RADAR-base · mpgxvii · Mar 18, 2024 · Mar 12, 2024 · Mar 15, 2024 · mpgxvii
diff --git a/src/main/java/org/radarbase/appserver/controller/NotificationStateEventController.java b/src/main/java/org/radarbase/appserver/controller/NotificationStateEventController.java
@@ -48,7 +48,7 @@ public NotificationStateEventController(
  this.notificationStateEventService = notificationStateEventService;
  }
 
- @Authorized(permission = AuthPermissions.CREATE, entity = AuthEntities.MEASUREMENT)
+ @Authorized(permission = AuthPermissions.READ, entity = AuthEntities.PROJECT)
  @GetMapping(
  value =
  "/"
@@ -64,8 +64,8 @@ public ResponseEntity<List<NotificationStateEventDto>> getNotificationStateEvent
  }
 
  @Authorized(
- permission = AuthPermissions.CREATE,
- entity = AuthEntities.MEASUREMENT,
+ permission = AuthPermissions.READ,
+ entity = AuthEntities.SUBJECT,
  permissionOn = PermissionOn.SUBJECT)
  @GetMapping(
  value =
@@ -93,8 +93,8 @@ public ResponseEntity<List<NotificationStateEventDto>> getNotificationStateEvent
  }
 
  @Authorized(
- permission = AuthPermissions.CREATE,
- entity = AuthEntities.MEASUREMENT,
+ permission = AuthPermissions.UPDATE,
+ entity = AuthEntities.SUBJECT,
  permissionOn = PermissionOn.SUBJECT)
  @PostMapping(
  value =

diff --git a/src/main/java/org/radarbase/appserver/controller/RadarProjectController.java b/src/main/java/org/radarbase/appserver/controller/RadarProjectController.java
@@ -120,8 +120,8 @@ public ResponseEntity<ProjectDto> addProject(
  * org.radarbase.appserver.exception.NotFoundException} if project was not found.
  */
  @Authorized(
- permission = AuthPermissions.CREATE,
- entity = AuthEntities.MEASUREMENT,
+ permission = AuthPermissions.UPDATE,
+ entity = AuthEntities.PROJECT,
  permissionOn = PermissionOn.PROJECT)
  @PutMapping(
  value = "/" + PathsUtil.PROJECT_PATH + "/" + PathsUtil.PROJECT_ID_CONSTANT,
@@ -160,7 +160,7 @@ public ResponseEntity<ProjectDtos> getAllProjects(HttpServletRequest request) {
  }
 
  // TODO think about plain authorized
- @Authorized(permission = AuthPermissions.CREATE, entity = AuthEntities.MEASUREMENT)
+ @Authorized(permission = AuthPermissions.READ, entity = AuthEntities.PROJECT)
  @GetMapping("/" + PathsUtil.PROJECT_PATH + "/project")
  public ResponseEntity<ProjectDto> getProjectsUsingId(
  HttpServletRequest request, @Valid @PathParam("id") Long id) {
@@ -169,8 +169,8 @@ public ResponseEntity<ProjectDto> getProjectsUsingId(
  RadarToken token = (RadarToken) request.getAttribute(AuthAspect.TOKEN_KEY);
  if (authorization.hasPermission(
  token,
- AuthPermissions.CREATE,
- AuthEntities.MEASUREMENT,
+ AuthPermissions.READ,
+ AuthEntities.PROJECT,
  PermissionOn.PROJECT,
  projectDto.getProjectId(),
  null,