Admin cannot assign protected tag to entity #2119

OHDSI · Oct 7, 2022 · 2ffc9c7 · 2ffc9c7
1 parent e4230e5
commit 2ffc9c7
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/src/main/java/org/ohdsi/webapi/tag/TagSecurityUtils.java b/src/main/java/org/ohdsi/webapi/tag/TagSecurityUtils.java
@@ -9,6 +9,8 @@
 import org.ohdsi.webapi.pathway.domain.PathwayAnalysisEntity;
 import org.ohdsi.webapi.reusable.domain.Reusable;
 
+import javax.ws.rs.BadRequestException;
+
 public class TagSecurityUtils {
     public static String COHORT_DEFINITION = "cohortdefinition";
     public static String CONCEPT_SET = "conceptset";
@@ -40,7 +42,19 @@ public static boolean checkPermission(final String asset, final String method) {
             return false;
         }
 
-        final String permission = String.format("%s:*:protectedtag:*:%s", asset, method);
+        final String template;
+        switch (method) {
+            case "post":
+                template = "%s:*:protectedtag:post";
+                break;
+            case "delete":
+                template = "%s:*:protectedtag:*:delete";
+                break;
+            default:
+                throw new BadRequestException(String.format("Unsupported method: %s", method));
+
+        }
+        final String permission = String.format(template, asset);
         return SecurityUtils.getSubject().isPermitted(permission);
     }