From cc1be4f19412b8bc2623b3724312852c7b4f5618 Mon Sep 17 00:00:00 2001
From: sgiannopoulos <sgiannopoulos@cite.gr>
Date: Wed, 17 Apr 2024 11:27:25 +0300
Subject: [PATCH] fix reference authz

---
 .../src/main/java/eu/eudat/query/ReferenceQuery.java | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/dmp-backend/core/src/main/java/eu/eudat/query/ReferenceQuery.java b/dmp-backend/core/src/main/java/eu/eudat/query/ReferenceQuery.java
index 4e5c8e167..2cf6c4dc4 100644
--- a/dmp-backend/core/src/main/java/eu/eudat/query/ReferenceQuery.java
+++ b/dmp-backend/core/src/main/java/eu/eudat/query/ReferenceQuery.java
@@ -5,9 +5,11 @@ import eu.eudat.authorization.Permission;
 import eu.eudat.commons.enums.IsActive;
 import eu.eudat.commons.enums.ReferenceSourceType;
 import eu.eudat.commons.scope.user.UserScope;
+import eu.eudat.data.DescriptionReferenceEntity;
 import eu.eudat.data.DmpEntity;
 import eu.eudat.data.DmpReferenceEntity;
 import eu.eudat.data.ReferenceEntity;
+import eu.eudat.model.DescriptionReference;
 import eu.eudat.model.PublicReference;
 import eu.eudat.model.Reference;
 import eu.eudat.query.utils.BuildSubQueryInput;
@@ -224,7 +226,15 @@ public class ReferenceQuery extends QueryBase<ReferenceEntity> {
                             .filterFunc((subQueryRoot, cb) ->
                                     cb.in(subQueryRoot.get(DmpReferenceEntity._dmpId)).value(queryUtilsService.buildDmpAuthZSubQuery(queryContext.Query, queryContext.CriteriaBuilder, userId, usePublic))
                             )
-                    )))  //Creates a false query
+                    ))),
+                    queryContext.CriteriaBuilder.in(queryContext.Root.get(ReferenceEntity._id)).value(queryUtilsService.buildSubQuery(new BuildSubQueryInput<>(new BuildSubQueryInput.Builder<>(DescriptionReferenceEntity.class, UUID.class)
+                            .query(queryContext.Query)
+                            .criteriaBuilder(queryContext.CriteriaBuilder)
+                            .keyPathFunc((subQueryRoot) -> subQueryRoot.get(DescriptionReferenceEntity._referenceId))
+                            .filterFunc((subQueryRoot, cb) ->
+                                    cb.in(subQueryRoot.get(DescriptionReferenceEntity._descriptionId)).value(queryUtilsService.buildDescriptionAuthZSubQuery(queryContext.Query, queryContext.CriteriaBuilder, userId, usePublic))
+                            )
+                    )))
             ));
         }
         if (!predicates.isEmpty()) {