status workflow small auth fixes

2024-10-14 17:32:16 +03:00 · 2024-10-14 17:32:16 +03:00 · 0689247781
parent 305a1fa4ab
commit 0689247781
2 changed files with 7 additions and 17 deletions
--- a/backend/core/src/main/java/org/opencdmp/service/description/DescriptionServiceImpl.java
+++ b/backend/core/src/main/java/org/opencdmp/service/description/DescriptionServiceImpl.java
@ -499,17 +499,11 @@ public class DescriptionServiceImpl implements DescriptionService {
    public Description persistStatus(DescriptionStatusPersist model, FieldSet fields) throws IOException, InvalidApplicationException {
        logger.debug(new MapLogEntry("persisting data").And("model", model).And("fields", fields));

-        this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.descriptionAffiliation(model.getId())), Permission.EditDescription);
+        this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.descriptionAffiliation(model.getId())), Permission.EditDescription, this.customPolicyService.getDescriptionStatusCanEditStatusPermission(model.getStatusId()));

        DescriptionEntity data = this.queryFactory.query(DescriptionQuery.class).authorize(AuthorizationFlags.AllExceptPublic).ids(model.getId()).isActive(IsActive.Active).first();
        if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{model.getId(), Description.class.getSimpleName()}, LocaleContextHolder.getLocale()));

-        try {
-            this.authorizationService.authorizeForce(this.customPolicyService.getDescriptionStatusCanEditStatusPermission(model.getStatusId()));
-        } catch (Exception e) {
-            this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.planAffiliation(data.getPlanId())), this.customPolicyService.getDescriptionStatusCanEditStatusPermission(model.getStatusId()));
-        }
-
        if (!this.conventionService.hashValue(data.getUpdatedAt()).equals(model.getHash())) throw new MyValidationException(this.errors.getHashConflict().getCode(), this.errors.getHashConflict().getMessage());
        if (!data.getStatusId().equals(model.getStatusId())){
            DescriptionStatusEntity oldStatusEntity = this.queryFactory.query(DescriptionStatusQuery.class).disableTracking().ids(data.getStatusId()).isActive(IsActive.Active).firstAs(new BaseFieldSet().ensure(org.opencdmp.model.descriptionstatus.DescriptionStatus._id).ensure(org.opencdmp.model.descriptionstatus.DescriptionStatus._internalStatus));
--- a/backend/core/src/main/java/org/opencdmp/service/plan/PlanServiceImpl.java
+++ b/backend/core/src/main/java/org/opencdmp/service/plan/PlanServiceImpl.java
@ -1609,11 +1609,10 @@ public class PlanServiceImpl implements PlanService {
        PlanEntity plan = this.queryFactory.query(PlanQuery.class).authorize(AuthorizationFlags.AllExceptPublic).ids(id).isActive(IsActive.Active).first();
        if (plan == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Plan.class.getSimpleName()}, LocaleContextHolder.getLocale()));

-        try {
-            this.authorizationService.authorizeForce(this.customPolicyService.getPlanStatusCanEditStatusPermission(newStatusId));
-        } catch (Exception e) {
-            this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.planAffiliation(id)), this.customPolicyService.getPlanStatusCanEditStatusPermission(newStatusId));
-        }
+        this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.planAffiliation(id)), Permission.EditPlan, this.customPolicyService.getPlanStatusCanEditStatusPermission(newStatusId));
+
+        EntityDoiQuery entityDoiQuery = this.queryFactory.query(EntityDoiQuery.class).types(EntityType.Plan).entityIds(plan.getId()).isActive(IsActive.Active);
+        if (entityDoiQuery.count() > 0) throw new MyApplicationException("Plan is deposited");

        if (plan.getStatusId().equals(newStatusId)) throw new MyApplicationException("Old status equals with new");

@ -1638,7 +1637,7 @@ public class PlanServiceImpl implements PlanService {
    }

    private void finalize(PlanEntity plan, List<UUID> descriptionIds, PlanStatusEntity oldPlanStatusEntity, PlanStatusEntity newPlanStatusEntity) throws MyForbiddenException, MyValidationException, MyApplicationException, MyNotFoundException, InvalidApplicationException, IOException {
-        this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.planAffiliation(plan.getId())), Permission.FinalizePlan);
+        this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.planAffiliation(plan.getId())), Permission.FinalizePlan, this.customPolicyService.getPlanStatusCanEditStatusPermission(newPlanStatusEntity.getId()));

        if (oldPlanStatusEntity.getInternalStatus() != null && oldPlanStatusEntity.getInternalStatus().equals(PlanStatus.Finalized)){
            throw new MyApplicationException("Plan is already finalized");
@ -1699,13 +1698,10 @@ public class PlanServiceImpl implements PlanService {
    }

    private void undoFinalize(PlanEntity plan, PlanStatusEntity oldPlanStatusEntity, PlanStatusEntity newPlanStatusEntity) throws MyForbiddenException, MyValidationException, MyApplicationException, MyNotFoundException, InvalidApplicationException {
-        this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.planAffiliation(plan.getId())), Permission.UndoFinalizePlan);
+        this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.planAffiliation(plan.getId())), Permission.UndoFinalizePlan, this.customPolicyService.getPlanStatusCanEditStatusPermission(newPlanStatusEntity.getId()));

        if (oldPlanStatusEntity.getInternalStatus() == null && !oldPlanStatusEntity.getInternalStatus().equals(PlanStatus.Finalized)) throw new MyApplicationException("Plan is already non finalized");

-        EntityDoiQuery entityDoiQuery = this.queryFactory.query(EntityDoiQuery.class).types(EntityType.Plan).entityIds(plan.getId()).isActive(IsActive.Active);
-        if (entityDoiQuery.count() > 0) throw new MyApplicationException("Plan is deposited");
-
        plan.setStatusId(newPlanStatusEntity.getId());
        plan.setUpdatedAt(Instant.now());