diff --git a/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationFlags.java b/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationFlags.java index 516749ca3..ec97c0450 100644 --- a/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationFlags.java +++ b/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationFlags.java @@ -5,4 +5,5 @@ import java.util.EnumSet; public enum AuthorizationFlags { None, Permission, DmpAssociated, Public, Owner; public static final EnumSet OwnerOrDmpAssociatedOrPermission = EnumSet.of(DmpAssociated, Permission, Owner); + public static final EnumSet OwnerOrDmpAssociatedOrPermissionOrPublic = EnumSet.of(DmpAssociated, Permission, Owner, Public); } diff --git a/backend/core/src/main/java/org/opencdmp/service/description/DescriptionService.java b/backend/core/src/main/java/org/opencdmp/service/description/DescriptionService.java index 8ab684aae..a712a112a 100644 --- a/backend/core/src/main/java/org/opencdmp/service/description/DescriptionService.java +++ b/backend/core/src/main/java/org/opencdmp/service/description/DescriptionService.java @@ -49,7 +49,7 @@ public interface DescriptionService { StorageFileEntity getFieldFile(UUID descriptionId, UUID storageFileId); void updateDescriptionTemplate(UpdateDescriptionTemplatePersist model) throws InvalidApplicationException, IOException, JAXBException; - DescriptionImportExport exportXmlEntity(UUID id) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException, InvalidApplicationException; + DescriptionImportExport exportXmlEntity(UUID id, boolean ignoreAuthorize) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException, InvalidApplicationException; ResponseEntity exportXml(UUID id) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException, InvalidApplicationException; } diff --git a/backend/core/src/main/java/org/opencdmp/service/description/DescriptionServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/description/DescriptionServiceImpl.java index 3db0df3e5..7f7b8ca09 100644 --- a/backend/core/src/main/java/org/opencdmp/service/description/DescriptionServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/description/DescriptionServiceImpl.java @@ -1119,13 +1119,12 @@ public class DescriptionServiceImpl implements DescriptionService { //region Export @Override - public DescriptionImportExport exportXmlEntity(UUID id) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException, InvalidApplicationException { + public DescriptionImportExport exportXmlEntity(UUID id, boolean ignoreAuthorize) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException, InvalidApplicationException { logger.debug(new MapLogEntry("export xml").And("id", id)); - this.authorizationService.authorizeForce(Permission.ExportDescription); - DescriptionEntity data = this.entityManager.find(DescriptionEntity.class, id); - if (data == null) - throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Description.class.getSimpleName()}, LocaleContextHolder.getLocale())); + if (!ignoreAuthorize) this.authorizationService.authorizeForce(Permission.ExportDescription); + DescriptionEntity data = this.queryFactory.query(DescriptionQuery.class).ids(id).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).first(); + if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Description.class.getSimpleName()}, LocaleContextHolder.getLocale())); PropertyDefinitionEntity definition = this.jsonHandlingService.fromJson(PropertyDefinitionEntity.class, data.getProperties()); return this.toExport(data, definition); @@ -1136,11 +1135,10 @@ public class DescriptionServiceImpl implements DescriptionService { logger.debug(new MapLogEntry("export xml").And("id", id)); this.authorizationService.authorizeForce(Permission.ExportDescription); - DescriptionEntity data = this.entityManager.find(DescriptionEntity.class, id); - if (data == null) - throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Description.class.getSimpleName()}, LocaleContextHolder.getLocale())); + DescriptionEntity data = this.queryFactory.query(DescriptionQuery.class).ids(id).