fixed (?) interface role checking

2021-10-22 10:52:48 +00:00 · 2021-10-22 10:52:48 +00:00 · 702abc38e6
parent 35825693ce
commit 702abc38e6
3 changed files with 17 additions and 3 deletions
--- a/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java
+++ b/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java
@ -163,13 +163,13 @@ public class RepositoryController {
    @RequestMapping(value = "/updateRepository", method = RequestMethod.POST,
            consumes = MediaType.APPLICATION_JSON_VALUE)
    @ResponseBody
-    @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#repository.id)")
+    @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOfInterface(#repository.id)")
    public Repository updateRepository(@RequestBody Repository repository, Authentication authentication) throws Exception {
        return repositoryService.updateRepository(repository, authentication);
    }

    @RequestMapping(value = "/deleteInterface/", method = RequestMethod.DELETE)
-    @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)")
+    @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOfInterface(#id)")
    public void deleteRepositoryInterface(@RequestParam("id") String id,
                                          @RequestParam("registeredBy") String registeredBy) {
        repositoryService.deleteRepositoryInterface(id, registeredBy);
--- a/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationService.java
+++ b/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationService.java
@ -21,6 +21,11 @@ public interface AuthorizationService {
     */
    boolean isMemberOf(String id);

+    /**
+     * @param id repository interface Id to check.
+     * @return Checks if a user is a member of a repository interface.
+     */
+    boolean isMemberOfInterface(String id);

    /**
     * Returns a list of admins of the resource.
--- a/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationServiceImpl.java
+++ b/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationServiceImpl.java
@ -53,7 +53,16 @@ public class AuthorizationServiceImpl implements AuthorizationService {
    public boolean isMemberOf(String repoId) {
        String repoRole = roleMappingService.convertRepoIdToEncodedAuthorityId(repoId);
        return SecurityContextHolder.getContext().getAuthentication().getAuthorities()
-                .parallelStream().anyMatch(authority -> authority.toString().equals(repoRole));
+                .stream().anyMatch(authority -> authority.toString().equals(repoRole));
+    }
+
+    @Override
+    public boolean isMemberOfInterface(String interfaceId) {
+
+        //TODO blame Konstantinos Spyrou. He forced my hand...
+        String repoId = interfaceId.split("::")[1] + "::" + interfaceId.split("::")[2];
+
+        return isMemberOf(repoId);
    }

    @Override