简柏林 / thingskit · Commits

Commit 8683357d7348ace5eaef5e5dfbfa00cdb0afe94c

Authored by YevhenBondarenko
1 parent 5e40f16d

controllers improvements

Inline Side-by-side
Showing 11 changed files with 88 additions and 60 deletions
@@ -28,7 +28,6 @@ import org.springframework.web.bind.annotation.ResponseStatus; @@ -28,7 +28,6 @@ import org.springframework.web.bind.annotation.ResponseStatus;
28 import org.springframework.web.bind.annotation.RestController; 28 import org.springframework.web.bind.annotation.RestController;
29 import org.thingsboard.server.common.data.EntityType; 29 import org.thingsboard.server.common.data.EntityType;
30 import org.thingsboard.server.common.data.alarm.Alarm; 30 import org.thingsboard.server.common.data.alarm.Alarm;
31 -import org.thingsboard.server.common.data.id.AlarmId;  
32 import org.thingsboard.server.common.data.alarm.AlarmInfo; 31 import org.thingsboard.server.common.data.alarm.AlarmInfo;
33 import org.thingsboard.server.common.data.alarm.AlarmQuery; 32 import org.thingsboard.server.common.data.alarm.AlarmQuery;
34 import org.thingsboard.server.common.data.alarm.AlarmSearchStatus; 33 import org.thingsboard.server.common.data.alarm.AlarmSearchStatus;
@@ -37,6 +36,7 @@ import org.thingsboard.server.common.data.alarm.AlarmStatus; @@ -37,6 +36,7 @@ import org.thingsboard.server.common.data.alarm.AlarmStatus;
37 import org.thingsboard.server.common.data.audit.ActionType; 36 import org.thingsboard.server.common.data.audit.ActionType;
38 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode; 37 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
39 import org.thingsboard.server.common.data.exception.ThingsboardException; 38 import org.thingsboard.server.common.data.exception.ThingsboardException;
  39 +import org.thingsboard.server.common.data.id.AlarmId;
40 import org.thingsboard.server.common.data.id.EntityId; 40 import org.thingsboard.server.common.data.id.EntityId;
41 import org.thingsboard.server.common.data.id.EntityIdFactory; 41 import org.thingsboard.server.common.data.id.EntityIdFactory;
42 import org.thingsboard.server.common.data.page.TimePageData; 42 import org.thingsboard.server.common.data.page.TimePageData;
@@ -84,8 +84,14 @@ public class AlarmController extends BaseController { @@ -84,8 +84,14 @@ public class AlarmController extends BaseController {
84 public Alarm saveAlarm(@RequestBody Alarm alarm) throws ThingsboardException { 84 public Alarm saveAlarm(@RequestBody Alarm alarm) throws ThingsboardException {
85 try { 85 try {
86 alarm.setTenantId(getCurrentUser().getTenantId()); 86 alarm.setTenantId(getCurrentUser().getTenantId());
87 - Operation operation = alarm.getId() == null ? Operation.CREATE : Operation.WRITE;  
88 - accessControlService.checkPermission(getCurrentUser(), Resource.ALARM, operation, alarm.getId(), alarm); 87 +
  88 + if (alarm.getId() == null) {
  89 + accessControlService
  90 + .checkPermission(getCurrentUser(), Resource.ALARM, Operation.CREATE, alarm.getId(), alarm);
  91 + } else {
  92 + checkAlarmId(alarm.getId(), Operation.WRITE);
  93 + }
  94 +
89 Alarm savedAlarm = checkNotNull(alarmService.createOrUpdateAlarm(alarm)); 95 Alarm savedAlarm = checkNotNull(alarmService.createOrUpdateAlarm(alarm));
90 logEntityAction(savedAlarm.getId(), savedAlarm, 96 logEntityAction(savedAlarm.getId(), savedAlarm,
91 getCurrentUser().getCustomerId(), 97 getCurrentUser().getCustomerId(),
@@ -76,18 +76,20 @@ public class AssetController extends BaseController { @@ -76,18 +76,20 @@ public class AssetController extends BaseController {
76 try { 76 try {
77 asset.setTenantId(getCurrentUser().getTenantId()); 77 asset.setTenantId(getCurrentUser().getTenantId());
78 78
79 - Operation operation = asset.getId() == null ? Operation.CREATE : Operation.WRITE;  
80 -  
81 - accessControlService.checkPermission(getCurrentUser(), Resource.ASSET, operation,  
82 - asset.getId(), asset); 79 + if (asset.getId() == null) {
  80 + accessControlService
  81 + .checkPermission(getCurrentUser(), Resource.ASSET, Operation.CREATE, asset.getId(), asset);
  82 + } else {
  83 + checkAssetId(asset.getId(), Operation.WRITE);
  84 + }
83 85
84 - Asset savedAsset = checkNotNull(assetService.saveAsset(asset)); 86 + Asset savedAsset = checkNotNull(assetService.saveAsset(asset));
85 87
86 logEntityAction(savedAsset.getId(), savedAsset, 88 logEntityAction(savedAsset.getId(), savedAsset,
87 savedAsset.getCustomerId(), 89 savedAsset.getCustomerId(),
88 asset.getId() == null ? ActionType.ADDED : ActionType.UPDATED, null); 90 asset.getId() == null ? ActionType.ADDED : ActionType.UPDATED, null);
89 91
90 - return savedAsset; 92 + return savedAsset;
91 } catch (Exception e) { 93 } catch (Exception e) {
92 logEntityAction(emptyId(EntityType.ASSET), asset, 94 logEntityAction(emptyId(EntityType.ASSET), asset,
93 null, asset.getId() == null ? ActionType.ADDED : ActionType.UPDATED, e); 95 null, asset.getId() == null ? ActionType.ADDED : ActionType.UPDATED, e);
@@ -138,7 +140,7 @@ public class AssetController extends BaseController { @@ -138,7 +140,7 @@ public class AssetController extends BaseController {
138 savedAsset.getCustomerId(), 140 savedAsset.getCustomerId(),
139 ActionType.ASSIGNED_TO_CUSTOMER, null, strAssetId, strCustomerId, customer.getName()); 141 ActionType.ASSIGNED_TO_CUSTOMER, null, strAssetId, strCustomerId, customer.getName());
140 142
141 - return savedAsset; 143 + return savedAsset;
142 } catch (Exception e) { 144 } catch (Exception e) {
143 145
144 logEntityAction(emptyId(EntityType.ASSET), null, 146 logEntityAction(emptyId(EntityType.ASSET), null,
@@ -218,7 +220,7 @@ public class AssetController extends BaseController { @@ -218,7 +220,7 @@ public class AssetController extends BaseController {
218 try { 220 try {
219 TenantId tenantId = getCurrentUser().getTenantId(); 221 TenantId tenantId = getCurrentUser().getTenantId();
220 TextPageLink pageLink = createPageLink(limit, textSearch, idOffset, textOffset); 222 TextPageLink pageLink = createPageLink(limit, textSearch, idOffset, textOffset);
221 - if (type != null && type.trim().length()>0) { 223 + if (type != null && type.trim().length() > 0) {
222 return checkNotNull(assetService.findAssetsByTenantIdAndType(tenantId, type, pageLink)); 224 return checkNotNull(assetService.findAssetsByTenantIdAndType(tenantId, type, pageLink));
223 } else { 225 } else {
224 return checkNotNull(assetService.findAssetsByTenantId(tenantId, pageLink)); 226 return checkNotNull(assetService.findAssetsByTenantId(tenantId, pageLink));
@@ -257,7 +259,7 @@ public class AssetController extends BaseController { @@ -257,7 +259,7 @@ public class AssetController extends BaseController {
257 CustomerId customerId = new CustomerId(toUUID(strCustomerId)); 259 CustomerId customerId = new CustomerId(toUUID(strCustomerId));
258 checkCustomerId(customerId, Operation.READ); 260 checkCustomerId(customerId, Operation.READ);
259 TextPageLink pageLink = createPageLink(limit, textSearch, idOffset, textOffset); 261 TextPageLink pageLink = createPageLink(limit, textSearch, idOffset, textOffset);
260 - if (type != null && type.trim().length()>0) { 262 + if (type != null && type.trim().length() > 0) {
261 return checkNotNull(assetService.findAssetsByTenantIdAndCustomerIdAndType(tenantId, customerId, type, pageLink)); 263 return checkNotNull(assetService.findAssetsByTenantIdAndCustomerIdAndType(tenantId, customerId, type, pageLink));
262 } else { 264 } else {
263 return checkNotNull(assetService.findAssetsByTenantIdAndCustomerId(tenantId, customerId, pageLink)); 265 return checkNotNull(assetService.findAssetsByTenantIdAndCustomerId(tenantId, customerId, pageLink));
