From 77c541105f656ef6d4f593f3408427012361fd72 Mon Sep 17 00:00:00 2001 From: Jozef Daxner Date: Thu, 24 Feb 2022 12:55:34 +0100 Subject: [PATCH] [NAE-1581] Public view create case permission check - implement check for permissions to create case from process in public view --- .../workflow/web/PublicWorkflowController.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/main/java/com/netgrif/application/engine/workflow/web/PublicWorkflowController.java b/src/main/java/com/netgrif/application/engine/workflow/web/PublicWorkflowController.java index 77897e3092e..9c045bae517 100644 --- a/src/main/java/com/netgrif/application/engine/workflow/web/PublicWorkflowController.java +++ b/src/main/java/com/netgrif/application/engine/workflow/web/PublicWorkflowController.java @@ -8,17 +8,16 @@ import com.netgrif.application.engine.workflow.domain.eventoutcomes.response.EventOutcomeWithMessageResource; import com.netgrif.application.engine.workflow.service.interfaces.IWorkflowService; import com.netgrif.application.engine.workflow.web.requestbodies.CreateCaseBody; -import com.netgrif.application.engine.workflow.web.responsebodies.CaseResource; -import com.netgrif.application.engine.workflow.web.responsebodies.DataFieldsResource; import io.swagger.annotations.ApiOperation; import lombok.extern.slf4j.Slf4j; import org.springframework.hateoas.EntityModel; import org.springframework.hateoas.MediaTypes; -import org.springframework.web.bind.annotation.*; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; -import java.io.UnsupportedEncodingException; -import java.net.URLDecoder; -import java.nio.charset.StandardCharsets; import java.util.Locale; @RestController @@ -35,6 +34,7 @@ public PublicWorkflowController(IWorkflowService workflowService, IUserService u this.workflowService = workflowService; } + @PreAuthorize("@workflowAuthorizationService.canCallCreate(@userService.getAnonymousLogged(), #body.netId)") @PostMapping(value = "/case", consumes = "application/json;charset=UTF-8", produces = MediaTypes.HAL_JSON_VALUE) @ApiOperation(value = "Create new case") public EntityModel createCase(@RequestBody CreateCaseBody body, Locale locale) {