From 8ef952ec80e00680a57e8200cb55158ca1b9d1d6 Mon Sep 17 00:00:00 2001 From: amentis Date: Mon, 22 Apr 2024 17:25:44 +0300 Subject: [PATCH] upload access denied fix --- .../eu/eudat/controllers/StorageFileController.java | 8 ++++---- .../components/form-field/form-field.component.ts | 10 +++++++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/StorageFileController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/StorageFileController.java index ad608cee2..7c57c6321 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/StorageFileController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/StorageFileController.java @@ -81,7 +81,7 @@ public class StorageFileController { public StorageFile get(@PathVariable("id") UUID id, FieldSet fieldSet) throws MyApplicationException, MyForbiddenException, MyNotFoundException { logger.debug(new MapLogEntry("retrieving " + StorageFile.class.getSimpleName()).And("id", id).And("fields", fieldSet)); - this.authorizationService.authorizeForce(Permission.BrowseStorageFile); + this.authorizationService.authorizeForce(Permission.BrowseStorageFile, Permission.DeferredAffiliation); StorageFileQuery query = this.queryFactory.query(StorageFileQuery.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); StorageFile model = this.builderFactory.builder(StorageFileBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); @@ -102,7 +102,7 @@ public class StorageFileController { public List uploadTempFiles(@RequestParam("files") MultipartFile[] files) throws IOException { logger.debug("upload temp files"); - this.authorizationService.authorizeForce(Permission.EditStorageFile); + this.authorizationService.authorizeForce(Permission.EditStorageFile, Permission.DeferredAffiliation); List addedFiles = new ArrayList<>(); for (MultipartFile file : files) { @@ -114,7 +114,7 @@ public class StorageFileController { storageFilePersist.setStorageType(StorageType.Temp); storageFilePersist.setLifetime(Duration.ofSeconds(this.config.getTempStoreLifetimeSeconds())); this.validatorFactory.validator(StorageFilePersist.StorageFilePersistValidator.class).validateForce(storageFilePersist); - StorageFile persisted = this.storageFileService.persistBytes(storageFilePersist, file.getBytes(), new BaseFieldSet(StorageFile._id, StorageFile._name)); + StorageFile persisted = this.storageFileService.persistBytes(storageFilePersist, file.getBytes(), new BaseFieldSet(StorageFile._id, StorageFile._name, StorageFile._extension)); addedFiles.add(persisted); } @@ -127,7 +127,7 @@ public class StorageFileController { public ResponseEntity get(@PathVariable("id") UUID id) throws MyApplicationException, MyForbiddenException, MyNotFoundException { logger.debug(new MapLogEntry("download" ).And("id", id)); - this.authorizationService.authorizeForce(Permission.BrowseStorageFile); + this.authorizationService.authorizeForce(Permission.BrowseStorageFile, Permission.DeferredAffiliation); StorageFileEntity storageFile = this.queryFactory.query(StorageFileQuery.class).ids(id).firstAs(new BaseFieldSet().ensure(StorageFile._createdAt, StorageFile._fullName, StorageFile._mimeType, StorageFile._extension)); if (storageFile == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{id, StorageFile.class.getSimpleName()}, LocaleContextHolder.getLocale())); diff --git a/dmp-frontend/src/app/ui/description/editor/description-form/components/form-field/form-field.component.ts b/dmp-frontend/src/app/ui/description/editor/description-form/components/form-field/form-field.component.ts index 8a94decc9..e378cc7dc 100644 --- a/dmp-frontend/src/app/ui/description/editor/description-form/components/form-field/form-field.component.ts +++ b/dmp-frontend/src/app/ui/description/editor/description-form/components/form-field/form-field.component.ts @@ -108,8 +108,7 @@ export class DescriptionFormFieldComponent extends BaseComponent implements OnIn ] this.storageFileService.getSingle(id, fields).pipe(takeUntil(this._destroyed)).subscribe(storageFile => { - if(storageFile.extension.startsWith('.')) this.fileNameDisplay = storageFile.name + storageFile.extension; - else this.fileNameDisplay = storageFile.name + '.' +storageFile.extension; + this.createFileNameDisplay(storageFile.name, storageFile.extension); this.applyFieldType(); }); } else { @@ -276,7 +275,7 @@ export class DescriptionFormFieldComponent extends BaseComponent implements OnIn this.storageFileService.uploadTempFiles(this.filesToUpload[0]) .pipe(takeUntil(this._destroyed)).subscribe((response) => { this.propertiesFormGroup?.get(this.field.id).get('textValue').patchValue(response[0].id.toString()); - this.fileNameDisplay = response[0].name; + this.createFileNameDisplay(response[0].name, response[0].extension); this.cdr.detectChanges(); }, error => { this.onCallbackUploadFail(error.error); @@ -285,6 +284,11 @@ export class DescriptionFormFieldComponent extends BaseComponent implements OnIn } + private createFileNameDisplay(name: string, extension: string){ + if (extension.startsWith('.')) this.fileNameDisplay = name + extension; + else this.fileNameDisplay = name + '.' + extension; + } + private onCallbackUploadFail(error: any) { this.makeFilesNull();