From 8311d1142fec418887ea4146eb8d9701dac36872 Mon Sep 17 00:00:00 2001 From: Matija Obreza Date: Sat, 27 Oct 2018 17:09:47 +0200 Subject: [PATCH] Fix: Repository download cache header set to public/private - If file is readable by ROLE_EVERYONE set header to public else to private --- .../api/v1/RepositoryDownloadController.java | 19 +++++++++++++----- .../mvc/RepositoryDownloadController.java | 20 +++++++++++++------ 2 files changed, 28 insertions(+), 11 deletions(-) diff --git a/src/main/java/org/genesys2/server/api/v1/RepositoryDownloadController.java b/src/main/java/org/genesys2/server/api/v1/RepositoryDownloadController.java index e0c29d51b..927c4dbcf 100644 --- a/src/main/java/org/genesys2/server/api/v1/RepositoryDownloadController.java +++ b/src/main/java/org/genesys2/server/api/v1/RepositoryDownloadController.java @@ -25,6 +25,7 @@ import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.genesys.blocks.security.SecurityContextUtil; import org.genesys.filerepository.NoSuchRepositoryFileException; import org.genesys.filerepository.model.RepositoryFile; import org.genesys.filerepository.service.BytesStorageService; @@ -83,6 +84,14 @@ public class RepositoryDownloadController { response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime()); response.setHeader(HttpHeaders.ETAG, repositoryFile.getSha1Sum()); + response.setContentType("image/png"); + + // Cache for 24hrs + if (SecurityContextUtil.anyoneHasPermission(repositoryFile, "READ")) { + response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform"); + } else { + response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, private, no-transform"); + } } catch (NoSuchRepositoryFileException e) { throw new NotFoundElement("No file for thumb " + name); @@ -93,10 +102,6 @@ public class RepositoryDownloadController { throw new NotFoundElement("No thumbnail at " + path.resolve(filename)); } - response.setContentType("image/png"); - // Cache for 24hrs - response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform"); - } else { // Regular repository file @@ -114,7 +119,11 @@ public class RepositoryDownloadController { data = this.repositoryService.getFileBytes(repositoryFile); // Cache for 24hrs - response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform"); + if (SecurityContextUtil.anyoneHasPermission(repositoryFile, "READ")) { + response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform"); + } else { + response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, private, no-transform"); + } response.setHeader(HttpHeaders.PRAGMA, ""); response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime()); response.setHeader(HttpHeaders.ETAG, repositoryFile.getSha1Sum()); diff --git a/src/main/java/org/genesys2/server/mvc/RepositoryDownloadController.java b/src/main/java/org/genesys2/server/mvc/RepositoryDownloadController.java index cc992f059..ecb6a1877 100644 --- a/src/main/java/org/genesys2/server/mvc/RepositoryDownloadController.java +++ b/src/main/java/org/genesys2/server/mvc/RepositoryDownloadController.java @@ -25,6 +25,7 @@ import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.genesys.blocks.security.SecurityContextUtil; import org.genesys.filerepository.NoSuchRepositoryFileException; import org.genesys.filerepository.model.RepositoryFile; import org.genesys.filerepository.service.BytesStorageService; @@ -78,6 +79,14 @@ public class RepositoryDownloadController extends BaseController { response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime()); response.setHeader(HttpHeaders.ETAG, repositoryFile.getSha1Sum()); + response.setContentType("image/png"); + + // Cache for 24hrs + if (SecurityContextUtil.anyoneHasPermission(repositoryFile, "READ")) { + response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform"); + } else { + response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, private, no-transform"); + } } catch (NoSuchRepositoryFileException e) { throw new NotFoundElement("No file for thumb " + name); @@ -88,11 +97,6 @@ public class RepositoryDownloadController extends BaseController { throw new NotFoundElement("No thumbnail at " + path.resolve(filename)); } - response.setContentType("image/png"); - // Cache for 24hrs - response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform"); - - } else { // Regular repository file try { @@ -109,7 +113,11 @@ public class RepositoryDownloadController extends BaseController { data = this.repositoryService.getFileBytes(repositoryFile); // Cache for 24hrs - response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform"); + if (SecurityContextUtil.anyoneHasPermission(repositoryFile, "READ")) { + response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform"); + } else { + response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, private, no-transform"); + } response.setHeader(HttpHeaders.PRAGMA, ""); response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime()); response.setHeader(HttpHeaders.ETAG, repositoryFile.getSha1Sum()); -- GitLab