Commit 122f3c8d authored by Matija Obreza's avatar Matija Obreza
Browse files

Check permission on institute before creating a dataset

parent efebf219
......@@ -23,6 +23,7 @@ import java.util.Map;
import org.genesys2.server.model.genesys.Accession;
import org.genesys2.server.model.genesys.Metadata;
import org.genesys2.server.model.impl.FaoInstitute;
import org.springframework.data.repository.query.Param;
import org.springframework.security.access.prepost.PreAuthorize;
......@@ -32,7 +33,7 @@ public interface DatasetService {
List<Metadata> listMyMetadata();
@PreAuthorize("isAuthenticated()")
Metadata addDataset(String wiewsCode, String title, String description);
Metadata addDataset(FaoInstitute institute, String title, String description);
Metadata getDataset(long metadataId);
......
......@@ -475,11 +475,13 @@ public class GenesysServiceImpl implements GenesysService, TraitService, Dataset
}
@Override
@PreAuthorize("isAuthenticated()")
@Transactional(readOnly = false)
public Metadata addDataset(String wiewsCode, String title, String description) {
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#institute, 'WRITE') or hasPermission(#institute, 'CREATE')")
public Metadata addDataset(FaoInstitute institute, String title, String description) {
Metadata metadata = new Metadata();
metadata.setInstitute(wiewsCode);
metadata.setInstitute(institute.getCode());
// TODO Add direct link!
// metadata.setInstitute(institute);
metadata.setTitle(title);
metadata.setDescription(htmlSanitizer.sanitize(description));
return metadataRepository.save(metadata);
......
......@@ -39,9 +39,11 @@ import org.genesys2.server.model.genesys.Accession;
import org.genesys2.server.model.genesys.Metadata;
import org.genesys2.server.model.genesys.Method;
import org.genesys2.server.model.impl.AccessionIdentifier3;
import org.genesys2.server.model.impl.FaoInstitute;
import org.genesys2.server.service.CropService;
import org.genesys2.server.service.DatasetService;
import org.genesys2.server.service.GenesysService;
import org.genesys2.server.service.InstituteService;
import org.genesys2.server.service.TraitService;
import org.genesys2.spring.ResourceNotFoundException;
import org.springframework.beans.factory.annotation.Autowired;
......@@ -74,6 +76,9 @@ public class DatasetController extends RestController {
@Autowired
CropService cropService;
@Autowired
InstituteService instituteService;
/**
* List all crops
*
......@@ -104,7 +109,12 @@ public class DatasetController extends RestController {
// TODO We could do better messages on validation error
throw new ModelValidationException("Validation problem", violations);
}
Metadata metadata = datasetService.addDataset(metadataJson.institute, metadataJson.title, metadataJson.description);
FaoInstitute faoInstitute = instituteService.getInstitute(metadataJson.institute);
if (faoInstitute == null) {
throw new ResourceNotFoundException();
}
Metadata metadata = datasetService.addDataset(faoInstitute, metadataJson.title, metadataJson.description);
return metadata;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment