Fix realize requirement permissions

rwth-acis · Sep 21, 2021 · 69bae48 · 69bae48
1 parent fbf5545
commit 69bae48
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/reqbaz/src/main/java/de/rwth/dbis/acis/bazaar/service/resources/RequirementsResource.java b/reqbaz/src/main/java/de/rwth/dbis/acis/bazaar/service/resources/RequirementsResource.java
@@ -1143,7 +1143,7 @@ public Response realize(@PathParam("requirementId") int requirementId) {
             Requirement requirement = dalFacade.getRequirementById(requirementId, internalUserId);
             boolean authorized = new AuthorizationManager().isAuthorized(internalUserId, PrivilegeEnum.Realize_REQUIREMENT, requirement.getProjectId(), dalFacade);
             if (!authorized) {
-                ExceptionHandler.getInstance().throwException(ExceptionLocation.BAZAARSERVICE, ErrorCode.AUTHORIZATION, Localization.getInstance().getResourceBundle().getString("error.authorization.vote.create"));
+                ExceptionHandler.getInstance().throwException(ExceptionLocation.BAZAARSERVICE, ErrorCode.AUTHORIZATION, Localization.getInstance().getResourceBundle().getString("error.authorization.requirement.realize"));
             }
             requirement = dalFacade.setRequirementToRealized(requirementId, internalUserId);
             bazaarService.getNotificationDispatcher().dispatchNotification(OffsetDateTime.now(), Activity.ActivityAction.REALIZE, MonitoringEvent.SERVICE_CUSTOM_MESSAGE_37,
@@ -1196,9 +1196,9 @@ public Response unrealize(@PathParam("requirementId") int requirementId) {
             }
             dalFacade = bazaarService.getDBConnection();
             Integer internalUserId = dalFacade.getUserIdByLAS2PeerId(userId);
-            boolean authorized = new AuthorizationManager().isAuthorized(internalUserId, PrivilegeEnum.Modify_REQUIREMENT, dalFacade);
+            boolean authorized = new AuthorizationManager().isAuthorized(internalUserId, PrivilegeEnum.Realize_REQUIREMENT, dalFacade);
             if (!authorized) {
-                ExceptionHandler.getInstance().throwException(ExceptionLocation.BAZAARSERVICE, ErrorCode.AUTHORIZATION, Localization.getInstance().getResourceBundle().getString("error.authorization.vote.delete"));
+                ExceptionHandler.getInstance().throwException(ExceptionLocation.BAZAARSERVICE, ErrorCode.AUTHORIZATION, Localization.getInstance().getResourceBundle().getString("error.authorization.requirement.realize"));
             }
             Requirement requirement = dalFacade.setRequirementToUnRealized(requirementId, internalUserId);
             bazaarService.getNotificationDispatcher().dispatchNotification(OffsetDateTime.now(), Activity.ActivityAction.UNREALIZE, MonitoringEvent.SERVICE_CUSTOM_MESSAGE_38,

diff --git a/reqbaz/src/main/resources/i18n/Translation_en.properties b/reqbaz/src/main/resources/i18n/Translation_en.properties
@@ -30,6 +30,7 @@ error.authorization.category.delete=This category item with id {0} cannot be del
 error.authorization.requirements.read=Only logged in users can read requirements.
 error.authorization.requirement.create=Only project members can create requirements.
 error.authorization.requirement.delete=Only the creator can delete requirements.
+error.authorization.requirement.realize=Only project members can set requirements as realized.
 error.authorization.develop.create=Only project members can register to develop a requirement.
 error.authorization.develop.delete=Only project members can deregister from developing a requirement.
 error.authorization.follow.create=Only project members can register to follow a requirement.