@@ -100,8 +100,12 @@ public class CustomerController extends BaseController { @@ -100,8 +100,12 @@ public class CustomerController extends BaseController {
100 try { 100 try {
101 customer.setTenantId(getCurrentUser().getTenantId()); 101 customer.setTenantId(getCurrentUser().getTenantId());
102 102
103 - Operation operation = customer.getId() == null ? Operation.CREATE : Operation.WRITE;  
104 - accessControlService.checkPermission(getCurrentUser(), Resource.CUSTOMER, operation, customer.getId(), customer); 103 + if (customer.getId() == null) {
  104 + accessControlService
  105 + .checkPermission(getCurrentUser(), Resource.CUSTOMER, Operation.CREATE, customer.getId(), customer);
  106 + } else {
  107 + checkCustomerId(customer.getId(), Operation.WRITE);
  108 + }
105 109
106 Customer savedCustomer = checkNotNull(customerService.saveCustomer(customer)); 110 Customer savedCustomer = checkNotNull(customerService.saveCustomer(customer));
107 111
@@ -100,15 +100,17 @@ public class DashboardController extends BaseController { @@ -100,15 +100,17 @@ public class DashboardController extends BaseController {
100 100
101 @PreAuthorize("hasAuthority('TENANT_ADMIN')") 101 @PreAuthorize("hasAuthority('TENANT_ADMIN')")
102 @RequestMapping(value = "/dashboard", method = RequestMethod.POST) 102 @RequestMapping(value = "/dashboard", method = RequestMethod.POST)
103 - @ResponseBody 103 + @ResponseBody
104 public Dashboard saveDashboard(@RequestBody Dashboard dashboard) throws ThingsboardException { 104 public Dashboard saveDashboard(@RequestBody Dashboard dashboard) throws ThingsboardException {
105 try { 105 try {
106 dashboard.setTenantId(getCurrentUser().getTenantId()); 106 dashboard.setTenantId(getCurrentUser().getTenantId());
107 107
108 - Operation operation = dashboard.getId() == null ? Operation.CREATE : Operation.WRITE;  
109 -  
110 - accessControlService.checkPermission(getCurrentUser(), Resource.DASHBOARD, operation,  
111 - dashboard.getId(), dashboard); 108 + if (dashboard.getId() == null) {
  109 + accessControlService
  110 + .checkPermission(getCurrentUser(), Resource.DASHBOARD, Operation.CREATE, dashboard.getId(), dashboard);
  111 + } else {
  112 + checkDashboardId(dashboard.getId(), Operation.WRITE);
  113 + }
112 114
113 Dashboard savedDashboard = checkNotNull(dashboardService.saveDashboard(dashboard)); 115 Dashboard savedDashboard = checkNotNull(dashboardService.saveDashboard(dashboard));
114 116
@@ -152,9 +154,9 @@ public class DashboardController extends BaseController { @@ -152,9 +154,9 @@ public class DashboardController extends BaseController {
152 154
153 @PreAuthorize("hasAuthority('TENANT_ADMIN')") 155 @PreAuthorize("hasAuthority('TENANT_ADMIN')")
154 @RequestMapping(value = "/customer/{customerId}/dashboard/{dashboardId}", method = RequestMethod.POST) 156 @RequestMapping(value = "/customer/{customerId}/dashboard/{dashboardId}", method = RequestMethod.POST)
155 - @ResponseBody 157 + @ResponseBody
156 public Dashboard assignDashboardToCustomer(@PathVariable("customerId") String strCustomerId, 158 public Dashboard assignDashboardToCustomer(@PathVariable("customerId") String strCustomerId,
157 - @PathVariable(DASHBOARD_ID) String strDashboardId) throws ThingsboardException { 159 + @PathVariable(DASHBOARD_ID) String strDashboardId) throws ThingsboardException {
158 checkParameter("customerId", strCustomerId); 160 checkParameter("customerId", strCustomerId);
159 checkParameter(DASHBOARD_ID, strDashboardId); 161 checkParameter(DASHBOARD_ID, strDashboardId);
160 try { 162 try {
@@ -163,7 +165,7 @@ public class DashboardController extends BaseController { @@ -163,7 +165,7 @@ public class DashboardController extends BaseController {
163 165
