Commit 4a5aa9f0 authored by Matija Obreza's avatar Matija Obreza
Browse files

Merge branch '26-permission-checks-fail' into 'master'

Resolve "Permission checks fail"

Closes #26

See merge request !23
parents 6063bcaa 4079e5e8
......@@ -20,9 +20,6 @@ import org.genesys.filerepository.InvalidRepositoryPathException;
import org.genesys.filerepository.model.ImageGallery;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
// TODO: Auto-generated Javadoc
/**
......@@ -43,7 +40,6 @@ public interface ImageGalleryService {
* @return the ImageGallery or <code>null</code> if no gallery exists at the
* specified path.
*/
@PostAuthorize("returnObject == null or hasRole('ADMINISTRATOR') or hasPermission(returnObject, 'read')")
ImageGallery loadImageGallery(String path);
/**
......@@ -55,7 +51,6 @@ public interface ImageGalleryService {
* @param description Image gallery description in English.
* @return the new ImageGallery or existing gallery at the specified path.
*/
@PreAuthorize("isAuthenticated()")
ImageGallery createImageGallery(String path, String title, String description);
/**
......@@ -64,7 +59,6 @@ public interface ImageGalleryService {
* @param imageGallery the image gallery
* @throws InvalidRepositoryPathException the invalid repository path exception
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#imageGallery, 'delete')")
void removeGallery(ImageGallery imageGallery) throws InvalidRepositoryPathException;
/**
......@@ -75,7 +69,6 @@ public interface ImageGalleryService {
* @param description the description
* @return the image gallery
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#imageGallery, 'write')")
ImageGallery updateImageGalery(ImageGallery imageGallery, String title, String description);
/**
......@@ -85,7 +78,6 @@ public interface ImageGalleryService {
* @param imageGallery the image gallery
* @return the image gallery
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#imageGallery, 'write')")
ImageGallery saveImageOrder(ImageGallery imageGallery);
/**
......@@ -105,7 +97,6 @@ public interface ImageGalleryService {
* @param pageable the pageable
* @return paginated image gallery data
*/
@PostFilter("hasRole('ADMINISTRATOR') or hasPermission(returnObject, 'read')")
Page<ImageGallery> listImageGalleries(Pageable pageable);
/**
......@@ -115,7 +106,6 @@ public interface ImageGalleryService {
* @param pageable the pageable
* @return paginated image gallery data
*/
@PostFilter("hasRole('ADMINISTRATOR') or hasPermission(returnObject, 'read')")
Page<ImageGallery> listImageGalleries(String prefix, Pageable pageable);
}
......@@ -29,8 +29,6 @@ import org.genesys.filerepository.metadata.ImageMetadata;
import org.genesys.filerepository.model.RepositoryFile;
import org.genesys.filerepository.model.RepositoryImage;
import org.springframework.data.domain.Pageable;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
// TODO: Auto-generated Javadoc
/**
......@@ -52,7 +50,6 @@ public interface RepositoryService {
* exception
* @throws IOException when things go wrong on bytes storage level
*/
@PreAuthorize("isAuthenticated()")
RepositoryFile addFile(String repositoryPath, String originalFilename, String contentType, byte[] bytes, RepositoryFile metaData) throws InvalidRepositoryPathException,
InvalidRepositoryFileDataException, IOException;
......@@ -70,7 +67,6 @@ public interface RepositoryService {
* exception
* @throws IOException when things go wrong on bytes storage level
*/
@PreAuthorize("isAuthenticated()")
RepositoryImage addImage(String repositoryPath, String originalFilename, String contentType, byte[] bytes, RepositoryImage metaData) throws InvalidRepositoryPathException,
InvalidRepositoryFileDataException, IOException;
......@@ -82,7 +78,6 @@ public interface RepositoryService {
* @throws NoSuchRepositoryFileException when file is not available in the
* repository
*/
@PostAuthorize("hasRole('ADMINISTRATOR') or hasPermission(returnObject, 'read')")
RepositoryFile getFile(UUID fileUuid) throws NoSuchRepositoryFileException;
/**
......@@ -94,7 +89,6 @@ public interface RepositoryService {
* @throws NoSuchRepositoryFileException when file is not available in the
* repository
*/
@PostAuthorize("hasRole('ADMINISTRATOR') or hasPermission(returnObject, 'read')")
<T extends RepositoryFile> T getFile(UUID fileUuid, int version) throws NoSuchRepositoryFileException;
/**
......@@ -105,7 +99,6 @@ public interface RepositoryService {
* @return the file
* @throws NoSuchRepositoryFileException the no such repository file exception
*/
@PostAuthorize("hasRole('ADMINISTRATOR') or hasPermission(returnObject, 'read')")
RepositoryFile getFile(String path, String filename) throws NoSuchRepositoryFileException;
/**
......@@ -125,7 +118,6 @@ public interface RepositoryService {
* @return the file bytes
* @throws IOException Signals that an I/O exception has occurred.
