71424: permission check back to EvaluatorPlugin, exception message fix

2025-10-07 01:54:22 +00:00 · 2020-06-18 13:04:52 +02:00
parent f66064f023
commit 9694858018
3 changed files with 11 additions and 39 deletions
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/StatisticsRestRepository.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/StatisticsRestRepository.java
@@ -70,8 +70,7 @@ public class StatisticsRestRepository extends DSpaceRestRepository<UsageReportRe

    @Override
    public Page<UsageReportRest> findAll(Context context, Pageable pageable) {
-        throw new RepositoryMethodNotImplementedException("No implementation found; Method not allowed!",
-            "getUsageReports");
+        throw new RepositoryMethodNotImplementedException("No implementation found; Method not allowed!", "findAll");
    }

    @Override
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/UsageReportService.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/UsageReportService.java
@@ -22,9 +22,7 @@ import org.dspace.app.rest.model.UsageReportPointCountryRest;
 import org.dspace.app.rest.model.UsageReportPointDateRest;
 import org.dspace.app.rest.model.UsageReportPointDsoTotalVisitsRest;
 import org.dspace.app.rest.model.UsageReportRest;
-import org.dspace.app.rest.utils.ContextUtil;
 import org.dspace.app.rest.utils.DSpaceObjectUtils;
-import org.dspace.authorize.AuthorizeException;
 import org.dspace.authorize.service.AuthorizeService;
 import org.dspace.content.Bitstream;
 import org.dspace.content.DSpaceObject;
@@ -33,7 +31,6 @@ import org.dspace.content.Site;
 import org.dspace.core.Constants;
 import org.dspace.core.Context;
 import org.dspace.handle.service.HandleService;
-import org.dspace.services.model.Request;
 import org.dspace.statistics.Dataset;
 import org.dspace.statistics.content.DatasetDSpaceObjectGenerator;
 import org.dspace.statistics.content.DatasetTimeGenerator;
@@ -70,40 +67,6 @@ public class UsageReportService extends AbstractDSpaceRestRepository {
    public static final String TOP_COUNTRIES_REPORT_ID = "TopCountries";
    public static final String TOP_CITIES_REPORT_ID = "TopCities";

-    /**
-     * Responsible for checking whether or not the user has used a valid request (valid UUID in /usagereports/{
-     * UUID_ReportID} or in /usagereports/search/object?uri={uri-ending-in/UUID} and whether or not the used has the
-     * given (READ) rights on the corresponding DSO.
-     *
-     * @param targetType usagereport or usagereportsearch, so we know how to extract the UUID
-     * @param targetId   string to extract uuid from
-     * @param action     type of access rights (READ)
-     * @throws AuthorizeException if user does not have given rights on dso whose uuid is extracted from the targetID
-     */
-    public void checkForPermissionAndValidRequest(String targetType, String targetId, int action)
-        throws AuthorizeException {
-        Request request = requestService.getCurrentRequest();
-        Context context = ContextUtil.obtainContext(request.getServletRequest());
-        UUID uuidObject = null;
-        if (StringUtils.equalsIgnoreCase(UsageReportRest.NAME, targetType)) {
-            // Get uuid from uuidDSO_reportId pathParam
-            uuidObject = UUID.fromString(StringUtils.substringBefore(targetId, "_"));
-        } else if (StringUtils.equalsIgnoreCase(UsageReportRest.NAME + "search", targetType)) {
-            // Get uuid from url (selfLink of dso) queryParam
-            uuidObject = UUID.fromString(StringUtils.substringAfterLast(targetId, "/"));
-        }
-        try {
-            DSpaceObject dso = dspaceObjectUtil.findDSpaceObject(context, uuidObject);
-            if (dso == null) {
-                throw new ResourceNotFoundException("No DSO found with this UUID: " + uuidObject);
-            }
-            authorizeService.authorizeAction(context, dso, action);
-        } catch (SQLException e) {
-            log.error(e.getMessage(), e);
-        }
-
-    }
-
    /**
     * Get list of usage reports that are applicable to the DSO (of given UUID)
     *
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/UsageReportRestPermissionEvaluatorPlugin.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/UsageReportRestPermissionEvaluatorPlugin.java
@@ -46,6 +46,16 @@ public class UsageReportRestPermissionEvaluatorPlugin extends RestObjectPermissi
    @Autowired
    AuthorizeService authorizeService;

+
+
+    /**
+     * Responsible for checking whether or not the user has used a valid request (valid UUID in /usagereports/{
+     * UUID_ReportID} or in /usagereports/search/object?uri={uri-ending-in/UUID} and whether or not the used has the
+     * given (READ) rights on the corresponding DSO.
+     *
+     * @param targetType usagereport or usagereportsearch, so we know how to extract the UUID
+     * @param targetId   string to extract uuid from
+     */
    @Override
    public boolean hasDSpacePermission(Authentication authentication, Serializable targetId, String targetType,
                                       DSpaceRestPermission restPermission) {