164 DashboardId dashboardId = new DashboardId(toUUID(strDashboardId)); 166 DashboardId dashboardId = new DashboardId(toUUID(strDashboardId));
165 checkDashboardId(dashboardId, Operation.ASSIGN_TO_CUSTOMER); 167 checkDashboardId(dashboardId, Operation.ASSIGN_TO_CUSTOMER);
166 - 168 +
167 Dashboard savedDashboard = checkNotNull(dashboardService.assignDashboardToCustomer(getCurrentUser().getTenantId(), dashboardId, customerId)); 169 Dashboard savedDashboard = checkNotNull(dashboardService.assignDashboardToCustomer(getCurrentUser().getTenantId(), dashboardId, customerId));
168 170
169 logEntityAction(dashboardId, savedDashboard, 171 logEntityAction(dashboardId, savedDashboard,
@@ -184,7 +186,7 @@ public class DashboardController extends BaseController { @@ -184,7 +186,7 @@ public class DashboardController extends BaseController {
184 186
185 @PreAuthorize("hasAuthority('TENANT_ADMIN')") 187 @PreAuthorize("hasAuthority('TENANT_ADMIN')")
186 @RequestMapping(value = "/customer/{customerId}/dashboard/{dashboardId}", method = RequestMethod.DELETE) 188 @RequestMapping(value = "/customer/{customerId}/dashboard/{dashboardId}", method = RequestMethod.DELETE)
187 - @ResponseBody 189 + @ResponseBody
188 public Dashboard unassignDashboardFromCustomer(@PathVariable("customerId") String strCustomerId, 190 public Dashboard unassignDashboardFromCustomer(@PathVariable("customerId") String strCustomerId,
189 @PathVariable(DASHBOARD_ID) String strDashboardId) throws ThingsboardException { 191 @PathVariable(DASHBOARD_ID) String strDashboardId) throws ThingsboardException {
190 checkParameter("customerId", strCustomerId); 192 checkParameter("customerId", strCustomerId);
@@ -418,7 +420,7 @@ public class DashboardController extends BaseController { @@ -418,7 +420,7 @@ public class DashboardController extends BaseController {
418 } 420 }
419 421
420 @PreAuthorize("hasAuthority('SYS_ADMIN')") 422 @PreAuthorize("hasAuthority('SYS_ADMIN')")
421 - @RequestMapping(value = "/tenant/{tenantId}/dashboards", params = { "limit" }, method = RequestMethod.GET) 423 + @RequestMapping(value = "/tenant/{tenantId}/dashboards", params = {"limit"}, method = RequestMethod.GET)
422 @ResponseBody 424 @ResponseBody
423 public TextPageData<DashboardInfo> getTenantDashboards( 425 public TextPageData<DashboardInfo> getTenantDashboards(
424 @PathVariable("tenantId") String strTenantId, 426 @PathVariable("tenantId") String strTenantId,
@@ -437,7 +439,7 @@ public class DashboardController extends BaseController { @@ -437,7 +439,7 @@ public class DashboardController extends BaseController {
437 } 439 }
438 440
439 @PreAuthorize("hasAuthority('TENANT_ADMIN')") 441 @PreAuthorize("hasAuthority('TENANT_ADMIN')")
440 - @RequestMapping(value = "/tenant/dashboards", params = { "limit" }, method = RequestMethod.GET) 442 + @RequestMapping(value = "/tenant/dashboards", params = {"limit"}, method = RequestMethod.GET)
441 @ResponseBody 443 @ResponseBody
442 public TextPageData<DashboardInfo> getTenantDashboards( 444 public TextPageData<DashboardInfo> getTenantDashboards(
443 @RequestParam int limit, 445 @RequestParam int limit,
@@ -454,7 +456,7 @@ public class DashboardController extends BaseController { @@ -454,7 +456,7 @@ public class DashboardController extends BaseController {
454 } 456 }
455 457
456 @PreAuthorize("hasAnyAuthority('TENANT_ADMIN', 'CUSTOMER_USER')") 458 @PreAuthorize("hasAnyAuthority('TENANT_ADMIN', 'CUSTOMER_USER')")
457 - @RequestMapping(value = "/customer/{customerId}/dashboards", params = { "limit" }, method = RequestMethod.GET) 459 + @RequestMapping(value = "/customer/{customerId}/dashboards", params = {"limit"}, method = RequestMethod.GET)
458 @ResponseBody 460 @ResponseBody
459 public TimePageData<DashboardInfo> getCustomerDashboards( 461 public TimePageData<DashboardInfo> getCustomerDashboards(
460 @PathVariable("customerId") String strCustomerId, 462 @PathVariable("customerId") String strCustomerId,
@@ -92,10 +92,12 @@ public class DeviceController extends BaseController { @@ -92,10 +92,12 @@ public class DeviceController extends BaseController {
92 try { 92 try {
93 device.setTenantId(getCurrentUser().getTenantId()); 93 device.setTenantId(getCurrentUser().getTenantId());
94 94
95 - Operation operation = device.getId() == null ? Operation.CREATE : Operation.WRITE;  
96 -  
97 - accessControlService.checkPermission(getCurrentUser(), Resource.DEVICE, operation,  
98 - device.getId(), device); 95 + if (device.getId() == null) {
  96 + accessControlService
  97 + .checkPermission(getCurrentUser(), Resource.DEVICE, Operation.CREATE, device.getId(), device);
  98 + } else {
  99 + checkDeviceId(device.getId(), Operation.WRITE);
  100 + }
99 101
100 Device savedDevice = checkNotNull(deviceService.saveDeviceWithAccessToken(device, accessToken)); 102 Device savedDevice = checkNotNull(deviceService.saveDeviceWithAccessToken(device, accessToken));
101 103
@@ -92,10 +92,12 @@ public class EntityViewController extends BaseController { @@ -92,10 +92,12 @@ public class EntityViewController extends BaseController {
92 try { 92 try {
93 entityView.setTenantId(getCurrentUser().getTenantId()); 93 entityView.setTenantId(getCurrentUser().getTenantId());
94 94
95 - Operation operation = entityView.getId() == null ? Operation.CREATE : Operation.WRITE;  
96 -  
97 - accessControlService.checkPermission(getCurrentUser(), Resource.ENTITY_VIEW, operation,  
98 - entityView.getId(), entityView); 95 + if (entityView.getId() == null) {
  96 + accessControlService
  97 + .checkPermission(getCurrentUser(), Resource.ENTITY_VIEW, Operation.CREATE, entityView.getId(), entityView);
  98 + } else {
  99 + checkEntityViewId(entityView.getId(), Operation.WRITE);
  100 + }
99 101
100 EntityView savedEntityView = checkNotNull(entityViewService.saveEntityView(entityView)); 102 EntityView savedEntityView = checkNotNull(entityViewService.saveEntityView(entityView));
101 List<ListenableFuture<List<Void>>> futures = new ArrayList<>(); 103 List<ListenableFuture<List<Void>>> futures = new ArrayList<>();
@@ -126,10 +126,12 @@ public class RuleChainController extends BaseController { @@ -126,10 +126,12 @@ public class RuleChainController extends BaseController {
126 boolean created = ruleChain.getId() == null; 126 boolean created = ruleChain.getId() == null;
127 ruleChain.setTenantId(getCurrentUser().getTenantId()); 127 ruleChain.setTenantId(getCurrentUser().getTenantId());
128 128
129 - Operation operation = created ? Operation.CREATE : Operation.WRITE;  
130 -  
131 - accessControlService.checkPermission(getCurrentUser(), Resource.RULE_CHAIN, operation,  
132 - ruleChain.getId(), ruleChain); 129 + if (created) {
  130 + accessControlService
  131 + .checkPermission(getCurrentUser(), Resource.RULE_CHAIN, Operation.CREATE, ruleChain.getId(), ruleChain);
  132 + } else {
  133 + checkRuleChain(ruleChain.getId(), Operation.WRITE);
  134 + }
133 135
134 RuleChain savedRuleChain = checkNotNull(ruleChainService.saveRuleChain(ruleChain)); 136 RuleChain savedRuleChain = checkNotNull(ruleChainService.saveRuleChain(ruleChain));
135 137
@@ -72,10 +72,13 @@ public class TenantController extends BaseController { @@ -72,10 +72,13 @@ public class TenantController extends BaseController {
72 try { 72 try {
73 boolean newTenant = tenant.getId() == null; 73 boolean newTenant = tenant.getId() == null;
74 74
75 - Operation operation = newTenant ? Operation.CREATE : Operation.WRITE; 75 + if (newTenant) {
  76 + accessControlService
  77 + .checkPermission(getCurrentUser(), Resource.TENANT, Operation.CREATE, tenant.getId(), tenant);
  78 + } else {
  79 + checkTenantId(tenant.getId(), Operation.WRITE);
  80 + }
76 81
