Project

General

Profile

Revision 51cc6f53

ID51cc6f53fc59a189dcda2d01e62a9e003ed1ddb9
Parent 68369e5d
Child 943dcf96

Added by Andreas Kohlbecker almost 3 years ago

ref #7833 permission checking in RegistrationWorkingSetService

View differences:

cdmlib-services/src/main/java/eu/etaxonomy/cdm/api/service/registration/IRegistrationWorkingSetService.java
18 18
import eu.etaxonomy.cdm.api.service.dto.RegistrationWorkingSet;
19 19
import eu.etaxonomy.cdm.api.service.exception.RegistrationValidationException;
20 20
import eu.etaxonomy.cdm.api.service.pager.Pager;
21
import eu.etaxonomy.cdm.database.PermissionDeniedException;
21 22
import eu.etaxonomy.cdm.model.common.User;
22 23
import eu.etaxonomy.cdm.model.name.Registration;
23 24
import eu.etaxonomy.cdm.model.name.RegistrationStatus;
......
55 56
     *
56 57
     * @return
57 58
     */
59
    @Deprecated
58 60
    public RegistrationWorkingSet loadWorkingSetByReferenceID(Integer referenceID, boolean resolveSections) throws RegistrationValidationException;
59 61

  
60 62
    /**
......
63 65
     *  use the inReference which is the journal article.
64 66
     * @return
65 67
     */
66
    public RegistrationWorkingSet loadWorkingSetByReferenceUuid(UUID referenceUuid, boolean resolveSections) throws RegistrationValidationException;
68
    public RegistrationWorkingSet loadWorkingSetByReferenceUuid(UUID referenceUuid, boolean resolveSections) throws RegistrationValidationException, PermissionDeniedException;
67 69

  
68 70
    public Set<RegistrationDTO> loadBlockingRegistrations(UUID blockedRegistrationUuid);
69 71

  
cdmlib-services/src/main/java/eu/etaxonomy/cdm/api/service/registration/RegistrationWorkingSetService.java
20 20

  
21 21
import org.apache.log4j.Logger;
22 22
import org.hibernate.Hibernate;
23
import org.joda.time.DateTime;
24
import org.joda.time.Partial;
23 25
import org.springframework.beans.factory.annotation.Autowired;
24 26
import org.springframework.beans.factory.annotation.Qualifier;
25 27
import org.springframework.stereotype.Service;
......
31 33
import eu.etaxonomy.cdm.api.service.exception.RegistrationValidationException;
32 34
import eu.etaxonomy.cdm.api.service.pager.Pager;
33 35
import eu.etaxonomy.cdm.api.service.pager.impl.DefaultPagerImpl;
36
import eu.etaxonomy.cdm.api.utility.UserHelper;
37
import eu.etaxonomy.cdm.database.PermissionDeniedException;
34 38
import eu.etaxonomy.cdm.hibernate.HibernateProxyHelper;
35 39
import eu.etaxonomy.cdm.model.common.User;
36 40
import eu.etaxonomy.cdm.model.name.Registration;
......
44 48
import eu.etaxonomy.cdm.model.reference.Reference;
45 49
import eu.etaxonomy.cdm.model.reference.ReferenceType;
46 50
import eu.etaxonomy.cdm.persistence.dao.initializer.IBeanInitializer;
51
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD;
47 52
import eu.etaxonomy.cdm.persistence.query.MatchMode;
48 53
import eu.etaxonomy.cdm.persistence.query.OrderHint;
49 54
import eu.etaxonomy.cdm.persistence.query.OrderHint.SortOrder;
......
143 148
    private CdmRepository repo;
144 149

  
145 150
    @Autowired
151
    private UserHelper userHelper;
152

  
153
    @Autowired
146 154
    protected IBeanInitializer defaultBeanInitializer;
147 155

