Commit 7f8db3ed authored by Matija Obreza's avatar Matija Obreza

Updated permission checks in dataset, descriptor list and descriptor services

parent 494c1f6e
...@@ -97,7 +97,7 @@ public class DatasetServiceImpl implements DatasetService { ...@@ -97,7 +97,7 @@ public class DatasetServiceImpl implements DatasetService {
*/ */
@Override @Override
@Transactional @Transactional
@PreAuthorize("isAuthenticated()") @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#source.owner, 'write')")
public Dataset createDataset(final Dataset source) { public Dataset createDataset(final Dataset source) {
LOG.info("Create Dataset. Input data {}", source); LOG.info("Create Dataset. Input data {}", source);
final DatasetVersions datasetVersions = new DatasetVersions(); final DatasetVersions datasetVersions = new DatasetVersions();
...@@ -229,7 +229,7 @@ public class DatasetServiceImpl implements DatasetService { ...@@ -229,7 +229,7 @@ public class DatasetServiceImpl implements DatasetService {
* {@inheritDoc} * {@inheritDoc}
*/ */
@Override @Override
@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'read')") @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
public Dataset loadDataset(final Dataset input) { public Dataset loadDataset(final Dataset input) {
LOG.debug("Load Dataset. Input data {}", input); LOG.debug("Load Dataset. Input data {}", input);
final Dataset dataset = datasetRepository.findOne(input.getId()); final Dataset dataset = datasetRepository.findOne(input.getId());
...@@ -278,7 +278,7 @@ public class DatasetServiceImpl implements DatasetService { ...@@ -278,7 +278,7 @@ public class DatasetServiceImpl implements DatasetService {
* {@inheritDoc} * {@inheritDoc}
*/ */
@Override @Override
@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'read')") @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
public Dataset loadDataset(final UUID uuid) { public Dataset loadDataset(final UUID uuid) {
final Dataset dataset = datasetRepository.findByUuid(uuid); final Dataset dataset = datasetRepository.findByUuid(uuid);
return lazyLoad(dataset); return lazyLoad(dataset);
...@@ -288,7 +288,7 @@ public class DatasetServiceImpl implements DatasetService { ...@@ -288,7 +288,7 @@ public class DatasetServiceImpl implements DatasetService {
* {@inheritDoc} * {@inheritDoc}
*/ */
@Override @Override
@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'read')") @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
public Dataset loadDataset(final UUID uuid, final int version) { public Dataset loadDataset(final UUID uuid, final int version) {
final Dataset dataset = datasetRepository.findByUuidAndVersion(uuid, version); final Dataset dataset = datasetRepository.findByUuidAndVersion(uuid, version);
return lazyLoad(dataset); return lazyLoad(dataset);
...@@ -345,7 +345,7 @@ public class DatasetServiceImpl implements DatasetService { ...@@ -345,7 +345,7 @@ public class DatasetServiceImpl implements DatasetService {
* {@inheritDoc} * {@inheritDoc}
*/ */
@Override @Override
@PreAuthorize("#dataset.published || hasPermission(#dataset, 'read')") @PreAuthorize("#dataset.published || hasRole('ADMINISTRATOR') || hasPermission(#dataset, 'read')")
public List<RepositoryFile> listDatasetFiles(final Dataset dataset) throws NotFoundElement { public List<RepositoryFile> listDatasetFiles(final Dataset dataset) throws NotFoundElement {
return dataset.getRepositoryFiles(); return dataset.getRepositoryFiles();
} }
......
...@@ -85,7 +85,7 @@ public class DescriptorListServiceImpl implements DescriptorListService { ...@@ -85,7 +85,7 @@ public class DescriptorListServiceImpl implements DescriptorListService {
*/ */
@Transactional @Transactional
@Override @Override
@PreAuthorize("isAuthenticated()") @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#input.owner, 'write')")
public DescriptorList createDescriptorList(final DescriptorList input) { public DescriptorList createDescriptorList(final DescriptorList input) {
LOG.info("Create descriptor list {}", input); LOG.info("Create descriptor list {}", input);
...@@ -233,19 +233,19 @@ public class DescriptorListServiceImpl implements DescriptorListService { ...@@ -233,19 +233,19 @@ public class DescriptorListServiceImpl implements DescriptorListService {
} }
@Override @Override
@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')") @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
public DescriptorList getDescriptorList(final Long id) { public DescriptorList getDescriptorList(final Long id) {
return lazyLoad(descriptorListRepository.findOne(id)); return lazyLoad(descriptorListRepository.findOne(id));
} }
@Override @Override
@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')") @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
public DescriptorList getDescriptorList(final UUID uuid) { public DescriptorList getDescriptorList(final UUID uuid) {
return lazyLoad(descriptorListRepository.findByUuid(uuid)); return lazyLoad(descriptorListRepository.findByUuid(uuid));
} }
@Override @Override
@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')") @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
public DescriptorList getDescriptorList(final UUID uuid, final int version) { public DescriptorList getDescriptorList(final UUID uuid, final int version) {
return lazyLoad(descriptorListRepository.findByUuidAndVersion(uuid, version)); return lazyLoad(descriptorListRepository.findByUuidAndVersion(uuid, version));
} }
...@@ -278,7 +278,7 @@ public class DescriptorListServiceImpl implements DescriptorListService { ...@@ -278,7 +278,7 @@ public class DescriptorListServiceImpl implements DescriptorListService {
} }
@Override @Override
@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')") @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
public DescriptorList loadDescriptorList(final DescriptorList input) { public DescriptorList loadDescriptorList(final DescriptorList input) {
return loadDescriptorList(input.getUuid(), input.getVersion()); return loadDescriptorList(input.getUuid(), input.getVersion());
} }
......