77 - accessControlService.checkPermission(getCurrentUser(), Resource.TENANT, operation,  
78 - tenant.getId(), tenant);  
79 tenant = checkNotNull(tenantService.saveTenant(tenant)); 82 tenant = checkNotNull(tenantService.saveTenant(tenant));
80 if (newTenant) { 83 if (newTenant) {
81 installScripts.createDefaultRuleChains(tenant.getId()); 84 installScripts.createDefaultRuleChains(tenant.getId());
@@ -132,17 +132,18 @@ public class UserController extends BaseController { @@ -132,17 +132,18 @@ public class UserController extends BaseController {
132 @ResponseBody 132 @ResponseBody
133 public User saveUser(@RequestBody User user, 133 public User saveUser(@RequestBody User user,
134 @RequestParam(required = false, defaultValue = "true") boolean sendActivationMail, 134 @RequestParam(required = false, defaultValue = "true") boolean sendActivationMail,
135 - HttpServletRequest request) throws ThingsboardException { 135 + HttpServletRequest request) throws ThingsboardException {
136 try { 136 try {
137 -  
138 if (getCurrentUser().getAuthority() == Authority.TENANT_ADMIN) { 137 if (getCurrentUser().getAuthority() == Authority.TENANT_ADMIN) {
139 user.setTenantId(getCurrentUser().getTenantId()); 138 user.setTenantId(getCurrentUser().getTenantId());
140 } 139 }
141 140
142 - Operation operation = user.getId() == null ? Operation.CREATE : Operation.WRITE;  
143 -  
144 - accessControlService.checkPermission(getCurrentUser(), Resource.USER, operation,  
145 - user.getId(), user); 141 + if (user.getId() == null) {
  142 + accessControlService
  143 + .checkPermission(getCurrentUser(), Resource.USER, Operation.CREATE, user.getId(), user);
  144 + } else {
  145 + checkUserId(user.getId(), Operation.WRITE);
  146 + }
146 147
147 boolean sendEmail = user.getId() == null && sendActivationMail; 148 boolean sendEmail = user.getId() == null && sendActivationMail;
148 User savedUser = checkNotNull(userService.saveUser(user)); 149 User savedUser = checkNotNull(userService.saveUser(user));
@@ -250,7 +251,7 @@ public class UserController extends BaseController { @@ -250,7 +251,7 @@ public class UserController extends BaseController {
250 } 251 }
251 252
252 @PreAuthorize("hasAuthority('SYS_ADMIN')") 253 @PreAuthorize("hasAuthority('SYS_ADMIN')")
253 - @RequestMapping(value = "/tenant/{tenantId}/users", params = { "limit" }, method = RequestMethod.GET) 254 + @RequestMapping(value = "/tenant/{tenantId}/users", params = {"limit"}, method = RequestMethod.GET)
254 @ResponseBody 255 @ResponseBody
255 public TextPageData<User> getTenantAdmins( 256 public TextPageData<User> getTenantAdmins(
256 @PathVariable("tenantId") String strTenantId, 257 @PathVariable("tenantId") String strTenantId,
@@ -269,7 +270,7 @@ public class UserController extends BaseController { @@ -269,7 +270,7 @@ public class UserController extends BaseController {
269 } 270 }
270 271
271 @PreAuthorize("hasAuthority('TENANT_ADMIN')") 272 @PreAuthorize("hasAuthority('TENANT_ADMIN')")
272 - @RequestMapping(value = "/customer/{customerId}/users", params = { "limit" }, method = RequestMethod.GET) 273 + @RequestMapping(value = "/customer/{customerId}/users", params = {"limit"}, method = RequestMethod.GET)
273 @ResponseBody 274 @ResponseBody
274 public TextPageData<User> getCustomerUsers( 275 public TextPageData<User> getCustomerUsers(
275 @PathVariable("customerId") String strCustomerId, 276 @PathVariable("customerId") String strCustomerId,
@@ -66,10 +66,12 @@ public class WidgetTypeController extends BaseController { @@ -66,10 +66,12 @@ public class WidgetTypeController extends BaseController {
66 widgetType.setTenantId(getCurrentUser().getTenantId()); 66 widgetType.setTenantId(getCurrentUser().getTenantId());
67 } 67 }
68 68
69 - Operation operation = widgetType.getId() == null ? Operation.CREATE : Operation.WRITE;  