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#repositoryFile, 'read')")
byte[] getFileBytes(RepositoryFile repositoryFile) throws IOException;
/**
......@@ -154,7 +146,6 @@ public interface RepositoryService {
* @throws NoSuchRepositoryFileException when file is not available in the
* repository
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#fileData, 'write')")
<T extends RepositoryFile> T updateMetadata(T fileData) throws NoSuchRepositoryFileException;
/**
......@@ -167,7 +158,6 @@ public interface RepositoryService {
* @throws NoSuchRepositoryFileException the no such repository file exception
* @throws IOException Signals that an I/O exception has occurred.
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#fileData, 'write')")
<T extends RepositoryFile> T updateBytes(T fileData, String contentType, byte[] bytes) throws NoSuchRepositoryFileException, IOException;
/**
......@@ -181,7 +171,6 @@ public interface RepositoryService {
* @throws NoSuchRepositoryFileException the no such repository file exception
* @throws IOException Signals that an I/O exception has occurred.
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#imageData, 'write')")
RepositoryImage updateImageBytes(RepositoryImage imageData, String contentType, byte[] bytes) throws NoSuchRepositoryFileException, IOException;
/**
......@@ -193,7 +182,6 @@ public interface RepositoryService {
* repository
* @throws IOException Signals that an I/O exception has occurred.
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#repositoryFile, 'delete')")
RepositoryFile removeFile(RepositoryFile repositoryFile) throws NoSuchRepositoryFileException, IOException;
/**
......@@ -205,7 +193,6 @@ public interface RepositoryService {
* @throws NoSuchRepositoryFileException the no such repository file exception
* @throws InvalidRepositoryPathException when the new path is invalid
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#repositoryFile, 'write')")
RepositoryFile moveFile(RepositoryFile repositoryFile, String newPath) throws NoSuchRepositoryFileException, InvalidRepositoryPathException;
/**
......@@ -218,7 +205,6 @@ public interface RepositoryService {
* @throws InvalidRepositoryFileDataException the invalid repository file data
* exception
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#repositoryFile, 'write')")
RepositoryFile moveAndRenameFile(RepositoryFile repositoryFile, String fullPath) throws InvalidRepositoryPathException, InvalidRepositoryFileDataException;
/**
......@@ -259,7 +245,6 @@ public interface RepositoryService {
* @throws NoSuchRepositoryFileException when file is not available in the
* repository
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#imageData, 'write')")
RepositoryImage updateImageMetadata(RepositoryImage imageData) throws NoSuchRepositoryFileException;
/**
......@@ -271,7 +256,6 @@ public interface RepositoryService {
* repository
* @throws IOException Signals that an I/O exception has occurred.
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#repositoryImage, 'delete')")
RepositoryImage removeImage(RepositoryImage repositoryImage) throws NoSuchRepositoryFileException, IOException;
/**
......
