Merge branch 'DEVELOP' of ssh://git.eclipse.org:29418/openk-usermodules/org.eclipse.openk-usermodules.contactBaseData.backend into DEVELOP
diff --git a/src/main/java/org/eclipse/openk/contactbasedata/controller/AddressController.java b/src/main/java/org/eclipse/openk/contactbasedata/controller/AddressController.java
index 1de9cc9..37e9c06 100644
--- a/src/main/java/org/eclipse/openk/contactbasedata/controller/AddressController.java
+++ b/src/main/java/org/eclipse/openk/contactbasedata/controller/AddressController.java
@@ -52,6 +52,7 @@
     }
 
     @GetMapping("/{contactUuid}/addresses/{addressUuid}")
+    @Secured({"ROLE_KON-READER", "ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
     @ApiOperation(value = "Eine bestimmte Adresse eines bestimmten Kontakts anzeigen.")
     @ApiResponses(value = {
             @ApiResponse(code = 404, message = "Kontaktadresse nicht gefunden."),
@@ -66,6 +67,7 @@
 
 
     @PostMapping("/{contactUuid}/addresses")
+    @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
     @ApiOperation(value = "Anlegen einer neuen Adresse")
     @ApiResponses(value = {
             @ApiResponse(code = 200, message = "Adresse erfolgreich angelegt"),
@@ -88,6 +90,7 @@
 
 
     @PutMapping("/{contactUuid}/addresses/{addressUuid}")
+    @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
     @ApiOperation(value = "Eine bestimmte Adresse eines bestimmten Kontakts bearbeiten.")
     @ApiResponses(value = {
             @ApiResponse(code = 404, message = "Adresse nicht gefunden."),
@@ -105,6 +108,7 @@
     }
 
     @DeleteMapping("{contactUuid}/addresses/{addressUuid}")
+    @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
     @ResponseStatus(HttpStatus.OK)
     @ApiOperation(value = "Eine bestimmte Adresse eines bestimmten Kontakts löschen")
     @ApiResponses(value = {
diff --git a/src/main/java/org/eclipse/openk/contactbasedata/controller/AssignmentModulContactController.java b/src/main/java/org/eclipse/openk/contactbasedata/controller/AssignmentModulContactController.java
index 5694d05..119da7a 100644
--- a/src/main/java/org/eclipse/openk/contactbasedata/controller/AssignmentModulContactController.java
+++ b/src/main/java/org/eclipse/openk/contactbasedata/controller/AssignmentModulContactController.java
@@ -53,6 +53,7 @@
     }
 
     @GetMapping("/{contactUuid}/assignments/{assignmentUuid}")
+    @Secured({"ROLE_KON-READER", "ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
     @ApiOperation(value = "Lesen einer Zuordnung Kontakt:Modul")
     @ApiResponses(value = {
             @ApiResponse(code = 404, message = "Zuordnung nicht gefunden."),
@@ -66,6 +67,7 @@
 
 
     @PostMapping("/{contactUuid}/assignments")
+    @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
     @ApiOperation(value = "Anlegen einer neuen Zuordnung Kontakt:Modul")
     @ApiResponses(value = {
             @ApiResponse(code = 200, message = "Zuordnung erfolgreich angelegt"),
@@ -88,6 +90,7 @@
 
 
     @PutMapping("/{contactUuid}/assignments/{assignmentUuid}")
+    @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
     @ApiOperation(value = "Ändern einer Zuordnung Kontakt:Modul")
     @ApiResponses(value = {
             @ApiResponse(code = 404, message = "Zuordnung nicht gefunden."),
@@ -105,6 +108,7 @@
     }
 
     @DeleteMapping("{contactUuid}/assignments/{assignmentUuid}")
+    @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
     @ResponseStatus(HttpStatus.OK)
     @ApiOperation(value = "Eine bestimmte Zuordnung eines bestimmten Kontakts löschen")
     @ApiResponses(value = {
diff --git a/src/main/java/org/eclipse/openk/contactbasedata/controller/CommunicationController.java b/src/main/java/org/eclipse/openk/contactbasedata/controller/CommunicationController.java
index f425049..32d52e7 100644
--- a/src/main/java/org/eclipse/openk/contactbasedata/controller/CommunicationController.java
+++ b/src/main/java/org/eclipse/openk/contactbasedata/controller/CommunicationController.java
@@ -52,6 +52,7 @@
     }
 
     @GetMapping("/{contactUuid}/communications/{communicationUuid}")
+    @Secured({"ROLE_KON-READER", "ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
     @ApiOperation(value = "Einen bestimmten Kommunikationsweg eines bestimmten Kontakts anzeigen.")
     @ApiResponses(value = {
             @ApiResponse(code = 404, message = "Kontaktadresse nicht gefunden."),
@@ -66,6 +67,7 @@
 
