Merge pull request #57 from TAMULib/sprint5-b03527-b03528-tab-access-and-order

Expanded role enum and altered controller access

Author: tamu-sad-iii

src/main/java/edu/tamu/app/controller/NoteController.java

@@ -41,21 +41,21 @@ public ApiResponse getById(@PathVariable Long id) {
     }
 
     @RequestMapping("/create")
-    @PreAuthorize("hasRole('SERVICE_MANAGER')")
+    @PreAuthorize("hasRole('WEB_MANAGER')")
     @WeaverValidation(business = { @WeaverValidation.Business(value = CREATE) })
     public ApiResponse create(@WeaverValidatedModel Note note, @WeaverCredentials Credentials credentials) throws UserNotFoundException {
         return new ApiResponse(SUCCESS, noteRepo.create(note, credentials));
     }
 
     @RequestMapping("/update")
-    @PreAuthorize("hasRole('SERVICE_MANAGER')")
+    @PreAuthorize("hasRole('WEB_MANAGER')")
     public ApiResponse update(@WeaverValidatedModel Note note) {
         return new ApiResponse(SUCCESS, noteRepo.update(note));
     }
 
     @Transactional
     @RequestMapping("/remove")
-    @PreAuthorize("hasRole('SERVICE_MANAGER')")
+    @PreAuthorize("hasRole('WEB_MANAGER')")
     public ApiResponse remove(@WeaverValidatedModel Note note) {
         noteRepo.delete(note);
         return new ApiResponse(SUCCESS);

src/main/java/edu/tamu/app/controller/NotificationController.java

@@ -40,21 +40,21 @@ public ApiResponse getById(@PathVariable Long id) {
     }
 
     @RequestMapping("/create")
-    @PreAuthorize("hasRole('WEB_MANAGER')")
+    @PreAuthorize("hasAnyRole('ADMIN','SERVICE_ADMIN','NOTICE_MANAGER')")
     @WeaverValidation(business = { @WeaverValidation.Business(value = CREATE) })
     public ApiResponse create(@WeaverValidatedModel Notification notification) {
         return new ApiResponse(SUCCESS, notificationRepo.create(notification));
     }
 
     @RequestMapping("/update")
-    @PreAuthorize("hasRole('WEB_MANAGER')")
+    @PreAuthorize("hasAnyRole('ADMIN','SERVICE_ADMIN','NOTICE_MANAGER')")
     @WeaverValidation(business = { @WeaverValidation.Business(value = UPDATE) })
     public ApiResponse update(@WeaverValidatedModel Notification notification) {
         return new ApiResponse(SUCCESS, notificationRepo.update(notification));
     }
 
     @RequestMapping("/remove")
-    @PreAuthorize("hasRole('WEB_MANAGER')")
+    @PreAuthorize("hasAnyRole('ADMIN','SERVICE_ADMIN','NOTICE_MANAGER')")
     @WeaverValidation(business = { @WeaverValidation.Business(value = DELETE) })
     public ApiResponse remove(@WeaverValidatedModel Notification notification) {
         notificationRepo.delete(notification);

src/main/java/edu/tamu/app/controller/UserController.java

@@ -78,7 +78,7 @@ public ApiResponse getUser(@WeaverUser User user) {
      * @throws Exception
      */
     @RequestMapping
-    @PreAuthorize("hasRole('WEB_MANAGER')")
+    @PreAuthorize("hasRole('ADMIN')")
     public ApiResponse allUsers() throws Exception {
         return new ApiResponse(SUCCESS, userRepo.findAll());
     }
@@ -90,7 +90,7 @@ public ApiResponse allUsers() throws Exception {
      * @throws Exception
      */
     @RequestMapping("/update")
-    @PreAuthorize("hasRole('WEB_MANAGER')")
+    @PreAuthorize("hasRole('ADMIN')")
     public ApiResponse updateUser(@RequestBody User user) throws Exception {
         user = userRepo.save(user);
         simpMessagingTemplate.convertAndSend("/channel/user", new ApiResponse(SUCCESS, userRepo.findAll()));

src/main/java/edu/tamu/app/enums/Role.java

@@ -4,6 +4,6 @@
 
 public enum Role implements IRole {
 
-    ROLE_ADMIN, ROLE_WEB_MANAGER, ROLE_SERVICE_MANAGER, ROLE_STAFF, ROLE_USER, ROLE_ANONYMOUS
+    ROLE_ADMIN, ROLE_SERVICE_ADMIN, ROLE_SERVICE_MANAGER, ROLE_WEB_MANAGER, ROLE_NOTICE_MANAGER, ROLE_STAFF, ROLE_USER, ROLE_ANONYMOUS
 
 }