diff --git a/src/main/java/info/bukova/isspst/security/WorkgroupAwareServiceEvaluator.java b/src/main/java/info/bukova/isspst/security/WorkgroupAwareServiceEvaluator.java index b03f8738..a5bd2e8d 100644 --- a/src/main/java/info/bukova/isspst/security/WorkgroupAwareServiceEvaluator.java +++ b/src/main/java/info/bukova/isspst/security/WorkgroupAwareServiceEvaluator.java @@ -1,6 +1,7 @@ package info.bukova.isspst.security; import info.bukova.isspst.Constants; +import info.bukova.isspst.Module; import info.bukova.isspst.data.Permission; import info.bukova.isspst.data.PermissionType; import info.bukova.isspst.data.Role; @@ -39,11 +40,22 @@ public class WorkgroupAwareServiceEvaluator implements Evaluator { } User user = (User)authentication.getPrincipal(); + String moduleId = ""; + + // TODO - v master větvi je na toto pomocná třída + for (Module m : Constants.MODULES) { + if (m.getServiceClass() != null && m.getServiceClass().isAssignableFrom(targetDomainObject.getClass())) { + moduleId = m.getId(); + break; + } + } Permission appPermission = null; for (Permission p : Constants.SPECIAL_PERMISSIONS) { - if (p.getAuthority().equals(permission)) { + if (p.getAuthority().equals(permission) + && p.getModule().equals(moduleId)) { appPermission = p; + break; } } @@ -66,7 +78,8 @@ public class WorkgroupAwareServiceEvaluator implements Evaluator { for (Role r : wgRoles) { for (Permission p : r.getPermissions()) { - if (p.getAuthority().equals(appPermission.getAuthority())) { + if (p.getAuthority().equals(appPermission.getAuthority()) + && p.getModule().equals(appPermission.getModule())) { return true; } } diff --git a/src/main/java/info/bukova/isspst/services/orders/OrderServiceImpl.java b/src/main/java/info/bukova/isspst/services/orders/OrderServiceImpl.java index 52a37706..42f5ab84 100644 --- a/src/main/java/info/bukova/isspst/services/orders/OrderServiceImpl.java +++ b/src/main/java/info/bukova/isspst/services/orders/OrderServiceImpl.java @@ -181,6 +181,7 @@ public class OrderServiceImpl extends AbstractOwnedService implements } @Transactional + @PreAuthorize("hasPermission(this, 'PERM_EDIT') or hasPermission(#entity, this.getUpdateEntityPermission())") public void updateApprovedItems(Order order, boolean orderedChanged) { if (orderedChanged)