hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-10 19:43:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Do authorization checks for collections, items, and bitstreams

Browse Source
This commit is contained in:
Peter Dietz
2013-10-06 14:30:28 -04:00
parent d241f26341
commit 905ae72c87
9 changed files with 190 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
dspace-rest/src/main/java/org/dspace/rest/BitstreamResource.java
View File

@@ -1,11 +1,16 @@
package org.dspace.rest;
import org.apache.log4j.Logger;
import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.AuthorizeManager;
import org.dspace.core.Context;
import org.dspace.rest.common.Bitstream;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.io.IOException;
import java.sql.SQLException;
/**
* Created with IntelliJ IDEA.
@@ -25,26 +30,49 @@ public class BitstreamResource {
@Path("/{bitstream_id}")
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
public Bitstream getBitstream(@PathParam("bitstream_id") Integer bitstream_id, @QueryParam("expand") String expand) {
return new org.dspace.rest.common.Bitstream(bitstream_id, expand);
try {
if(context == null || !context.isValid()) {
context = new Context();
}
org.dspace.content.Bitstream bitstream = org.dspace.content.Bitstream.find(context, bitstream_id);
if(AuthorizeManager.authorizeActionBoolean(context, bitstream, org.dspace.core.Constants.READ)) {
return new org.dspace.rest.common.Bitstream(bitstream, expand);
} else {
throw new WebApplicationException(Response.Status.UNAUTHORIZED);
}
} catch(SQLException e) {
log.error(e.getMessage());
throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
}
}
@GET
@Path("/{bitstream_id}/retrieve")
public javax.ws.rs.core.Response getFile(@PathParam("bitstream_id") final Integer bitstream_id) {
try {
if(context == null || !context.isValid() ) {
context = new org.dspace.core.Context();
}
org.dspace.content.Bitstream bitstream = org.dspace.content.Bitstream.find(context, bitstream_id);
if(AuthorizeManager.authorizeActionBoolean(context, bitstream, org.dspace.core.Constants.READ)) {
return Response.ok(bitstream.retrieve()).type(bitstream.getFormat().getMIMEType()).build();
} else {
throw new WebApplicationException(Response.Status.UNAUTHORIZED);
}
return Response.ok(bitstream.retrieve()).type(bitstream.getFormat().getMIMEType()).build();
} catch (Exception e) {
return Response.serverError().build();
} catch (IOException e) {
log.error(e.getMessage());
throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
} catch (SQLException e) {
log.error(e.getMessage());
throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
} catch (AuthorizeException e) {
log.error(e.getMessage());
throw new WebApplicationException(Response.Status.UNAUTHORIZED);
}
}
}