diff --git a/src/frontend/src/store/activeuser.js b/src/frontend/src/store/activeuser.js index 149f52d..39e063f 100644 --- a/src/frontend/src/store/activeuser.js +++ b/src/frontend/src/store/activeuser.js @@ -26,7 +26,7 @@ export const useActiveUserStore = defineStore('activeUser', { allowReporting(state) { if (state.user === null) return false; - return state.user.groups?.includes("super") || state.user.groups?.includes("freight") || state.user.groups?.includes("packaging") || state.user.groups?.includes("material") || state.user.groups?.includes("basic") || state.user.groups?.includes("calculation"); + return state.user.groups?.includes("super") || state.user.groups?.includes("basic") || state.user.groups?.includes("calculation"); }, isSuper(state) { if (state.user === null) diff --git a/src/main/java/de/avatic/lcc/controller/report/ReportingController.java b/src/main/java/de/avatic/lcc/controller/report/ReportingController.java index 249b5c9..d1099c5 100644 --- a/src/main/java/de/avatic/lcc/controller/report/ReportingController.java +++ b/src/main/java/de/avatic/lcc/controller/report/ReportingController.java @@ -8,6 +8,7 @@ import org.springframework.core.io.InputStreamResource; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; @@ -34,6 +35,7 @@ public class ReportingController { * @param reportingService Service used for generating reports. * @param excelReportingService Service used for generating Excel files for reports. */ + public ReportingController(ReportingService reportingService, ExcelReportingService excelReportingService) { this.reportingService = reportingService; this.excelReportingService = excelReportingService; @@ -46,6 +48,7 @@ public class ReportingController { * @return A list of suppliers grouped by categories. */ @GetMapping({"/search", "/search/"}) + @PreAuthorize("hasAnyRole('SUPER', 'CALCULATION', 'BASIC')") public ResponseEntity>> findSupplierForReporting(@RequestParam(value = "material") Integer materialId) { return ResponseEntity.ok(reportingService.findSupplierForReporting(materialId)); } @@ -58,6 +61,7 @@ public class ReportingController { * @return The generated report details. */ @GetMapping({"/view", "/view/"}) + @PreAuthorize("hasAnyRole('SUPER', 'CALCULATION', 'BASIC')") public ResponseEntity> getReport(@RequestParam(value = "material") Integer materialId, @RequestParam(value = "sources", required = false) List nodeIds, @RequestParam(value = "userSources", required = false) List userNodeIds) { return ResponseEntity.ok(reportingService.getReport(materialId, nodeIds, userNodeIds)); } @@ -70,6 +74,7 @@ public class ReportingController { * @return The Excel file as an attachment in the response. */ @GetMapping({"/download", "/download/"}) + @PreAuthorize("hasAnyRole('SUPER', 'CALCULATION', 'BASIC')") public ResponseEntity downloadReport(@RequestParam(value = "material") Integer materialId, @RequestParam(value = "sources", required = false) List nodeIds, @RequestParam(value = "userSources", required = false) List userNodeIds) { HttpHeaders headers = new HttpHeaders();