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).first(); + if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Description.class.getSimpleName()}, LocaleContextHolder.getLocale())); - String xml = this.xmlHandlingService.toXml(this.exportXmlEntity(data.getId())); + String xml = this.xmlHandlingService.toXml(this.exportXmlEntity(data.getId(), false)); return this.responseUtilsService.buildResponseFileFromText(xml, data.getLabel() + ".xml"); } @@ -1151,20 +1149,20 @@ public class DescriptionServiceImpl implements DescriptionService { xml.setLabel(data.getLabel()); xml.setFinalizedAt(data.getFinalizedAt()); - DescriptionTemplateEntity blueprintEntity = this.queryFactory.query(DescriptionTemplateQuery.class).ids(data.getDescriptionTemplateId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).first(); + DescriptionTemplateEntity blueprintEntity = this.queryFactory.query(DescriptionTemplateQuery.class).ids(data.getDescriptionTemplateId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).first(); if (blueprintEntity != null) { - xml.setDescriptionTemplate(this.descriptionTemplateService.exportXmlEntity(blueprintEntity.getId())); + xml.setDescriptionTemplate(this.descriptionTemplateService.exportXmlEntity(blueprintEntity.getId(), true)); } if (propertiesEntity != null) { xml.setProperties(this.descriptionPropertyDefinitionToExport(propertiesEntity)); } - List dmpReferences = this.queryFactory.query(DescriptionReferenceQuery.class).descriptionIds(data.getId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).collect(); + List dmpReferences = this.queryFactory.query(DescriptionReferenceQuery.class).descriptionIds(data.getId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).collect(); if (!this.conventionService.isListNullOrEmpty(dmpReferences)) { - List references = this.queryFactory.query(ReferenceQuery.class).ids(dmpReferences.stream().map(DescriptionReferenceEntity::getReferenceId).distinct().toList()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).collect(); + List references = this.queryFactory.query(ReferenceQuery.class).ids(dmpReferences.stream().map(DescriptionReferenceEntity::getReferenceId).distinct().toList()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).collect(); Map referenceEntityMap = references == null ? new HashMap<>() : references.stream().collect(Collectors.toMap(ReferenceEntity::getId, x-> x)); - List referenceTypes = references == null ? new ArrayList<>() : this.queryFactory.query(ReferenceTypeQuery.class).ids(references.stream().map(ReferenceEntity::getTypeId).distinct().toList()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).collect(); + List referenceTypes = references == null ? new ArrayList<>() : this.queryFactory.query(ReferenceTypeQuery.class).ids(references.stream().map(ReferenceEntity::getTypeId).distinct().toList()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).collect(); Map referenceTypeEntityMap = referenceTypes == null ? new HashMap<>() : referenceTypes.stream().collect(Collectors.toMap(ReferenceTypeEntity::getId, x-> x)); List dmpReferenceImportExports = new LinkedList<>(); for (DescriptionReferenceEntity descriptionTemplateEntity : dmpReferences) { diff --git a/backend/core/src/main/java/org/opencdmp/service/descriptiontemplate/DescriptionTemplateService.java b/backend/core/src/main/java/org/opencdmp/service/descriptiontemplate/DescriptionTemplateService.java index c3aa84fd3..930631f3b 100644 --- a/backend/core/src/main/java/org/opencdmp/service/descriptiontemplate/DescriptionTemplateService.java +++ b/backend/core/src/main/java/org/opencdmp/service/descriptiontemplate/DescriptionTemplateService.java @@ -28,7 +28,7 @@ public interface DescriptionTemplateService { DescriptionTemplate createNewVersion(NewVersionDescriptionTemplatePersist model, FieldSet fields) throws MyForbiddenException, MyValidationException, MyApplicationException, MyNotFoundException, InvalidApplicationException, JAXBException, ParserConfigurationException, JsonProcessingException, TransformerException; DescriptionTemplate importXml(byte[] bytes, UUID id, String label, FieldSet fields) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, TransformerException, InvalidApplicationException, IOException, InstantiationException, IllegalAccessException, SAXException; - DescriptionTemplateImportExport exportXmlEntity(UUID id) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException, InvalidApplicationException; + DescriptionTemplateImportExport exportXmlEntity(UUID id, boolean ignoreAuthorize) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException, InvalidApplicationException; ResponseEntity exportXml(UUID id) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException, TransformerException, InvalidApplicationException; diff --git a/backend/core/src/main/java/org/opencdmp/service/descriptiontemplate/DescriptionTemplateServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/descriptiontemplate/DescriptionTemplateServiceImpl.java index fc7662ffe..214a80dd8 100644 --- a/backend/core/src/main/java/org/opencdmp/service/descriptiontemplate/DescriptionTemplateServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/descriptiontemplate/DescriptionTemplateServiceImpl.java @@ -898,13 +898,12 @@ public class DescriptionTemplateServiceImpl implements DescriptionTemplateServic //region Export @Override - public DescriptionTemplateImportExport exportXmlEntity(UUID id) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException, InvalidApplicationException { + public DescriptionTemplateImportExport exportXmlEntity(UUID id, boolean ignoreAuthorize) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException, InvalidApplicationException { logger.debug(new MapLogEntry("exportXml").And("id", id)); - this.authorizationService.authorizeForce(Permission.ExportDescriptionTemplate); - DescriptionTemplateEntity data = this.entityManager.find(DescriptionTemplateEntity.class, id); - if (data == null) - throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, DescriptionTemplate.class.getSimpleName()}, LocaleContextHolder.getLocale())); + if (!ignoreAuthorize) this.authorizationService.authorizeForce(Permission.ExportDescriptionTemplate); + DescriptionTemplateEntity data = this.queryFactory.query(DescriptionTemplateQuery.class).ids(id).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).first(); + if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, DescriptionTemplate.class.getSimpleName()}, LocaleContextHolder.getLocale())); DefinitionEntity definition = this.xmlHandlingService.fromXml(DefinitionEntity.class, data.getDefinition()); return this.definitionXmlToExport(data, definition); @@ -916,12 +915,10 @@ public class DescriptionTemplateServiceImpl implements DescriptionTemplateServic logger.debug(new MapLogEntry("exportXml").And("id", id)); this.authorizationService.authorizeForce(Permission.ExportDescriptionTemplate); - DescriptionTemplateEntity data = this.entityManager.find(DescriptionTemplateEntity.class, id); - if (data == null) - throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, DescriptionTemplate.class.getSimpleName()}, LocaleContextHolder.getLocale())); + DescriptionTemplateEntity data = this.queryFactory.query(DescriptionTemplateQuery.class).ids(id).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).first(); + if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, DescriptionTemplate.class.getSimpleName()}, LocaleContextHolder.getLocale())); - DefinitionEntity definition = this.xmlHandlingService.fromXml(DefinitionEntity.class, data.getDefinition()); - String xml = this.xmlHandlingService.toXml(this.exportXmlEntity(id)); + String xml = this.xmlHandlingService.toXml(this.exportXmlEntity(id, false)); return this.responseUtilsService.buildResponseFileFromText(xml, data.getLabel() + ".xml"); } diff --git a/backend/core/src/main/java/org/opencdmp/service/dmp/DmpService.java b/backend/core/src/main/java/org/opencdmp/service/dmp/DmpService.java index 89a6006fc..4eece384a 100644 --- a/backend/core/src/main/java/org/opencdmp/service/dmp/DmpService.java +++ b/backend/core/src/main/java/org/opencdmp/service/dmp/DmpService.java @@ -52,7 +52,7 @@ public interface DmpService { void dmpInvitationAccept(String token) throws InvalidApplicationException, IOException; - DmpImportExport exportXmlEntity(UUID id) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException, InvalidApplicationException; + DmpImportExport exportXmlEntity(UUID id, boolean ignoreAuthorize) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException, InvalidApplicationException; ResponseEntity exportXml(UUID id) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException, InvalidApplicationException; } diff --git a/backend/core/src/main/java/org/opencdmp/service/dmp/DmpServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/dmp/DmpServiceImpl.java index bfa92e2ce..968edbcfe 100644 --- a/backend/core/src/main/java/org/opencdmp/service/dmp/DmpServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/dmp/DmpServiceImpl.java @@ -1345,13 +1345,12 @@ public class DmpServiceImpl implements DmpService { //region Export @Override - public DmpImportExport exportXmlEntity(UUID id) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException, InvalidApplicationException { + public DmpImportExport exportXmlEntity(UUID id, boolean ignoreAuthorize) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException, InvalidApplicationException { logger.debug(new MapLogEntry("export xml").And("id", id)); - this.authorizationService.authorizeForce(Permission.ExportDmp); - DmpEntity data = this.entityManager.find(DmpEntity.class, id); - if (data == null) - throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Dmp.class.getSimpleName()}, LocaleContextHolder.getLocale())); + if (!ignoreAuthorize) this.authorizationService.authorizeForce(Permission.ExportDmp); + DmpEntity data = this.queryFactory.query(DmpQuery.class).ids(id).