Package edu.ucsb.cs156.frontiers.config
Class CourseSecurity
java.lang.Object
edu.ucsb.cs156.frontiers.config.CourseSecurity
CourseSecurity provides methods to check permissions for managing courses and roster students. It
uses the CurrentUserService to get the current user and RoleHierarchy to check roles.
The methods defined here are used as annotations (e.g.
-
Constructor Summary
ConstructorsConstructorDescriptionCourseSecurity(CurrentUserService currentUserService, org.springframework.security.access.hierarchicalroles.RoleHierarchy roleHierarchy, CourseRepository courseRepository, RosterStudentRepository rosterStudentRepository) -
Method Summary
Modifier and TypeMethodDescriptionbaseHasManagePermissions(org.springframework.security.access.expression.method.MethodSecurityExpressionOperations operations, Course course) This is a helper method that checks if the current user has management permissions for the given course.hasInstructorPermissions(org.springframework.security.access.expression.method.MethodSecurityExpressionOperations operations, Long courseId) Use this for operations that only an instructor can do, but not a staff member, such as adding or deleting a course staff member.hasManagePermissions(org.springframework.security.access.expression.method.MethodSecurityExpressionOperations operations, Long courseId) Use this when you want to check whether the user is either a staff member, instructor or admin for the course.hasRosterStudentManagementPermissions(org.springframework.security.access.expression.method.MethodSecurityExpressionOperations operations, Long rosterStudentId) This method checks if the current user has management permissions for the course associated with the given rosterStudent.
-
Constructor Details
-
CourseSecurity
public CourseSecurity(CurrentUserService currentUserService, org.springframework.security.access.hierarchicalroles.RoleHierarchy roleHierarchy, CourseRepository courseRepository, RosterStudentRepository rosterStudentRepository)
-
-
Method Details
-
hasManagePermissions
@PreAuthorize("hasRole(\'ROLE_USER\')") public Boolean hasManagePermissions(org.springframework.security.access.expression.method.MethodSecurityExpressionOperations operations, Long courseId) Use this when you want to check whether the user is either a staff member, instructor or admin for the course.- Parameters:
operations-courseId-- Returns:
- true if the user has manage permissions for the course, false otherwise.
-
hasInstructorPermissions
@PreAuthorize("hasRole(\'ROLE_INSTRUCTOR\')") public Boolean hasInstructorPermissions(org.springframework.security.access.expression.method.MethodSecurityExpressionOperations operations, Long courseId) Use this for operations that only an instructor can do, but not a staff member, such as adding or deleting a course staff member.- Parameters:
operations-courseId-- Returns:
- true if the user has instructor permissions for the course, false otherwise.
-
hasRosterStudentManagementPermissions
@PreAuthorize("hasRole(\'ROLE_USER\')") public Boolean hasRosterStudentManagementPermissions(org.springframework.security.access.expression.method.MethodSecurityExpressionOperations operations, Long rosterStudentId) This method checks if the current user has management permissions for the course associated with the given rosterStudent. This allows us to create endpoints that just take a roster student id, not a course id, and still check permissions. This one works for both staff and instructor permissions.- Parameters:
operations-rosterStudentId-- Returns:
-
baseHasManagePermissions
public Boolean baseHasManagePermissions(org.springframework.security.access.expression.method.MethodSecurityExpressionOperations operations, Course course) This is a helper method that checks if the current user has management permissions for the given course.- Parameters:
operations-course-- Returns:
-