From 702abc38e6d2d505427b259ef769e75c2e85b9f3 Mon Sep 17 00:00:00 2001 From: Antonis Lempesis Date: Fri, 22 Oct 2021 10:52:48 +0000 Subject: [PATCH] fixed (?) interface role checking --- .../manager/controllers/RepositoryController.java | 4 ++-- .../service/security/AuthorizationService.java | 5 +++++ .../service/security/AuthorizationServiceImpl.java | 11 ++++++++++- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java b/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java index 946b579..84d4968 100644 --- a/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java +++ b/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java @@ -163,13 +163,13 @@ public class RepositoryController { @RequestMapping(value = "/updateRepository", method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#repository.id)") + @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOfInterface(#repository.id)") public Repository updateRepository(@RequestBody Repository repository, Authentication authentication) throws Exception { return repositoryService.updateRepository(repository, authentication); } @RequestMapping(value = "/deleteInterface/", method = RequestMethod.DELETE) - @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)") + @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOfInterface(#id)") public void deleteRepositoryInterface(@RequestParam("id") String id, @RequestParam("registeredBy") String registeredBy) { repositoryService.deleteRepositoryInterface(id, registeredBy); diff --git a/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationService.java b/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationService.java index d714b8f..15f1707 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationService.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationService.java @@ -21,6 +21,11 @@ public interface AuthorizationService { */ boolean isMemberOf(String id); + /** + * @param id repository interface Id to check. + * @return Checks if a user is a member of a repository interface. + */ + boolean isMemberOfInterface(String id); /** * Returns a list of admins of the resource. diff --git a/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationServiceImpl.java b/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationServiceImpl.java index 768d3ad..10d724a 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationServiceImpl.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationServiceImpl.java @@ -53,7 +53,16 @@ public class AuthorizationServiceImpl implements AuthorizationService { public boolean isMemberOf(String repoId) { String repoRole = roleMappingService.convertRepoIdToEncodedAuthorityId(repoId); return SecurityContextHolder.getContext().getAuthentication().getAuthorities() - .parallelStream().anyMatch(authority -> authority.toString().equals(repoRole)); + .stream().anyMatch(authority -> authority.toString().equals(repoRole)); + } + + @Override + public boolean isMemberOfInterface(String interfaceId) { + + //TODO blame Konstantinos Spyrou. He forced my hand... + String repoId = interfaceId.split("::")[1] + "::" + interfaceId.split("::")[2]; + + return isMemberOf(repoId); } @Override