Course level authorization (!123) · Merge requests · EIP / Labrador / AuTA / Core

Tim van der Horst requested to merge course-level-authorization into development Jul 31, 2019

Description

Add course level security for most important endpoints. This means that only users that have been added to a course will be able to view assignments and submission related to those courses.

Changes

Added a security service to most controllers. Using preauthorize SPeL statements works in production, however this is not testable for some reason (Spring cannot find a matching service name). The security service handles authorization requests, which have to be added to endpoints manually.

Additions

Added testing classes which can be used to test future controllers.

Test and Review

To be filled in by the reviewers

All of the methods are commented to expectation
The methods are tested to satisfaction
There are no unnecessary files present in the MR
The continuous integration has no problems with the MR
The MR is filled in as requested (including labels, milestones, and reviewers)
The documentation is up-to-date
All nullable parameters are marked as such

Course level authorization

Description

Changes

Additions

Test and Review

Merge request reports