Versions Compared

Old Version 3

changes.mady.by.user Tim Donohue

Saved on

compared with

New Version 4

changes.mady.by.user Tim Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. hasPermission(#uuid, 'DSO-TYPE', 'ACTION'): Check if the current user is allowed to execute the listed action on the specified DSpace Object (for example downloading a bitstream).

    Code Block
    # Example #1:  Only allows you to access this method, if you have READ permissions on the BITSTREAM identified by the "id" parameter
@PreAuthorize("hasPermission(#id, 'BITSTREAM', 'READ')")
public BitstreamRest findOne()"Context context, UUID id) {
...
}


# Example #2: Only allows you to access this method, if youryou have READ permissions on the BitstreamGROUP identified by the "id" parameter
@PreAuthorize("hasPermission(#id, 'BITSTREAMGROUP', 'READ')")
public BitstreamRestGroupRest findOne(Context context, UUID id) {
...
}


  2. hasAuthority('VALUE'): Check if the current user has a specific Spring authority. Currently there are only three authority values: ADMIN, EPERSON and ANONYMOUS. (for example when querying all items).

    Code Block
    # Example #1: Only allows you to access this method if you are logged in as a system Administrator
@PreAuthorize("hasAuthority('ADMIN')")
public Page<BitstreamRest> findAll(Context context, Pageable pageable) {
...
}

# Example #2: Only allows you to access this method if you are currently logged in to the system
@PreAuthorize("hasAuthority('AUTHENTICATED')")
public AuthorityRest findOne(Context context, String name) {
...
}


# Example #3: Only allows you to access this method if you are anonymous (not logged in)
@PreAuthorize("hasAuthority('ANONYMOUS')")
public someMethod() {
...
}


...