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).first(); + if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Dmp.class.getSimpleName()}, LocaleContextHolder.getLocale())); DmpPropertiesEntity definition = this.jsonHandlingService.fromJson(DmpPropertiesEntity.class, data.getProperties()); return this.definitionXmlToExport(data, definition); @@ -1362,11 +1361,10 @@ public class DmpServiceImpl implements DmpService { logger.debug(new MapLogEntry("export xml").And("id", id)); this.authorizationService.authorizeForce(Permission.ExportDmp); - DmpEntity data = this.entityManager.find(DmpEntity.class, id); - if (data == null) - throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Dmp.class.getSimpleName()}, LocaleContextHolder.getLocale())); + DmpEntity data = this.queryFactory.query(DmpQuery.class).ids(id).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).first(); + if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Dmp.class.getSimpleName()}, LocaleContextHolder.getLocale())); - String xml = this.xmlHandlingService.toXml(this.exportXmlEntity(data.getId())); + String xml = this.xmlHandlingService.toXml(this.exportXmlEntity(data.getId(), false)); return this.responseUtilsService.buildResponseFileFromText(xml, data.getLabel() + ".xml"); } @@ -1382,7 +1380,7 @@ public class DmpServiceImpl implements DmpService { if (propertiesEntity != null && !this.conventionService.isListNullOrEmpty(propertiesEntity.getContacts())) { List dmpContactImportExports = new LinkedList<>(); - List users = this.queryFactory.query(UserQuery.class).ids(propertiesEntity.getContacts().stream().map(DmpContactEntity::getUserId).filter(Objects::nonNull).distinct().toList()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).collect(); + List users = this.queryFactory.query(UserQuery.class).ids(propertiesEntity.getContacts().stream().map(DmpContactEntity::getUserId).filter(Objects::nonNull).distinct().toList()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).collect(); Map usersMap = users == null ? new HashMap<>() : users.stream().collect(Collectors.toMap(UserEntity::getId, x-> x)); for (DmpContactEntity contactEntity : propertiesEntity.getContacts()) { dmpContactImportExports.add(this.dmpContactToExport(contactEntity, usersMap)); @@ -1390,9 +1388,9 @@ public class DmpServiceImpl implements DmpService { xml.setContacts(dmpContactImportExports); } - List dmpUsers = this.queryFactory.query(DmpUserQuery.class).dmpIds(data.getId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActives(IsActive.Active).collect(); + List dmpUsers = this.queryFactory.query(DmpUserQuery.class).dmpIds(data.getId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActives(IsActive.Active).collect(); if (!this.conventionService.isListNullOrEmpty(dmpUsers)) { - List users = this.queryFactory.query(UserQuery.class).ids(dmpUsers.stream().map(DmpUserEntity::getUserId).distinct().toList()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).collect(); + List users = this.queryFactory.query(UserQuery.class).ids(dmpUsers.stream().map(DmpUserEntity::getUserId).distinct().toList()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).collect(); Map usersMap = users == null ? new HashMap<>() : users.stream().collect(Collectors.toMap(UserEntity::getId, x-> x)); List dmpUserImportExports = new LinkedList<>(); for (DmpUserEntity dmpUserEntity : dmpUsers) { @@ -1400,12 +1398,12 @@ public class DmpServiceImpl implements DmpService { } xml.setUsers(dmpUserImportExports); } - DmpBlueprintEntity blueprintEntity = this.queryFactory.query(DmpBlueprintQuery.class).ids(data.getBlueprintId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).first(); + DmpBlueprintEntity blueprintEntity = this.queryFactory.query(DmpBlueprintQuery.class).ids(data.getBlueprintId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).first(); if (blueprintEntity != null) { - xml.setBlueprint(this.dmpBlueprintService.getExportXmlEntity(blueprintEntity.getId())); + xml.setBlueprint(this.dmpBlueprintService.getExportXmlEntity(blueprintEntity.getId(), true)); } - List dmpDescriptionTemplateEntities = this.queryFactory.query(DmpDescriptionTemplateQuery.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).dmpIds(data.getId()).isActive(IsActive.Active).collect(); + List dmpDescriptionTemplateEntities = this.queryFactory.query(DmpDescriptionTemplateQuery.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).dmpIds(data.getId()).isActive(IsActive.Active).collect(); if (!this.conventionService.isListNullOrEmpty(dmpDescriptionTemplateEntities)) { List dmpDescriptionTemplateImportExports = new LinkedList<>(); for (DmpDescriptionTemplateEntity descriptionTemplateEntity : dmpDescriptionTemplateEntities) { @@ -1422,9 +1420,9 @@ public class DmpServiceImpl implements DmpService { xml.setBlueprintValues(dmpDescriptionTemplateImportExports); } - List dmpReferences = this.queryFactory.query(DmpReferenceQuery.class).dmpIds(data.getId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActives(IsActive.Active).collect(); + List dmpReferences = this.queryFactory.query(DmpReferenceQuery.class).dmpIds(data.getId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActives(IsActive.Active).collect(); if (!this.conventionService.isListNullOrEmpty(dmpReferences)) { - List references = this.queryFactory.query(ReferenceQuery.class).ids(dmpReferences.stream().map(DmpReferenceEntity::getReferenceId).distinct().toList()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).collect(); + List references = this.queryFactory.query(ReferenceQuery.class).ids(dmpReferences.stream().map(DmpReferenceEntity::getReferenceId).distinct().toList()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).collect(); Map referenceEntityMap = references == null ? new HashMap<>() : references.stream().collect(Collectors.toMap(ReferenceEntity::getId, x-> x)); List referenceTypes = references == null ? new ArrayList<>() : this.queryFactory.query(ReferenceTypeQuery.class).ids(references.stream().map(ReferenceEntity::getTypeId).distinct().toList()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).collect(); Map referenceTypeEntityMap = referenceTypes == null ? new HashMap<>() : referenceTypes.stream().collect(Collectors.toMap(ReferenceTypeEntity::getId, x-> x)); @@ -1434,11 +1432,11 @@ public class DmpServiceImpl implements DmpService { } xml.setReferences(dmpReferenceImportExports); } - List descriptions = this.queryFactory.query(DescriptionQuery.class).dmpIds(data.getId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).dmpIds(data.getId()).isActive(IsActive.Active).collect(); + List descriptions = this.queryFactory.query(DescriptionQuery.class).dmpIds(data.getId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).dmpIds(data.getId()).isActive(IsActive.Active).collect(); if (!this.conventionService.isListNullOrEmpty(descriptions)) { List descriptionImportExports = new LinkedList<>(); for (DescriptionEntity description : descriptions) { - descriptionImportExports.add(this.descriptionService.exportXmlEntity(description.getId())); + descriptionImportExports.add(this.descriptionService.exportXmlEntity(description.getId(), true)); } xml.setDescriptions(descriptionImportExports); } diff --git a/backend/core/src/main/java/org/opencdmp/service/dmpblueprint/DmpBlueprintService.java b/backend/core/src/main/java/org/opencdmp/service/dmpblueprint/DmpBlueprintService.java index d573608e1..5f861708a 100644 --- a/backend/core/src/main/java/org/opencdmp/service/dmpblueprint/DmpBlueprintService.java +++ b/backend/core/src/main/java/org/opencdmp/service/dmpblueprint/DmpBlueprintService.java @@ -35,7 +35,7 @@ public interface DmpBlueprintService { DmpBlueprint createNewVersion(NewVersionDmpBlueprintPersist model, FieldSet fieldSet) throws MyForbiddenException, MyValidationException, MyApplicationException, MyNotFoundException, InvalidApplicationException, JAXBException, ParserConfigurationException, JsonProcessingException, TransformerException; - BlueprintImportExport getExportXmlEntity(UUID id) throws MyForbiddenException, MyNotFoundException, InvalidApplicationException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException; + BlueprintImportExport getExportXmlEntity(UUID id, boolean ignoreAuthorize) throws MyForbiddenException, MyNotFoundException, InvalidApplicationException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException; ResponseEntity exportXml(UUID id) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException, TransformerException, InvalidApplicationException; DmpBlueprint importXml(byte[] bytes, String label, FieldSet fields) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, TransformerException, InvalidApplicationException, IOException, InstantiationException, IllegalAccessException, SAXException; diff --git a/backend/core/src/main/java/org/opencdmp/service/dmpblueprint/DmpBlueprintServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/dmpblueprint/DmpBlueprintServiceImpl.java index 6fa867a7e..5981e3962 100644 --- a/backend/core/src/main/java/org/opencdmp/service/dmpblueprint/DmpBlueprintServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/dmpblueprint/DmpBlueprintServiceImpl.java @@ -10,6 +10,7 @@ import org.opencdmp.commons.types.dmpblueprint.*; import org.opencdmp.commons.types.dmpblueprint.importexport.*; import org.opencdmp.convention.ConventionService; import org.opencdmp.data.DmpBlueprintEntity; +import org.opencdmp.data.DmpEntity; import org.opencdmp.data.TenantEntityManager; import org.opencdmp.errorcode.ErrorThesaurusProperties; import org.opencdmp.model.DmpBlueprint; @@ -22,6 +23,7 @@ import org.opencdmp.model.persist.DmpBlueprintPersist; import org.opencdmp.model.persist.NewVersionDmpBlueprintPersist; import org.opencdmp.model.persist.dmpblueprintdefinition.*; import org.opencdmp.query.DmpBlueprintQuery; +import org.opencdmp.query.DmpQuery; import org.opencdmp.service.responseutils.ResponseUtilsService; import gr.cite.commons.web.authz.service.AuthorizationService; import gr.cite.tools.data.builder.BuilderFactory; @@ -445,13 +447,12 @@ public class DmpBlueprintServiceImpl implements DmpBlueprintService { @Override - public BlueprintImportExport getExportXmlEntity(UUID id) throws MyForbiddenException, MyNotFoundException, InvalidApplicationException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException { + public BlueprintImportExport getExportXmlEntity(UUID id, boolean ignoreAuthorize) throws MyForbiddenException, MyNotFoundException, InvalidApplicationException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException { logger.debug(new MapLogEntry("export xml").And("id", id)); - this.authorizationService.authorizeForce(Permission.ExportDmpBlueprint); - DmpBlueprintEntity data = this.entityManager.find(DmpBlueprintEntity.class, id); - if (data == null) - throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, DmpBlueprint.class.getSimpleName()}, LocaleContextHolder.getLocale())); + if (!ignoreAuthorize) this.authorizationService.authorizeForce(Permission.ExportDmpBlueprint); + DmpBlueprintEntity data = this.queryFactory.query(DmpBlueprintQuery.class).ids(id).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).first(); + if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, DmpBlueprint.class.getSimpleName()}, LocaleContextHolder.getLocale())); return this.definitionXmlToExport(data); } @@ -460,11 +461,10 @@ public class DmpBlueprintServiceImpl implements DmpBlueprintService { @Override public ResponseEntity exportXml(UUID id) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException, TransformerException, InvalidApplicationException { logger.debug(new MapLogEntry("export xml").And("id", id)); - DmpBlueprintEntity data = this.entityManager.find(DmpBlueprintEntity.class, id); - if (data == null) - throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, DmpBlueprint.class.getSimpleName()}, LocaleContextHolder.getLocale())); + DmpBlueprintEntity data = this.queryFactory.query(DmpBlueprintQuery.class).ids(id).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).first(); + if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, DmpBlueprint.class.getSimpleName()}, LocaleContextHolder.getLocale())); - String xml = this.xmlHandlingService.toXml(this.getExportXmlEntity(id)); + String xml = this.xmlHandlingService.toXml(this.getExportXmlEntity(id, false)); return this.responseUtilsService.buildResponseFileFromText(xml, data.getLabel() + ".xml"); } diff --git a/backend/web/src/main/resources/config/permissions.yml b/backend/web/src/main/resources/config/permissions.yml index 8bee5db97..ad762d454 100644 --- a/backend/web/src/main/resources/config/permissions.yml +++ b/backend/web/src/main/resources/config/permissions.yml @@ -222,17 +222,10 @@ permissions: allowAnonymous: false allowAuthenticated: false ExportDescription: - roles: - - TenantAdmin - dmp: - roles: - - Owner - - User - - DescriptionContributor - - Reviewer + roles: [] clients: [ ] allowAnonymous: false - allowAuthenticated: false + allowAuthenticated: true # Tag BrowseTag: roles: @@ -390,6 +383,7 @@ permissions: ExportDescriptionTemplate: roles: - TenantAdmin + - Admin - TenantDescriptionTemplateEditor claims: [ ] clients: [ ] @@ -454,15 +448,11 @@ permissions: allowAnonymous: false allowAuthenticated: false ExportDmp: - roles: - - TenantAdmin - dmp: - roles: - - Owner + roles: [ ] claims: [ ] clients: [ ] allowAnonymous: false - allowAuthenticated: false + allowAuthenticated: true CreateNewVersionDmp: roles: - TenantAdmin @@ -544,6 +534,7 @@ permissions: ExportDmpBlueprint: roles: - TenantAdmin + - Admin clients: [ ] allowAnonymous: false allowAuthenticated: false