Commit 92f4ce6e authored by Martin Bartoš's avatar Martin Bartoš
Browse files

Fix delete review bug with AuthZ

parent c77db6c5
......@@ -74,9 +74,9 @@ public class ReviewControllerProvider implements ReviewController {
if (user.isAdmin() || isMyReview) {
return reviewFacade.update(reviewUpdateDto);
} else {
throw new ForbiddenOperationException("Cannot update not own review or no admin rights");
}
throw new ForbiddenOperationException("Cannot update not own review or no admin rights");
}
@PreAuthorize("isAuthenticated()")
......@@ -89,8 +89,8 @@ public class ReviewControllerProvider implements ReviewController {
if (user.isAdmin() || isMyReview) {
reviewFacade.delete(id);
} else {
throw new ForbiddenOperationException("Cannot delete not own review or no admin rights");
}
throw new ForbiddenOperationException("Cannot delete not own review or no admin rights");
}
}
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment