X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=webapp-backend%2Fsrc%2Fmain%2Fjava%2Forg%2Foransc%2Fric%2Fportal%2Fdashboard%2Fcontroller%2FAcXappController.java;h=655b47aae52b1ead4d1d02ef29849dc6056d33e9;hb=3f812ea25d352ec33d07f5ffa4c2aa2a77e8e793;hp=cdb99b0bda9f541c35a8262d777263b75dccca84;hpb=de17870a15d4ad8bd12828c27950aa681165413b;p=portal%2Fric-dashboard.git

diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/AcXappController.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/AcXappController.java
index cdb99b0b..655b47aa 100644
--- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/AcXappController.java
+++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/AcXappController.java
@@ -31,6 +31,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.util.Assert;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PutMapping;
@@ -77,6 +78,7 @@ public class AcXappController {
 
 	@ApiOperation(value = "Gets the A1 client library MANIFEST.MF property Implementation-Version.", response = SuccessTransport.class)
 	@GetMapping(VERSION_METHOD)
+	// No role required
 	public SuccessTransport getA1MediatorClientVersion() {
 		return new SuccessTransport(200, DashboardApplication.getImplementationVersion(A1MediatorApi.class));
 	}
@@ -86,6 +88,7 @@ public class AcXappController {
 	 */
 	@ApiOperation(value = "Gets the admission control policy for AC xApp via the A1 Mediator")
 	@GetMapping(ADMCTRL_METHOD)
+	@Secured({ DashboardConstants.ROLE_ADMIN, DashboardConstants.ROLE_STANDARD })
 	public Object getAdmissionControlPolicy(HttpServletResponse response) {
 		logger.debug("getAdmissionControlPolicy");
 		response.setStatus(HttpServletResponse.SC_NOT_IMPLEMENTED);
@@ -98,6 +101,7 @@ public class AcXappController {
 	 */
 	@ApiOperation(value = "Sets the admission control policy for AC xApp via the A1 Mediator")
 	@PutMapping(ADMCTRL_METHOD)
+	@Secured({ DashboardConstants.ROLE_ADMIN })
 	public void setAdmissionControlPolicy(@ApiParam(value = "Admission control policy") @RequestBody JsonNode acPolicy, //
 			HttpServletResponse response) {
 		logger.debug("setAdmissionControlPolicy {}", acPolicy);