Revize 97f0fa4e
Přidáno uživatelem Jakub Danek před více než 5 roky(ů)
| server/src/main/java/org/danekja/ymanager/business/ApiManager.java | ||
|---|---|---|
| 207 | 207 |
} |
| 208 | 208 | |
| 209 | 209 |
@Override |
| 210 |
@PreAuthorize(AuthExpressions.MASTER_SELF_ID_PARAM) |
|
| 210 | 211 |
public void changeVacation(Long userId, VacationDay vacationDay) throws RESTFullException {
|
| 211 | 212 |
try {
|
| 212 | 213 |
Optional<Vacation> vacation = vacationRepository.getVacationDay(vacationDay.getId()); |
| server/src/main/java/org/danekja/ymanager/ws/rest/ApiController.java | ||
|---|---|---|
| 139 | 139 |
@RequestMapping(value = "/user/calendar/edit", method=PUT) |
| 140 | 140 |
public ResponseEntity userCalendarEdit( |
| 141 | 141 |
@RequestParam(value = "lang", required = false) String lang, |
| 142 |
@RequestBody VacationDay vacationDay) |
|
| 142 |
@RequestBody VacationDay vacationDay, |
|
| 143 |
Authentication auth) |
|
| 143 | 144 |
{
|
| 145 |
//TODO make api endpoint contain userId in path as part of #39, also drop the edit part of path |
|
| 146 |
//TODO drop the auth parameter afterwards |
|
| 144 | 147 |
return handle(Language.getLanguage(lang), () -> |
| 145 |
manager.changeVacation(getUserId("me"), vacationDay)
|
|
| 148 |
manager.changeVacation(((User) auth.getPrincipal()).getId(), vacationDay)
|
|
| 146 | 149 |
); |
| 147 | 150 |
} |
| 148 | 151 | |
Také k dispozici: Unified diff
re #37 protect "edit vacation request" process