Commit 3a2cbe09 authored by Matija Obreza's avatar Matija Obreza
Browse files

Fixed ADMINISTRATOR access to list*ForCurrentUser

parent bb91c28e
......@@ -33,6 +33,7 @@ import org.genesys.catalog.model.dataset.AccessionIdentifier;
import org.genesys.catalog.model.dataset.Dataset;
import org.genesys.catalog.model.dataset.DatasetVersions;
import org.genesys.catalog.model.traits.Descriptor;
import org.genesys.catalog.model.user.UserRole;
import org.genesys.catalog.persistence.dataset.DatasetRepository;
import org.genesys.catalog.persistence.dataset.DatasetVersionsRepository;
import org.genesys.catalog.service.DatasetService;
......@@ -242,8 +243,12 @@ public class DatasetServiceImpl implements DatasetService {
*/
@Override
public Page<Dataset> listDatasetsForCurrentUser(final DatasetFilter filter, final Pageable page) {
HashSet<Long> ids = new HashSet<>(utils.listObjectIdentityIdsForCurrentUser(Dataset.class, BasePermission.WRITE));
return datasetRepository.findAll(dataset.id.in(ids).and(filter.buildQuery()), page);
if (utils.hasRole(UserRole.ADMINISTRATOR)) {
return datasetRepository.findAll(filter.buildQuery(), page);
} else {
HashSet<Long> ids = new HashSet<>(utils.listObjectIdentityIdsForCurrentUser(Dataset.class, BasePermission.WRITE));
return datasetRepository.findAll(dataset.id.in(ids).and(filter.buildQuery()), page);
}
}
/**
......
......@@ -28,6 +28,7 @@ import org.genesys.catalog.exceptions.InvalidApiUsageException;
import org.genesys.catalog.exceptions.NotFoundElement;
import org.genesys.catalog.model.traits.Descriptor;
import org.genesys.catalog.model.traits.DescriptorList;
import org.genesys.catalog.model.user.UserRole;
import org.genesys.catalog.persistence.traits.DescriptorListRepository;
import org.genesys.catalog.service.DescriptorListService;
import org.genesys.catalog.service.filters.DescriptorListFilter;
......@@ -164,7 +165,6 @@ public class DescriptorListServiceImpl implements DescriptorListService {
return lazyLoad(descriptorListRepository.save(list));
}
/**
* {@inheritDoc}
*/
......@@ -269,8 +269,12 @@ public class DescriptorListServiceImpl implements DescriptorListService {
@Override
public Page<DescriptorList> listDescriptorListsForCurrentUser(DescriptorListFilter filter, Pageable page) {
HashSet<Long> ids = new HashSet<>(utils.listObjectIdentityIdsForCurrentUser(DescriptorList.class, BasePermission.WRITE));
return descriptorListRepository.findAll(descriptorList.id.in(ids).and(filter.buildQuery()), page);
if (utils.hasRole(UserRole.ADMINISTRATOR)) {
return descriptorListRepository.findAll(filter.buildQuery(), page);
} else {
HashSet<Long> ids = new HashSet<>(utils.listObjectIdentityIdsForCurrentUser(DescriptorList.class, BasePermission.WRITE));
return descriptorListRepository.findAll(descriptorList.id.in(ids).and(filter.buildQuery()), page);
}
}
// TODO implement logic
......
......@@ -26,6 +26,7 @@ import org.genesys.catalog.exceptions.InvalidApiUsageException;
import org.genesys.catalog.exceptions.NotFoundElement;
import org.genesys.catalog.model.traits.Descriptor;
import org.genesys.catalog.model.traits.Descriptor.DataType;
import org.genesys.catalog.model.user.UserRole;
import org.genesys.catalog.model.vocab.VocabularyTerm;
import org.genesys.catalog.persistence.traits.DescriptorRepository;
import org.genesys.catalog.persistence.vocab.VocabularyTermRepository;
......@@ -182,8 +183,12 @@ public class DescriptorServiceImpl implements DescriptorService {
*/
@Override
public Page<Descriptor> listDescriptorsForCurrentUser(final DescriptorFilter filter, final Pageable page) {
HashSet<Long> ids = new HashSet<>(utils.listObjectIdentityIdsForCurrentUser(Descriptor.class, BasePermission.WRITE));
return descriptorRepository.findAll(descriptor.id.in(ids).and(filter.buildQuery()), page);
if (utils.hasRole(UserRole.ADMINISTRATOR)) {
return descriptorRepository.findAll(filter.buildQuery(), page);
} else {
HashSet<Long> ids = new HashSet<>(utils.listObjectIdentityIdsForCurrentUser(Descriptor.class, BasePermission.WRITE));
return descriptorRepository.findAll(descriptor.id.in(ids).and(filter.buildQuery()), page);
}
}
/**
......
......@@ -20,6 +20,7 @@ import static org.genesys.common.model.QPartner.partner;
import java.util.HashSet;
import java.util.UUID;
import org.genesys.catalog.model.user.UserRole;
import org.genesys.catalog.service.PartnerService;
import org.genesys.catalog.service.filters.PartnerFilter;
import org.genesys.catalog.util.Utils;
......@@ -146,8 +147,12 @@ public class PartnerServiceImpl implements PartnerService, InitializingBean {
*/
@Override
public Page<Partner> listPartnersForCurrentUser(final PartnerFilter filter, final Pageable page) {
HashSet<Long> ids = new HashSet<>(utils.listObjectIdentityIdsForCurrentUser(Partner.class, BasePermission.WRITE));
return partnerRepository.findAll(partner.id.in(ids).and(filter.buildQuery()), page);
if (utils.hasRole(UserRole.ADMINISTRATOR)) {
return partnerRepository.findAll(filter.buildQuery(), page);
} else {
HashSet<Long> ids = new HashSet<>(utils.listObjectIdentityIdsForCurrentUser(Partner.class, BasePermission.WRITE));
return partnerRepository.findAll(partner.id.in(ids).and(filter.buildQuery()), page);
}
}
/**
......
/*
* Copyright 2017 Global Crop Diversity Trust
* Copyright 2018 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
......@@ -21,8 +21,12 @@ import org.genesys.blocks.security.SecurityContextUtil;
import org.genesys.blocks.security.model.AclAwareModel;
import org.genesys.blocks.security.model.AclSid;
import org.genesys.blocks.security.service.CustomAclService;
import org.genesys.catalog.model.user.UserRole;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
/**
......@@ -49,4 +53,25 @@ public class Utils {
// + clazz.toString());
return aclService.listObjectIdentityIdsForSid(clazz, userSid, permission);
}
/**
* Checks for role.
*
* @param role the role
* @return true, if successful
*/
public boolean hasRole(final UserRole role) {
final String authority = role.getAuthority();
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && !authentication.getAuthorities().isEmpty()) {
for (GrantedAuthority ga : authentication.getAuthorities()) {
if (ga.getAuthority().equals(authority)) {
return true;
}
}
}
return false;
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment