hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-18 15:33:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

71424: permission check back to EvaluatorPlugin, exception message fix

Browse Source
This commit is contained in:
Marie Verdonck
2020-06-18 13:04:52 +02:00
parent f66064f023
commit 9694858018
3 changed files with 11 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/StatisticsRestRepository.java
View File

@@ -70,8 +70,7 @@ public class StatisticsRestRepository extends DSpaceRestRepository<UsageReportRe
@Override @Override
public Page<UsageReportRest> findAll(Context context, Pageable pageable) { public Page<UsageReportRest> findAll(Context context, Pageable pageable) {
throw new RepositoryMethodNotImplementedException("No implementation found; Method not allowed!", throw new RepositoryMethodNotImplementedException("No implementation found; Method not allowed!", "findAll");
"getUsageReports");
} }
@Override @Override

37
dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/UsageReportService.java
View File

@@ -22,9 +22,7 @@ import org.dspace.app.rest.model.UsageReportPointCountryRest;
import org.dspace.app.rest.model.UsageReportPointDateRest; import org.dspace.app.rest.model.UsageReportPointDateRest;
import org.dspace.app.rest.model.UsageReportPointDsoTotalVisitsRest; import org.dspace.app.rest.model.UsageReportPointDsoTotalVisitsRest;
import org.dspace.app.rest.model.UsageReportRest; import org.dspace.app.rest.model.UsageReportRest;
import org.dspace.app.rest.utils.ContextUtil;
import org.dspace.app.rest.utils.DSpaceObjectUtils; import org.dspace.app.rest.utils.DSpaceObjectUtils;
import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.service.AuthorizeService; import org.dspace.authorize.service.AuthorizeService;
import org.dspace.content.Bitstream; import org.dspace.content.Bitstream;
import org.dspace.content.DSpaceObject; import org.dspace.content.DSpaceObject;
@@ -33,7 +31,6 @@ import org.dspace.content.Site;
import org.dspace.core.Constants; import org.dspace.core.Constants;
import org.dspace.core.Context; import org.dspace.core.Context;
import org.dspace.handle.service.HandleService; import org.dspace.handle.service.HandleService;
import org.dspace.services.model.Request;
import org.dspace.statistics.Dataset; import org.dspace.statistics.Dataset;
import org.dspace.statistics.content.DatasetDSpaceObjectGenerator; import org.dspace.statistics.content.DatasetDSpaceObjectGenerator;
import org.dspace.statistics.content.DatasetTimeGenerator; import org.dspace.statistics.content.DatasetTimeGenerator;
@@ -70,40 +67,6 @@ public class UsageReportService extends AbstractDSpaceRestRepository {
public static final String TOP_COUNTRIES_REPORT_ID = "TopCountries"; public static final String TOP_COUNTRIES_REPORT_ID = "TopCountries";
public static final String TOP_CITIES_REPORT_ID = "TopCities"; public static final String TOP_CITIES_REPORT_ID = "TopCities";
/**
* Responsible for checking whether or not the user has used a valid request (valid UUID in /usagereports/{
* UUID_ReportID} or in /usagereports/search/object?uri={uri-ending-in/UUID} and whether or not the used has the
* given (READ) rights on the corresponding DSO.
*
* @param targetType usagereport or usagereportsearch, so we know how to extract the UUID
* @param targetId string to extract uuid from
* @param action type of access rights (READ)
* @throws AuthorizeException if user does not have given rights on dso whose uuid is extracted from the targetID
*/
public void checkForPermissionAndValidRequest(String targetType, String targetId, int action)
throws AuthorizeException {
Request request = requestService.getCurrentRequest();
Context context = ContextUtil.obtainContext(request.getServletRequest());
UUID uuidObject = null;
if (StringUtils.equalsIgnoreCase(UsageReportRest.NAME, targetType)) {
// Get uuid from uuidDSO_reportId pathParam
uuidObject = UUID.fromString(StringUtils.substringBefore(targetId, "_"));
} else if (StringUtils.equalsIgnoreCase(UsageReportRest.NAME + "search", targetType)) {
// Get uuid from url (selfLink of dso) queryParam
uuidObject = UUID.fromString(StringUtils.substringAfterLast(targetId, "/"));
}
try {
DSpaceObject dso = dspaceObjectUtil.findDSpaceObject(context, uuidObject);
if (dso == null) {
throw new ResourceNotFoundException("No DSO found with this UUID: " + uuidObject);
}
authorizeService.authorizeAction(context, dso, action);
} catch (SQLException e) {
log.error(e.getMessage(), e);
}
}
/** /**
* Get list of usage reports that are applicable to the DSO (of given UUID) * Get list of usage reports that are applicable to the DSO (of given UUID)
* *

10
dspace-server-webapp/src/main/java/org/dspace/app/rest/security/UsageReportRestPermissionEvaluatorPlugin.java
View File

@@ -46,6 +46,16 @@ public class UsageReportRestPermissionEvaluatorPlugin extends RestObjectPermissi
@Autowired @Autowired
AuthorizeService authorizeService; AuthorizeService authorizeService;
/**
* Responsible for checking whether or not the user has used a valid request (valid UUID in /usagereports/{
* UUID_ReportID} or in /usagereports/search/object?uri={uri-ending-in/UUID} and whether or not the used has the
* given (READ) rights on the corresponding DSO.
*
* @param targetType usagereport or usagereportsearch, so we know how to extract the UUID
* @param targetId string to extract uuid from
*/
@Override @Override
public boolean hasDSpacePermission(Authentication authentication, Serializable targetId, String targetType, public boolean hasDSpacePermission(Authentication authentication, Serializable targetId, String targetType,
DSpaceRestPermission restPermission) { DSpaceRestPermission restPermission) {