Commit 7f8db3ed authored by Matija Obreza's avatar Matija Obreza

Updated permission checks in dataset, descriptor list and descriptor services

parent 494c1f6e
......@@ -97,7 +97,7 @@ public class DatasetServiceImpl implements DatasetService {
*/
@Override
@Transactional
@PreAuthorize("isAuthenticated()")
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#source.owner, 'write')")
public Dataset createDataset(final Dataset source) {
LOG.info("Create Dataset. Input data {}", source);
final DatasetVersions datasetVersions = new DatasetVersions();
......@@ -229,7 +229,7 @@ public class DatasetServiceImpl implements DatasetService {
* {@inheritDoc}
*/
@Override
@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
@PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
public Dataset loadDataset(final Dataset input) {
LOG.debug("Load Dataset. Input data {}", input);
final Dataset dataset = datasetRepository.findOne(input.getId());
......@@ -278,7 +278,7 @@ public class DatasetServiceImpl implements DatasetService {
* {@inheritDoc}
*/
@Override
@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
@PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
public Dataset loadDataset(final UUID uuid) {
final Dataset dataset = datasetRepository.findByUuid(uuid);
return lazyLoad(dataset);
......@@ -288,7 +288,7 @@ public class DatasetServiceImpl implements DatasetService {
* {@inheritDoc}
*/
@Override
@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
@PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
public Dataset loadDataset(final UUID uuid, final int version) {
final Dataset dataset = datasetRepository.findByUuidAndVersion(uuid, version);
return lazyLoad(dataset);
......@@ -345,7 +345,7 @@ public class DatasetServiceImpl implements DatasetService {
* {@inheritDoc}
*/
@Override
@PreAuthorize("#dataset.published || hasPermission(#dataset, 'read')")
@PreAuthorize("#dataset.published || hasRole('ADMINISTRATOR') || hasPermission(#dataset, 'read')")
public List<RepositoryFile> listDatasetFiles(final Dataset dataset) throws NotFoundElement {
return dataset.getRepositoryFiles();
}
......
......@@ -85,7 +85,7 @@ public class DescriptorListServiceImpl implements DescriptorListService {
*/
@Transactional
@Override
@PreAuthorize("isAuthenticated()")
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#input.owner, 'write')")
public DescriptorList createDescriptorList(final DescriptorList input) {
LOG.info("Create descriptor list {}", input);
......@@ -233,19 +233,19 @@ public class DescriptorListServiceImpl implements DescriptorListService {
}
@Override
@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
@PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
public DescriptorList getDescriptorList(final Long id) {
return lazyLoad(descriptorListRepository.findOne(id));
}
@Override
@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
@PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
public DescriptorList getDescriptorList(final UUID uuid) {
return lazyLoad(descriptorListRepository.findByUuid(uuid));
}
@Override
@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
@PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
public DescriptorList getDescriptorList(final UUID uuid, final int version) {
return lazyLoad(descriptorListRepository.findByUuidAndVersion(uuid, version));
}
......@@ -278,7 +278,7 @@ public class DescriptorListServiceImpl implements DescriptorListService {
}
@Override
@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
@PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
public DescriptorList loadDescriptorList(final DescriptorList input) {
return loadDescriptorList(input.getUuid(), input.getVersion());
}
......
......@@ -88,7 +88,7 @@ public class DescriptorServiceImpl implements DescriptorService {
*/
@Transactional
@Override
@PreAuthorize("isAuthenticated()")
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#input.owner, 'write')")
public Descriptor createDescriptor(final Descriptor input) {
LOG.info("Creating descriptor: {} - {}", input.getTitle(), input.getDataType());
......@@ -177,7 +177,7 @@ public class DescriptorServiceImpl implements DescriptorService {
* {@inheritDoc}
*/
@Override
@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
@PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
public Descriptor getDescriptor(final UUID uuid) {
return lazyLoad(descriptorRepository.findByUuid(uuid));
}
......@@ -189,7 +189,7 @@ public class DescriptorServiceImpl implements DescriptorService {
* int)
*/
@Override
@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
@PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
public Descriptor getDescriptor(final UUID uuid, final int version) {
return lazyLoad(descriptorRepository.findByUuidAndVersion(uuid, version));
}
......@@ -352,8 +352,8 @@ public class DescriptorServiceImpl implements DescriptorService {
* catalog.model.traits.Descriptor)
*/
@Override
@PreAuthorize("#descriptor.published || hasPermission(#descriptor, 'read')")
@PostFilter("filterObject==null || filterObject.published || hasPermission(filterObject, 'write')")
@PreAuthorize("#descriptor.published || hasRole('ADMINISTRATOR') || hasPermission(#descriptor, 'read')")
@PostFilter("hasRole('ADMINISTRATOR') || filterObject==null || filterObject.published || hasPermission(filterObject, 'write')")
public List<DescriptorList> getDescriptorLists(final Descriptor descriptor) {
final List<DescriptorList> list = descriptorRepository.listDescriptorLists(descriptor);
list.forEach(d -> entityManager.detach(d));
......@@ -368,7 +368,7 @@ public class DescriptorServiceImpl implements DescriptorService {
*/
@Override
@PreAuthorize("#descriptor.published || hasPermission(#descriptor, 'read')")
@PostFilter("filterObject==null || filterObject.published || hasPermission(filterObject, 'write')")
@PostFilter("hasRole('ADMINISTRATOR') || filterObject==null || filterObject.published || hasPermission(filterObject, 'write')")
public List<Dataset> getDatasets(final Descriptor descriptor) {
final List<Dataset> list = descriptorRepository.listDatasets(descriptor);
list.forEach(d -> entityManager.detach(d));
......@@ -377,7 +377,7 @@ public class DescriptorServiceImpl implements DescriptorService {
@Override
@Transactional
@PreAuthorize("#descriptor.published || hasPermission(#descriptor, 'read')")
@PreAuthorize("#descriptor.published || hasRole('ADMINISTRATOR') || hasPermission(#descriptor, 'read')")
public Descriptor nextVersion(final Descriptor descriptor, final boolean major) {
final Descriptor source = reloadDescriptor(descriptor);
LOG.info("Creating new version for descriptor uuid={} id={}", descriptor.getUuid(), descriptor.getId());
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment