From b925cdd02ae5abb5da17f063c5dfb3dda777f9b5 Mon Sep 17 00:00:00 2001
From: FyloZ <fylozdev@gmail.com>
Date: Mon, 5 Apr 2021 19:27:23 -0400
Subject: [PATCH] Corrections de certaines permissions

---
 .../dev/fyloz/colorrecipesexplorer/model/AccountModel.kt    | 2 ++
 .../fyloz/colorrecipesexplorer/rest/AccountControllers.kt   | 6 +++++-
 .../dev/fyloz/colorrecipesexplorer/service/RecipeService.kt | 1 +
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/model/AccountModel.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/model/AccountModel.kt
index 4c99119..1f680f1 100644
--- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/model/AccountModel.kt
+++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/model/AccountModel.kt
@@ -205,6 +205,8 @@ enum class EmployeePermission(
 
     ADMIN(
         listOf(
+            EDIT_CATALOG,
+
             REMOVE_RECIPES,
             REMOVE_USERS,
             REMOVE_CATALOG,
diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/rest/AccountControllers.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/rest/AccountControllers.kt
index 8ea1417..8e89f85 100644
--- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/rest/AccountControllers.kt
+++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/rest/AccountControllers.kt
@@ -90,27 +90,31 @@ class EmployeeController(private val employeeService: EmployeeService) {
 
 @RestController
 @RequestMapping(EMPLOYEE_GROUP_CONTROLLER_PATH)
-@PreAuthorizeViewUsers
 class GroupsController(private val groupService: EmployeeGroupServiceImpl) {
     @GetMapping
+    @PreAuthorize("hasAnyAuthority('VIEW_RECIPES', 'VIEW_USERS')")
     fun getAll() =
         ok(groupService.getAll())
 
     @GetMapping("{id}")
+    @PreAuthorizeViewUsers
     fun getById(@PathVariable id: Long) =
         ok(groupService.getById(id))
 
     @GetMapping("{id}/employees")
+    @PreAuthorizeViewUsers
     fun getEmployeesForGroup(@PathVariable id: Long) =
         ok(groupService.getEmployeesForGroup(id))
 
     @PostMapping("default/{groupId}")
+    @PreAuthorizeViewUsers
     fun setDefaultGroup(@PathVariable groupId: Long, response: HttpServletResponse) =
         noContent {
             groupService.setResponseDefaultGroup(groupId, response)
         }
 
     @GetMapping("default")
+    @PreAuthorizeViewUsers
     fun getRequestDefaultGroup(request: HttpServletRequest) =
         ok(groupService.getRequestDefaultGroup(request))
 
diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/RecipeService.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/RecipeService.kt
index 0f35fe8..1173456 100644
--- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/RecipeService.kt
+++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/RecipeService.kt
@@ -102,6 +102,7 @@ class RecipeServiceImpl(
         return updatedGroupsInformation
     }
 
+    @Transactional
     override fun updatePublicData(publicDataDto: RecipePublicDataDto) {
         if (publicDataDto.notes != null) {
             val recipe = getById(publicDataDto.recipeId)