 
     @PostMapping("/{contactUuid}/communications")
+    @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
     @ApiOperation(value = "Anlegen eines neuen Kommunikationswegs")
     @ApiResponses(value = {
             @ApiResponse(code = 200, message = "Kommunikationsweg erfolgreich angelegt"),
@@ -88,6 +90,7 @@
 
 
     @PutMapping("/{contactUuid}/communications/{communicationUuid}")
+    @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
     @ApiOperation(value = "Einen bestimmten Kommunikationsweg eines bestimmten Kontakts bearbeiten.")
     @ApiResponses(value = {
             @ApiResponse(code = 404, message = "Kommunikationsweg nicht gefunden."),
@@ -105,6 +108,7 @@
     }
 
     @DeleteMapping("{contactUuid}/communications/{communicationUuid}")
+    @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
     @ResponseStatus(HttpStatus.OK)
     @ApiOperation(value = "Einen bestimmten Kommunikationsweg eines bestimmten Kontakts löschen")
     @ApiResponses(value = {
diff --git a/src/main/java/org/eclipse/openk/contactbasedata/controller/ContactPersonController.java b/src/main/java/org/eclipse/openk/contactbasedata/controller/ContactPersonController.java
index 1ace3df..66977b6 100644
--- a/src/main/java/org/eclipse/openk/contactbasedata/controller/ContactPersonController.java
+++ b/src/main/java/org/eclipse/openk/contactbasedata/controller/ContactPersonController.java
@@ -28,6 +28,7 @@
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
+
 import java.net.URI;
 import java.util.UUID;
 
@@ -50,7 +51,7 @@
     }
 
     @PostMapping
-    @Secured("ROLE_KON-ADMIN")
+    @Secured({"ROLE_KON-ADMIN", "ROLE_KON-WRITER"})
     @ApiOperation(value = "Anlegen einer Kontaktperson")
     @ApiResponses(value = {
             @ApiResponse(code = 201, message = "Kontaktperson erfolgreich angelegt"),
@@ -68,7 +69,7 @@
     }
 
     @PutMapping("/{contactUuid}")
-    @Secured("ROLE_KON-ADMIN")
+    @Secured({"ROLE_KON-ADMIN", "ROLE_KON-WRITER"})
     @ApiOperation(value = "Ändern einer Kontaktperson")
     @ApiResponses(value = {
             @ApiResponse(code = 200, message = "Kontaktperson wurde aktualisiert"),
@@ -85,6 +86,7 @@
     }
 
     @DeleteMapping("/{contactUuid}")
+    @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
     @ResponseStatus(HttpStatus.OK)
     @ApiOperation(value = "Eine bestimmte Adresse eines bestimmten Kontakts löschen")
     @ApiResponses(value = {
diff --git a/src/main/java/org/eclipse/openk/contactbasedata/controller/ExternalPersonController.java b/src/main/java/org/eclipse/openk/contactbasedata/controller/ExternalPersonController.java
index 6ea0938..de60063 100644
--- a/src/main/java/org/eclipse/openk/contactbasedata/controller/ExternalPersonController.java
+++ b/src/main/java/org/eclipse/openk/contactbasedata/controller/ExternalPersonController.java
@@ -67,7 +67,7 @@
     }
 
     @PostMapping
-    @Secured("ROLE_KON-ADMIN")
+    @Secured({"ROLE_KON-ADMIN", "ROLE_KON-WRITER"})
     @ApiOperation(value = "Anlegen einer externen Person")
     @ApiResponses(value = {
             @ApiResponse(code = 201, message = "externe Person erfolgreich angelegt"),
@@ -85,7 +85,7 @@
     }
 
     @PutMapping("/{contactUuid}")
-    @Secured("ROLE_KON-ADMIN")
+    @Secured({"ROLE_KON-ADMIN", "ROLE_KON-WRITER"})
     @ApiOperation(value = "Ändern einer externen Person")
     @ApiResponses(value = {
             @ApiResponse(code = 200, message = "Externe Person wurde aktualisiert"),
diff --git a/src/main/java/org/eclipse/openk/contactbasedata/controller/InternalPersonController.java b/src/main/java/org/eclipse/openk/contactbasedata/controller/InternalPersonController.java
index bd7639d..fee5cdc 100644
--- a/src/main/java/org/eclipse/openk/contactbasedata/controller/InternalPersonController.java
+++ b/src/main/java/org/eclipse/openk/contactbasedata/controller/InternalPersonController.java
@@ -73,7 +73,7 @@
     }
 
