-22 13:49:00 +0100
message:
  Auth
modified:
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AppStoreController.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AppStoreController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AppStoreController.java	2015-12-22 12:43:17 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AppStoreController.java	2015-12-22 12:49:00 +0000
@@ -43,6 +43,7 @@
 import org.hisp.dhis.appstore.AppStoreManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
 
 /**
  * @author Lars Helge Overland
@@ -65,6 +66,7 @@
     
     @ResponseStatus( value = HttpStatus.OK )
     @RequestMapping( value = "/{versionId}", method = RequestMethod.POST )
+    @PreAuthorize( "hasRole('ALL') or hasRole('M_dhis-web-maintenance-appmanager')" )
     public void installAppFromAppStore( @PathVariable String versionId )
     {
         appStoreManager.installAppFromAppStore( versionId );