Role permit when editing an entity in jhipster

Question

Role permit when editing an entity in jhipster

Navigation

#1 by (1 votes)

0

Cordial Greeting

I'm new to Jhipster and I'm creating a new role to give you permissions .

The steps I am taking are the following: 1.

I create the role and include it in master.xml

then I give you mvn liquibase:update

and place it in the database in the table jhi_authority

Then I run the application with mvn and login as admin and create a user with that new created role, then login with that user who has the new role and I want to click on the indicated and I can not

Create a new Region
view
Edit
Delete

What I need for the role to let me do those functionalities?

Note: I'm using the latest version of jhipster

maven angular6 jhipster

asked by emanuel montaño 27.09.2018 в 20:38

source

1 answer

Error datepicker format JSP how can I access from nabvar route to web content in angular without losing formats and styles?

score 1 · Answer 1

I will start from the fact that you have a project like the one published in its repositories jhipsterSampleApplication with the version JHipster 5.4.2 .

Apparently the problem lies in the front-end because it does not allow you to have access to that view. To do this you must edit your file region.route.ts and add your created role.

...
{
    path: 'region',
    component: RegionComponent,
    data: {
        authorities: ['ROLE_USER', 'ROLE_PQRS'],
        pageTitle: 'jhipsterSampleApplicationApp.region.home.title'
    },
    canActivate: [UserRouteAccessService]
},
...

NOTE

To add the role you are doing it well but it is necessary to clarify Liquibase is a complement to add version to your Database but this action could be done by inserting the record directly using SQL or adding the role in the authorities.csv file included in the project.

Another point to take into account is the configuration in the file SecurityConfiguration.java in the method public void configure(HttpSecurity http)

...
    .and()
        .authorizeRequests()
        .antMatchers("/api/register").permitAll()
        .antMatchers("/api/activate").permitAll()
        .antMatchers("/api/authenticate").permitAll()
        .antMatchers("/api/account/reset-password/init").permitAll()
        .antMatchers("/api/account/reset-password/finish").permitAll()
        .antMatchers("/api/**").authenticated() // Esta línea permite que tu usuario realice peticiones al back-end
        .antMatchers("/management/health").permitAll()
        .antMatchers("/management/info").permitAll()
        .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
...

This file contains the configuration that your back-end has to allow users to make requests. This in case you want to restrict certain end-points to a specific role.