Fix access control: HAS_AUTH_READ_TARGET -> IS_CONTROLLER or HAS_AUTH_READ_TARGET (shall be accessibly by targets when confirmation base is requested) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -61,7 +61,8 @@ public interface ConfirmationManagement {
|
||||
* @return instance of {@link AutoConfirmationStatus} wrapped in an
|
||||
* {@link Optional}. Present if active and empty if disabled.
|
||||
*/
|
||||
@PreAuthorize(SpPermission.SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpPermission.SpringEvalExpressions.IS_CONTROLLER + SpPermission.SpringEvalExpressions.HAS_AUTH_OR +
|
||||
SpPermission.SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
Optional<AutoConfirmationStatus> getStatus(@NotEmpty String controllerId);
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user