......@@ -34,6 +34,9 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.CollectionUtils;
......@@ -72,6 +75,7 @@ public class ImageGalleryServiceImpl implements ImageGalleryService {
* lang.String)
*/
@Override
@PostAuthorize("returnObject == null or hasRole('ADMINISTRATOR') or hasPermission(returnObject, 'read')")
public ImageGallery loadImageGallery(final String path) {
final ImageGallery imageGallery = imageGalleryPersistence.findByPath(path);
return deepLoad(imageGallery);
......@@ -99,6 +103,7 @@ public class ImageGalleryServiceImpl implements ImageGalleryService {
*/
@Override
@Transactional
@PreAuthorize("isAuthenticated()")
public ImageGallery createImageGallery(final String path, final String title, final String description) {
LOG.debug("Creating ImageGallery at path={}", path);
......@@ -129,6 +134,7 @@ public class ImageGalleryServiceImpl implements ImageGalleryService {
*/
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#imageGallery, 'delete')")
public void removeGallery(final ImageGallery imageGallery) throws InvalidRepositoryPathException {
if (LOG.isDebugEnabled()) {
LOG.debug("Deleting ImageGallery with id=" + imageGallery.getId());
......@@ -168,6 +174,7 @@ public class ImageGalleryServiceImpl implements ImageGalleryService {
*/
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#imageGallery, 'write')")
public ImageGallery updateImageGalery(final ImageGallery imageGallery, final String title, final String description) {
final ImageGallery imageGallery2 = imageGalleryPersistence.findOne(imageGallery.getId());
......@@ -186,6 +193,7 @@ public class ImageGalleryServiceImpl implements ImageGalleryService {
*/
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#imageGallery, 'write')")
public ImageGallery saveImageOrder(final ImageGallery imageGallery) {
final ImageGallery imageGallery2 = imageGalleryPersistence.findOne(imageGallery.getId());
......@@ -285,6 +293,7 @@ public class ImageGalleryServiceImpl implements ImageGalleryService {
* @return the page
*/
@Override
@PostFilter("hasRole('ADMINISTRATOR') or hasPermission(filterObject, 'read')")
public Page<ImageGallery> listImageGalleries(final Pageable pageable) {
return imageGalleryPersistence.findAll(pageable);
}
......@@ -296,6 +305,7 @@ public class ImageGalleryServiceImpl implements ImageGalleryService {
* java.lang.String, org.springframework.data.domain.Pageable)
*/
@Override
@PostFilter("hasRole('ADMINISTRATOR') or hasPermission(filterObject, 'read')")
public Page<ImageGallery> listImageGalleries(final String prefix, final Pageable pageable) {
return imageGalleryPersistence.listByPath(prefix, pageable);
}
......
......@@ -47,6 +47,8 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Pageable;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
......@@ -110,6 +112,7 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
*/
@Override
@Transactional(rollbackFor = Throwable.class)
@PreAuthorize("isAuthenticated()")
public RepositoryFile addFile(final String repositoryPath, final String originalFilename, String contentType, final byte[] bytes, final RepositoryFile metaData)
throws InvalidRepositoryPathException, InvalidRepositoryFileDataException, IOException {
......@@ -168,6 +171,7 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
*/
@Override
@Transactional(rollbackFor = Throwable.class)
@PreAuthorize("isAuthenticated()")
public RepositoryImage addImage(final String repositoryPath, final String originalFilename, String contentType, final byte[] bytes, final RepositoryImage metaData)
throws InvalidRepositoryPathException, InvalidRepositoryFileDataException, IOException {
......@@ -234,6 +238,7 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
* .util.UUID)
*/
@Override
@PostAuthorize("hasRole('ADMINISTRATOR') or hasPermission(returnObject, 'read')")
public RepositoryFile getFile(final UUID fileUuid) throws NoSuchRepositoryFileException {
RepositoryFile file = repositoryFilePersistence.findByUuid(fileUuid);
if (file != null) {
......@@ -251,6 +256,7 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
@SuppressWarnings("unchecked")
@Override
@PostAuthorize("hasRole('ADMINISTRATOR') or hasPermission(returnObject, 'read')")
public <T extends RepositoryFile> T getFile(UUID fileUuid, int version) throws NoSuchRepositoryFileException {
