From 15abebff2d05cf96e22d65bc9b2619d926caae39 Mon Sep 17 00:00:00 2001
From: sgiannopoulos <sgiannopoulos@cite.gr>
Date: Tue, 25 Jun 2024 17:14:29 +0300
Subject: [PATCH] description template authz fixes

---
 .../java/org/opencdmp/query/UserQuery.java    |  9 ++++++++
 .../query/utils/QueryUtilsService.java        |  2 ++
 .../query/utils/QueryUtilsServiceImpl.java    | 21 +++++++++++++++++--
 .../DescriptionTemplateServiceImpl.java       |  2 +-
 4 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/backend/core/src/main/java/org/opencdmp/query/UserQuery.java b/backend/core/src/main/java/org/opencdmp/query/UserQuery.java
index 20c6e4f04..d02b2fc4c 100644
--- a/backend/core/src/main/java/org/opencdmp/query/UserQuery.java
+++ b/backend/core/src/main/java/org/opencdmp/query/UserQuery.java
@@ -174,6 +174,7 @@ public class UserQuery extends QueryBase<UserEntity> {
         UUID userId;
         if (this.authorize.contains(AuthorizationFlags.Owner)) userId = this.userScope.getUserIdSafe();
         if (this.authorize.contains(AuthorizationFlags.DmpAssociated)) userId = this.userScope.getUserIdSafe();
+        if (this.authorize.contains(AuthorizationFlags.DescriptionTemplateAssociated)) userId = this.userScope.getUserIdSafe();
         else  userId = null;
 
         List<Predicate> predicates = new ArrayList<>();
@@ -189,6 +190,14 @@ public class UserQuery extends QueryBase<UserEntity> {
                             .filterFunc((subQueryRoot, cb) ->
                                     cb.in(subQueryRoot.get(DmpUserEntity._dmpId)).value(this.queryUtilsService.buildDmpAuthZSubQuery(queryContext.Query, queryContext.CriteriaBuilder, finalUserId, usePublic))
                             )
+                    ))),
+                    queryContext.CriteriaBuilder.in(queryContext.Root.get(UserEntity._id)).value(this.queryUtilsService.buildSubQuery(new BuildSubQueryInput<>(new BuildSubQueryInput.Builder<>(UserDescriptionTemplateEntity.class, UUID.class)
+                            .query(queryContext.Query)
+                            .criteriaBuilder(queryContext.CriteriaBuilder)
+                            .keyPathFunc((subQueryRoot) -> subQueryRoot.get(UserDescriptionTemplateEntity._userId))
+                            .filterFunc((subQueryRoot, cb) ->
+                                    cb.in(subQueryRoot.get(UserDescriptionTemplateEntity._descriptionTemplateId)).value(this.queryUtilsService.buildUserDescriptionTemplateEntityAuthZSubQuery(queryContext.Query, queryContext.CriteriaBuilder, finalUserId))
+                            )
                     )))
             ));
         }
diff --git a/backend/core/src/main/java/org/opencdmp/query/utils/QueryUtilsService.java b/backend/core/src/main/java/org/opencdmp/query/utils/QueryUtilsService.java
index 4206744d1..69191d64e 100644
--- a/backend/core/src/main/java/org/opencdmp/query/utils/QueryUtilsService.java
+++ b/backend/core/src/main/java/org/opencdmp/query/utils/QueryUtilsService.java
@@ -9,6 +9,8 @@ public interface QueryUtilsService {
 
     Subquery<UUID> buildDmpAuthZSubQuery(AbstractQuery<?> query, CriteriaBuilder criteriaBuilder, UUID userId, Boolean usePublic);
 
+    Subquery<UUID> buildUserDescriptionTemplateEntityAuthZSubQuery(AbstractQuery<?> query, CriteriaBuilder criteriaBuilder, UUID userId);
+
     Subquery<UUID> buildDescriptionAuthZSubQuery(AbstractQuery<?> query, CriteriaBuilder criteriaBuilder, UUID userId, Boolean usePublic);
 
     Subquery<UUID> buildPublicDmpAuthZSubQuery(AbstractQuery<?> query,
diff --git a/backend/core/src/main/java/org/opencdmp/query/utils/QueryUtilsServiceImpl.java b/backend/core/src/main/java/org/opencdmp/query/utils/QueryUtilsServiceImpl.java
index 67f2ed0b5..e5b338f2e 100644
--- a/backend/core/src/main/java/org/opencdmp/query/utils/QueryUtilsServiceImpl.java
+++ b/backend/core/src/main/java/org/opencdmp/query/utils/QueryUtilsServiceImpl.java
@@ -1,5 +1,7 @@
 package org.opencdmp.query.utils;
 
+import jakarta.persistence.criteria.*;
+import org.hibernate.query.criteria.HibernateCriteriaBuilder;
 import org.opencdmp.commons.enums.DescriptionStatus;
 import org.opencdmp.commons.enums.DmpAccessType;
 import org.opencdmp.commons.enums.DmpStatus;
@@ -7,8 +9,7 @@ import org.opencdmp.commons.enums.IsActive;
 import org.opencdmp.data.DescriptionEntity;
 import org.opencdmp.data.DmpEntity;
 import org.opencdmp.data.DmpUserEntity;
-import jakarta.persistence.criteria.*;
-import org.hibernate.query.criteria.HibernateCriteriaBuilder;
+import org.opencdmp.data.UserDescriptionTemplateEntity;
 import org.springframework.stereotype.Component;
 
 import java.util.UUID;
@@ -43,6 +44,22 @@ public class QueryUtilsServiceImpl implements QueryUtilsService {
         ));
     }
 
+
+    @Override
+    public Subquery<UUID> buildUserDescriptionTemplateEntityAuthZSubQuery(AbstractQuery<?> query, CriteriaBuilder criteriaBuilder, UUID userId){
+        return this.buildSubQuery(new BuildSubQueryInput<>(new BuildSubQueryInput.Builder<>(UserDescriptionTemplateEntity.class, UUID.class)
+                .query(query)
+                .criteriaBuilder(criteriaBuilder)
+                .keyPathFunc((subQueryRoot) -> subQueryRoot.get(UserDescriptionTemplateEntity._descriptionTemplateId))
+                .filterFunc((subQueryRoot, cb) ->
+                        userId != null ? cb.and(
+                                cb.equal(subQueryRoot.get(DmpUserEntity._userId), userId),
+                                cb.equal(subQueryRoot.get(DmpUserEntity._isActive), IsActive.Active)
+                        ) : cb.or() //Creates a false query
+                )
+        ));
+    }
+
     @Override
     public Subquery<UUID> buildDescriptionAuthZSubQuery(AbstractQuery<?> query, CriteriaBuilder criteriaBuilder, UUID userId, Boolean usePublic) {
         return this.buildSubQuery(new BuildSubQueryInput<>(
diff --git a/backend/core/src/main/java/org/opencdmp/service/descriptiontemplate/DescriptionTemplateServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/descriptiontemplate/DescriptionTemplateServiceImpl.java
index 1704b2290..a3aa983f0 100644
--- a/backend/core/src/main/java/org/opencdmp/service/descriptiontemplate/DescriptionTemplateServiceImpl.java
+++ b/backend/core/src/main/java/org/opencdmp/service/descriptiontemplate/DescriptionTemplateServiceImpl.java
@@ -165,7 +165,7 @@ public class DescriptionTemplateServiceImpl implements DescriptionTemplateServic
         logger.debug(new MapLogEntry("persisting data descriptionTemplate").And("model", model).And("fields", fields));
 
         Boolean isUpdate = this.conventionService.isValidGuid(model.getId());
-        if (isUpdate) this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.dmpAffiliation(model.getId())), Permission.EditDescriptionTemplate);
+        if (isUpdate) this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.descriptionTemplateAffiliation(model.getId())), Permission.EditDescriptionTemplate);
         else this.authorizationService.authorizeForce(Permission.EditDescriptionTemplate);
         
         DescriptionTemplateEntity data;