Fixes for API access control when user has GET permissions

Author: computate

src/main/java/org/computate/frFR/java/EcrireApiClasse.java

@@ -2253,7 +2253,11 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
                     tl(5, "scopes.add(\"GET\");");
                     tl(5, "scopes.add(\"PATCH\");");
                   }
-                  tl(5, "if(authorizationDecisionResponse.failed() && !scopes.contains(\"", classeApiMethodeMethode, "\")) {");
+                  if(StringUtils.equals(classeApiMethodeMethode, "GET")) {
+                    tl(5, "if(authorizationDecisionResponse.failed() && !scopes.contains(\"", classeApiMethodeMethode, "\")) {");
+                  } else {
+                    tl(5, "if(authorizationDecisionResponse.failed() || !scopes.contains(\"", classeApiMethodeMethode, "\")) {");
+                  }
                   tl(6, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
                   tl(6, "eventHandler.handle(Future.succeededFuture(");
                   tl(7, "new ServiceResponse(403, \"FORBIDDEN\",");