@RequestMapping(path = "/user/{username}", method = GET)
@PreAuthorize("hasRole('ADMIN')")
public ResponseEntity<User> getUser(@PathVariable("username") String username) {
Optional<User> user = securityService.getUserByUsername(username);
return user.isPresent()
? new ResponseEntity<User>(user.get(), HttpStatus.OK)
: new ResponseEntity<>(HttpStatus.NOT_FOUND);
}
@RequestMapping(path = "/collection/{collectionId}/item/{itemId}", method = PUT)
@PreAuthorize(
"hasRole('ADMIN') || hasPermission(#itemId, 'org.bossie.security.domain.Item', 'write')")
public @ResponseBody void updateItem(@PathVariable long itemId, @RequestBody Object item) {
securityService.updateItem(itemId, item);
}
@RequestMapping(path = "/collection/{collectionId}", method = DELETE)
@PreAuthorize(
"hasRole('ADMIN') || hasPermission(#collectionId, 'org.bossie.security.domain.Collection', 'delete')")
public @ResponseBody void deleteCollection(@PathVariable("collectionId") long collectionId) {
securityService.deleteCollection(collectionId);
}
@RequestMapping(path = "/collection/{collectionId}/item", method = POST)
public ResponseEntity<Void> addItem(
@PathVariable("collectionId") long collectionId, @RequestBody Object item) {
securityService.addItem(collectionId, item);
return new ResponseEntity<>(HttpStatus.CREATED);
}
@RequestMapping(path = "/collection", method = GET)
@PreAuthorize("hasAnyRole('USER', 'ADMIN')")
public @ResponseBody Set<Collection> getOwnManagedCollections(
@AuthenticationPrincipal UserDetails user) {
return securityService.getManagedCollections(user.getUsername());
}