...@@ -88,7 +88,7 @@ public class DescriptorServiceImpl implements DescriptorService { ...@@ -88,7 +88,7 @@ public class DescriptorServiceImpl implements DescriptorService {
*/ */
@Transactional @Transactional
@Override @Override
@PreAuthorize("isAuthenticated()") @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#input.owner, 'write')")
public Descriptor createDescriptor(final Descriptor input) { public Descriptor createDescriptor(final Descriptor input) {
LOG.info("Creating descriptor: {} - {}", input.getTitle(), input.getDataType()); LOG.info("Creating descriptor: {} - {}", input.getTitle(), input.getDataType());
...@@ -177,7 +177,7 @@ public class DescriptorServiceImpl implements DescriptorService { ...@@ -177,7 +177,7 @@ public class DescriptorServiceImpl implements DescriptorService {
* {@inheritDoc} * {@inheritDoc}
*/ */
@Override @Override
@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')") @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
public Descriptor getDescriptor(final UUID uuid) { public Descriptor getDescriptor(final UUID uuid) {
return lazyLoad(descriptorRepository.findByUuid(uuid)); return lazyLoad(descriptorRepository.findByUuid(uuid));
} }
...@@ -189,7 +189,7 @@ public class DescriptorServiceImpl implements DescriptorService { ...@@ -189,7 +189,7 @@ public class DescriptorServiceImpl implements DescriptorService {
* int) * int)
*/ */
@Override @Override
@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'read')") @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
public Descriptor getDescriptor(final UUID uuid, final int version) { public Descriptor getDescriptor(final UUID uuid, final int version) {
return lazyLoad(descriptorRepository.findByUuidAndVersion(uuid, version)); return lazyLoad(descriptorRepository.findByUuidAndVersion(uuid, version));
} }
...@@ -352,8 +352,8 @@ public class DescriptorServiceImpl implements DescriptorService { ...@@ -352,8 +352,8 @@ public class DescriptorServiceImpl implements DescriptorService {
* catalog.model.traits.Descriptor) * catalog.model.traits.Descriptor)
*/ */
@Override @Override
@PreAuthorize("#descriptor.published || hasPermission(#descriptor, 'read')") @PreAuthorize("#descriptor.published || hasRole('ADMINISTRATOR') || hasPermission(#descriptor, 'read')")
@PostFilter("filterObject==null || filterObject.published || hasPermission(filterObject, 'write')") @PostFilter("hasRole('ADMINISTRATOR') || filterObject==null || filterObject.published || hasPermission(filterObject, 'write')")
public List<DescriptorList> getDescriptorLists(final Descriptor descriptor) { public List<DescriptorList> getDescriptorLists(final Descriptor descriptor) {
final List<DescriptorList> list = descriptorRepository.listDescriptorLists(descriptor); final List<DescriptorList> list = descriptorRepository.listDescriptorLists(descriptor);
list.forEach(d -> entityManager.detach(d)); list.forEach(d -> entityManager.detach(d));
...@@ -368,7 +368,7 @@ public class DescriptorServiceImpl implements DescriptorService { ...@@ -368,7 +368,7 @@ public class DescriptorServiceImpl implements DescriptorService {
*/ */
@Override @Override
@PreAuthorize("#descriptor.published || hasPermission(#descriptor, 'read')") @PreAuthorize("#descriptor.published || hasPermission(#descriptor, 'read')")
@PostFilter("filterObject==null || filterObject.published || hasPermission(filterObject, 'write')") @PostFilter("hasRole('ADMINISTRATOR') || filterObject==null || filterObject.published || hasPermission(filterObject, 'write')")
public List<Dataset> getDatasets(final Descriptor descriptor) { public List<Dataset> getDatasets(final Descriptor descriptor) {
final List<Dataset> list = descriptorRepository.listDatasets(descriptor); final List<Dataset> list = descriptorRepository.listDatasets(descriptor);
list.forEach(d -> entityManager.detach(d)); list.forEach(d -> entityManager.detach(d));
...@@ -377,7 +377,7 @@ public class DescriptorServiceImpl implements DescriptorService { ...@@ -377,7 +377,7 @@ public class DescriptorServiceImpl implements DescriptorService {
@Override @Override
@Transactional @Transactional
@PreAuthorize("#descriptor.published || hasPermission(#descriptor, 'read')") @PreAuthorize("#descriptor.published || hasRole('ADMINISTRATOR') || hasPermission(#descriptor, 'read')")
public Descriptor nextVersion(final Descriptor descriptor, final boolean major) { public Descriptor nextVersion(final Descriptor descriptor, final boolean major) {
final Descriptor source = reloadDescriptor(descriptor); final Descriptor source = reloadDescriptor(descriptor);
LOG.info("Creating new version for descriptor uuid={} id={}", descriptor.getUuid(), descriptor.getId()); LOG.info("Creating new version for descriptor uuid={} id={}", descriptor.getUuid(), descriptor.getId());
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment