fix: apply PR #390 to docker-master branch

Should also be backported to docker-24.0 branch
georchestra · Oct 9, 2024 · df77a2f · df77a2f
1 parent 803fdb7
commit df77a2f
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/gateway/gateway.yaml b/gateway/gateway.yaml
@@ -37,13 +37,13 @@ georchestra:
         access-rules:
         - intercept-url: /datafeeder/**
           anonymous: false
-          allowed-roles: SUPERUSER,DATAFEEDER
+          allowed-roles: SUPERUSER,IMPORT
       import:
         target: ${georchestra.gateway.services.import.target}
         access-rules:
         - intercept-url: /import/**
           anonymous: false
-          allowed-roles: SUPERUSER,DATAFEEDER
+          allowed-roles: SUPERUSER,IMPORT
       console:
         target: ${georchestra.gateway.services.console.target}
         access-rules:

diff --git a/security-proxy/security-mappings.xml b/security-proxy/security-mappings.xml
@@ -29,7 +29,7 @@
   <intercept-url pattern="/console/internal/.*" access="ROLE_SUPERUSER" />
   <intercept-url pattern="/testPage" access="IS_AUTHENTICATED_FULLY" />
   <intercept-url pattern=".*/ogcproxy/.*" access="ROLE_NO_ONE" />
-  <intercept-url pattern="/datafeeder/.*" access="IS_AUTHENTICATED_FULLY" />
-  <intercept-url pattern="/import/.*" access="IS_AUTHENTICATED_FULLY" />
+  <intercept-url pattern="/datafeeder/.*" access="ROLE_SUPERUSER,ROLE_IMPORT" />
+  <intercept-url pattern="/import/.*" access="ROLE_SUPERUSER,ROLE_IMPORT" />
   <intercept-url pattern=".*" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER,ROLE_GN_EDITOR,ROLE_GN_REVIEWER,ROLE_GN_ADMIN,ROLE_ADMINISTRATOR,ROLE_SUPERUSER,ROLE_ORGADMIN" />
 </http>