hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-07 18:14:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactored security plugin

Browse Source
This commit is contained in:
Mykhaylo
2021-12-21 12:31:10 +01:00
parent 4dd22eb5f6
commit ce125148bb
1 changed files with 21 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
dspace-server-webapp/src/main/java/org/dspace/app/rest/security/UsageReportRestPermissionEvaluatorPlugin.java
View File

@@ -69,32 +69,31 @@ public class UsageReportRestPermissionEvaluatorPlugin extends RestObjectPermissi
Context context = ContextUtil.obtainContext(request.getHttpServletRequest()); Context context = ContextUtil.obtainContext(request.getHttpServletRequest());
UUID uuidObject = null; UUID uuidObject = null;
try { try {
if (Objects.isNull(targetId)) {
return true;
}
if (configurationService.getBooleanProperty("usage-statistics.authorization.admin.usage", true)) { if (configurationService.getBooleanProperty("usage-statistics.authorization.admin.usage", true)) {
return authorizeService.isAdmin(context); return authorizeService.isAdmin(context);
} } else if (StringUtils.equalsIgnoreCase(UsageReportRest.NAME, targetType)) {
if (Objects.nonNull(targetId)) { if (StringUtils.countMatches(targetId.toString(), "_") != 1) {
if (StringUtils.equalsIgnoreCase(UsageReportRest.NAME, targetType)) { throw new IllegalArgumentException("Must end in objectUUID_reportId, example: "
if (StringUtils.countMatches(targetId.toString(), "_") != 1) { + "1911e8a4-6939-490c-b58b-a5d70f8d91fb_TopCountries");
throw new IllegalArgumentException("Must end in objectUUID_reportId, example: "
+ "1911e8a4-6939-490c-b58b-a5d70f8d91fb_TopCountries");
}
// Get uuid from uuidDSO_reportId pathParam
uuidObject = UUID.fromString(StringUtils.substringBefore(targetId.toString(), "_"));
} else if (StringUtils.equalsIgnoreCase(UsageReportRest.NAME + "search", targetType)) {
// Get uuid from url (selfLink of dso) queryParam
uuidObject = UUID.fromString(StringUtils.substringAfterLast(targetId.toString(), "/"));
} else {
return false;
} }
// Get uuid from uuidDSO_reportId pathParam
DSpaceObject dso = dspaceObjectUtil.findDSpaceObject(context, uuidObject); uuidObject = UUID.fromString(StringUtils.substringBefore(targetId.toString(), "_"));
// If the dso is null then we give permission so we can throw another status code instead } else if (StringUtils.equalsIgnoreCase(UsageReportRest.NAME + "search", targetType)) {
if (Objects.isNull(dso)) { // Get uuid from url (selfLink of dso) queryParam
return true; uuidObject = UUID.fromString(StringUtils.substringAfterLast(targetId.toString(), "/"));
} } else {
return false;
return authorizeService.authorizeActionBoolean(context, dso, restPermission.getDspaceApiActionId());
} }
DSpaceObject dso = dspaceObjectUtil.findDSpaceObject(context, uuidObject);
// If the dso is null then we give permission so we can throw another status code instead
if (Objects.isNull(dso)) {
return true;
}
return authorizeService.authorizeActionBoolean(context, dso, restPermission.getDspaceApiActionId());
} catch (SQLException e) { } catch (SQLException e) {
log.error(e.getMessage(), e); log.error(e.getMessage(), e);
} }