Merge branch 'timeslot-security-fix' into 'development'

Fix endpoint security on patch time slot See merge request !805

Merge branch 'timeslot-security-fix' into 'development'
e5804ceb · Ruben Backx · 842cfdaf · c7288dd7 · e5804ceb
Commit e5804ceb authored Sep 14, 2024 by Ruben Backx
--- a/src/main/java/nl/tudelft/queue/controller/TimeSlotController.java
+++ b/src/main/java/nl/tudelft/queue/controller/TimeSlotController.java
@@ -52,6 +52,7 @@ public class TimeSlotController {
 	 * @param patch The updated timeslot data.
 	 */
 	@PatchMapping("/time-slot/{timeSlot}")
+	@PreAuthorize("@permissionService.canManageTimeSlot(#timeSlot)")
 	public @ResponseBody void patchTimeSlot(@PathEntity TimeSlot timeSlot,
 			@RequestBody TimeSlotPatchDTO patch) {
 		tss.patchTimeSlot(timeSlot, patch);
@@ -63,7 +64,7 @@ public class TimeSlotController {
 	 * @param id The id of the timeslot to remove.
 	 */
 	@DeleteMapping("/time-slot/{timeSlot}")
-	@PreAuthorize("@permissionService.canManageTimeSlot()")
+	@PreAuthorize("@permissionService.canManageTimeSlot(#timeSlot)")
 	public @ResponseBody void deleteTimeSlot(@PathEntity TimeSlot timeSlot) {
 		tss.deleteTimeSlot(timeSlot);
 	}