Page History
...
hasPermission(#uuid, 'DSO-TYPE', 'ACTION')
: Check if the current user is allowed to execute the listed action on the specified DSpace Object (for example downloading a bitstream).Code Block # Example #1: Only allows you to access this method, if you have READ permissions on the BITSTREAM identified by the "id" parameter @PreAuthorize("hasPermission(#id, 'BITSTREAM', 'READ')") public BitstreamRest findOne()"Context context, UUID id) { ... } # Example #2: Only allows you to access this method, if youryou have READ permissions on the BitstreamGROUP identified by the "id" parameter @PreAuthorize("hasPermission(#id, 'BITSTREAMGROUP', 'READ')") public BitstreamRestGroupRest findOne(Context context, UUID id) { ... }
hasAuthority('VALUE')
: Check if the current user has a specific Spring authority. Currently there are only three authority values:ADMIN
,EPERSON
andANONYMOUS
. (for example when querying all items).Code Block # Example #1: Only allows you to access this method if you are logged in as a system Administrator @PreAuthorize("hasAuthority('ADMIN')") public Page<BitstreamRest> findAll(Context context, Pageable pageable) { ... } # Example #2: Only allows you to access this method if you are currently logged in to the system @PreAuthorize("hasAuthority('AUTHENTICATED')") public AuthorityRest findOne(Context context, String name) { ... } # Example #3: Only allows you to access this method if you are anonymous (not logged in) @PreAuthorize("hasAuthority('ANONYMOUS')") public someMethod() { ... }
...
Overview
Content Tools