     @PostMapping
-    @Secured("ROLE_KON-ADMIN")
+    @Secured({"ROLE_KON-ADMIN", "ROLE_KON-WRITER"})
     @ApiOperation(value = "Anlegen einer internen Person")
     @ApiResponses(value = {
             @ApiResponse(code = 201, message = "interne Person erfolgreich angelegt"),
@@ -91,7 +91,7 @@
     }
 
     @PutMapping("/{contactUuid}")
-    @Secured("ROLE_KON-ADMIN")
+    @Secured({"ROLE_KON-ADMIN", "ROLE_KON-WRITER"})
     @ApiOperation(value = "Ändern einer internen Person")
     @ApiResponses(value = {
             @ApiResponse(code = 200, message = "Interne Person wurde aktualisiert"),
diff --git a/src/main/java/org/eclipse/openk/contactbasedata/controller/LdapController.java b/src/main/java/org/eclipse/openk/contactbasedata/controller/LdapController.java
index 8ceaaaa..45fc76c 100644
--- a/src/main/java/org/eclipse/openk/contactbasedata/controller/LdapController.java
+++ b/src/main/java/org/eclipse/openk/contactbasedata/controller/LdapController.java
@@ -23,6 +23,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.ResponseStatus;
@@ -42,6 +43,7 @@
     @ApiResponses(value = {@ApiResponse(code = 200, message = "Erfolgreich durchgeführt")})
     @ResponseStatus(HttpStatus.OK)
     @GetMapping( "/users")
+    @Secured({"ROLE_KON-READER", "ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
     public List<LdapUser> getLdapUser() {
         return ldapService.getAllLdapUsers();
     }
@@ -50,6 +52,7 @@
     @ApiResponses(value = {@ApiResponse(code = 200, message = "Erfolgreich durchgeführt")})
     @ResponseStatus(HttpStatus.OK)
     @GetMapping( "/sync")
+    @Secured({"ROLE_KON-ADMIN"})
     public ResponseEntity<Object> syncLdapUser() {
         ldapService.synchronizeLDAP();
         return ResponseEntity.ok().build();
diff --git a/src/main/java/org/eclipse/openk/contactbasedata/controller/UserController.java b/src/main/java/org/eclipse/openk/contactbasedata/controller/UserController.java
index cb581ce..9737961 100644
--- a/src/main/java/org/eclipse/openk/contactbasedata/controller/UserController.java
+++ b/src/main/java/org/eclipse/openk/contactbasedata/controller/UserController.java
@@ -22,6 +22,7 @@
 import org.eclipse.openk.contactbasedata.service.UserService;
 import org.eclipse.openk.contactbasedata.viewmodel.UserModule;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -39,6 +40,7 @@
     @ApiOperation(value = "Ermitteln der UserModules vom Auth'n'Auth-Service")
     @ApiResponses(value = {@ApiResponse(code = 200, message = "Erfolgreich durchgeführt")})
     @GetMapping("/modules")
+    @Secured({"ROLE_KON-READER", "ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
     public List<UserModule> getUserModules() {
         return userService.getUserModules();
     }
@@ -46,6 +48,7 @@
     @ApiOperation(value = "Ermitteln der KeycloakUsers vom Auth'n'Auth-Service")
     @ApiResponses(value = {@ApiResponse(code = 200, message = "Erfolgreich durchgeführt")})
     @GetMapping("/keycloak-users")
+    @Secured({"ROLE_KON-READER", "ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
     public List<KeyCloakUser> getKeycloakUsers() {
         return userService.getKeycloakUsers();
     }
diff --git a/src/main/resources/application_localdev.yml b/src/main/resources/application_localdev.yml
index c699abf..4509d62 100644
--- a/src/main/resources/application_localdev.yml
+++ b/src/main/resources/application_localdev.yml
@@ -17,6 +17,29 @@
     password: cbd_service
   flyway:
     enabled: false
+  ldap:
+    base: o=sevenSeas
+    username: uid=admin,ou=system
+    password: secret
+    port: 10389
+    urls: ldap://entopkon:10389
+
+ldap:
+  attribute-mapping:
+    uid: uid
+    fullname: cn
+    lastname: sn
+    firstname: givenname
+    title: title
+    mail: mail
+    department: department
+    telephone-number: phone
+  db-id-mapping:
+    mail-id: 1
+    telephone-number-id: 2
+  scheduling:
+    enabled: false
+    cron-expression: '*/10 * * * * *'
 
 server:
   port: 9155