Sára Juhošová · c5069b0b · 7cf86681 · 2f99c1a2 · c5069b0b · 7cf86681
--- a/src/main/java/nl/tudelft/portal/controller/AssignmentController.java

+ 6

− 0

View file @ 2f99c1a2

Open in Web IDE
+++ b/src/main/java/nl/tudelft/portal/controller/AssignmentController.java

+ 6

− 0

View file @ 2f99c1a2

Open in Web IDE
 @@ -27,6 +27,7 @@ import nl.tudelft.labracore.api.dto.AssignmentPatchDTO;
 import nl.tudelft.labracore.api.dto.ModuleIdDTO;

 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;
 @@ -50,6 +51,7 @@ public class AssignmentController {
 	 * @return       the page to be loaded
 	 */
 	@GetMapping("{id}")
+	@PreAuthorize("@authorisationService.hasAssignmentEditionAccess(#id)")
 	public String getAssignment(@PathVariable Long id, Model model) {
 		AssignmentModuleDetailsDTO assignment = assignmentApi.getAssignmentDetails(id).block();
 		model.addAttribute("assignment", assignment);
 @@ -64,6 +66,7 @@ public class AssignmentController {
 	 * @return       the page to be loaded
 	 */
 	@GetMapping
+	@PreAuthorize("@authorisationService.isTeachingStaff()")
 	public String getEmptyAssignment(Model model) {
 		AssignmentCreateDTO create = new AssignmentCreateDTO().module(new ModuleIdDTO());
 		model.addAttribute("assignment", create);
 @@ -78,6 +81,7 @@ public class AssignmentController {
 	 * @return        the page to be loaded
 	 */
 	@PostMapping
+	@PreAuthorize("@authorisationService.hasModuleEditionAccess(#create.module.id)")
 	public String createAssignment(@Valid @ModelAttribute("assignment") AssignmentCreateDTO create) {
 		Long id = assignmentApi.addAssignment(create).block();

 @@ -92,6 +96,7 @@ public class AssignmentController {
 	 * @return       the page to be loaded
 	 */
 	@GetMapping("{id}/edit")
+	@PreAuthorize("@authorisationService.hasAssignmentEditionAccess(#id)")
 	public String editAssignment(@PathVariable Long id, Model model) {
 		AssignmentModuleDetailsDTO assignment = assignmentApi.getAssignmentDetails(id).block();
 		model.addAttribute("assignment", assignment);
 @@ -107,6 +112,7 @@ public class AssignmentController {
 	 * @return       the page to be loaded
 	 */
 	@PatchMapping("{id}")
+	@PreAuthorize("@authorisationService.hasAssignmentEditionAccess(#id)")
 	public String patchAssignment(@PathVariable Long id, @Valid @ModelAttribute AssignmentPatchDTO patch) {
 		assignmentApi.patchAssignment(id, patch);