Refactors DMP's pdf, xml, document and rda-json export security.
This commit is contained in:
parent
c0df37e996
commit
d279cb65be
|
@ -87,9 +87,10 @@ public class DMPs extends BaseController {
|
|||
|
||||
@RequestMapping(method = RequestMethod.GET, value = {"{id}"})
|
||||
public @ResponseBody
|
||||
ResponseEntity getSingle(@PathVariable String id, @RequestHeader("Content-Type") String contentType, Principal principal) throws IllegalAccessException, InstantiationException, IOException {
|
||||
ResponseEntity getSingle(@PathVariable String id, @RequestHeader("Content-Type") String contentType,
|
||||
@ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws IllegalAccessException, InstantiationException, IOException {
|
||||
if (contentType.equals("application/xml") || contentType.equals("application/msword")) {
|
||||
return this.dataManagementPlanManager.getDocument(id, contentType);
|
||||
return this.dataManagementPlanManager.getDocument(id, contentType, principal);
|
||||
} else {
|
||||
eu.eudat.models.data.dmp.DataManagementPlan dataManagementPlan = this.dataManagementPlanManager.getSingle(id, principal, this.dynamicGrantConfiguration);
|
||||
return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem<DataManagementPlan>().status(ApiMessageCode.NO_MESSAGE).payload(dataManagementPlan));
|
||||
|
@ -105,8 +106,8 @@ public class DMPs extends BaseController {
|
|||
|
||||
@RequestMapping(method = RequestMethod.GET, value = {"rda/{id}"})
|
||||
public @ResponseBody
|
||||
ResponseEntity getRDAJsonDocument(@PathVariable String id, Principal principal) throws IOException {
|
||||
return this.dataManagementPlanManager.getRDAJsonDocument(id);
|
||||
ResponseEntity getRDAJsonDocument(@PathVariable String id, @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws IOException {
|
||||
return this.dataManagementPlanManager.getRDAJsonDocument(id, principal);
|
||||
}
|
||||
|
||||
@RequestMapping(method = RequestMethod.GET, value = {"/overview/{id}"})
|
||||
|
@ -185,8 +186,9 @@ public class DMPs extends BaseController {
|
|||
|
||||
@RequestMapping(method = RequestMethod.GET, value = {"/getPDF/{id}"})
|
||||
public @ResponseBody
|
||||
ResponseEntity<byte[]> getPDFDocument(@PathVariable String id, @RequestHeader("Content-Type") String contentType) throws IllegalAccessException, IOException, InstantiationException, InterruptedException {
|
||||
File file = this.dataManagementPlanManager.getWordDocument(id);
|
||||
ResponseEntity<byte[]> getPDFDocument(@PathVariable String id, @RequestHeader("Content-Type") String contentType,
|
||||
@ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws IllegalAccessException, IOException, InstantiationException, InterruptedException {
|
||||
File file = this.dataManagementPlanManager.getWordDocument(id, principal);
|
||||
String name = file.getName().substring(0, file.getName().length() - 5);
|
||||
File pdffile = datasetManager.convertToPDF(file, environment, name);
|
||||
InputStream resource = new FileInputStream(pdffile);
|
||||
|
@ -203,9 +205,7 @@ public class DMPs extends BaseController {
|
|||
resource.close();
|
||||
Files.deleteIfExists(file.toPath());
|
||||
Files.deleteIfExists(pdffile.toPath());
|
||||
return new ResponseEntity<>(content,
|
||||
responseHeaders,
|
||||
HttpStatus.OK);
|
||||
return new ResponseEntity<>(content, responseHeaders, HttpStatus.OK);
|
||||
}
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST, value = {"/upload"})
|
||||
|
|
|
@ -175,7 +175,7 @@ public class DataManagementPlanManager {
|
|||
return;
|
||||
}
|
||||
|
||||
public File getWordDocument(String id) throws InstantiationException, IllegalAccessException, IOException {
|
||||
public File getWordDocument(String id, Principal principal) throws IOException {
|
||||
WordBuilder wordBuilder = new WordBuilder();
|
||||
VisibilityRuleService visibilityRuleService = this.utilitiesService.getVisibilityRuleService();
|
||||
DatasetWizardModel dataset = new DatasetWizardModel();
|
||||
|
@ -184,6 +184,8 @@ public class DataManagementPlanManager {
|
|||
XWPFDocument document = new XWPFDocument(is);
|
||||
|
||||
eu.eudat.data.entities.DMP dmpEntity = databaseRepository.getDmpDao().find(UUID.fromString(id));
|
||||
if (!dmpEntity.isPublic() && dmpEntity.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()).collect(Collectors.toList()).size() == 0)
|
||||
throw new UnauthorisedException();
|
||||
|
||||
// Space above DMP title.
