From e2369ffad7eb24559357c696ba5a44b0b4b55135 Mon Sep 17 00:00:00 2001
From: GeorgeC <gcolon021@gmail.com>
Date: Wed, 10 Jul 2024 12:43:37 -0400
Subject: [PATCH] [ALS-6103] Update StudyAccessController with new annotations

Added 'RolesAllowed' and 'RequestMapping' annotations to the StudyAccessController. The 'RolesAllowed' annotation replaces the 'Secured' one to specify authorized roles. The 'RequestMapping' annotation is added to specify the path for accessing study data.
---
 .../hms/dbmi/avillach/auth/rest/StudyAccessController.java  | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/rest/StudyAccessController.java b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/rest/StudyAccessController.java
index 20ea160a..e3039080 100644
--- a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/rest/StudyAccessController.java
+++ b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/rest/StudyAccessController.java
@@ -4,6 +4,7 @@
 import edu.harvard.hms.dbmi.avillach.auth.service.impl.StudyAccessService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
+import jakarta.annotation.security.RolesAllowed;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.annotation.Secured;
@@ -11,8 +12,10 @@
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
 
 
+import static edu.harvard.hms.dbmi.avillach.auth.utils.AuthNaming.AuthRoleNaming.ADMIN;
 import static edu.harvard.hms.dbmi.avillach.auth.utils.AuthNaming.AuthRoleNaming.SUPER_ADMIN;
 
 /**
@@ -21,6 +24,7 @@
  * <p>Note: Only users with the super admin role can access this endpoint.</p>
  */
 @Controller
+@RequestMapping("/studyAccess")
 public class StudyAccessController {
 
     private final StudyAccessService studyAccessService;
@@ -33,7 +37,7 @@ public StudyAccessController(StudyAccessService studyAccessService) {
     @Operation(description = "POST a single study and it creates the role, privs, and rules for it, requires SUPER_ADMIN role")
     @Transactional
     @PostMapping(consumes = "application/json")
-    @Secured(SUPER_ADMIN)
+    @RolesAllowed({SUPER_ADMIN})
     public ResponseEntity<String> addStudyAccess(@Parameter(description = "The Study Identifier of the new study from the metadata.json")
                                             @RequestBody String studyIdentifier) {
         String status = studyAccessService.addStudyAccess(studyIdentifier);