  
148 156
    public RegistrationWorkingSetService() {
......
270 278
     * @throws RegistrationValidationException
271 279
     */
272 280
    @Override
273
    public RegistrationWorkingSet loadWorkingSetByReferenceUuid(UUID referenceUuid, boolean resolveSections) throws RegistrationValidationException {
281
    public RegistrationWorkingSet loadWorkingSetByReferenceUuid(UUID referenceUuid, boolean resolveSections) throws RegistrationValidationException, PermissionDeniedException {
274 282

  
275 283
        Reference reference = repo.getReferenceService().load(referenceUuid); // needed to use load to avoid the problem described in #7331
276 284
        if(resolveSections){
277 285
            reference = resolveSection(reference);
278 286
        }
279 287

  
288
        checkPermissions(reference);
289

  
280 290
        Pager<Registration> pager = repo.getRegistrationService().page(Optional.of(reference), null, null, null, REGISTRATION_DTO_INIT_STRATEGY);
281 291

  
282 292
        /* for debugging https://dev.e-taxonomy.eu/redmine/issues/7331 */
......
287 297

  
288 298
    /**
289 299
     * @param reference
300
     */
301
    private void checkPermissions(Reference reference) throws PermissionDeniedException {
302

  
303
        boolean permissionDenied = isPermissionDenied(reference);
304
        if(permissionDenied) {
305
            throw new PermissionDeniedException("Access to the workingset is denied for the current user.");
306
        }
307
    }
308

  
309

  
310
    /**
311
     * @param reference
312
     * @return
313
     */
314
    public boolean isPermissionDenied(Reference reference) {
315
        boolean permissionDenied = false;
316
        if(!checkReferencePublished(reference)){
317
            permissionDenied = !userHelper.userHasPermission(reference, CRUD.UPDATE);
318
        }
319
        return permissionDenied;
320
    }
321

  
322

  
323
    /**
324
     * @param reference
325
     * @return
326
     */
327
    public boolean checkReferencePublished(Reference reference) {
328

  
329
        if(reference.getDatePublished() == null){
330
            return false;
331
        }
332
        Partial pubPartial = null;
333
        if(reference.getDatePublished().getStart() != null){
334
            pubPartial = reference.getDatePublished().getStart();
335
        } else {
336
            pubPartial = reference.getDatePublished().getEnd();
337
        }
338
        if(pubPartial == null){
339
            return !reference.getDatePublished().getFreeText().isEmpty();
340
        }
341

  
342
        DateTime nowLocal = new DateTime();
343
        //LocalDateTime nowUTC = nowLocal.withZone(DateTimeZone.UTC).toLocalDateTime();
344

  
345
        DateTime pubDateTime = pubPartial.toDateTime(null);
346
        return nowLocal.isAfter(pubDateTime);
347

  
348
    }
349

  
350

  
351
    /**
352
     * @param reference
290 353
     * @return
291 354
     */
292 355
    protected Reference resolveSection(Reference reference) {
......
302 365
     * @throws RegistrationValidationException
303 366
     */
304 367
    @Override
305
    public RegistrationWorkingSet loadWorkingSetByReferenceID(Integer referenceID, boolean resolveSections) throws RegistrationValidationException {
368
    public RegistrationWorkingSet loadWorkingSetByReferenceID(Integer referenceID, boolean resolveSections) throws RegistrationValidationException, PermissionDeniedException {
306 369

  
307 370
        Reference reference = repo.getReferenceService().find(referenceID);
308 371
        if(resolveSections){
309 372
            reference = resolveSection(reference);
310 373
        }
374

  
375
        checkPermissions(reference);
376

  
311 377
        repo.getReferenceService().load(reference.getUuid()); // needed to avoid the problem described in #7331
312 378

  
313 379
        Pager<Registration> pager = repo.getRegistrationService().page(Optional.of(reference), null, null, null, REGISTRATION_DTO_INIT_STRATEGY);

Also available in: Unified diff

Add picture from clipboard (Maximum size: 40 MB)