From 65d62b2849f590dbad448a263225cb6fcbd193bb Mon Sep 17 00:00:00 2001 From: amentis Date: Fri, 15 Mar 2024 15:16:20 +0200 Subject: [PATCH] fix description authz --- .../eu/eudat/model/censorship/DescriptionReferenceCensor.java | 2 +- .../java/eu/eudat/model/censorship/DescriptionTagCensor.java | 2 +- .../model/censorship/descriptionproperties/FieldCensor.java | 2 +- .../descriptionproperties/PropertyDefinitionCensor.java | 2 +- .../PropertyDefinitionFieldSetCensor.java | 2 +- .../PropertyDefinitionFieldSetItemCensor.java | 2 +- .../main/java/eu/eudat/query/DescriptionReferenceQuery.java | 4 +++- .../src/main/java/eu/eudat/query/DescriptionTagQuery.java | 4 +++- 8 files changed, 12 insertions(+), 8 deletions(-) diff --git a/dmp-backend/core/src/main/java/eu/eudat/model/censorship/DescriptionReferenceCensor.java b/dmp-backend/core/src/main/java/eu/eudat/model/censorship/DescriptionReferenceCensor.java index 14970865a..d00b486d4 100644 --- a/dmp-backend/core/src/main/java/eu/eudat/model/censorship/DescriptionReferenceCensor.java +++ b/dmp-backend/core/src/main/java/eu/eudat/model/censorship/DescriptionReferenceCensor.java @@ -41,7 +41,7 @@ public class DescriptionReferenceCensor extends BaseCensor { if (fields == null || fields.isEmpty()) return; - this.authService.authorizeForce(Permission.BrowseDescriptionReference); + this.authService.authorizeForce(Permission.BrowseDescriptionReference, Permission.DeferredAffiliation); FieldSet descriptionFields = fields.extractPrefixed(this.asIndexerPrefix(DescriptionReference._description)); this.censorFactory.censor(DescriptionCensor.class).censor(descriptionFields, userId); FieldSet referenceFields = fields.extractPrefixed(this.asIndexerPrefix(DescriptionReference._reference)); diff --git a/dmp-backend/core/src/main/java/eu/eudat/model/censorship/DescriptionTagCensor.java b/dmp-backend/core/src/main/java/eu/eudat/model/censorship/DescriptionTagCensor.java index 8160aceb5..6d14fa240 100644 --- a/dmp-backend/core/src/main/java/eu/eudat/model/censorship/DescriptionTagCensor.java +++ b/dmp-backend/core/src/main/java/eu/eudat/model/censorship/DescriptionTagCensor.java @@ -41,7 +41,7 @@ public class DescriptionTagCensor extends BaseCensor { if (fields == null || fields.isEmpty()) return; - this.authService.authorizeForce(Permission.BrowseDescriptionTag); + this.authService.authorizeForce(Permission.BrowseDescriptionTag, Permission.DeferredAffiliation); FieldSet descriptionFields = fields.extractPrefixed(this.asIndexerPrefix(DescriptionTag._description)); this.censorFactory.censor(DescriptionCensor.class).censor(descriptionFields, userId); FieldSet tagFields = fields.extractPrefixed(this.asIndexerPrefix(DescriptionTag._tag)); diff --git a/dmp-backend/core/src/main/java/eu/eudat/model/censorship/descriptionproperties/FieldCensor.java b/dmp-backend/core/src/main/java/eu/eudat/model/censorship/descriptionproperties/FieldCensor.java index 216b385b7..e20cbc8a2 100644 --- a/dmp-backend/core/src/main/java/eu/eudat/model/censorship/descriptionproperties/FieldCensor.java +++ b/dmp-backend/core/src/main/java/eu/eudat/model/censorship/descriptionproperties/FieldCensor.java @@ -33,7 +33,7 @@ public class FieldCensor extends BaseCensor { if (fields == null || fields.isEmpty()) return; - this.authService.authorizeForce(Permission.BrowseDescription); + this.authService.authorizeForce(Permission.BrowseDescription, Permission.DeferredAffiliation); } } diff --git a/dmp-backend/core/src/main/java/eu/eudat/model/censorship/descriptionproperties/PropertyDefinitionCensor.java b/dmp-backend/core/src/main/java/eu/eudat/model/censorship/descriptionproperties/PropertyDefinitionCensor.java index 963d5d703..8f061282c 100644 --- a/dmp-backend/core/src/main/java/eu/eudat/model/censorship/descriptionproperties/PropertyDefinitionCensor.java +++ b/dmp-backend/core/src/main/java/eu/eudat/model/censorship/descriptionproperties/PropertyDefinitionCensor.java @@ -41,7 +41,7 @@ public class PropertyDefinitionCensor extends BaseCensor { if (fields == null || fields.isEmpty()) return; - this.authService.authorizeForce(Permission.BrowseDescription); + this.authService.authorizeForce(Permission.BrowseDescription, Permission.DeferredAffiliation); FieldSet fieldSetFields = fields.extractPrefixed(this.asIndexerPrefix(PropertyDefinition._fieldSets)); this.censorFactory.censor(PropertyDefinitionFieldSetCensor.class).censor(fieldSetFields, userId); } diff --git a/dmp-backend/core/src/main/java/eu/eudat/model/censorship/descriptionproperties/PropertyDefinitionFieldSetCensor.java b/dmp-backend/core/src/main/java/eu/eudat/model/censorship/descriptionproperties/PropertyDefinitionFieldSetCensor.java index fedc16ff4..9ca982588 100644 --- a/dmp-backend/core/src/main/java/eu/eudat/model/censorship/descriptionproperties/PropertyDefinitionFieldSetCensor.java +++ b/dmp-backend/core/src/main/java/eu/eudat/model/censorship/descriptionproperties/PropertyDefinitionFieldSetCensor.java @@ -39,7 +39,7 @@ public class PropertyDefinitionFieldSetCensor extends BaseCensor { if (fields == null || fields.isEmpty()) return; - this.authService.authorizeForce(Permission.BrowseDescription); + this.authService.authorizeForce(Permission.BrowseDescription, Permission.DeferredAffiliation); FieldSet itemsFields = fields.extractPrefixed(this.asIndexerPrefix(PropertyDefinitionFieldSet._items)); this.censorFactory.censor(PropertyDefinitionFieldSetItemCensor.class).censor(itemsFields, userId); } diff --git a/dmp-backend/core/src/main/java/eu/eudat/model/censorship/descriptionproperties/PropertyDefinitionFieldSetItemCensor.java b/dmp-backend/core/src/main/java/eu/eudat/model/censorship/descriptionproperties/PropertyDefinitionFieldSetItemCensor.java index 950311c4d..49865b3d0 100644 --- a/dmp-backend/core/src/main/java/eu/eudat/model/censorship/descriptionproperties/PropertyDefinitionFieldSetItemCensor.java +++ b/dmp-backend/core/src/main/java/eu/eudat/model/censorship/descriptionproperties/PropertyDefinitionFieldSetItemCensor.java @@ -39,7 +39,7 @@ public class PropertyDefinitionFieldSetItemCensor extends BaseCensor { if (fields == null || fields.isEmpty()) return; - this.authService.authorizeForce(Permission.BrowseDescription); + this.authService.authorizeForce(Permission.BrowseDescription, Permission.DeferredAffiliation); FieldSet fieldFields = fields.extractPrefixed(this.asIndexerPrefix(PropertyDefinitionFieldSetItem._fields)); this.censorFactory.censor(FieldCensor.class).censor(fieldFields, userId); } diff --git a/dmp-backend/core/src/main/java/eu/eudat/query/DescriptionReferenceQuery.java b/dmp-backend/core/src/main/java/eu/eudat/query/DescriptionReferenceQuery.java index cc92b1b9d..3d4f7d49a 100644 --- a/dmp-backend/core/src/main/java/eu/eudat/query/DescriptionReferenceQuery.java +++ b/dmp-backend/core/src/main/java/eu/eudat/query/DescriptionReferenceQuery.java @@ -154,14 +154,16 @@ public class DescriptionReferenceQuery extends QueryBase predicates = new ArrayList<>(); if (userId != null || usePublic ) { + UUID finalUserId = userId; Subquery descriptionSubquery = queryUtilsService.buildSubQuery(new BuildSubQueryInput<>( new BuildSubQueryInput.Builder<>(DescriptionEntity.class, UUID.class, queryContext) .keyPathFunc((subQueryRoot) -> subQueryRoot.get(DescriptionEntity._id)) .filterFunc((subQueryRoot, cb) -> - cb.in(subQueryRoot.get(DescriptionEntity._dmpDescriptionTemplateId)).value(queryUtilsService.buildDmpAuthZSubQuery(queryContext.Query, queryContext.CriteriaBuilder, userId, usePublic)) + cb.in(subQueryRoot.get(DescriptionEntity._dmpDescriptionTemplateId)).value(queryUtilsService.buildDmpAuthZSubQuery(queryContext.Query, queryContext.CriteriaBuilder, finalUserId, usePublic)) ) )); predicates.add(queryContext.CriteriaBuilder.in(queryContext.Root.get(DescriptionReferenceEntity._descriptionId)).value(descriptionSubquery)); diff --git a/dmp-backend/core/src/main/java/eu/eudat/query/DescriptionTagQuery.java b/dmp-backend/core/src/main/java/eu/eudat/query/DescriptionTagQuery.java index 7bfeff1b7..55f31cbf2 100644 --- a/dmp-backend/core/src/main/java/eu/eudat/query/DescriptionTagQuery.java +++ b/dmp-backend/core/src/main/java/eu/eudat/query/DescriptionTagQuery.java @@ -152,14 +152,16 @@ public class DescriptionTagQuery extends QueryBase { boolean usePublic = this.authorize.contains(AuthorizationFlags.Public); if (this.authorize.contains(AuthorizationFlags.DmpAssociated)) userId = this.userScope.getUserIdSafe(); else userId = null; + if (this.authorize.contains(AuthorizationFlags.Owner)) userId = this.userScope.getUserIdSafe(); List predicates = new ArrayList<>(); if (userId != null || usePublic ) { + UUID finalUserId = userId; Subquery descriptionSubquery = queryUtilsService.buildSubQuery(new BuildSubQueryInput<>( new BuildSubQueryInput.Builder<>(DescriptionEntity.class, UUID.class, queryContext) .keyPathFunc((subQueryRoot) -> subQueryRoot.get(DescriptionEntity._id)) .filterFunc((subQueryRoot, cb) -> - cb.in(subQueryRoot.get(DescriptionEntity._dmpDescriptionTemplateId)).value(queryUtilsService.buildDmpAuthZSubQuery(queryContext.Query, queryContext.CriteriaBuilder, userId, usePublic)) + cb.in(subQueryRoot.get(DescriptionEntity._dmpDescriptionTemplateId)).value(queryUtilsService.buildDmpAuthZSubQuery(queryContext.Query, queryContext.CriteriaBuilder, finalUserId, usePublic)) ) )); predicates.add(queryContext.CriteriaBuilder.in(queryContext.Root.get(DescriptionTagEntity._descriptionId)).value(descriptionSubquery));