Add Spring Security's authority for adding additional images.

php-coder · php-coder · commit 585e6face204 · 2015-06-24T20:56:45.000+03:00
diff --git a/src/main/java/ru/mystamps/web/service/SeriesServiceImpl.java b/src/main/java/ru/mystamps/web/service/SeriesServiceImpl.java
@@ -125,6 +125,7 @@ public Integer add(AddSeriesDto dto, User user, boolean userCanAddComments) {
 
 	@Override
 	@Transactional
+	@PreAuthorize("hasAuthority('ADD_IMAGES_TO_SERIES')")
 	public void addImageToSeries(AddImageDto dto, Series series) {
 		Validate.isTrue(dto != null, "DTO must be non null");
 		Validate.isTrue(series != null, "DTO must be non null");
diff --git a/src/main/java/ru/mystamps/web/support/spring/security/CustomUserDetailsService.java b/src/main/java/ru/mystamps/web/support/spring/security/CustomUserDetailsService.java
@@ -70,6 +70,7 @@ private static Collection<? extends GrantedAuthority> getAuthorities(User user)
 		List<SimpleGrantedAuthority> authorities = new LinkedList<>();
 		authorities.add(new SimpleGrantedAuthority("CREATE_SERIES"));
 		authorities.add(new SimpleGrantedAuthority("UPDATE_COLLECTION"));
+		authorities.add(new SimpleGrantedAuthority("ADD_IMAGES_TO_SERIES"));
 		
 		if (user.isAdmin()) {
 			authorities.add(new SimpleGrantedAuthority("CREATE_CATEGORY"));
diff --git a/src/main/java/ru/mystamps/web/support/spring/security/SecurityConfig.java b/src/main/java/ru/mystamps/web/support/spring/security/SecurityConfig.java
@@ -68,7 +68,8 @@ protected void configure(HttpSecurity http) throws Exception {
 				.antMatchers(Url.ADD_CATEGORY_PAGE).hasAuthority("CREATE_CATEGORY")
 				.antMatchers(Url.ADD_COUNTRY_PAGE).hasAuthority("CREATE_COUNTRY")
 				.antMatchers(Url.ADD_SERIES_PAGE).hasAuthority("CREATE_SERIES")
-				.regexMatchers(HttpMethod.POST, "/series/[0-9]+").hasAuthority("UPDATE_COLLECTION")
+				.regexMatchers(HttpMethod.POST, "/series/[0-9]+")
+					.hasAnyAuthority("UPDATE_COLLECTION", "ADD_IMAGES_TO_SERIES")
 				.anyRequest().permitAll()
 				.and()
 			.formLogin()
diff --git a/src/main/webapp/WEB-INF/views/series/add.html b/src/main/webapp/WEB-INF/views/series/add.html
@@ -379,7 +379,7 @@ <h3 th:text="#{t_add_series_ucfirst}">
 							</label>
 							<div class="col-sm-7">
 								<input type="file" id="image" class="form-control" style="box-shadow: none; border: 0px;" required="required" accept="image/png,image/jpeg" th:field="*{image}" />
-								<small togglz:active="ADD_ADDITIONAL_IMAGES_TO_SERIES">
+								<small togglz:active="ADD_ADDITIONAL_IMAGES_TO_SERIES" sec:authorize="hasAuthority('ADD_IMAGES_TO_SERIES')">
 									<span class="hint-block" th:text="#{t_add_more_images_hint}">
 										You will be able to add additional images on the series page
 									</span>
diff --git a/src/main/webapp/WEB-INF/views/series/info.html b/src/main/webapp/WEB-INF/views/series/info.html
@@ -56,7 +56,7 @@
 								<img src="../../../../../test/resources/test.png" class="img-responsive series-images" th:src="@{${GET_IMAGE_PAGE}(id=${image.id})}" />
 							</div>
 						</div>
-						<div class="row" togglz:active="ADD_ADDITIONAL_IMAGES_TO_SERIES">
+						<div class="row" togglz:active="ADD_ADDITIONAL_IMAGES_TO_SERIES" sec:authorize="hasAuthority('ADD_IMAGES_TO_SERIES')">
 							<div class="col-sm-6 col-sm-offset-3">
 								<form method="post" class="form-horizontal" enctype="multipart/form-data" th:action="@{${INFO_SERIES_PAGE}(id=${series.id})} + '?' + ${_csrf.parameterName} + '=' + ${_csrf.token}" th:object="${addImageForm}">
 									<div class="form-group" th:classappend="${#fields.hasErrors('image') ? 'has-error' : ''}">
