Commit 9c9ebc0f authored by Bruno Nocera Zanette's avatar Bruno Nocera Zanette

Updated rules to fix some unwanted behaviors

Updated rules to fix some unwanted behaviors.
Signed-off-by: Bruno Nocera Zanette's avatarBruno Nocera Zanette <brunonzanette@gmail.com>
parent 5f68f0ef
......@@ -30,28 +30,16 @@
<!-- Homepage -->
<intercept-url pattern="^/$" access="isAuthenticated()"/>
<!-- Creation forms and other Admin's only resources -->
<intercept-url pattern="^/.*\?form$" access="hasAnyRole('Administrador', 'Funcionario')" />
<intercept-url pattern="^/.*$" method="DELETE" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^/.*$" method="PUT" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^/.*$" method="POST" access="hasAnyRole('Administrador', 'Funcionario')"/>
<!-- PROFESSOR - * -->
<intercept-url pattern="^/professors(/[0-9]+|/statement(advisees(concluded)?|committees|courses))?$"
<intercept-url pattern="^/professors/statement(advisees(concluded)?|committees|courses)$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/professors.*\?professor=[0-9]?.*$"
<intercept-url pattern="^/professors.*professor=[0-9]?.*$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
and @permissionProvider.hasPermissionToView(request.getParameter('professor'),'professor')"/>
<!-- INGRESSOS - Show -->
<intercept-url pattern="^/registrations/[0-9]+$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')
and @permissionProvider.hasPermissionToView('registrations', request.getRequestURI(),'registration')"/>
<!-- INGRESSOS - Show -->
<intercept-url pattern="^/registrations/studentinfo\?registration=[0-9]+$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')
and @permissionProvider.hasPermissionToView(request.getParameter('registration'),'registration')"/>
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')"/>
<!-- INGRESSOS - Listar Ingressos" -->
<intercept-url pattern="^/registrations(/list\?.*)?$"
......@@ -79,10 +67,11 @@
access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')
and @permissionProvider.hasPermissionToView(request.getParameter('registration'),'registration')"/>
<!-- AVALIACAO - Show -->
<intercept-url pattern="^/transcripts/[0-9]+$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')
and @permissionProvider.hasPermissionToView('transcripts',request.getRequestURI(),'transcript')"/>
<!-- AVALIACAO - Editar -->
<intercept-url pattern="^/transcripts/[0-9]+\?form$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
and @permissionProvider.hasPermissionToView('transcripts',request.getRequestURI(),'transcript')
and @permissionProvider.isModificationPeriod('transcripts',request.getRequestURI(),'transcript')"/>
<!-- AVALIACAO - Declaracao disciplinas -->
<intercept-url pattern="^/transcripts/transcriptsstatement$"
......@@ -98,12 +87,7 @@
access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')
and @permissionProvider.hasPermissionToView(request.getParameter('registration'),'registration')"/>
<!-- BOLSA DISCENTE - Show -->
<intercept-url pattern="^/studentgrants/[0-9]+?$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
and @permissionProvider.hasPermissionToView('studentgrants', request.getRequestURI(),'studentgrant')"/>
<!-- BOLSA DISCENTE - Listar por bolsa -->
<!-- BOLSA DISCENTE - Listar por bolsa -->
<intercept-url pattern="^/studentgrants/grantsperkind(list\?grant=[0-9]+)?$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
......@@ -113,19 +97,9 @@
<intercept-url pattern="^/studentgrants/statementgrantpdf\?studentgrant=[0-9]+$"
access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')
and @permissionProvider.hasPermissionToView(request.getParameter('studentgrant'),'studentgrant')"/>
<!-- TURMA - Show -->
<intercept-url pattern="^/courses/[0-9]+$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
and @permissionProvider.hasPermissionToView('courses', request.getRequestURI(),'course')"/>
<!-- AVALIACAO - Show -->
<intercept-url pattern="^/sectionposes/[0-9]+$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
and @permissionProvider.hasPermissionToView('sectionposes', request.getRequestURI(),'sectionpos')"/>
<!-- TURMA - Listar turmas pos -->
<intercept-url pattern="^/sectionposes(/list\?year=[0-9]+)?$"
<intercept-url pattern="^/sectionposes(/list\?year=[0-9]*)?$"
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<!-- AVALIACAO - Diario de classe -->
......@@ -147,6 +121,10 @@
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<!-- All the rest is considered as Admins permission only. -->
<intercept-url pattern="^/.*\?form$" access="hasAnyRole('Administrador', 'Funcionario')" />
<intercept-url pattern="^/.*$" method="DELETE" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^/.*$" method="PUT" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^/.*$" method="POST" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^/.*$" access="hasAnyRole('Administrador', 'Funcionario')"/>
</http>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment