remove role link from user

2026-03-21 21:37:29 +00:00 · 2015-03-30 09:43:44 +02:00
parent 35e0567705
commit cc1e173552
4 changed files with 11 additions and 18 deletions
--- a/src/main/java/com/commafeed/frontend/auth/SecurityCheckFactory.java
+++ b/src/main/java/com/commafeed/frontend/auth/SecurityCheckFactory.java
@@ -1,6 +1,7 @@
 package com.commafeed.frontend.auth;

 import java.util.Optional;
+import java.util.Set;

 import javax.inject.Inject;
 import javax.servlet.http.HttpServletRequest;
@@ -46,7 +47,8 @@ public class SecurityCheckFactory extends AbstractContainerRequestValueFactory<U
 		}

 		if (user.isPresent()) {
-			if (user.get().hasRole(role)) {
+			Set<Role> roles = userService.getRoles(user.get());
+			if (roles.contains(role)) {
 				return user.get();
 			} else {
 				throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN)