Skip to content

Commit

Permalink
Fix supervisor profile page (#868) (#886)
Browse files Browse the repository at this point in the history
* Fix that cancel button updates user profile

* Fix supervisor profile screen (#868)
emassip authored Apr 5, 2020
1 parent 877461a commit d6336a7
Showing 4 changed files with 6 additions and 4 deletions.
2 changes: 2 additions & 0 deletions src/main/java/alfio/config/WebSecurityConfig.java
Original file line number Diff line number Diff line change
@@ -296,6 +296,8 @@ protected void configure(HttpSecurity http) throws Exception {
configurer.csrfTokenRepository(csrfTokenRepository)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, ADMIN_API + "/users/current").hasAnyRole(ADMIN, OWNER, SUPERVISOR)
.antMatchers(HttpMethod.POST, ADMIN_API + "/users/check", ADMIN_API + "/users/edit", ADMIN_API + "/users/update-password").hasAnyRole(ADMIN, OWNER, SUPERVISOR)
.antMatchers(ADMIN_API + "/configuration/**", ADMIN_API + "/users/**").hasAnyRole(ADMIN, OWNER)
.antMatchers(ADMIN_API + "/organizations/new").hasRole(ADMIN)
.antMatchers(ADMIN_API + "/check-in/**").hasAnyRole(ADMIN, OWNER, SUPERVISOR)
2 changes: 1 addition & 1 deletion src/main/java/alfio/manager/user/UserManager.java
Original file line number Diff line number Diff line change
@@ -192,7 +192,7 @@ public void editUser(int id, int organizationId, String username, String firstNa
}
int userResult = userRepository.update(id, username, firstName, lastName, emailAddress, description);
Assert.isTrue(userResult == 1, "unexpected error during user update");
if(!admin) {
if(!admin && !username.equals(currentUsername)) {
Assert.isTrue(getAvailableRoles(currentUsername).contains(role), "cannot assign role "+role);
authorityRepository.revokeAll(username);
authorityRepository.create(username, role.getRoleName());
Original file line number Diff line number Diff line change
@@ -23,7 +23,7 @@ <h4>Personal information</h4>
</div>
<div class="form-group pull-right" data-ng-if="!$ctrl.loading">
<button class="btn btn-success">Update</button>
<button class="btn btn-default" data-ng-click="$ctrl.doReset()">Cancel</button>
<button type="button" class="btn btn-default" data-ng-click="$ctrl.doReset()">Cancel</button>
</div>
<div class="text-center" data-ng-if="$ctrl.loading">
<i class="fa fa-cog fa-2x fa-spin"></i> loading...
4 changes: 2 additions & 2 deletions src/main/webapp/resources/js/admin/service/user.service.js
Original file line number Diff line number Diff line change
@@ -29,10 +29,10 @@
return $http.get('/admin/api/users/'+userId+'.json').error(HttpErrorHandler.handle);
},
loadCurrentUser: function() {
return $http.get('/admin/api/users/current.json').error(HttpErrorHandler.handle);
return $http.get('/admin/api/users/current').error(HttpErrorHandler.handle);
},
updatePassword: function(passwordContainer) {
return $http.post('/admin/api/users/update-password.json', passwordContainer).error(HttpErrorHandler.handle);
return $http.post('/admin/api/users/update-password', passwordContainer).error(HttpErrorHandler.handle);
},
deleteUser: function(user) {
return $http['delete']('/admin/api/users/'+user.id).error(HttpErrorHandler.handle);

0 comments on commit d6336a7

Please sign in to comment.