Adds authorization check when creating new version of a DMP.
This commit is contained in:
parent
aaae4ec3fa
commit
9d8de0c2fb
|
@ -571,7 +571,9 @@ public class DataManagementPlanManager {
|
||||||
|
|
||||||
public void newVersion(UUID uuid, DataManagementPlanNewVersionModel dataManagementPlan, Principal principal) throws Exception {
|
public void newVersion(UUID uuid, DataManagementPlanNewVersionModel dataManagementPlan, Principal principal) throws Exception {
|
||||||
DMP oldDmp = databaseRepository.getDmpDao().find(uuid);
|
DMP oldDmp = databaseRepository.getDmpDao().find(uuid);
|
||||||
|
if (!isUserOwnerOfDmp(oldDmp, principal)) {
|
||||||
|
throw new Exception("User not being the creator is not authorized to perform this action.");
|
||||||
|
}
|
||||||
DataManagementPlanCriteria criteria = new DataManagementPlanCriteria();
|
DataManagementPlanCriteria criteria = new DataManagementPlanCriteria();
|
||||||
LinkedList<UUID> list = new LinkedList<>();
|
LinkedList<UUID> list = new LinkedList<>();
|
||||||
list.push(oldDmp.getGroupId());
|
list.push(oldDmp.getGroupId());
|
||||||
|
@ -639,7 +641,6 @@ public class DataManagementPlanManager {
|
||||||
databaseRepository.getGrantDao().createOrUpdate(newDmp.getGrant());
|
databaseRepository.getGrantDao().createOrUpdate(newDmp.getGrant());
|
||||||
newDmp = databaseRepository.getDmpDao().createOrUpdate(newDmp);
|
newDmp = databaseRepository.getDmpDao().createOrUpdate(newDmp);
|
||||||
|
|
||||||
// Assign creator.
|
|
||||||
assignUser(newDmp, user);
|
assignUser(newDmp, user);
|
||||||
copyDatasets(newDmp, databaseRepository.getDatasetDao());
|
copyDatasets(newDmp, databaseRepository.getDatasetDao());
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue