hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-07 10:04:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix authz issue on epersons endpoint

Browse Source
This commit is contained in:
Andrea Bollini
2018-05-31 07:59:21 +02:00
parent 516d6af6f4
commit f807cc38a3
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
dspace-spring-rest/src/main/java/org/dspace/app/rest/repository/EPersonRestRepository.java
View File

@@ -12,8 +12,10 @@ import java.util.List;
import java.util.UUID; import java.util.UUID;
import org.dspace.app.rest.converter.EPersonConverter; import org.dspace.app.rest.converter.EPersonConverter;
import org.dspace.app.rest.exception.RESTAuthorizationException;
import org.dspace.app.rest.model.EPersonRest; import org.dspace.app.rest.model.EPersonRest;
import org.dspace.app.rest.model.hateoas.EPersonResource; import org.dspace.app.rest.model.hateoas.EPersonResource;
import org.dspace.authorize.service.AuthorizeService;
import org.dspace.core.Context; import org.dspace.core.Context;
import org.dspace.eperson.EPerson; import org.dspace.eperson.EPerson;
import org.dspace.eperson.factory.EPersonServiceFactory; import org.dspace.eperson.factory.EPersonServiceFactory;
@@ -34,6 +36,9 @@ import org.springframework.stereotype.Component;
public class EPersonRestRepository extends DSpaceRestRepository<EPersonRest, UUID> { public class EPersonRestRepository extends DSpaceRestRepository<EPersonRest, UUID> {
EPersonService es = EPersonServiceFactory.getInstance().getEPersonService(); EPersonService es = EPersonServiceFactory.getInstance().getEPersonService();
@Autowired
AuthorizeService authorizeService;
@Autowired @Autowired
EPersonConverter converter; EPersonConverter converter;
@@ -56,6 +61,10 @@ public class EPersonRestRepository extends DSpaceRestRepository<EPersonRest, UUI
List<EPerson> epersons = null; List<EPerson> epersons = null;
int total = 0; int total = 0;
try { try {
if (!authorizeService.isAdmin(context)) {
throw new RESTAuthorizationException(
"The EPerson collection endpoint is reserved to system administrators");
}
total = es.countTotal(context); total = es.countTotal(context);
epersons = es.findAll(context, EPerson.ID, pageable.getPageSize(), pageable.getOffset()); epersons = es.findAll(context, EPerson.ID, pageable.getPageSize(), pageable.getOffset());
} catch (SQLException e) { } catch (SQLException e) {