authz fixes

This commit is contained in:
amentis 2024-03-27 14:57:02 +02:00
parent d086e3128e
commit 62f1946279
4 changed files with 15 additions and 4 deletions

View File

@ -73,6 +73,7 @@ public final class Permission {
public static String DepositDmp = "DepositDmp"; public static String DepositDmp = "DepositDmp";
public static String DeleteDmp = "DeleteDmp"; public static String DeleteDmp = "DeleteDmp";
public static String CloneDmp = "CloneDmp"; public static String CloneDmp = "CloneDmp";
public static String ExportDmp = "ExportDmp";
public static String CreateNewVersionDmp = "CreateNewVersionDmp"; public static String CreateNewVersionDmp = "CreateNewVersionDmp";
public static String FinalizeDmp = "FinalizeDmp"; public static String FinalizeDmp = "FinalizeDmp";
public static String UndoFinalizeDmp = "UndoFinalizeDmp"; public static String UndoFinalizeDmp = "UndoFinalizeDmp";

View File

@ -36,7 +36,7 @@ public class DepositConfigurationCensor extends BaseCensor {
if (fields == null || fields.isEmpty()) if (fields == null || fields.isEmpty())
return; return;
this.authService.authorizeForce(Permission.BrowseDeposit); this.authService.authorizeForce(Permission.BrowseDeposit, Permission.DeferredAffiliation);
} }

View File

@ -114,7 +114,7 @@ public class DepositServiceImpl implements DepositService {
@Override @Override
public List<eu.eudat.model.deposit.DepositConfiguration> getAvailableConfigurations(FieldSet fieldSet) { public List<eu.eudat.model.deposit.DepositConfiguration> getAvailableConfigurations(FieldSet fieldSet) {
this.authorizationService.authorizeForce(Permission.BrowseDeposit); this.authorizationService.authorizeForce(Permission.BrowseDeposit, Permission.DeferredAffiliation);
List<eu.eudat.model.deposit.DepositConfiguration> configurations = new ArrayList<>(); List<eu.eudat.model.deposit.DepositConfiguration> configurations = new ArrayList<>();
@ -201,7 +201,7 @@ public class DepositServiceImpl implements DepositService {
@Override @Override
public String getLogo(String repositoryId) { public String getLogo(String repositoryId) {
this.authorizationService.authorizeForce(Permission.BrowseDeposit); this.authorizationService.authorizeForce(Permission.BrowseDeposit, Permission.DeferredAffiliation);
DepositClient depositClient = getDepositClient(repositoryId); DepositClient depositClient = getDepositClient(repositoryId);
if (depositClient == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{repositoryId, DepositClient.class.getSimpleName()}, LocaleContextHolder.getLocale())); if (depositClient == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{repositoryId, DepositClient.class.getSimpleName()}, LocaleContextHolder.getLocale()));
@ -210,7 +210,7 @@ public class DepositServiceImpl implements DepositService {
@Override @Override
public String authenticate(DepositAuthenticateRequest model) { public String authenticate(DepositAuthenticateRequest model) {
this.authorizationService.authorizeForce(Permission.BrowseDeposit); this.authorizationService.authorizeForce(Permission.BrowseDeposit, Permission.DeferredAffiliation);
DepositClient depositClient = getDepositClient(model.getRepositoryId()); DepositClient depositClient = getDepositClient(model.getRepositoryId());
if (depositClient == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{model.getRepositoryId(), DepositClient.class.getSimpleName()}, LocaleContextHolder.getLocale())); if (depositClient == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{model.getRepositoryId(), DepositClient.class.getSimpleName()}, LocaleContextHolder.getLocale()));

View File

@ -402,6 +402,16 @@ permissions:
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
ExportDmp:
roles:
- Admin
dmp:
roles:
- Owner
claims: [ ]
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
CreateNewVersionDmp: CreateNewVersionDmp:
roles: roles:
- Admin - Admin