apply new @VaultRole(realmRole=...) property

* allowing any user to modify a owned vault * allowing only users with `create-vaults` role to create vault * allowing any user to claim ownership (if they can prove worthy)
cryptomator · Oct 17, 2024 · 508c651 · 508c651
1 parent f5ac752
commit 508c651
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/backend/src/main/java/org/cryptomator/hub/api/VaultResource.java b/backend/src/main/java/org/cryptomator/hub/api/VaultResource.java
@@ -388,8 +388,8 @@ public VaultDto get(@PathParam("vaultId") UUID vaultId) {
 
 	@PUT
 	@Path("/{vaultId}")
-	@RolesAllowed("create-vaults")
-	@VaultRole(value = VaultAccess.Role.OWNER, onMissingVault = VaultRole.OnMissingVault.PASS)
+	@RolesAllowed("user") // general authentication. VaultRole filter will check for specific access rights
+	@VaultRole(value = VaultAccess.Role.OWNER, onMissingVault = VaultRole.OnMissingVault.REQUIRE_REALM_ROLE, realmRole = "create-vaults")
 	@Consumes(MediaType.APPLICATION_JSON)
 	@Produces(MediaType.APPLICATION_JSON)
 	@Transactional
@@ -439,7 +439,7 @@ public Response createOrUpdate(@PathParam("vaultId") UUID vaultId, @Valid @NotNu
 
 	@POST
 	@Path("/{vaultId}/claim-ownership")
-	@RolesAllowed("create-vaults")
+	@RolesAllowed("user")
 	@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
 	@Transactional
 	@Operation(summary = "claims ownership of a vault",