OS2iot / OS2iot-backend

This repository contains the backend to the project OS2iot.
Mozilla Public License 2.0
10 stars 7 forks source link

Fix roles in controllers where it was set on the whole class #139

Closed AramAlsabti closed 2 years ago

AramAlsabti commented 2 years ago

Before, any role requirement set in a controller at class-level didn't have any effect. This PR fixed this. This PR is about setting the roles properly for the affected controllers. Looking through the controllers, I only found the chirpstack gateway endpoint to be affected. If a user with only read permissions tried to access the page before, they would get 401. The changes here address this.

The current implementation of roles has the role guard set on each endpoint take priority. I.e. if the gateway controller has @Write on a class-level but @Read on a POST-endpoint (say, create()), then only @Read is evaluated.