Revize 317b7363
Přidáno uživatelem Jakub Danek před více než 5 roky(ů)
| server/src/main/java/org/danekja/ymanager/business/UserManager.java | ||
|---|---|---|
| 26 | 26 |
/** |
| 27 | 27 |
* Gets user by id (PK) |
| 28 | 28 |
* |
| 29 |
* @param id id value, used as search key
|
|
| 29 |
* @param userId id value, used as search key
|
|
| 30 | 30 |
* @return found user Object or null |
| 31 | 31 |
*/ |
| 32 |
User getUser(Long id);
|
|
| 32 |
User getUser(Long userId);
|
|
| 33 | 33 |
} |
| server/src/main/java/org/danekja/ymanager/business/auth/AuthExpressions.java | ||
|---|---|---|
| 14 | 14 |
* <li>data owner - employee can edit only his records</li> |
| 15 | 15 |
* </ul> |
| 16 | 16 |
* <p> |
| 17 |
* In this case, the protected method needs to take <b>id</b> parameter which represents the "userId" value and
|
|
| 17 |
* In this case, the protected method needs to take <b>userId</b> parameter which represents the "userId" value and
|
|
| 18 | 18 |
* is compared to principal id. |
| 19 | 19 |
*/ |
| 20 |
public static final String SELF_ONLY_ID_PARAM = "hasAuthority('EMPLOYER') or #id == authentication.principal.id";
|
|
| 20 |
public static final String MASTER_SELF_ID_PARAM = "hasAuthority('EMPLOYER') or #userId == authentication.principal.id";
|
|
| 21 | 21 |
} |
| server/src/main/java/org/danekja/ymanager/business/impl/DefaultUserManager.java | ||
|---|---|---|
| 42 | 42 |
} |
| 43 | 43 |
|
| 44 | 44 |
@Override |
| 45 |
@PreAuthorize(AuthExpressions.SELF_ONLY_ID_PARAM)
|
|
| 46 |
public User getUser(Long id) {
|
|
| 47 |
return userRepository.getUser(id);
|
|
| 45 |
@PreAuthorize(AuthExpressions.MASTER_SELF_ID_PARAM)
|
|
| 46 |
public User getUser(Long userId) {
|
|
| 47 |
return userRepository.getUser(userId);
|
|
| 48 | 48 |
} |
| 49 | 49 |
|
| 50 | 50 |
@Override |
Také k dispozici: Unified diff
re #37 naming improvements