70 -  
71 - accessControlService.checkPermission(getCurrentUser(), Resource.WIDGET_TYPE, operation,  
72 - widgetType.getId(), widgetType); 69 + if (widgetType.getId() == null) {
  70 + accessControlService
  71 + .checkPermission(getCurrentUser(), Resource.WIDGET_TYPE, Operation.CREATE, widgetType.getId(), widgetType);
  72 + } else {
  73 + checkWidgetTypeId(widgetType.getId(), Operation.WRITE);
  74 + }
73 75
74 return checkNotNull(widgetTypeService.saveWidgetType(widgetType)); 76 return checkNotNull(widgetTypeService.saveWidgetType(widgetType));
75 } catch (Exception e) { 77 } catch (Exception e) {
@@ -92,7 +94,7 @@ public class WidgetTypeController extends BaseController { @@ -92,7 +94,7 @@ public class WidgetTypeController extends BaseController {
92 } 94 }
93 95
94 @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')") 96 @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
95 - @RequestMapping(value = "/widgetTypes", params = { "isSystem", "bundleAlias"}, method = RequestMethod.GET) 97 + @RequestMapping(value = "/widgetTypes", params = {"isSystem", "bundleAlias"}, method = RequestMethod.GET)
96 @ResponseBody 98 @ResponseBody
97 public List<WidgetType> getBundleWidgetTypes( 99 public List<WidgetType> getBundleWidgetTypes(
98 @RequestParam boolean isSystem, 100 @RequestParam boolean isSystem,
@@ -111,7 +113,7 @@ public class WidgetTypeController extends BaseController { @@ -111,7 +113,7 @@ public class WidgetTypeController extends BaseController {
111 } 113 }
112 114
113 @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')") 115 @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
114 - @RequestMapping(value = "/widgetType", params = { "isSystem", "bundleAlias", "alias" }, method = RequestMethod.GET) 116 + @RequestMapping(value = "/widgetType", params = {"isSystem", "bundleAlias", "alias"}, method = RequestMethod.GET)
115 @ResponseBody 117 @ResponseBody
116 public WidgetType getWidgetType( 118 public WidgetType getWidgetType(
117 @RequestParam boolean isSystem, 119 @RequestParam boolean isSystem,
@@ -67,10 +67,12 @@ public class WidgetsBundleController extends BaseController { @@ -67,10 +67,12 @@ public class WidgetsBundleController extends BaseController {
67 widgetsBundle.setTenantId(getCurrentUser().getTenantId()); 67 widgetsBundle.setTenantId(getCurrentUser().getTenantId());
68 } 68 }
69 69
70 - Operation operation = widgetsBundle.getId() == null ? Operation.CREATE : Operation.WRITE;  
71 -  
72 - accessControlService.checkPermission(getCurrentUser(), Resource.WIDGETS_BUNDLE, operation,  
73 - widgetsBundle.getId(), widgetsBundle); 70 + if (widgetsBundle.getId() == null) {
  71 + accessControlService
  72 + .checkPermission(getCurrentUser(), Resource.WIDGETS_BUNDLE, Operation.CREATE, widgetsBundle.getId(), widgetsBundle);
  73 + } else {
  74 + checkWidgetsBundleId(widgetsBundle.getId(), Operation.WRITE);
  75 + }
74 76
75 return checkNotNull(widgetsBundleService.saveWidgetsBundle(widgetsBundle)); 77 return checkNotNull(widgetsBundleService.saveWidgetsBundle(widgetsBundle));
76 } catch (Exception e) { 78 } catch (Exception e) {
@@ -93,7 +95,7 @@ public class WidgetsBundleController extends BaseController { @@ -93,7 +95,7 @@ public class WidgetsBundleController extends BaseController {
93 } 95 }
94 96
95 @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')") 97 @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
96 - @RequestMapping(value = "/widgetsBundles", params = { "limit" }, method = RequestMethod.GET) 98 + @RequestMapping(value = "/widgetsBundles", params = {"limit"}, method = RequestMethod.GET)
97 @ResponseBody 99 @ResponseBody
98 public TextPageData<WidgetsBundle> getWidgetsBundles( 100 public TextPageData<WidgetsBundle> getWidgetsBundles(
99 @RequestParam int limit, 101 @RequestParam int limit,