|
||||
XWPFParagraph parAboveDmpTitle = document.createParagraph();
|
||||
|
@ -784,10 +786,12 @@ public class DataManagementPlanManager {
|
|||
}
|
||||
}
|
||||
|
||||
public FileEnvelope getXmlDocument(String id) throws InstantiationException, IllegalAccessException, IOException {
|
||||
public FileEnvelope getXmlDocument(String id, Principal principal) throws InstantiationException, IllegalAccessException, IOException {
|
||||
ExportXmlBuilder xmlBuilder = new ExportXmlBuilder();
|
||||
VisibilityRuleService visibilityRuleService = utilitiesService.getVisibilityRuleService();
|
||||
eu.eudat.data.entities.DMP dmp = databaseRepository.getDmpDao().find(UUID.fromString(id));
|
||||
if (!dmp.isPublic() && dmp.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()).collect(Collectors.toList()).size() == 0)
|
||||
throw new UnauthorisedException();
|
||||
List<Dataset> datasets = dmp.getDataset().stream().collect(Collectors.toList());
|
||||
String fileName = dmp.getLabel();
|
||||
fileName = fileName.replaceAll("[^a-zA-Z0-9+ ]", "");
|
||||
|
@ -893,8 +897,10 @@ public class DataManagementPlanManager {
|
|||
return fileEnvelope;
|
||||
}
|
||||
|
||||
public ResponseEntity<byte[]> getRDAJsonDocument(String id) throws IOException {
|
||||
public ResponseEntity<byte[]> getRDAJsonDocument(String id, Principal principal) throws IOException {
|
||||
eu.eudat.data.entities.DMP dmp = databaseRepository.getDmpDao().find(UUID.fromString(id));
|
||||
if (!dmp.isPublic() && dmp.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()).collect(Collectors.toList()).size() == 0)
|
||||
throw new UnauthorisedException();
|
||||
RDAExportModel rdaExportModel = new RDAExportModel().fromDataModel(dmp);
|
||||
|
||||
ObjectMapper mapper = new ObjectMapper();
|
||||
|
@ -921,20 +927,17 @@ public class DataManagementPlanManager {
|
|||
return new ResponseEntity<>(content, responseHeaders, HttpStatus.OK);
|
||||
}
|
||||
|
||||
public ResponseEntity<byte[]> getDocument(String id, String contentType) throws InstantiationException, IllegalAccessException, IOException {
|
||||
public ResponseEntity<byte[]> getDocument(String id, String contentType, Principal principal) throws InstantiationException, IllegalAccessException, IOException {
|
||||
File file;
|
||||
switch (contentType) {
|
||||
case "application/xml":
|
||||
file = getXmlDocument(id).getFile();
|
||||
file = getXmlDocument(id, principal).getFile();
|
||||
break;
|
||||
case "application/msword":
|
||||
file = getWordDocument(id);
|
||||
file = getWordDocument(id, principal);
|
||||
break;
|
||||
/*case "application/pdf":
|
||||
file = getPdfDocument(id);
|
||||
break;*/
|
||||
default:
|
||||
file = getXmlDocument(id).getFile();
|
||||
file = getXmlDocument(id, principal).getFile();
|
||||
}
|
||||
InputStream resource = new FileInputStream(file);
|
||||
HttpHeaders responseHeaders = new HttpHeaders();
|
||||
|
@ -1133,7 +1136,7 @@ public class DataManagementPlanManager {
|
|||
fileHeaders.setContentType(MediaType.MULTIPART_FORM_DATA);
|
||||
LinkedMultiValueMap<String, Object> addFileMap = new LinkedMultiValueMap<>();
|
||||
|
||||
File file = getWordDocument(id.toString());
|
||||
File file = getWordDocument(id.toString(), principal);
|
||||
addFileMap.add("filename", file.getName());
|
||||
FileSystemResource fileSystemResource = new FileSystemResource(file);
|
||||
addFileMap.add("file", fileSystemResource);
|
||||
|
|
Loading…
Reference in New Issue