Re: [PR] FINERACT-2493: New command processing - job scheduling [fineract]

Fri, 12 Jun 2026 05:01:02 -0700 


nidhiii128 commented on code in PR #5903:
URL: https://github.com/apache/fineract/pull/5903#discussion_r3403175405


##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/config/SecurityConfig.java:
##########
@@ -400,6 +400,27 @@ public SecurityFilterChain filterChain(HttpSecurity http) 
throws Exception {
                     .hasAnyAuthority(ALL_FUNCTIONS, ALL_FUNCTIONS_WRITE, 
"UPDATE_HOOK")
                     .requestMatchers(API_MATCHER.matcher(HttpMethod.DELETE, 
"/api/*/hooks/*"))
                     .hasAnyAuthority(ALL_FUNCTIONS, ALL_FUNCTIONS_WRITE, 
"DELETE_HOOK")
+                    // scheduler job - read
+                    .requestMatchers(API_MATCHER.matcher(HttpMethod.GET, 
"/api/*/jobs"))
+                    .hasAnyAuthority(ALL_FUNCTIONS, ALL_FUNCTIONS_READ, 
"READ_SCHEDULER")
+                    .requestMatchers(API_MATCHER.matcher(HttpMethod.GET, 
"/api/*/jobs/*"))
+                    .hasAnyAuthority(ALL_FUNCTIONS, ALL_FUNCTIONS_READ, 
"READ_SCHEDULER")
+                    .requestMatchers(API_MATCHER.matcher(HttpMethod.GET, 
"/api/*/jobs/short-name/*"))
+                    .hasAnyAuthority(ALL_FUNCTIONS, ALL_FUNCTIONS_READ, 
"READ_SCHEDULER")
+                    .requestMatchers(API_MATCHER.matcher(HttpMethod.GET, 
"/api/*/jobs/*/runhistory"))
+                    .hasAnyAuthority(ALL_FUNCTIONS, ALL_FUNCTIONS_READ, 
"READ_SCHEDULER")
+                    .requestMatchers(API_MATCHER.matcher(HttpMethod.GET, 
"/api/*/jobs/short-name/*/runhistory"))
+                    .hasAnyAuthority(ALL_FUNCTIONS, ALL_FUNCTIONS_READ, 
"READ_SCHEDULER")
+                    // scheduler job - execute
+                    .requestMatchers(API_MATCHER.matcher(HttpMethod.POST, 
"/api/*/jobs/*"))
+                    .hasAnyAuthority(ALL_FUNCTIONS, ALL_FUNCTIONS_WRITE, 
"EXECUTEJOB_SCHEDULER")

Review Comment:
   Hello @vidakovic the underscore would be more consistent. I matched 
EXECUTEJOB_SCHEDULER to the existing legacy permission name (it's in 
0002_initial_data.xml:6868 of the Liquibase seed). Renaming it properly 
requires updating the security config and controller and also adding a new 
Liquibase migration to UPDATE m_permission SET code = 'EXECUTE_JOB_SCHEDULER' 
WHERE code = 'EXECUTEJOB_SCHEDULER' for existing deployments
   
   To keep this PR scoped to the update-job migration, I've kept the legacy 
name. Happy to clean this up in a separate PR alongside the other 
Schedular/retrive typos. WDYT?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to