tagData
parameter.
- */
- public ListtagData
parameter.
- */
- public Listtrue
only if all if the nodes can be deleted by the user.
*/
public boolean mayDelete(Listtrue
only if all if the node can be deleted by the user.
+ */
+ public boolean mayDelete(String nodeId, MethodSecurityExpressionOperations methodSecurityExpressionOperations) {
if (permitAll || methodSecurityExpressionOperations.hasAuthority(ROLE_PREFIX + roleAdmin)) {
return true;
}
if (!methodSecurityExpressionOperations.hasAuthority(ROLE_PREFIX + roleUser)) {
return false;
}
- for (String nodeId : nodeIds) {
- if (!mayDelete(nodeId, ((UserDetails) methodSecurityExpressionOperations.getAuthentication().getPrincipal()).getUsername())) {
- return false;
- }
+ if (!mayDelete(nodeId, ((UserDetails) methodSecurityExpressionOperations.getAuthentication().getPrincipal()).getUsername())) {
+ return false;
}
return true;
}
diff --git a/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/controllers/NodeController.java b/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/controllers/NodeController.java
index 842beae6f5..cf385aaae4 100644
--- a/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/controllers/NodeController.java
+++ b/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/controllers/NodeController.java
@@ -23,16 +23,18 @@
import org.phoebus.service.saveandrestore.persistence.dao.NodeDAO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
-import org.springframework.security.access.expression.SecurityExpressionRoot;
-import org.springframework.security.access.expression.method.MethodSecurityExpressionOperations;
import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
import java.security.Principal;
import java.util.List;
-import java.util.logging.Logger;
/**
* Controller offering endpoints for CRUD operations on {@link Node}s, which represent
@@ -45,7 +47,6 @@ public class NodeController extends BaseController {
@Autowired
private NodeDAO nodeDAO;
- private final Logger logger = Logger.getLogger(NodeController.class.getName());
/**
* Create a new folder in the tree structure.
@@ -108,7 +109,6 @@ public List- * A {@link HttpStatus#NOT_FOUND} is returned if the specified unique node id does not exist. - *
- *- * A {@link HttpStatus#BAD_REQUEST} is returned if the specified unique node id is the tree root node id, - * see {@link Node#ROOT_FOLDER_UNIQUE_ID}. - *
- * - * @param uniqueNodeId The non-zero id of the node to delete - * @param authentication {@link Authentication} of authenticated user. - */ - /* - @SuppressWarnings("unused") - @DeleteMapping(value = "/node/{uniqueNodeId}", produces = JSON) - @PreAuthorize("hasRole(this.roleAdmin) or @authorizationHelper.mayDelete(#uniqueNodeId, #authentication)") - @Deprecated - public void deleteNode(@PathVariable final String uniqueNodeId, Authentication authentication) { - logger.info("Deleting node with unique id " + uniqueNodeId); - nodeDAO.deleteNode(uniqueNodeId); - } - - */ - /** * Deletes all {@link Node}s contained in the provided list. *root
- used to check
+ * authorities of the user.
+ *
* A {@link HttpStatus#BAD_REQUEST} is returned if a node of the same name and type already exists in the parent folder,
@@ -213,7 +209,7 @@ public Node updateNode(@RequestParam(value = "customTimeForMigration", required
throw new IllegalArgumentException("Node may not contain golden tag");
}
nodeToUpdate.setUserName(principal.getName());
- return nodeDAO.updateNode(nodeToUpdate, Boolean.valueOf(customTimeForMigration));
+ return nodeDAO.updateNode(nodeToUpdate, Boolean.parseBoolean(customTimeForMigration));
}
/**
diff --git a/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/controllers/TagController.java b/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/controllers/TagController.java
index 7ca04e5036..56c9b2057a 100644
--- a/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/controllers/TagController.java
+++ b/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/controllers/TagController.java
@@ -27,7 +27,11 @@
import org.phoebus.service.saveandrestore.persistence.dao.NodeDAO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RestController;
import java.security.Principal;
import java.util.List;
@@ -46,7 +50,6 @@ public class TagController extends BaseController {
private NodeDAO nodeDAO;
/**
- *
* @return A {@link List} of all {@link Tag}s.
*/
@GetMapping("/tags")
@@ -72,7 +75,7 @@ public List