MaDgiK-CITE
/
argos
13
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

Refactors DMP's pdf, xml, document and rda-json export security.

This commit is contained in:
gkolokythas 2019-10-29 13:30:44 +02:00
parent c0df37e996
commit d279cb65be
2 changed files with 23 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
dmp-backend/web/src/main/java/eu/eudat/controllers/DMPs.java
View File

@ -87,9 +87,10 @@ public class DMPs extends BaseController {
@RequestMapping(method = RequestMethod.GET, value = {"{id}"})
public @ResponseBody
ResponseEntity getSingle(@PathVariable String id, @RequestHeader("Content-Type") String contentType, Principal principal) throws IllegalAccessException, InstantiationException, IOException {
ResponseEntity getSingle(@PathVariable String id, @RequestHeader("Content-Type") String contentType,
@ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws IllegalAccessException, InstantiationException, IOException {
if (contentType.equals("application/xml") || contentType.equals("application/msword")) {
return this.dataManagementPlanManager.getDocument(id, contentType);
return this.dataManagementPlanManager.getDocument(id, contentType, principal);
} else {
eu.eudat.models.data.dmp.DataManagementPlan dataManagementPlan = this.dataManagementPlanManager.getSingle(id, principal, this.dynamicGrantConfiguration);
return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem<DataManagementPlan>().status(ApiMessageCode.NO_MESSAGE).payload(dataManagementPlan));
@ -105,8 +106,8 @@ public class DMPs extends BaseController {
@RequestMapping(method = RequestMethod.GET, value = {"rda/{id}"})
public @ResponseBody
ResponseEntity getRDAJsonDocument(@PathVariable String id, Principal principal) throws IOException {
return this.dataManagementPlanManager.getRDAJsonDocument(id);
ResponseEntity getRDAJsonDocument(@PathVariable String id, @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws IOException {
return this.dataManagementPlanManager.getRDAJsonDocument(id, principal);
}
@RequestMapping(method = RequestMethod.GET, value = {"/overview/{id}"})
@ -185,8 +186,9 @@ public class DMPs extends BaseController {
@RequestMapping(method = RequestMethod.GET, value = {"/getPDF/{id}"})
public @ResponseBody
ResponseEntity<byte[]> getPDFDocument(@PathVariable String id, @RequestHeader("Content-Type") String contentType) throws IllegalAccessException, IOException, InstantiationException, InterruptedException {
File file = this.dataManagementPlanManager.getWordDocument(id);
ResponseEntity<byte[]> getPDFDocument(@PathVariable String id, @RequestHeader("Content-Type") String contentType,
@ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws IllegalAccessException, IOException, InstantiationException, InterruptedException {
File file = this.dataManagementPlanManager.getWordDocument(id, principal);
String name = file.getName().substring(0, file.getName().length() - 5);
File pdffile = datasetManager.convertToPDF(file, environment, name);
InputStream resource = new FileInputStream(pdffile);
@ -203,9 +205,7 @@ public class DMPs extends BaseController {
resource.close();
Files.deleteIfExists(file.toPath());
Files.deleteIfExists(pdffile.toPath());
return new ResponseEntity<>(content,
responseHeaders,
HttpStatus.OK);
return new ResponseEntity<>(content, responseHeaders, HttpStatus.OK);
}
@RequestMapping(method = RequestMethod.POST, value = {"/upload"})

25
dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataManagementPlanManager.java
View File

@ -175,7 +175,7 @@ public class DataManagementPlanManager {
return;
}
public File getWordDocument(String id) throws InstantiationException, IllegalAccessException, IOException {
public File getWordDocument(String id, Principal principal) throws IOException {
WordBuilder wordBuilder = new WordBuilder();
VisibilityRuleService visibilityRuleService = this.utilitiesService.getVisibilityRuleService();
DatasetWizardModel dataset = new DatasetWizardModel();
@ -184,6 +184,8 @@ public class DataManagementPlanManager {
XWPFDocument document = new XWPFDocument(is);
eu.eudat.data.entities.DMP dmpEntity = databaseRepository.getDmpDao().find(UUID.fromString(id));
if (!dmpEntity.isPublic() && dmpEntity.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()).collect(Collectors.toList()).size() == 0)
throw new UnauthorisedException();
// Space above DMP title.
XWPFParagraph parAboveDmpTitle = document.createParagraph();
@ -784,10 +786,12 @@ public class DataManagementPlanManager {
}
}
public FileEnvelope getXmlDocument(String id) throws InstantiationException, IllegalAccessException, IOException {
public FileEnvelope getXmlDocument(String id, Principal principal) throws InstantiationException, IllegalAccessException, IOException {
ExportXmlBuilder xmlBuilder = new ExportXmlBuilder();
VisibilityRuleService visibilityRuleService = utilitiesService.getVisibilityRuleService();
eu.eudat.data.entities.DMP dmp = databaseRepository.getDmpDao().find(UUID.fromString(id));
if (!dmp.isPublic() && dmp.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()).collect(Collectors.toList()).size() == 0)
throw new UnauthorisedException();
List<Dataset> datasets = dmp.getDataset().stream().collect(Collectors.toList());
String fileName = dmp.getLabel();
fileName = fileName.replaceAll("[^a-zA-Z0-9+ ]", "");
@ -893,8 +897,10 @@ public class DataManagementPlanManager {
return fileEnvelope;
}
public ResponseEntity<byte[]> getRDAJsonDocument(String id) throws IOException {
public ResponseEntity<byte[]> getRDAJsonDocument(String id, Principal principal) throws IOException {
eu.eudat.data.entities.DMP dmp = databaseRepository.getDmpDao().find(UUID.fromString(id));
if (!dmp.isPublic() && dmp.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()).collect(Collectors.toList()).size() == 0)
throw new UnauthorisedException();
RDAExportModel rdaExportModel = new RDAExportModel().fromDataModel(dmp);
ObjectMapper mapper = new ObjectMapper();
@ -921,20 +927,17 @@ public class DataManagementPlanManager {
return new ResponseEntity<>(content, responseHeaders, HttpStatus.OK);
}
public ResponseEntity<byte[]> getDocument(String id, String contentType) throws InstantiationException, IllegalAccessException, IOException {
public ResponseEntity<byte[]> getDocument(String id, String contentType, Principal principal) throws InstantiationException, IllegalAccessException, IOException {
File file;
switch (contentType) {
case "application/xml":
file = getXmlDocument(id).getFile();
file = getXmlDocument(id, principal).getFile();
break;
case "application/msword":
file = getWordDocument(id);
file = getWordDocument(id, principal);
break;
/*case "application/pdf":
file = getPdfDocument(id);
break;*/
default:
file = getXmlDocument(id).getFile();
file = getXmlDocument(id, principal).getFile();
}
InputStream resource = new FileInputStream(file);
HttpHeaders responseHeaders = new HttpHeaders();
@ -1133,7 +1136,7 @@ public class DataManagementPlanManager {
fileHeaders.setContentType(MediaType.MULTIPART_FORM_DATA);
LinkedMultiValueMap<String, Object> addFileMap = new LinkedMultiValueMap<>();
File file = getWordDocument(id.toString());
File file = getWordDocument(id.toString(), principal);
addFileMap.add("filename", file.getName());
FileSystemResource fileSystemResource = new FileSystemResource(file);
addFileMap.add("file", fileSystemResource);