RepositoryFile file = repositoryFilePersistence.findByUuidAndVersion(fileUuid, version);
if (file != null) {
......@@ -272,6 +278,7 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
* String, java.lang.String)
*/
@Override
@PostAuthorize("hasRole('ADMINISTRATOR') or hasPermission(returnObject, 'read')")
public RepositoryFile getFile(final String path, final String originalFilename) throws NoSuchRepositoryFileException {
final RepositoryFile repositoryFile = repositoryFilePersistence.findByPathAndOriginalFilename(path, originalFilename);
if (repositoryFile == null) {
......@@ -305,6 +312,7 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
* .filerepository.model.RepositoryFile)
*/
@Override
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#repositoryFile, 'read')")
public byte[] getFileBytes(final RepositoryFile repositoryFile) throws IOException {
return bytesStorageService.get(repositoryFile.getStoragePath(), repositoryFile.getFilename());
}
......@@ -335,6 +343,7 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
@SuppressWarnings("unchecked")
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#fileData, 'write')")
public <T extends RepositoryFile> T updateMetadata(final T fileData) throws NoSuchRepositoryFileException {
RepositoryFile repositoryFile = repositoryFilePersistence.findByUuidAndVersion(fileData.getUuid(), fileData.getVersion());
if (repositoryFile == null) {
......@@ -357,6 +366,7 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
*/
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#imageData, 'write')")
public RepositoryImage updateImageMetadata(final RepositoryImage imageData) throws NoSuchRepositoryFileException {
final RepositoryImage repositoryImage = repositoryImagePersistence.findByUuidAndVersion(imageData.getUuid(), imageData.getVersion());
......@@ -378,6 +388,7 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
@SuppressWarnings("unchecked")
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#repositoryFile, 'write')")
public <T extends RepositoryFile> T updateBytes(final T repositoryFile, String contentType, final byte[] bytes) throws NoSuchRepositoryFileException, IOException {
T storedFile = getFile(repositoryFile.getUuid(), repositoryFile.getVersion());
......@@ -410,6 +421,7 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
*/
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#repositoryImage, 'write')")
public RepositoryImage updateImageBytes(final RepositoryImage repositoryImage, String contentType, final byte[] bytes) throws NoSuchRepositoryFileException, IOException {
RepositoryImage storedFile = getFile(repositoryImage.getUuid(), repositoryImage.getVersion());
......@@ -458,6 +470,7 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
*/
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#repositoryFile, 'delete')")
public RepositoryFile removeFile(final RepositoryFile repositoryFile) throws NoSuchRepositoryFileException, IOException {
if (repositoryFile == null) {
throw new NoSuchRepositoryFileException();
......@@ -480,6 +493,7 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
*/
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#repositoryImage, 'delete')")
public RepositoryImage removeImage(final RepositoryImage repositoryImage) throws NoSuchRepositoryFileException, IOException {
if (repositoryImage == null) {
throw new NoSuchRepositoryFileException();
......@@ -497,6 +511,7 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
*/
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#repositoryFile, 'write')")
public RepositoryFile moveFile(final RepositoryFile repositoryFile, final String newPath) throws NoSuchRepositoryFileException, InvalidRepositoryPathException {
PathValidator.checkValidPath(newPath);
......@@ -525,6 +540,7 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
*/
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#repositoryFile, 'write')")
public RepositoryFile moveAndRenameFile(final RepositoryFile repositoryFile, final String fullPath) throws InvalidRepositoryPathException, InvalidRepositoryFileDataException {
if (fullPath == null) {
throw new NullPointerException("Full path cannot be null");
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment