hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-17 23:13:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Do authorization checks for collections, items, and bitstreams

Browse Source
This commit is contained in:
Peter Dietz
2013-10-06 14:30:28 -04:00
parent d241f26341
commit 905ae72c87
9 changed files with 190 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
dspace-rest/src/main/java/org/dspace/rest/CollectionsResource.java
View File

@@ -1,9 +1,13 @@
package org.dspace.rest;
import org.dspace.authorize.AuthorizeManager;
import org.dspace.core.Context;
import javax.servlet.ServletContext;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.sql.SQLException;
import java.util.ArrayList;
@@ -34,6 +38,7 @@ public class CollectionsResource {
org.dspace.content.Collection[] collections = org.dspace.content.Collection.findAll(context);
for(org.dspace.content.Collection collection : collections) {
//TODO check auth...
everything.append("<li><a href='" + servletContext.getContextPath() + "/collections/" + collection.getID() + "'>" + collection.getID() + " - " + collection.getName() + "</a></li>\n");
}
@@ -56,14 +61,16 @@ public class CollectionsResource {
org.dspace.content.Collection[] collections = org.dspace.content.Collection.findAll(context);
ArrayList<org.dspace.rest.common.Collection> collectionArrayList = new ArrayList<org.dspace.rest.common.Collection>();
for(org.dspace.content.Collection collection : collections) {
org.dspace.rest.common.Collection restCollection = new org.dspace.rest.common.Collection(collection, expand);
collectionArrayList.add(restCollection);
if(AuthorizeManager.authorizeActionBoolean(context, collection, org.dspace.core.Constants.READ)) {
org.dspace.rest.common.Collection restCollection = new org.dspace.rest.common.Collection(collection, expand, context);
collectionArrayList.add(restCollection);
} // Not showing restricted-access collections
}
return collectionArrayList.toArray(new org.dspace.rest.common.Collection[0]);
} catch (SQLException e) {
return null;
throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
}
}
@@ -71,6 +78,19 @@ public class CollectionsResource {
@Path("/{collection_id}")
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
public org.dspace.rest.common.Collection getCollection(@PathParam("collection_id") Integer collection_id, @QueryParam("expand") String expand) {
return new org.dspace.rest.common.Collection(collection_id, expand);
try {
if(context == null || !context.isValid() ) {
context = new Context();
}
org.dspace.content.Collection collection = org.dspace.content.Collection.find(context, collection_id);
if(AuthorizeManager.authorizeActionBoolean(context, collection, org.dspace.core.Constants.READ)) {
return new org.dspace.rest.common.Collection(collection, expand, context);
} else {
throw new WebApplicationException(Response.Status.UNAUTHORIZED);
}
} catch (SQLException e) {
throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
}
}
}