Commit 27a44382 authored by Piotr Gawron's avatar Piotr Gawron
Browse files

privilege management moved to controller

parent 73d2ad5d
......@@ -168,16 +168,30 @@ public class ProjectController extends BaseController {
public void grantPrivileges(
@RequestBody List<PrivilegeDTO> privileges,
@PathVariable(value = "projectId") String projectId) throws IOException, QueryException {
projectController.grantPrivilegesProject(projectId, privileges);
getProject(projectId);
for (PrivilegeDTO m : privileges) {
User user = userService.getUserByLogin(m.login);
if (user == null) {
throw new ObjectNotFoundException("User does not exist");
}
userService.grantUserPrivilege(user, m.privilegeType, projectId);
}
}
@PreAuthorize("hasAuthority('IS_ADMIN') "
+ "or (hasAuthority('IS_CURATOR') and hasAuthority('WRITE_PROJECT:' + #projectId))")
@PatchMapping(value = "/{projectId:.+}:revokePrivileges")
public Map<String, Object> revokePrivileges(
public void revokePrivileges(
@RequestBody List<PrivilegeDTO> privileges,
@PathVariable(value = "projectId") String projectId) throws IOException, QueryException {
return projectController.revokePrivilegesProject(projectId, privileges);
getProject(projectId);
for (PrivilegeDTO m : privileges) {
User user = userService.getUserByLogin(m.login);
if (user == null) {
throw new ObjectNotFoundException("User does not exist");
}
userService.revokeUserPrivilege(user, m.privilegeType, projectId);
}
}
@PreAuthorize("hasAnyAuthority('IS_ADMIN', 'IS_CURATOR')")
......
......@@ -479,29 +479,6 @@ public class ProjectRestImpl extends BaseRestImpl {
return result;
}
public void grantPrivilegesProject(String projectId, List<PrivilegeDTO> privileges) throws QueryException {
getProjectByProjectId(projectId);
for (PrivilegeDTO m : privileges) {
User user = userService.getUserByLogin(m.login);
if (user == null) {
throw new ObjectNotFoundException("User does not exist");
}
userService.grantUserPrivilege(user, m.privilegeType, projectId);
}
}
public Map<String, Object> revokePrivilegesProject(String projectId, List<PrivilegeDTO> privileges) throws QueryException {
getProjectByProjectId(projectId);
for (PrivilegeDTO m : privileges) {
User user = userService.getUserByLogin(m.login);
if (user == null) {
throw new ObjectNotFoundException("User does not exist");
}
userService.revokeUserPrivilege(user, m.privilegeType, projectId);
}
return null;
}
private enum LogSortColumn {
ID("id"),
LEVEL("level"),
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment