Commit 9c9ebc0f authored by Bruno Nocera Zanette's avatar Bruno Nocera Zanette
Browse files

Updated rules to fix some unwanted behaviors



Updated rules to fix some unwanted behaviors.
Signed-off-by: Bruno Nocera Zanette's avatarBruno Nocera Zanette <brunonzanette@gmail.com>
parent 5f68f0ef
...@@ -30,28 +30,16 @@ ...@@ -30,28 +30,16 @@
<!-- Homepage --> <!-- Homepage -->
<intercept-url pattern="^/$" access="isAuthenticated()"/> <intercept-url pattern="^/$" access="isAuthenticated()"/>
<!-- Creation forms and other Admin's only resources -->
<intercept-url pattern="^/.*\?form$" access="hasAnyRole('Administrador', 'Funcionario')" />
<intercept-url pattern="^/.*$" method="DELETE" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^/.*$" method="PUT" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^/.*$" method="POST" access="hasAnyRole('Administrador', 'Funcionario')"/>
<!-- PROFESSOR - * --> <!-- PROFESSOR - * -->
<intercept-url pattern="^/professors(/[0-9]+|/statement(advisees(concluded)?|committees|courses))?$" <intercept-url pattern="^/professors/statement(advisees(concluded)?|committees|courses)$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" /> access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/professors.*\?professor=[0-9]?.*$" <intercept-url pattern="^/professors.*professor=[0-9]?.*$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor') access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
and @permissionProvider.hasPermissionToView(request.getParameter('professor'),'professor')"/> and @permissionProvider.hasPermissionToView(request.getParameter('professor'),'professor')"/>
<!-- INGRESSOS - Show -->
<intercept-url pattern="^/registrations/[0-9]+$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')
and @permissionProvider.hasPermissionToView('registrations', request.getRequestURI(),'registration')"/>
<!-- INGRESSOS - Show --> <!-- INGRESSOS - Show -->
<intercept-url pattern="^/registrations/studentinfo\?registration=[0-9]+$" <intercept-url pattern="^/registrations/studentinfo\?registration=[0-9]+$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno') access="hasAnyRole('Administrador', 'Funcionario', 'Professor')"/>
and @permissionProvider.hasPermissionToView(request.getParameter('registration'),'registration')"/>
<!-- INGRESSOS - Listar Ingressos" --> <!-- INGRESSOS - Listar Ingressos" -->
<intercept-url pattern="^/registrations(/list\?.*)?$" <intercept-url pattern="^/registrations(/list\?.*)?$"
...@@ -79,10 +67,11 @@ ...@@ -79,10 +67,11 @@
access="hasAnyRole('Administrador', 'Funcionario', 'Aluno') access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')
and @permissionProvider.hasPermissionToView(request.getParameter('registration'),'registration')"/> and @permissionProvider.hasPermissionToView(request.getParameter('registration'),'registration')"/>
<!-- AVALIACAO - Show --> <!-- AVALIACAO - Editar -->
<intercept-url pattern="^/transcripts/[0-9]+$" <intercept-url pattern="^/transcripts/[0-9]+\?form$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno') access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
and @permissionProvider.hasPermissionToView('transcripts',request.getRequestURI(),'transcript')"/> and @permissionProvider.hasPermissionToView('transcripts',request.getRequestURI(),'transcript')
and @permissionProvider.isModificationPeriod('transcripts',request.getRequestURI(),'transcript')"/>
<!-- AVALIACAO - Declaracao disciplinas --> <!-- AVALIACAO - Declaracao disciplinas -->
<intercept-url pattern="^/transcripts/transcriptsstatement$" <intercept-url pattern="^/transcripts/transcriptsstatement$"
...@@ -98,12 +87,7 @@ ...@@ -98,12 +87,7 @@
access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno') access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')
and @permissionProvider.hasPermissionToView(request.getParameter('registration'),'registration')"/> and @permissionProvider.hasPermissionToView(request.getParameter('registration'),'registration')"/>
<!-- BOLSA DISCENTE - Show --> <!-- BOLSA DISCENTE - Listar por bolsa -->
<intercept-url pattern="^/studentgrants/[0-9]+?$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
and @permissionProvider.hasPermissionToView('studentgrants', request.getRequestURI(),'studentgrant')"/>
<!-- BOLSA DISCENTE - Listar por bolsa -->
<intercept-url pattern="^/studentgrants/grantsperkind(list\?grant=[0-9]+)?$" <intercept-url pattern="^/studentgrants/grantsperkind(list\?grant=[0-9]+)?$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" /> access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
...@@ -113,19 +97,9 @@ ...@@ -113,19 +97,9 @@
<intercept-url pattern="^/studentgrants/statementgrantpdf\?studentgrant=[0-9]+$" <intercept-url pattern="^/studentgrants/statementgrantpdf\?studentgrant=[0-9]+$"
access="hasAnyRole('Administrador', 'Funcionario', 'Aluno') access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')
and @permissionProvider.hasPermissionToView(request.getParameter('studentgrant'),'studentgrant')"/> and @permissionProvider.hasPermissionToView(request.getParameter('studentgrant'),'studentgrant')"/>
<!-- TURMA - Show -->
<intercept-url pattern="^/courses/[0-9]+$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
and @permissionProvider.hasPermissionToView('courses', request.getRequestURI(),'course')"/>
<!-- AVALIACAO - Show -->
<intercept-url pattern="^/sectionposes/[0-9]+$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
and @permissionProvider.hasPermissionToView('sectionposes', request.getRequestURI(),'sectionpos')"/>
<!-- TURMA - Listar turmas pos --> <!-- TURMA - Listar turmas pos -->
<intercept-url pattern="^/sectionposes(/list\?year=[0-9]+)?$" <intercept-url pattern="^/sectionposes(/list\?year=[0-9]*)?$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" /> access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<!-- AVALIACAO - Diario de classe --> <!-- AVALIACAO - Diario de classe -->
...@@ -147,6 +121,10 @@ ...@@ -147,6 +121,10 @@
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" /> access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<!-- All the rest is considered as Admins permission only. --> <!-- All the rest is considered as Admins permission only. -->
<intercept-url pattern="^/.*\?form$" access="hasAnyRole('Administrador', 'Funcionario')" />
<intercept-url pattern="^/.*$" method="DELETE" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^/.*$" method="PUT" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^/.*$" method="POST" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^/.*$" access="hasAnyRole('Administrador', 'Funcionario')"/> <intercept-url pattern="^/.*$" access="hasAnyRole('Administrador', 'Funcionario')"/>
</http> </http>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment