Skip to content

Commit

Permalink
Merge pull request #172 in WALTZ/waltz from WALTZ/waltz-jws:CTCTOWALT…
Browse files Browse the repository at this point in the history 
…Z-2506-measurable-rating-permissions-fix-6061 to db-feature/waltz-6061-measurable-ratings-permissions-fix

* commit 'ea7c92e3b3c93e6347c322ed81e7ad5ea2a34614':
  Remove second role based premission check on save for measurable ratings
  • Loading branch information
@db-waltz
db-waltz committed Jun 14, 2022
2 parents 2ddf3a9 + ea7c92e commit ef7258e
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions waltz-web/src/main/java/org/finos/waltz/web/endpoints/api/MeasurableRatingEndpoint.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ private Collection<MeasurableRating> saveRoute(Request request, Response z) thro
: Operation.ADD;

checkHasPermissionForThisOperation(command.measurableId(), command.entityReference(), operation, getUsername(request));
requireRole(userRoleService, request, measurableRatingService.getRequiredRatingEditRole(mkRef(EntityKind.MEASURABLE, command.measurableId())));

return measurableRatingService.save(command, false);
}

Expand Down Expand Up @@ -188,8 +188,10 @@ private void checkHasPermissionForThisOperation(Long measurableId,
.user(username)
.build();

boolean involvementBasedPermissions = permissionGroupService.hasPermission(checkPermissionCommand);

checkTrue(
roleBasedPermissions || permissionGroupService.hasPermission(checkPermissionCommand),
roleBasedPermissions || involvementBasedPermissions,
format("User does not have permission to %s measurable ratings for this %s", operation.name().toLowerCase(), parentReference.kind().prettyName()));
}

Expand Down

0 comments on commit ef7258e

Please sign in to comment.