vidakovic commented on code in PR #5821:
URL: https://github.com/apache/fineract/pull/5821#discussion_r3235335440
##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/config/SecurityConfig.java:
##########
@@ -273,6 +273,17 @@ public SecurityFilterChain filterChain(HttpSecurity http)
throws Exception {
.hasAnyAuthority(ALL_FUNCTIONS, ALL_FUNCTIONS_WRITE,
"UPDATE_CLIENTIMAGE")
.requestMatchers(API_MATCHER.matcher(HttpMethod.DELETE,
"/api/*/clients/*/images"))
.hasAnyAuthority(ALL_FUNCTIONS, ALL_FUNCTIONS_WRITE,
"DELETE_CLIENTIMAGE")
+ // collateral: clients
+ .requestMatchers(API_MATCHER.matcher(HttpMethod.GET,
"/api/*/clients/*/collaterals"))
+ .hasAnyAuthority(ALL_FUNCTIONS, ALL_FUNCTIONS_READ,
"READ_CLIENT_COLLATERAL_PRODUCT")
Review Comment:
The naming of the permissions look ok (consistent with what we did before),
but could you check again how exactly the legacy permissions were named? For me
it looks like something is inverted here. I would like to be consistent, so
this here is ok, but if the legacy permission name is somehow different then
please put a comment here at least.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
