Commit 5c9f96c1 authored by Matija Obreza's avatar Matija Obreza

Ensure user has write permission on parent folder

parent a627ed92
......@@ -125,6 +125,13 @@
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<version>${spring.security.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
......
......@@ -33,6 +33,7 @@ import javax.imageio.ImageIO;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.tika.Tika;
import org.genesys.blocks.security.SecurityContextUtil;
import org.genesys.filerepository.FolderNotEmptyException;
import org.genesys.filerepository.InvalidRepositoryFileDataException;
import org.genesys.filerepository.InvalidRepositoryPathException;
......@@ -51,6 +52,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Service;
......@@ -88,7 +90,7 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
/** The bytes storage service. */
@Autowired
private BytesStorageService bytesStorageService;
/*
* (non-Javadoc)
* @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
......@@ -139,6 +141,8 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
PathValidator.checkValidPath(repositoryPath);
RepositoryFolder repositoryFolder = ensureFolder(repositoryPath);
contentType = updateContentTypeIfNecessary(contentType, bytes);
if ((originalFilename == null) || (contentType == null) || (bytes == null)) {
......@@ -162,7 +166,6 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
repositoryFile.setMd5Sum(DigestUtils.md5Hex(bytes));
repositoryFile.setSize(bytes.length);
RepositoryFolder repositoryFolder = ensureFolder(repositoryPath);
repositoryFile.setFolder(repositoryFolder);
repositoryFile.setOriginalFilename(originalFilename);
......@@ -780,6 +783,10 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
if ("/".equals(folderPath.toString())) {
// Root folder
if (! SecurityContextUtil.hasRole("ADMINISTRATOR")) {
// Only administrator can create folders on root
throw new AccessDeniedException("No WRITE permission on /");
}
return null;
} else {
PathValidator.checkValidFolderName(folderPath.getFileName().toString());
......@@ -791,9 +798,15 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
folder = new RepositoryFolder();
folder.setName(folderPath.getFileName().toString());
if (folderPath.getParent() != null) {
// This will assure permissions on existing parent folder
folder.setParent(ensureFolder(folderPath.getParent()));
}
folderRepository.save(folder);
} else {
// Assure permissions on folder if it already exists
if (! SecurityContextUtil.hasRole("ADMINISTRATOR") && ! SecurityContextUtil.hasPermission(folder, "WRITE")) {
throw new AccessDeniedException("No WRITE permission on " + folder.getPath());
}
}
return folder;
......
......@@ -31,11 +31,13 @@ import org.genesys.filerepository.NoSuchRepositoryFileException;
import org.genesys.filerepository.model.RepositoryFile;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.test.context.support.WithMockUser;
// TODO: Auto-generated Javadoc
/**
* The Class FileRepositoryAddTest.
*/
@WithMockUser(username = "user", password = "user", roles = "ADMINISTRATOR")
public class FileRepositoryAddTest extends RepositoryServiceTest {
/** The Constant SOME_BYTES. */
......
......@@ -33,10 +33,12 @@ import org.genesys.filerepository.model.RepositoryFile;
import org.genesys.filerepository.model.RepositoryFolder;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.test.context.support.WithMockUser;
/**
* Test the folder navigation of the repository.
*/
@WithMockUser(username = "user", password = "user", roles = "ADMINISTRATOR")
public class FileRepositoryDirectoryTest extends RepositoryServiceTest {
/** The Constant SOME_BYTES. */
......
......@@ -26,11 +26,13 @@ import org.genesys.filerepository.NoSuchRepositoryFileException;
import org.genesys.filerepository.model.RepositoryFile;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.test.context.support.WithMockUser;
// TODO: Auto-generated Javadoc
/**
* The Class FileRepositoryExtensionTest.
*/
@WithMockUser(username = "user", password = "user", roles = "ADMINISTRATOR")
public class FileRepositoryExtensionTest extends RepositoryServiceTest {
/** The initial content type. */
......
......@@ -31,12 +31,14 @@ import org.genesys.filerepository.NoSuchRepositoryFileException;
import org.genesys.filerepository.model.RepositoryFile;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.transaction.annotation.Transactional;
// TODO: Auto-generated Javadoc
/**
* The Class FileRepositoryUpdateTest.
*/
@WithMockUser(username = "user", password = "user", roles = "ADMINISTRATOR")
public class FileRepositoryUpdateTest extends RepositoryServiceTest {
/** The initial content type. */
......
......@@ -17,7 +17,7 @@
package org.genesys.filerepository.service;
import static org.hamcrest.Matchers.*;
import static org.junit.Assert.*;
import static org.junit.Assert.assertThat;
import java.io.IOException;
import java.nio.file.Path;
......@@ -34,11 +34,13 @@ import org.genesys.filerepository.model.RepositoryImage;
import org.junit.After;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.test.context.support.WithMockUser;
// TODO: Auto-generated Javadoc
/**
* The Class ImageGalleryTest.
*/
@WithMockUser(username = "user", password = "user", roles = "ADMINISTRATOR")
public class ImageGalleryTest extends RepositoryServiceTest {
/** The Constant DEFAULT_GALLERY_TITLE. */
......
......@@ -38,12 +38,14 @@ import org.genesys.filerepository.service.impl.ImageGalleryServiceImpl;
import org.junit.After;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.transaction.annotation.Transactional;
// TODO: Auto-generated Javadoc
/**
* The Class ImageGalleryTest.
*/
@WithMockUser(username = "user", password = "user", roles = "ADMINISTRATOR")
public class ImageGalleryThumbnailsTest extends RepositoryServiceTest {
/** The Constant DEFAULT_GALLERY_TITLE. */
......
......@@ -30,6 +30,7 @@ import org.genesys.filerepository.model.RepositoryImage;
import org.junit.After;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.transaction.annotation.Transactional;
import com.fasterxml.jackson.databind.DeserializationFeature;
......@@ -38,6 +39,7 @@ import com.fasterxml.jackson.databind.ObjectMapper;
/**
* Repository metadata tests.
*/
@WithMockUser(username = "user", password = "user", roles = "ADMINISTRATOR")
public class MetadataTest extends RepositoryServiceTest {
/** The timestamp. */
......
......@@ -27,11 +27,13 @@ import org.genesys.filerepository.FolderNotEmptyException;
import org.genesys.filerepository.InvalidRepositoryPathException;
import org.genesys.filerepository.model.RepositoryFolder;
import org.junit.Test;
import org.springframework.security.test.context.support.WithMockUser;
// TODO: Auto-generated Javadoc
/**
* The Class FileRepositoryAddTest.
*/
@WithMockUser(username = "user", password = "user", roles = "ADMINISTRATOR")
public class RepositoryFolderTest extends RepositoryServiceTest {
@Test
......
......@@ -33,6 +33,7 @@ import org.genesys.filerepository.model.RepositoryImage;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
......@@ -42,6 +43,7 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
*/
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(classes = { ServiceBeanConfig.class, DatabaseConfig.class })
@WithMockUser(username = "user", password = "user", roles = "ADMINISTRATOR")
public class RepositoryImageAddTest {
/** The initial content type. */
......
......@@ -26,15 +26,16 @@ import org.genesys.filerepository.InvalidRepositoryPathException;
import org.genesys.filerepository.NoSuchRepositoryFileException;
import org.genesys.filerepository.metadata.ImageMetadata.Orientation;
import org.genesys.filerepository.model.RepositoryImage;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.test.context.support.WithMockUser;
// TODO: Auto-generated Javadoc
/**
* The Class RepositoryImageUpdateTest.
*/
@WithMockUser(username = "user", password = "user", roles = "ADMINISTRATOR")
public class RepositoryImageUpdateTest extends RepositoryServiceTest {
/** The initial content type. */
......
......@@ -335,7 +335,7 @@ public class S3StorageServiceTest {
*/
@Test(expected = IOException.class)
public void invalidUpsertNullFilename() throws IOException, InvalidKeyException, NoSuchAlgorithmException {
bytesStorageService.upsert(Paths.get("/test/", null), SOME_BYTES);
bytesStorageService.upsert(Paths.get("/test/"), SOME_BYTES);
}
/**
......@@ -407,7 +407,7 @@ public class S3StorageServiceTest {
*/
@Test(expected = IOException.class)
public void invalidRemoveNullFilename() throws IOException, InvalidKeyException, NoSuchAlgorithmException {
bytesStorageService.remove(Paths.get("/test/", null));
bytesStorageService.remove(Paths.get("/test/"));
}
/**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment