Commit af421a41 authored by Bruno Nocera Zanette's avatar Bruno Nocera Zanette

Updated permission rules to cover sub-pages

Updated permission rules to cover sub-pages and fixed some bugs.
Those sub-pages are, for example, buttons or options included at some page,
that once it is clicked, redirects to some other URL, or appends something to main page's URL.
Signed-off-by: Bruno Nocera Zanette's avatarBruno Nocera Zanette <brunonzanette@gmail.com>
parent 432e4a35
......@@ -8,7 +8,10 @@
<!-- HTTP security configurations -->
<http auto-config="true" use-expressions="true" request-matcher="regex">
<!-- Rules are tested in declaration order, from first to last. -->
<!-- Obs.: -->
<!-- * Rules are tested in declaration order, from first to last. -->
<!-- * Patterns are Regular Expressions of the type "regex". -->
<!-- For more information: http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html -->
<!-- Defines Login/Logout rules -->
<form-login login-processing-url="/resources/j_spring_security_check"
......@@ -17,38 +20,39 @@
<!-- Login page and Public Resources -->
<intercept-url pattern="^/resources/.*$" access="permitAll" />
<intercept-url pattern="^/login$" access="permitAll" />
<intercept-url pattern="^/login\?login_error=t$" access="permitAll" />
<intercept-url pattern="^/login(\?login_error=t)?$" access="permitAll" />
<!-- Homepage -->
<intercept-url pattern="^/$" access="isAuthenticated()"/>
<!-- Creation forms and other Admin's only resources -->
<intercept-url pattern="^/.*\?form$" access="hasAnyRole('Administrador', 'Funcionario')" />
<intercept-url pattern="^*$" method="DELETE" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^*$" method="PUT" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^*$" method="POST" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^/.*$" method="DELETE" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^/.*$" method="PUT" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^/.*$" method="POST" access="hasAnyRole('Administrador', 'Funcionario')"/>
<!-- Pages that have specific permissions -->
<intercept-url pattern="^/professors$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/professors/.*$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/registrations$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/registrations/registrationspercourse$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/registrations/registrationsstatement$" access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')" />
<intercept-url pattern="^/registrations/acceptancestatement$" access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')" />
<intercept-url pattern="^/registrations(/list\?.*)?$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/registrations/registrationspercourse(list\?.*)?$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/registrations/registrationsstatement(pdf\?registration=[0-9]*)?$" access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')" />
<intercept-url pattern="^/registrations/acceptancestatement(pdf\?registration=[0-9]*)?$" access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')" />
<intercept-url pattern="^/registrations/regoverviewchoice$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')" />
<intercept-url pattern="^/registrations/studentinfo\?id=[0-9]*$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')" />
<intercept-url pattern="^/transcripts/transcriptsstatement$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/transcripts/transcriptshistory$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')" />
<intercept-url pattern="^/transcripts/transcriptsstatement((list|pdf)\?registration=[0-9]*)?$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')" />
<intercept-url pattern="^/transcripts/transcriptshistory(pdf\?registration=[0-9]*)?$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')" />
<intercept-url pattern="^/studentgrants/statementgrant$" access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')" />
<intercept-url pattern="^/studentgrants/grantsperkind$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/studentgrants/statementgrant(pdf\?studentgrant=[0-9]*)?$" access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')" />
<intercept-url pattern="^/studentgrants/grantsperkind(list\?grant=[0-9]*)?$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/sectionposes$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/sectionposes(/list\?year=[0-9]*)?$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/sectionposes/sectionsselectchoice$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/sectionposes/sectionsselect\?.*$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/courses$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/courses(/[0-9]*)?$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/searchMeetingMinutes$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment