Fix deletion of elements

NDLANO · Sep 13, 2024 · 2237f86 · 2237f86
1 parent cc8899b
commit 2237f86
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 4 deletions.
diff --git a/src/main/java/no/ndla/taxonomy/config/WebSecurityConfig.java b/src/main/java/no/ndla/taxonomy/config/WebSecurityConfig.java
@@ -10,6 +10,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -18,10 +19,15 @@
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 
+/*
+ * TODO: Change to EnableMethodSecurity from EnableGlobalMethodSecurity when spring security 6.4.0 is released
+ * PreAuthorize in CrudController triggers a bug in spring security 6.2.6 when using EnableMethodSecurity
+ * https://github.com/spring-projects/spring-security/issues/15097
+ */
 @Profile("auth")
 @Configuration
 @EnableWebSecurity
-@EnableMethodSecurity(securedEnabled = true)
+@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
 public class WebSecurityConfig {
 
     @Bean

diff --git a/src/main/java/no/ndla/taxonomy/rest/v1/CrudController.java b/src/main/java/no/ndla/taxonomy/rest/v1/CrudController.java
@@ -51,14 +51,17 @@ protected CrudController(TaxonomyRepository<T> repository) {
         this.repository = repository;
     }
 
+    /*
+     * Looks like this method is only used by ResourceTypes.java. All other subclasses define their own deleteEntity method.
+     */
     @DeleteMapping("/{id}")
     @Operation(
             summary = "Deletes a single entity by id",
             security = {@SecurityRequirement(name = "oauth")})
     @PreAuthorize("hasAuthority('TAXONOMY_WRITE')")
     @ResponseStatus(HttpStatus.NO_CONTENT)
     @Transactional
-    public void deleteEntity(@PathVariable("id") URI id) {
+    protected void deleteEntity(@PathVariable("id") URI id) {
         Optional<Grade> oldGrade = Optional.empty();
         Optional<Collection<Node>> parents = Optional.empty();
 

diff --git a/src/main/java/no/ndla/taxonomy/rest/v1/NodeConnections.java b/src/main/java/no/ndla/taxonomy/rest/v1/NodeConnections.java
@@ -43,7 +43,6 @@ public class NodeConnections extends CrudControllerWithMetadata<NodeConnection>
     private final NodeRepository nodeRepository;
     private final NodeConnectionRepository nodeConnectionRepository;
     private final NodeConnectionService connectionService;
-    private final NodeService nodeService;
 
     public NodeConnections(
             NodeRepository nodeRepository,
@@ -56,7 +55,6 @@ public NodeConnections(
         this.nodeRepository = nodeRepository;
         this.nodeConnectionRepository = nodeConnectionRepository;
         this.connectionService = connectionService;
-        this.nodeService = nodeService;
     }
 
     @GetMapping