diff --git a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/IntersectionController.java b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/IntersectionController.java index 11b160bef..187caae98 100644 --- a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/IntersectionController.java +++ b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/IntersectionController.java @@ -23,7 +23,7 @@ public class IntersectionController { @CrossOrigin(origins = "http://localhost:3000") @RequestMapping(value = "/intersection/list", method = RequestMethod.GET, produces = "application/json") - @PreAuthorize("hasRole('USER') || hasRole('ADMIN')") + @PreAuthorize("@PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')") public ResponseEntity> getIntersections( @RequestParam(name = "test", required = false, defaultValue = "false") boolean testData) { @@ -46,7 +46,7 @@ public ResponseEntity> getIntersections( @CrossOrigin(origins = "http://localhost:3000") @RequestMapping(value = "/intersection/list/location", method = RequestMethod.GET, produces = "application/json") - @PreAuthorize("hasRole('USER') || hasRole('ADMIN')") + @PreAuthorize("@PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')") public ResponseEntity> getIntersectionsByLocation( @RequestParam(name = "longitude", required = true, defaultValue = "false") Double longitude, @RequestParam(name = "latitude", required = true, defaultValue = "false") Double latitude, diff --git a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/ReportController.java b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/ReportController.java index ed8b0a1fe..b0339632e 100644 --- a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/ReportController.java +++ b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/controllers/ReportController.java @@ -44,7 +44,7 @@ public String getCurrentTime() { @CrossOrigin(origins = "http://localhost:3000") @RequestMapping(value = "/reports/generate", method = RequestMethod.GET, produces = "application/octet-stream") - @PreAuthorize("hasRole('USER') || hasRole('ADMIN')") + @PreAuthorize("@PermissionService.hasIntersection(#intersectionID) and (@PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN'))") public byte[] generateReport( @RequestParam(name = "intersection_id", required = true) int intersectionID, @RequestParam(name = "road_regulator_id", required = false) Integer roadRegulatorID, @@ -64,7 +64,7 @@ public byte[] generateReport( @CrossOrigin(origins = "http://localhost:3000") @RequestMapping(value = "/reports/list", method = RequestMethod.GET, produces = "application/json") - @PreAuthorize("hasRole('USER') || hasRole('ADMIN')") + @PreAuthorize("@PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')") public ResponseEntity> listReports( @RequestParam(name = "report_name", required = false) String reportName, @RequestParam(name = "intersection_id", required = false) int intersectionID, @@ -88,7 +88,7 @@ public ResponseEntity> listReports( @CrossOrigin(origins = "http://localhost:3000") @RequestMapping(value = "/reports/download", method = RequestMethod.GET, produces = "application/octet-stream") - @PreAuthorize("hasRole('USER') || hasRole('ADMIN')") + @PreAuthorize("@PermissionService.hasRole('USER') || @PermissionService.hasRole('ADMIN')") public ResponseEntity downloadReport( @RequestParam(name = "report_name", required = true) String reportName) {