hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-07 18:14:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactored security plugin

Browse Source
This commit is contained in:
Mykhaylo
2021-12-21 12:31:10 +01:00
parent 4dd22eb5f6
commit ce125148bb
1 changed files with 21 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
dspace-server-webapp/src/main/java/org/dspace/app/rest/security/UsageReportRestPermissionEvaluatorPlugin.java
View File

@@ -69,11 +69,12 @@ public class UsageReportRestPermissionEvaluatorPlugin extends RestObjectPermissi
Context context = ContextUtil.obtainContext(request.getHttpServletRequest()); Context context = ContextUtil.obtainContext(request.getHttpServletRequest());
UUID uuidObject = null; UUID uuidObject = null;
try { try {
if (Objects.isNull(targetId)) {
return true;
}
if (configurationService.getBooleanProperty("usage-statistics.authorization.admin.usage", true)) { if (configurationService.getBooleanProperty("usage-statistics.authorization.admin.usage", true)) {
return authorizeService.isAdmin(context); return authorizeService.isAdmin(context);
} } else if (StringUtils.equalsIgnoreCase(UsageReportRest.NAME, targetType)) {
if (Objects.nonNull(targetId)) {
if (StringUtils.equalsIgnoreCase(UsageReportRest.NAME, targetType)) {
if (StringUtils.countMatches(targetId.toString(), "_") != 1) { if (StringUtils.countMatches(targetId.toString(), "_") != 1) {
throw new IllegalArgumentException("Must end in objectUUID_reportId, example: " throw new IllegalArgumentException("Must end in objectUUID_reportId, example: "
+ "1911e8a4-6939-490c-b58b-a5d70f8d91fb_TopCountries"); + "1911e8a4-6939-490c-b58b-a5d70f8d91fb_TopCountries");
@@ -92,9 +93,7 @@ public class UsageReportRestPermissionEvaluatorPlugin extends RestObjectPermissi
if (Objects.isNull(dso)) { if (Objects.isNull(dso)) {
return true; return true;
} }
return authorizeService.authorizeActionBoolean(context, dso, restPermission.getDspaceApiActionId()); return authorizeService.authorizeActionBoolean(context, dso, restPermission.getDspaceApiActionId());
}
} catch (SQLException e) { } catch (SQLException e) {
log.error(e.getMessage(), e); log.error(e.getMessage(), e);
} }