You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There seems to be a mix of approaches to security in the current code:
some methods are annotated with the PreAuthorise annotation, which is handled by a filter
some methods have inline if statements checking security
some checks are role-based (e.g. user must be in role X)
some checks are behaviour-based (e.g. can user edit X, which might cover multiple roles)
Some other problems:
there are a lot of hardcoded strings for role names - these should all be changed to enums.
there seems to have been an attempt to re-use the access levels from Ecodata by retrieving the list of strings via a web service: this won't work, since you need to reference the role names in the security checks (hence all the hardcoded strings). Biocollect will need to have an enum of roles which includes all the ecodata roles.
Ideally, all security related checks should be role-based, and should be implemented via the annotation/filter approach.
The text was updated successfully, but these errors were encountered:
There seems to be a mix of approaches to security in the current code:
Some other problems:
Ideally, all security related checks should be role-based, and should be implemented via the annotation/filter approach.
The text was updated successfully, but these errors were encountered: