hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-07 01:54:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rewrite authorization and remove try-finally blocks

Browse Source
This commit is contained in:
Antoine Snyers
2020-04-08 14:02:35 +02:00
parent e62d912b11
commit d231304355
2 changed files with 103 additions and 193 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/GroupParentObjectLinkRepository.java
View File

@@ -17,14 +17,13 @@ import org.dspace.app.rest.model.GroupRest;
import org.dspace.app.rest.projection.Projection; import org.dspace.app.rest.projection.Projection;
import org.dspace.authorize.service.AuthorizeService; import org.dspace.authorize.service.AuthorizeService;
import org.dspace.content.DSpaceObject; import org.dspace.content.DSpaceObject;
import org.dspace.core.Constants;
import org.dspace.core.Context; import org.dspace.core.Context;
import org.dspace.eperson.Group; import org.dspace.eperson.Group;
import org.dspace.eperson.service.GroupService; import org.dspace.eperson.service.GroupService;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Pageable; import org.springframework.data.domain.Pageable;
import org.springframework.data.rest.webmvc.ResourceNotFoundException; import org.springframework.data.rest.webmvc.ResourceNotFoundException;
import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
/** /**
@@ -45,6 +44,7 @@ public class GroupParentObjectLinkRepository extends AbstractDSpaceRestRepositor
* This is only applicable for roles in that DSpace Object * This is only applicable for roles in that DSpace Object
* e.g. the Community Administrator or Collection Submitter Group * e.g. the Community Administrator or Collection Submitter Group
*/ */
@PreAuthorize("hasPermission(#groupId, 'GROUP', 'READ') or hasAuthority('ADMIN')")
public DSpaceObjectRest getParentObject( public DSpaceObjectRest getParentObject(
@Nullable HttpServletRequest request, @Nullable HttpServletRequest request,
UUID groupId, UUID groupId,
@@ -62,12 +62,7 @@ public class GroupParentObjectLinkRepository extends AbstractDSpaceRestRepositor
} else { } else {
DSpaceObject parent = groupService.getParentObject(context, group); DSpaceObject parent = groupService.getParentObject(context, group);
if (parent != null) { if (parent != null) {
if (groupService.isMember(context, context.getCurrentUser(), group) return converter.toRest(parent, utils.obtainProjection());
|| authorizeService.authorizeActionBoolean(context, parent, Constants.ADMIN)) {
return converter.toRest(parent, utils.obtainProjection());
} else {
throw new AccessDeniedException("No admin rights on the parent object");
}
} else { } else {
return null; return null;
} }

285
dspace-server-webapp/src/test/java/org/dspace/app/rest/GroupRestRepositoryIT.java
View File

@@ -504,6 +504,8 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest {
final Group workflowGroup = col1.getWorkflowStep1(context); final Group workflowGroup = col1.getWorkflowStep1(context);
final String name = workflowGroup.getName(); final String name = workflowGroup.getName();
context.restoreAuthSystemState();
String token = getAuthToken(admin.getEmail(), password); String token = getAuthToken(admin.getEmail(), password);
List<Operation> ops = new ArrayList<>(); List<Operation> ops = new ArrayList<>();
@@ -525,11 +527,9 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest {
@Test @Test
public void patchPermanentGroupUnprocessable() throws Exception { public void patchPermanentGroupUnprocessable() throws Exception {
context.turnOffAuthorisationSystem();
GroupService groupService = EPersonServiceFactory.getInstance().getGroupService(); GroupService groupService = EPersonServiceFactory.getInstance().getGroupService();
final Group group = groupService.findByName(context, Group.ANONYMOUS); final Group group = groupService.findByName(context, Group.ANONYMOUS);
final String name = group.getName(); final String name = group.getName();
context.restoreAuthSystemState();
String token = getAuthToken(admin.getEmail(), password); String token = getAuthToken(admin.getEmail(), password);
List<Operation> ops = new ArrayList<>(); List<Operation> ops = new ArrayList<>();
@@ -1690,67 +1690,46 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest {
@Test @Test
public void deleteGroupUnprocessableTest() throws Exception { public void deleteGroupUnprocessableTest() throws Exception {
Collection col1 = null; context.turnOffAuthorisationSystem();
Community child1 = null;
Group workflowGroup = null;
try {
context.turnOffAuthorisationSystem();
EPerson reviewer1 = EPersonBuilder.createEPerson(context) EPerson reviewer1 = EPersonBuilder.createEPerson(context)
.withEmail("reviewer1@example.com") .withEmail("reviewer1@example.com")
.withPassword(password) .withPassword(password)
.build(); .build();
parentCommunity = CommunityBuilder.createCommunity(context) parentCommunity = CommunityBuilder.createCommunity(context)
.withName("Parent Community") .withName("Parent Community")
.build(); .build();
child1 = CommunityBuilder.createSubCommunity(context, parentCommunity) Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity)
.withName("Sub Community") .withName("Sub Community")
.build(); .build();
col1 = CollectionBuilder.createCollection(context, child1) Collection col1 = CollectionBuilder.createCollection(context, child1)
.withName("Collection 1") .withName("Collection 1")
.withWorkflowGroup(1, admin, reviewer1) .withWorkflowGroup(1, admin, reviewer1)
.build(); .build();
Group workflowGroup = col1.getWorkflowStep1(context);
workflowGroup = col1.getWorkflowStep1(context); context.restoreAuthSystemState();
context.restoreAuthSystemState();
String authToken = getAuthToken(admin.getEmail(), password); String authToken = getAuthToken(admin.getEmail(), password);
getClient(authToken).perform( getClient(authToken).perform(
get("/api/eperson/groups/" + workflowGroup.getID()) get("/api/eperson/groups/" + workflowGroup.getID())
).andExpect(status().isOk()); ).andExpect(status().isOk());
getClient(authToken).perform( getClient(authToken).perform(
delete("/api/eperson/groups/" + workflowGroup.getID()) delete("/api/eperson/groups/" + workflowGroup.getID())
).andExpect(status().isUnprocessableEntity()); ).andExpect(status().isUnprocessableEntity());
getClient(authToken).perform(
get("/api/eperson/groups/" + workflowGroup.getID())
).andExpect(status().isOk());
} finally {
if (col1 != null) {
CollectionBuilder.deleteCollection(col1.getID());
}
if (child1 != null) {
CommunityBuilder.deleteCommunity(child1.getID());
}
if (parentCommunity != null) {
CommunityBuilder.deleteCommunity(parentCommunity.getID());
}
if (workflowGroup != null) {
GroupBuilder.deleteGroup(workflowGroup.getID());
}
}
getClient(authToken).perform(
get("/api/eperson/groups/" + workflowGroup.getID())
).andExpect(status().isOk());
} }
@Test @Test
public void deletePermanentGroupUnprocessableTest() throws Exception { public void deletePermanentGroupUnprocessableTest() throws Exception {
context.turnOffAuthorisationSystem();
GroupService groupService = EPersonServiceFactory.getInstance().getGroupService(); GroupService groupService = EPersonServiceFactory.getInstance().getGroupService();
final Group group = groupService.findByName(context, Group.ANONYMOUS); final Group group = groupService.findByName(context, Group.ANONYMOUS);
context.restoreAuthSystemState();
String authToken = getAuthToken(admin.getEmail(), password); String authToken = getAuthToken(admin.getEmail(), password);
@@ -1770,38 +1749,28 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest {
@Test @Test
public void deleteGroupForbiddenTest() throws Exception { public void deleteGroupForbiddenTest() throws Exception {
context.turnOffAuthorisationSystem();
Group parentGroup = null; Group parentGroup = GroupBuilder.createGroup(context)
.withName("test group")
.build();
try { context.restoreAuthSystemState();
context.turnOffAuthorisationSystem();
parentGroup = GroupBuilder.createGroup(context) String adminToken = getAuthToken(admin.getEmail(), password);
.withName("test group") String authToken = getAuthToken(eperson.getEmail(), password);
.build();
context.restoreAuthSystemState(); getClient(adminToken).perform(
get("/api/eperson/groups/" + parentGroup.getID())
).andExpect(status().isOk());
String adminToken = getAuthToken(admin.getEmail(), password); getClient(authToken).perform(
String authToken = getAuthToken(eperson.getEmail(), password); delete("/api/eperson/groups/" + parentGroup.getID())
).andExpect(status().isForbidden());
getClient(adminToken).perform( getClient(adminToken).perform(
get("/api/eperson/groups/" + parentGroup.getID()) get("/api/eperson/groups/" + parentGroup.getID())
).andExpect(status().isOk()); ).andExpect(status().isOk());
getClient(authToken).perform(
delete("/api/eperson/groups/" + parentGroup.getID())
).andExpect(status().isForbidden());
getClient(adminToken).perform(
get("/api/eperson/groups/" + parentGroup.getID())
).andExpect(status().isOk());
} finally {
if (parentGroup != null) {
GroupBuilder.deleteGroup(parentGroup.getID());
}
}
} }
@Test @Test
@@ -1815,131 +1784,77 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest {
@Test @Test
public void getGroupObjectCommunityTest() throws Exception { public void getGroupObjectCommunityTest() throws Exception {
Community community = null; context.turnOffAuthorisationSystem();
Group adminGroup = null; Community community = CommunityBuilder.createCommunity(context)
.withName("Parent Community")
.withAdminGroup(admin)
.build();
Group adminGroup = community.getAdministrators();
context.restoreAuthSystemState();
try { String authToken = getAuthToken(admin.getEmail(), password);
context.turnOffAuthorisationSystem(); getClient(authToken).perform(
community = CommunityBuilder.createCommunity(context) get("/api/eperson/groups/" + adminGroup.getID() + "/object")
.withName("Parent Community") ).andExpect(status().isOk());
.withAdminGroup(admin)
.build();
adminGroup = community.getAdministrators();
context.restoreAuthSystemState();
