Commit df063992 authored by Matija Obreza's avatar Matija Obreza
Browse files

ACL for public repository access

- Dataset files are publicly readable when published
- Markdown attachments in /content/ are made publicly readable on add
parent 16b36f5a
......@@ -27,6 +27,7 @@ import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
import org.genesys.blocks.security.service.CustomAclService;
import org.genesys.catalog.exceptions.InvalidApiUsageException;
import org.genesys.catalog.exceptions.NotFoundElement;
import org.genesys.catalog.model.dataset.AccessionIdentifier;
......@@ -75,6 +76,9 @@ public class DatasetServiceImpl implements DatasetService {
@Autowired
private RepositoryService fileRepoService;
@Autowired
private CustomAclService aclService;
/** The utils. */
@Autowired
private Utils utils;
......@@ -404,6 +408,15 @@ public class DatasetServiceImpl implements DatasetService {
// throw new PublishValidationException(errorMap);
loaded.setPublished(true);
{
// Relax permissions on dataset files: allow USERS and ANONYMOUS to read the
// files
for (RepositoryFile datasetFile : loaded.getRepositoryFiles()) {
aclService.makePubliclyReadable(datasetFile, true);
}
}
return lazyLoad(datasetRepository.save(loaded));
}
......@@ -418,6 +431,14 @@ public class DatasetServiceImpl implements DatasetService {
throw new NotFoundElement("No dataset with specified uuid and version");
}
loaded.setPublished(false);
{
// Tighten permissions on dataset files
for (RepositoryFile datasetFile : loaded.getRepositoryFiles()) {
aclService.makePubliclyReadable(datasetFile, false);
}
}
return lazyLoad(datasetRepository.save(loaded));
}
......
......@@ -21,6 +21,7 @@ import java.util.UUID;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.genesys.blocks.security.service.CustomAclService;
import org.genesys.catalog.exceptions.InvalidApiUsageException;
import org.genesys.catalog.exceptions.NotFoundElement;
import org.genesys.filerepository.InvalidRepositoryFileDataException;
......@@ -33,6 +34,7 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
......@@ -60,14 +62,26 @@ public class RepositoryController {
@Autowired
protected RepositoryService repositoryService;
@Autowired
private CustomAclService aclService;
@PostMapping(value = "/add")
@Transactional
public RepositoryFile addFile(@RequestParam("file") final MultipartFile inputFile, @RequestParam("metadata") String metadataJson) throws NotFoundElement,
InvalidRepositoryFileDataException, InvalidRepositoryPathException, IOException {
RepositoryFile metadata = objectMapper.readValue(metadataJson, RepositoryFile.class);
String fileName = StringUtils.defaultString(metadata.getOriginalFilename(), inputFile.getOriginalFilename());
LOG.info("Uploading {} to repository", fileName);
return repositoryService.addFile(metadata.getPath(), fileName, inputFile.getContentType(), inputFile.getBytes(), metadata);
RepositoryFile repositoryFile = repositoryService.addFile(metadata.getPath(), fileName, inputFile.getContentType(), inputFile.getBytes(), metadata);
// Automatically public if in /content/ folder
if (metadata.getPath().startsWith("/content/")) {
aclService.makePubliclyReadable(repositoryFile, true);
}
return repositoryFile;
}
@GetMapping(value = "/{fileUuid}")
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment