Commit 3dfd9b61 authored by Matija Obreza's avatar Matija Obreza
Browse files

Merge branch '228-access-denied' into 'master'

Resolve "Access denied"

Closes #228

See merge request genesys-pgr/genesys-server!129
parents fe6cbd05 72adc78a
......@@ -248,8 +248,9 @@ public class WiewsController extends BaseController {
@RequestMapping("/{wiewsCode}/update")
public String update(ModelMap model, @PathVariable(value = "wiewsCode") String wiewsCode, @RequestParam("blurp") String aboutBody,
@RequestParam(value = "summary", required = false) String summary, @RequestParam("gaTracker") String gaTracker, @RequestParam("mailto") String mailto,
@RequestParam("uniqueAcceNumbs") boolean uniqueAcceNumbs, @RequestParam(value = "allowMaterialRequests", required = false, defaultValue = "false") boolean allowMaterialRequests,
@RequestParam("codeSVGS") String codeSVGS) throws CRMException {
@RequestParam("uniqueAcceNumbs") boolean uniqueAcceNumbs,
@RequestParam(value = "allowMaterialRequests", required = false, defaultValue = "false") boolean allowMaterialRequests, @RequestParam("codeSVGS") String codeSVGS)
throws CRMException {
LOG.debug("Updating institite {}", wiewsCode);
final FaoInstitute faoInstitute = instituteService.getInstitute(wiewsCode);
......@@ -270,15 +271,15 @@ public class WiewsController extends BaseController {
}
@RequestMapping("/{dateVal}/{wiewsCode}/last-updated")
public String viewDataByLastModifiedDate(ModelMap model, @PathVariable(value = "wiewsCode") String wiewsCode,
@PathVariable(value = "dateVal") String dateVal,
@RequestParam(value = "page", required = false, defaultValue = "1") int page) {
public String viewDataByLastModifiedDate(ModelMap model, @PathVariable(value = "wiewsCode") String wiewsCode, @PathVariable(value = "dateVal") String dateVal,
@RequestParam(value = "page", required = false, defaultValue = "1") int page) {
LOG.debug("Viewing last updated data for {}", dateVal);
final FaoInstitute faoInstitute = instituteService.getInstitute(wiewsCode);
if (faoInstitute == null) {
throw new ResourceNotFoundException();
}
model.addAttribute("filter", "{\"" + FilterConstants.LAST_MODIFIED_DATE + "\":[\"" + dateVal + "\"], \"" + FilterConstants.INSTCODE + "\":[\"" + faoInstitute.getCode() + "\"]}");
model.addAttribute("filter", "{\"" + FilterConstants.LAST_MODIFIED_DATE + "\":[\"" + dateVal + "\"], \"" + FilterConstants.INSTCODE + "\":[\"" + faoInstitute.getCode()
+ "\"]}");
model.addAttribute("page", page);
return "redirect:/explore";
}
......@@ -472,130 +473,130 @@ public class WiewsController extends BaseController {
}
}
/* File management */
@GetMapping(value = "/{wiewsCode}/files/**")
public String listAllFiles(HttpServletRequest request, ModelMap model) throws UnsupportedEncodingException, InvalidRepositoryPathException {
String fullpath = (String) request.getAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE);
// The /** mapping does not decode the URL
fullpath = UriUtils.decode(fullpath, "UTF-8");
return listAllFiles(model, fullpath);
}
@GetMapping(value = "/{path}/files")
public String listAllFiles(ModelMap model, @PathVariable(value = "path") String path) throws InvalidRepositoryPathException {
final String repositoryPath = path.contains("/wiews/") ? path.replace("/files/", "/") : "/wiews/" + path;
String wiewsCode = path.replace("/wiews/", "");
wiewsCode = wiewsCode.contains("/") ? wiewsCode.substring(0, wiewsCode.indexOf("/")) : wiewsCode;
//check user permissions
instituteService.getInstituteForEdit(wiewsCode);
if (LOG.isDebugEnabled()) {
LOG.debug("Listing files for path={}", repositoryPath);
}
List<String> subPaths = new ArrayList<>();
for (String subPath: repositoryService.listPaths(repositoryPath, new PageRequest(0, 10))) {
if (!subPath.equals(repositoryPath) && subPath.contains(repositoryPath)) {
subPaths.add(subPath.substring(repositoryPath.length()));
}
}
model.addAttribute("fileList", repositoryService.getFiles(repositoryPath));
model.addAttribute("currentPath", repositoryPath);
model.addAttribute("subPaths", subPaths);
model.addAttribute("imageGallery", imageGalleryService.loadImageGallery(repositoryPath));
model.addAttribute("wiewsCode", wiewsCode);
return MANAGE_FILES_JSP_PATH + "/index";
}
@PostMapping(value = "/{wiewsCode}/upload-file")
public String uploadFile(@RequestParam MultipartFile file, @PathVariable String wiewsCode, @RequestParam String repositoryPath,
RedirectAttributes redirectAttributes) throws IOException {
final String mimeType = file.getContentType();
try {
if (mimeType.startsWith("image")) {
repositoryService.addImage(repositoryPath, file.getOriginalFilename(), file.getContentType(), file.getBytes(), null);
} else {
repositoryService.addFile(repositoryPath, file.getOriginalFilename(), file.getContentType(), file.getBytes(), null);
}
} catch (InvalidRepositoryPathException e) {
LOG.error("Invalid repository path!", e);
redirectAttributes.addFlashAttribute("errorMessage", "Invalid repository path!");
} catch (InvalidRepositoryFileDataException e) {
LOG.error("Invalid file data!", e);
redirectAttributes.addFlashAttribute("errorMessage", "Invalid file data!");
}
if (repositoryPath.equals("/wiews/".concat(wiewsCode))) {
return "redirect:" + repositoryPath + "/files";
} else {
return "redirect:" + repositoryPath.replace("/wiews/".concat(wiewsCode).concat("/"), "/wiews/".concat(wiewsCode).concat("/files/"));
}
}
@PostMapping(value = "/{wiewsCode}/delete-file")
public String deleteFile(@RequestParam String uuid, @PathVariable String wiewsCode) throws NoSuchRepositoryFileException, IOException {
//check user permissions
instituteService.getInstituteForEdit(wiewsCode);
RepositoryFile repositoryFile = repositoryService.getFile(UUID.fromString(uuid));
repositoryService.removeFile(repositoryFile);
if (repositoryFile.getPath().equals("/wiews/".concat(wiewsCode))) {
return "redirect:" + repositoryFile.getPath() + "/files";
} else {
return "redirect:" + repositoryFile.getPath().replace("/wiews/".concat(wiewsCode).concat("/"), "/wiews/".concat(wiewsCode).concat("/files/"));
}
}
@GetMapping(value = "/{wiewsCode}/edit-file")
public String getEditPage(@RequestParam String uuid, @PathVariable(value = "wiewsCode") String wiewsCode, ModelMap model) throws NoSuchRepositoryFileException {
//check user permissions
instituteService.getInstituteForEdit(wiewsCode);
RepositoryFile file = repositoryService.getFile(UUID.fromString(uuid));
String fileSubPath = file.getPath().replace("/wiews/" + wiewsCode, "");
model.addAttribute("file", file);
model.addAttribute("wiewsCode", wiewsCode);
model.addAttribute("fileSubPath", fileSubPath);
return MANAGE_FILES_JSP_PATH + "/edit";
}
@PostMapping(value = "/{wiewsCode}/update-file")
public String updateMetadata(@ModelAttribute RepositoryFile fileData, @PathVariable(value = "wiewsCode") String wiewsCode) throws NoSuchRepositoryFileException {
//check user permissions
instituteService.getInstituteForEdit(wiewsCode);
RepositoryFile updatedFile = repositoryService.getFile(UUID.fromString(fileData.getUuid().toString()));
repositoryService.updateMetadata(updatedFile.getUuid(), fileData);
String fileSubPath = updatedFile.getPath().replace("/wiews/" + wiewsCode, "");
return "redirect:/wiews/" + wiewsCode + "/files" + fileSubPath;
}
/* Image gallery management */
/* File management */
@GetMapping(value = "/{wiewsCode}/files")
public String listInstituteFiles(@PathVariable("wiewsCode") String wiewsCode, HttpServletRequest request, ModelMap model) throws UnsupportedEncodingException,
InvalidRepositoryPathException {
return listAllFiles(wiewsCode, request, model);
}
@GetMapping(value = "/{wiewsCode}/files/**")
public String listAllFiles(@PathVariable("wiewsCode") String wiewsCode, HttpServletRequest request, ModelMap model) throws UnsupportedEncodingException,
InvalidRepositoryPathException {
// check user permissions
instituteService.getInstituteForEdit(wiewsCode);
String path = (String) request.getAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE);
// The /** mapping does not decode the URL
path = UriUtils.decode(path, "UTF-8");
path = path.substring(path.indexOf("/files", 1) + 6);
final String repositoryPath = "/wiews/" + wiewsCode + path;
if (LOG.isDebugEnabled()) {
LOG.debug("Listing files in repo={} for path={}", repositoryPath, path);
}
List<String> subPaths = new ArrayList<>();
for (String subPath : repositoryService.listPaths(repositoryPath, new PageRequest(0, 10))) {
if (!subPath.equals(repositoryPath) && subPath.contains(repositoryPath)) {
subPaths.add(subPath.substring(repositoryPath.length()));
}
}
model.addAttribute("fileList", repositoryService.getFiles(repositoryPath));
model.addAttribute("currentPath", repositoryPath);
model.addAttribute("subPaths", subPaths);
model.addAttribute("imageGallery", imageGalleryService.loadImageGallery(repositoryPath));
model.addAttribute("wiewsCode", wiewsCode);
return MANAGE_FILES_JSP_PATH + "/index";
}
@PostMapping(value = "/{wiewsCode}/file/upload")
public String uploadFile(@RequestParam MultipartFile file, @PathVariable String wiewsCode, @RequestParam String repositoryPath, RedirectAttributes redirectAttributes)
throws IOException {
final String mimeType = file.getContentType();
try {
if (mimeType.startsWith("image")) {
repositoryService.addImage(repositoryPath, file.getOriginalFilename(), file.getContentType(), file.getBytes(), null);
} else {
repositoryService.addFile(repositoryPath, file.getOriginalFilename(), file.getContentType(), file.getBytes(), null);
}
} catch (InvalidRepositoryPathException e) {
LOG.error("Invalid repository path!", e);
redirectAttributes.addFlashAttribute("errorMessage", "Invalid repository path!");
} catch (InvalidRepositoryFileDataException e) {
LOG.error("Invalid file data!", e);
redirectAttributes.addFlashAttribute("errorMessage", "Invalid file data!");
}
if (repositoryPath.equals("/wiews/".concat(wiewsCode))) {
return "redirect:" + repositoryPath + "/files";
} else {
return "redirect:" + repositoryPath.replace("/wiews/".concat(wiewsCode).concat("/"), "/wiews/".concat(wiewsCode).concat("/files/"));
}
}
@PostMapping(value = "/{wiewsCode}/file/delete")
public String deleteInstituteFile(@RequestParam String uuid, @PathVariable String wiewsCode) throws NoSuchRepositoryFileException, IOException {
// check user permissions
instituteService.getInstituteForEdit(wiewsCode);
RepositoryFile repositoryFile = repositoryService.getFile(UUID.fromString(uuid));
repositoryService.removeFile(repositoryFile);
if (repositoryFile.getPath().equals("/wiews/".concat(wiewsCode))) {
return "redirect:" + repositoryFile.getPath() + "/files";
} else {
return "redirect:" + repositoryFile.getPath().replace("/wiews/".concat(wiewsCode).concat("/"), "/wiews/".concat(wiewsCode).concat("/files/"));
}
}
@GetMapping(value = "/{wiewsCode}/file/edit")
public String editInstituteFile(@RequestParam String uuid, @PathVariable(value = "wiewsCode") String wiewsCode, ModelMap model) throws NoSuchRepositoryFileException {
// check user permissions
instituteService.getInstituteForEdit(wiewsCode);
RepositoryFile file = repositoryService.getFile(UUID.fromString(uuid));
String fileSubPath = file.getPath().replace("/wiews/" + wiewsCode, "");
model.addAttribute("file", file);
model.addAttribute("wiewsCode", wiewsCode);
model.addAttribute("fileSubPath", fileSubPath);
return MANAGE_FILES_JSP_PATH + "/edit";
}
@PostMapping(value = "/{wiewsCode}/file/update")
public String updateMetadata(@ModelAttribute RepositoryFile fileData, @PathVariable(value = "wiewsCode") String wiewsCode) throws NoSuchRepositoryFileException {
// check user permissions
instituteService.getInstituteForEdit(wiewsCode);
RepositoryFile updatedFile = repositoryService.getFile(UUID.fromString(fileData.getUuid().toString()));
repositoryService.updateMetadata(updatedFile.getUuid(), fileData);
String fileSubPath = updatedFile.getPath().replace("/wiews/" + wiewsCode, "");
return "redirect:/wiews/" + wiewsCode + "/files" + fileSubPath;
}
/* Image gallery management */
@GetMapping(value = "/{wiewsCode}/files/gallery")
public String listAllFiles(ModelMap model, @PathVariable("wiewsCode") String wiewsCode, HttpServletRequest request) {
//check user permissions
instituteService.getInstituteForEdit(wiewsCode);
public String listInstituteGalleries(ModelMap model, @PathVariable("wiewsCode") String wiewsCode, HttpServletRequest request) {
// check user permissions
instituteService.getInstituteForEdit(wiewsCode);
return "redirect:/wiews/" + wiewsCode + "/files" + "/gallery" + "/1";
return "redirect:/wiews/" + wiewsCode + "/files" + "/gallery" + "/1";
}
@GetMapping(value = "/{wiewsCode}/files/gallery/{page:\\d+}")
public String listAllFiles(ModelMap model, @PathVariable("page") int page, @PathVariable("wiewsCode") String wiewsCode) {
//check user permissions
instituteService.getInstituteForEdit(wiewsCode);
public String listInstituteGallery(ModelMap model, @PathVariable("page") int page, @PathVariable("wiewsCode") String wiewsCode) {
// check user permissions
instituteService.getInstituteForEdit(wiewsCode);
Page<ImageGallery> pagedData = imageGalleryService.listImageGalleries("/wiews/" + wiewsCode, new PageRequest(page - 1, 50, new Sort("path")));
Page<ImageGallery> pagedData = imageGalleryService.listImageGalleries("/wiews/" + wiewsCode, new PageRequest(page - 1, 50, new Sort("path")));
model.addAttribute("pagedData", pagedData);
model.addAttribute("wiewsCode", wiewsCode);
......@@ -603,11 +604,11 @@ public class WiewsController extends BaseController {
}
@GetMapping(value = "/{wiewsCode}/files/gallery/details")
public String listAllFiles(ModelMap model, HttpServletRequest request, @PathVariable("wiewsCode") String wiewsCode, @RequestParam String galleryPath) {
//check user permissions
instituteService.getInstituteForEdit(wiewsCode);
public String viewInstituteGallery(ModelMap model, HttpServletRequest request, @PathVariable("wiewsCode") String wiewsCode, @RequestParam String galleryPath) {
// check user permissions
instituteService.getInstituteForEdit(wiewsCode);
ImageGallery imageGallery = imageGalleryService.loadImageGallery(galleryPath);
ImageGallery imageGallery = imageGalleryService.loadImageGallery(galleryPath);
if (imageGallery == null) {
throw new ResourceNotFoundException("No image gallery here!");
......@@ -622,11 +623,11 @@ public class WiewsController extends BaseController {
}
@GetMapping(value = "/{wiewsCode}/files/gallery/edit")
public String getEditGalleryPage(@RequestParam String galleryPath, @PathVariable("wiewsCode") String wiewsCode, ModelMap model) throws NoSuchRepositoryFileException {
//check user permissions
instituteService.getInstituteForEdit(wiewsCode);
public String editInstituteGallery(@RequestParam String galleryPath, @PathVariable("wiewsCode") String wiewsCode, ModelMap model) throws NoSuchRepositoryFileException {
// check user permissions
instituteService.getInstituteForEdit(wiewsCode);
ImageGallery imageGallery = imageGalleryService.loadImageGallery(galleryPath);
ImageGallery imageGallery = imageGalleryService.loadImageGallery(galleryPath);
if (imageGallery == null) {
imageGallery = new ImageGallery();
imageGallery.setPath(galleryPath);
......@@ -638,11 +639,12 @@ public class WiewsController extends BaseController {
}
@PostMapping(value = "{wiewsCode}/files/gallery/update")
public String updateMetadata(@PathVariable("wiewsCode") String wiewsCode, @ModelAttribute ImageGallery imageGallery, RedirectAttributes redirectAttributes) throws NoSuchRepositoryFileException {
//check user permissions
instituteService.getInstituteForEdit(wiewsCode);
public String updateGallery(@PathVariable("wiewsCode") String wiewsCode, @ModelAttribute ImageGallery imageGallery, RedirectAttributes redirectAttributes)
throws NoSuchRepositoryFileException {
// check user permissions
instituteService.getInstituteForEdit(wiewsCode);
ImageGallery updatedGallery = imageGalleryService.loadImageGallery(imageGallery.getPath());
ImageGallery updatedGallery = imageGalleryService.loadImageGallery(imageGallery.getPath());
if (updatedGallery == null) {
imageGalleryService.createImageGallery(imageGallery.getPath(), imageGallery.getTitle(), imageGallery.getDescription());
} else {
......@@ -654,9 +656,10 @@ public class WiewsController extends BaseController {
}
@PostMapping(value = "{wiewsCode}/files/gallery/delete")
public String deleteFile(@RequestParam String galleryPath, RedirectAttributes redirectAttributes, @PathVariable("wiewsCode") String wiewsCode) throws InvalidRepositoryPathException {
//check user permissions
instituteService.getInstituteForEdit(wiewsCode);
public String deleteGalleryFile(@RequestParam String galleryPath, RedirectAttributes redirectAttributes, @PathVariable("wiewsCode") String wiewsCode)
throws InvalidRepositoryPathException {
// check user permissions
instituteService.getInstituteForEdit(wiewsCode);
ImageGallery imageGallery = imageGalleryService.loadImageGallery(galleryPath);
imageGalleryService.removeGallery(imageGallery);
......@@ -665,7 +668,7 @@ public class WiewsController extends BaseController {
return "redirect:/wiews/" + wiewsCode + "/files/gallery";
}
@RequestMapping(value = "{wiewsCode}/files/download/metadata")
@PostMapping(value = "{wiewsCode}/files/metadata/download")
@Transactional(readOnly = true)
public void downloadMetadata(@PathVariable("wiewsCode") String wiewsCode, HttpServletResponse response) throws IOException {
// check user permissions
......@@ -680,7 +683,7 @@ public class WiewsController extends BaseController {
filesMetadataInfo.downloadMetadata(files, response, '\t', '"', '\\', "\n", "UTF-16LE");
}
@PostMapping(value = "/{wiewsCode}/files/upload/metadata")
@PostMapping(value = "/{wiewsCode}/files/metadata/upload")
public String uploadMetadata(@RequestParam MultipartFile file, @PathVariable("wiewsCode") String wiewsCode) throws IOException {
instituteService.getInstituteForEdit(wiewsCode);
......
......@@ -12,7 +12,7 @@
<spring:message code="cancel"/>
</a>
<form action="<c:url value="/wiews/${wiewsCode}/update-file" />" method="post">
<form action="<c:url value="/wiews/${wiewsCode}/file/update" />" method="post">
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
<input type="hidden" name="uuid" value="${file.uuid}"/>
......
......@@ -63,8 +63,8 @@
<c:out value="${file.path}" />
</td>
<td class="col-md-4 col-xs-5 text-right">
<form action="<c:url value="/wiews/${wiewsCode}/delete-file" />" method="post">
<a href="<c:url value="/wiews/${wiewsCode}/edit-file"><c:param name="uuid" value="${file.uuid}" /></c:url>"
<form action="<c:url value="/wiews/${wiewsCode}/file/delete" />" method="post">
<a href="<c:url value="/wiews/${wiewsCode}/file/edit"><c:param name="uuid" value="${file.uuid}" /></c:url>"
class="btn btn-default"><spring:message code="edit" />
</a>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
......@@ -83,7 +83,7 @@
<div class="row">
<div class="col-xs-6">
<form action="<c:url value='/wiews/${wiewsCode}/upload-file' />" method="post" enctype="multipart/form-data" class="">
<form action="<c:url value='/wiews/${wiewsCode}/file/upload'><c:param name='${_csrf.parameterName}' value='${_csrf.token}' /></c:url>" method="post" enctype="multipart/form-data" class="">
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
<input type="hidden" name="repositoryPath" value="${currentPath}"/>
<div class="form-group">
......@@ -96,7 +96,7 @@
</form>
</div>
<div class="col-xs-6">
<form action="<c:url value='/wiews/${wiewsCode}/files/upload/metadata' />" method="post" enctype="multipart/form-data" class="">
<form action="<c:url value='/wiews/${wiewsCode}/files/metadata/upload'><c:param name='${_csrf.parameterName}' value='${_csrf.token}' /></c:url>" method="post" enctype="multipart/form-data" class="">
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
<div class="form-group">
<input type="file" name="file" class="upload-file-metadata"/>
......@@ -107,7 +107,7 @@
<button type="submit" class="btn btn-primary upload-btn-metadata"><spring:message code="file.upload.metadata"/></button>
</form>
<form style="margin-top: 5px;" method="post" action="<c:url value='/wiews/${wiewsCode}/files/download/metadata' />" class="">
<form style="margin-top: 5px;" method="post" action="<c:url value='/wiews/${wiewsCode}/files/metadata/download' />" class="">
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
<button type="submit" class="btn btn-primary"><spring:message code="file.download-metadata"/></button>
</form>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment