fix description authz

This commit is contained in:
amentis 2024-03-15 15:16:20 +02:00
parent 388857cdce
commit 65d62b2849
8 changed files with 12 additions and 8 deletions

View File

@ -41,7 +41,7 @@ public class DescriptionReferenceCensor extends BaseCensor {
if (fields == null || fields.isEmpty())
return;
this.authService.authorizeForce(Permission.BrowseDescriptionReference);
this.authService.authorizeForce(Permission.BrowseDescriptionReference, Permission.DeferredAffiliation);
FieldSet descriptionFields = fields.extractPrefixed(this.asIndexerPrefix(DescriptionReference._description));
this.censorFactory.censor(DescriptionCensor.class).censor(descriptionFields, userId);
FieldSet referenceFields = fields.extractPrefixed(this.asIndexerPrefix(DescriptionReference._reference));

View File

@ -41,7 +41,7 @@ public class DescriptionTagCensor extends BaseCensor {
if (fields == null || fields.isEmpty())
return;
this.authService.authorizeForce(Permission.BrowseDescriptionTag);
this.authService.authorizeForce(Permission.BrowseDescriptionTag, Permission.DeferredAffiliation);
FieldSet descriptionFields = fields.extractPrefixed(this.asIndexerPrefix(DescriptionTag._description));
this.censorFactory.censor(DescriptionCensor.class).censor(descriptionFields, userId);
FieldSet tagFields = fields.extractPrefixed(this.asIndexerPrefix(DescriptionTag._tag));

View File

@ -33,7 +33,7 @@ public class FieldCensor extends BaseCensor {
if (fields == null || fields.isEmpty())
return;
this.authService.authorizeForce(Permission.BrowseDescription);
this.authService.authorizeForce(Permission.BrowseDescription, Permission.DeferredAffiliation);
}
}

View File

@ -41,7 +41,7 @@ public class PropertyDefinitionCensor extends BaseCensor {
if (fields == null || fields.isEmpty())
return;
this.authService.authorizeForce(Permission.BrowseDescription);
this.authService.authorizeForce(Permission.BrowseDescription, Permission.DeferredAffiliation);
FieldSet fieldSetFields = fields.extractPrefixed(this.asIndexerPrefix(PropertyDefinition._fieldSets));
this.censorFactory.censor(PropertyDefinitionFieldSetCensor.class).censor(fieldSetFields, userId);
}

View File

@ -39,7 +39,7 @@ public class PropertyDefinitionFieldSetCensor extends BaseCensor {
if (fields == null || fields.isEmpty())
return;
this.authService.authorizeForce(Permission.BrowseDescription);
this.authService.authorizeForce(Permission.BrowseDescription, Permission.DeferredAffiliation);
FieldSet itemsFields = fields.extractPrefixed(this.asIndexerPrefix(PropertyDefinitionFieldSet._items));
this.censorFactory.censor(PropertyDefinitionFieldSetItemCensor.class).censor(itemsFields, userId);
}

View File

@ -39,7 +39,7 @@ public class PropertyDefinitionFieldSetItemCensor extends BaseCensor {
if (fields == null || fields.isEmpty())
return;
this.authService.authorizeForce(Permission.BrowseDescription);
this.authService.authorizeForce(Permission.BrowseDescription, Permission.DeferredAffiliation);
FieldSet fieldFields = fields.extractPrefixed(this.asIndexerPrefix(PropertyDefinitionFieldSetItem._fields));
this.censorFactory.censor(FieldCensor.class).censor(fieldFields, userId);
}

View File

@ -154,14 +154,16 @@ public class DescriptionReferenceQuery extends QueryBase<DescriptionReferenceEnt
boolean usePublic = this.authorize.contains(AuthorizationFlags.Public);
if (this.authorize.contains(AuthorizationFlags.DmpAssociated)) userId = this.userScope.getUserIdSafe();
else userId = null;
if (this.authorize.contains(AuthorizationFlags.Owner)) userId = this.userScope.getUserIdSafe();
List<Predicate> predicates = new ArrayList<>();
if (userId != null || usePublic ) {
UUID finalUserId = userId;
Subquery<UUID> descriptionSubquery = queryUtilsService.buildSubQuery(new BuildSubQueryInput<>(
new BuildSubQueryInput.Builder<>(DescriptionEntity.class, UUID.class, queryContext)
.keyPathFunc((subQueryRoot) -> subQueryRoot.get(DescriptionEntity._id))
.filterFunc((subQueryRoot, cb) ->
cb.in(subQueryRoot.get(DescriptionEntity._dmpDescriptionTemplateId)).value(queryUtilsService.buildDmpAuthZSubQuery(queryContext.Query, queryContext.CriteriaBuilder, userId, usePublic))
cb.in(subQueryRoot.get(DescriptionEntity._dmpDescriptionTemplateId)).value(queryUtilsService.buildDmpAuthZSubQuery(queryContext.Query, queryContext.CriteriaBuilder, finalUserId, usePublic))
)
));
predicates.add(queryContext.CriteriaBuilder.in(queryContext.Root.get(DescriptionReferenceEntity._descriptionId)).value(descriptionSubquery));

View File

@ -152,14 +152,16 @@ public class DescriptionTagQuery extends QueryBase<DescriptionTagEntity> {
boolean usePublic = this.authorize.contains(AuthorizationFlags.Public);
if (this.authorize.contains(AuthorizationFlags.DmpAssociated)) userId = this.userScope.getUserIdSafe();
else userId = null;
if (this.authorize.contains(AuthorizationFlags.Owner)) userId = this.userScope.getUserIdSafe();
List<Predicate> predicates = new ArrayList<>();
if (userId != null || usePublic ) {
UUID finalUserId = userId;
Subquery<UUID> descriptionSubquery = queryUtilsService.buildSubQuery(new BuildSubQueryInput<>(
new BuildSubQueryInput.Builder<>(DescriptionEntity.class, UUID.class, queryContext)
.keyPathFunc((subQueryRoot) -> subQueryRoot.get(DescriptionEntity._id))
.filterFunc((subQueryRoot, cb) ->
cb.in(subQueryRoot.get(DescriptionEntity._dmpDescriptionTemplateId)).value(queryUtilsService.buildDmpAuthZSubQuery(queryContext.Query, queryContext.CriteriaBuilder, userId, usePublic))
cb.in(subQueryRoot.get(DescriptionEntity._dmpDescriptionTemplateId)).value(queryUtilsService.buildDmpAuthZSubQuery(queryContext.Query, queryContext.CriteriaBuilder, finalUserId, usePublic))
)
));
predicates.add(queryContext.CriteriaBuilder.in(queryContext.Root.get(DescriptionTagEntity._descriptionId)).value(descriptionSubquery));