String authToken = getAuthToken(admin.getEmail(), password);
getClient(authToken).perform(
get("/api/eperson/groups/" + adminGroup.getID() + "/object")
).andExpect(status().isOk());
} finally {
if (community != null) {
CommunityBuilder.deleteCommunity(community.getID());
}
if (adminGroup != null) {
GroupBuilder.deleteGroup(adminGroup.getID());
}
}
} }
@Test @Test
public void getGroupObjectCollectionTest() throws Exception { public void getGroupObjectCollectionTest() throws Exception {
Community community = null; context.turnOffAuthorisationSystem();
Collection collection = null; Community community = CommunityBuilder.createCommunity(context)
Group adminGroup = null; .withName("Parent Community")
Group worfklowGroup = null; .withAdminGroup(admin)
Group submitterGroup = null; .build();
Collection collection = CollectionBuilder.createCollection(context, community)
.withName("Collection")
.withAdminGroup(admin)
.withWorkflowGroup(1, admin)
.withSubmitterGroup(admin)
.build();
Group adminGroup = collection.getAdministrators();
Group worfklowGroup = collection.getWorkflowStep1(context);
Group submitterGroup = collection.getSubmitters();
context.restoreAuthSystemState();
try { String authToken = getAuthToken(admin.getEmail(), password);
context.turnOffAuthorisationSystem(); getClient(authToken).perform(
community = CommunityBuilder.createCommunity(context) get("/api/eperson/groups/" + adminGroup.getID() + "/object")
.withName("Parent Community") ).andExpect(status().isOk());
.withAdminGroup(admin) getClient(authToken).perform(
.build(); get("/api/eperson/groups/" + worfklowGroup.getID() + "/object")
collection = CollectionBuilder.createCollection(context, community) ).andExpect(status().isOk());
.withName("Collection") getClient(authToken).perform(
.withAdminGroup(admin) get("/api/eperson/groups/" + submitterGroup.getID() + "/object")
.withWorkflowGroup(1, admin) ).andExpect(status().isOk());
.withSubmitterGroup(admin)
.build();
adminGroup = collection.getAdministrators();
worfklowGroup = collection.getWorkflowStep1(context);
submitterGroup = collection.getSubmitters();
context.restoreAuthSystemState();
String authToken = getAuthToken(admin.getEmail(), password);
getClient(authToken).perform(
get("/api/eperson/groups/" + adminGroup.getID() + "/object")
).andExpect(status().isOk());
getClient(authToken).perform(
get("/api/eperson/groups/" + worfklowGroup.getID() + "/object")
).andExpect(status().isOk());
getClient(authToken).perform(
get("/api/eperson/groups/" + submitterGroup.getID() + "/object")
).andExpect(status().isOk());
} finally {
if (collection != null) {
CollectionBuilder.deleteCollection(collection.getID());
}
if (community != null) {
CommunityBuilder.deleteCommunity(community.getID());
}
if (adminGroup != null) {
GroupBuilder.deleteGroup(adminGroup.getID());
}
if (worfklowGroup != null) {
GroupBuilder.deleteGroup(worfklowGroup.getID());
}
if (submitterGroup != null) {
GroupBuilder.deleteGroup(submitterGroup.getID());
}
}
} }
@Test @Test
public void getGroupObjectNotFoundTest() throws Exception { public void getGroupObjectNotFoundTest() throws Exception {
Group adminGroup = null; context.turnOffAuthorisationSystem();
try { Group adminGroup = GroupBuilder.createGroup(context)
context.turnOffAuthorisationSystem(); .withName("test group")
adminGroup = GroupBuilder.createGroup(context) .build();
.withName("test group") context.restoreAuthSystemState();
.build();
context.restoreAuthSystemState();
String authToken = getAuthToken(admin.getEmail(), password); String authToken = getAuthToken(admin.getEmail(), password);
getClient(authToken).perform( getClient(authToken).perform(
get("/api/eperson/groups/" + adminGroup.getID() + "/object") get("/api/eperson/groups/" + adminGroup.getID() + "/object")
).andExpect(status().isNoContent()); ).andExpect(status().isNoContent());
} finally {
if (adminGroup != null) {
GroupBuilder.deleteGroup(adminGroup.getID());
}
}
} }
@Test @Test
public void getGroupObjectUnauthorizedTest() throws Exception { public void getGroupObjectUnauthorizedTest() throws Exception {
Group adminGroup = null; context.turnOffAuthorisationSystem();
Community community = null; Community community = CommunityBuilder.createCommunity(context)
try { .withName("Parent Community")
context.turnOffAuthorisationSystem(); .withAdminGroup(admin)
community = CommunityBuilder.createCommunity(context) .build();
.withName("Parent Community") Group adminGroup = community.getAdministrators();
.withAdminGroup(admin) context.restoreAuthSystemState();
.build();
adminGroup = community.getAdministrators();
context.restoreAuthSystemState();
getClient().perform( getClient().perform(
get("/api/eperson/groups/" + adminGroup.getID() + "/object") get("/api/eperson/groups/" + adminGroup.getID() + "/object")
).andExpect(status().isUnauthorized()); ).andExpect(status().isUnauthorized());
} finally {
if (community != null) {
CommunityBuilder.deleteCommunity(community.getID());
}
if (adminGroup != null) {
GroupBuilder.deleteGroup(adminGroup.getID());
}
}
} }
@Test @Test