Project

General

Profile

Revision 1e9f87b1

ID1e9f87b1ef0a2ead2547607d280e21383076ac87
Parent 41b7b3a2
Child 3e01938c

Added by Andreas Müller over 3 years ago

ref #3560 handle access denied for unpublished data in some TaxonController methods

View differences:

cdmlib-remote/src/main/java/eu/etaxonomy/cdm/remote/controller/BaseController.java
43 43
import eu.etaxonomy.cdm.api.service.pager.impl.DefaultPagerImpl;
44 44
import eu.etaxonomy.cdm.hibernate.HibernateProxyHelper;
45 45
import eu.etaxonomy.cdm.model.common.CdmBase;
46
import eu.etaxonomy.cdm.model.common.IPublishable;
46 47
import eu.etaxonomy.cdm.model.reference.INomenclaturalReference;
47 48
import eu.etaxonomy.cdm.remote.controller.util.PagerParameters;
48 49
import eu.etaxonomy.cdm.remote.editor.UUIDPropertyEditor;
......
388 389

  
389 390
    }
390 391

  
392
    /**
393
     * Checks if an {@link IPublishable} was found and if it is publish.
394
     * If not the according {@link HttpStatusMessage http messages} are added to response.
395
     * @param publishable
396
     * @param includeUnpublished
397
     * @param response
398
     * @return
399
     * @throws IOException
400
     */
401
    protected <T extends IPublishable> T checkExistsAndAccess(T publishable, boolean includeUnpublished,
402
            HttpServletResponse response) throws IOException {
403
        if (publishable == null){
404
            HttpStatusMessage.UUID_NOT_FOUND.send(response);
405
        }else if (!includeUnpublished && !publishable.isPublish()){
406
            HttpStatusMessage.ACCESS_DENIED.send(response);
407
            publishable = null;
408
        }
409
        return publishable;
410
    }
411

  
391 412

  
392 413
      /* TODO implement
393 414

  
cdmlib-remote/src/main/java/eu/etaxonomy/cdm/remote/controller/HttpStatusMessage.java
34 34

  
35 35
    public final static HttpStatusMessage INTERNAL_ERROR = new HttpStatusMessage(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "internal server error");
36 36

  
37
    public final static HttpStatusMessage ACCESS_DENIED = new HttpStatusMessage(HttpServletResponse.SC_FORBIDDEN, "access denied");
38

  
37 39

  
38 40
    private int statusCode;
39 41

  
cdmlib-remote/src/main/java/eu/etaxonomy/cdm/remote/controller/TaxonController.java
160 160
            @PathVariable("uuid") UUID uuid,
161 161
            HttpServletRequest request,
162 162
            HttpServletResponse response) throws IOException {
163

  
164
        boolean includeUnpublished = NO_UNPUBLISHED;
165

  
163 166
        logger.info("doGetClassifications(): " + request.getRequestURI());
164 167
        TaxonBase<?> taxonBase = service.load(uuid);
165

  
166
        if (taxonBase == null){
167
            HttpStatusMessage.UUID_NOT_FOUND.send(response);
168
        }
168
        taxonBase = checkExistsAndAccess(taxonBase, includeUnpublished, response);
169 169

  
170 170
        return service.listClassifications(taxonBase, null, null, getInitializationStrategy());
171 171
    }
......
255 255

  
256 256
        ModelAndView mv = new ModelAndView();
257 257

  
258
        TaxonBase<?> tb = service.load(uuid);
258
        TaxonBase<?> taxonBase = service.load(uuid);
259
        taxonBase = checkExistsAndAccess(taxonBase, NO_UNPUBLISHED, response);
259 260

  
260
        List<OrderHint> orderHints = new ArrayList<OrderHint>();
261
        List<OrderHint> orderHints = new ArrayList<>();
261 262
        orderHints.add(new OrderHint("titleCache", SortOrder.ASCENDING));
262 263

  
263
        if(tb instanceof Taxon){
264
        if(taxonBase instanceof Taxon){
264 265
            PagerParameters pagerParams = new PagerParameters(pageSize, pageNumber);
265 266
            pagerParams.normalizeAndValidate(response);
266 267

  
267
            return occurrenceService.pageFieldUnitsByAssociatedTaxon(null, (Taxon) tb, null, pagerParams.getPageSize(), pagerParams.getPageIndex(), orderHints, null);
268
            return occurrenceService.pageFieldUnitsByAssociatedTaxon(null, (Taxon) taxonBase, null, pagerParams.getPageSize(), pagerParams.getPageIndex(), orderHints, null);
269
        }else{
270
            return null;
268 271
        }
269
        return null;
270 272
    }
271 273

  
272 274
    @RequestMapping(value = "taggedName", method = RequestMethod.GET)
......
357 359
            logger.info("doGetDescriptions()" + requestPathAndQuery(request));
358 360
        }
359 361

  
360
        Taxon t = getCdmBaseInstance(Taxon.class, uuid, response, (List<String>)null);
361
        Set<MarkerType> markerTypesSet = new HashSet<MarkerType>();
362
        Taxon taxon = getCdmBaseInstance(Taxon.class, uuid, response, (List<String>)null);
363
        taxon = checkExistsAndAccess(taxon, NO_UNPUBLISHED, response);
364

  
365
        Set<MarkerType> markerTypesSet = new HashSet<>();
362 366
        if (markerTypes != null) {
363 367
            markerTypesSet.addAll(markerTypes);
364 368
        }
365 369

  
366
        Pager<TaxonDescription> p = descriptionService.pageTaxonDescriptions(t, null, null, markerTypesSet, null, null, getTaxonDescriptionInitStrategy());
370
        Pager<TaxonDescription> p = descriptionService.pageTaxonDescriptions(taxon, null, null, markerTypesSet, null, null, getTaxonDescriptionInitStrategy());
367 371

  
368 372
        return p;
369 373
    }
......
378 382
            HttpServletResponse response) throws IOException {
379 383
        logger.info("doGetDescriptionElementsByType() - " + requestPathAndQuery(request));
380 384

  
385

  
386
        boolean includeUnpublished = NO_UNPUBLISHED;
387

  
381 388
        ModelAndView mv = new ModelAndView();
382 389

  
383 390
        List<DescriptionElementBase> allElements = new ArrayList<>();
......
386 393

  
387 394
        List<String> initStrategy = doCount ? null : getTaxonDescriptionElementInitStrategy();
388 395

  
389
        Taxon t = getCdmBaseInstance(Taxon.class, uuid, response, (List<String>)null);
396
        Taxon taxon = getCdmBaseInstance(Taxon.class, uuid, response, (List<String>)null);
397

  
398
        taxon = checkExistsAndAccess(taxon, includeUnpublished, response);
399

  
390 400

  
391 401
        Set<MarkerType> markerTypesSet = new HashSet<>();
392 402
        if (markerTypes == null) {
393 403
            markerTypesSet.addAll(markerTypes);
394 404
        }
395 405

  
396
        List<TaxonDescription> taxonDescriptions = descriptionService.listTaxonDescriptions(t, null, null, markerTypesSet, null, null, null);
406
        List<TaxonDescription> taxonDescriptions = descriptionService.listTaxonDescriptions(
407
                taxon, null, null, markerTypesSet, null, null, null);
397 408
        try {
398 409
            Class type;
399 410
            type = Class.forName("eu.etaxonomy.cdm.model.description."

Also available in: Unified diff

Add picture from clipboard (Maximum size: 40 MB)