diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/DMPs.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/DMPs.java index ec3e882f3..77ace6469 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/DMPs.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/DMPs.java @@ -87,9 +87,10 @@ public class DMPs extends BaseController { @RequestMapping(method = RequestMethod.GET, value = {"{id}"}) public @ResponseBody - ResponseEntity getSingle(@PathVariable String id, @RequestHeader("Content-Type") String contentType, Principal principal) throws IllegalAccessException, InstantiationException, IOException { + ResponseEntity getSingle(@PathVariable String id, @RequestHeader("Content-Type") String contentType, + @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws IllegalAccessException, InstantiationException, IOException { if (contentType.equals("application/xml") || contentType.equals("application/msword")) { - return this.dataManagementPlanManager.getDocument(id, contentType); + return this.dataManagementPlanManager.getDocument(id, contentType, principal); } else { eu.eudat.models.data.dmp.DataManagementPlan dataManagementPlan = this.dataManagementPlanManager.getSingle(id, principal, this.dynamicGrantConfiguration); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(dataManagementPlan)); @@ -105,8 +106,8 @@ public class DMPs extends BaseController { @RequestMapping(method = RequestMethod.GET, value = {"rda/{id}"}) public @ResponseBody - ResponseEntity getRDAJsonDocument(@PathVariable String id, Principal principal) throws IOException { - return this.dataManagementPlanManager.getRDAJsonDocument(id); + ResponseEntity getRDAJsonDocument(@PathVariable String id, @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws IOException { + return this.dataManagementPlanManager.getRDAJsonDocument(id, principal); } @RequestMapping(method = RequestMethod.GET, value = {"/overview/{id}"}) @@ -185,8 +186,9 @@ public class DMPs extends BaseController { @RequestMapping(method = RequestMethod.GET, value = {"/getPDF/{id}"}) public @ResponseBody - ResponseEntity getPDFDocument(@PathVariable String id, @RequestHeader("Content-Type") String contentType) throws IllegalAccessException, IOException, InstantiationException, InterruptedException { - File file = this.dataManagementPlanManager.getWordDocument(id); + ResponseEntity getPDFDocument(@PathVariable String id, @RequestHeader("Content-Type") String contentType, + @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws IllegalAccessException, IOException, InstantiationException, InterruptedException { + File file = this.dataManagementPlanManager.getWordDocument(id, principal); String name = file.getName().substring(0, file.getName().length() - 5); File pdffile = datasetManager.convertToPDF(file, environment, name); InputStream resource = new FileInputStream(pdffile); @@ -203,9 +205,7 @@ public class DMPs extends BaseController { resource.close(); Files.deleteIfExists(file.toPath()); Files.deleteIfExists(pdffile.toPath()); - return new ResponseEntity<>(content, - responseHeaders, - HttpStatus.OK); + return new ResponseEntity<>(content, responseHeaders, HttpStatus.OK); } @RequestMapping(method = RequestMethod.POST, value = {"/upload"}) diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataManagementPlanManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataManagementPlanManager.java index d2c9be1f4..fa8195411 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataManagementPlanManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataManagementPlanManager.java @@ -175,7 +175,7 @@ public class DataManagementPlanManager { return; } - public File getWordDocument(String id) throws InstantiationException, IllegalAccessException, IOException { + public File getWordDocument(String id, Principal principal) throws IOException { WordBuilder wordBuilder = new WordBuilder(); VisibilityRuleService visibilityRuleService = this.utilitiesService.getVisibilityRuleService(); DatasetWizardModel dataset = new DatasetWizardModel(); @@ -184,6 +184,8 @@ public class DataManagementPlanManager { XWPFDocument document = new XWPFDocument(is); eu.eudat.data.entities.DMP dmpEntity = databaseRepository.getDmpDao().find(UUID.fromString(id)); + if (!dmpEntity.isPublic() && dmpEntity.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()).collect(Collectors.toList()).size() == 0) + throw new UnauthorisedException(); // Space above DMP title. XWPFParagraph parAboveDmpTitle = document.createParagraph(); @@ -784,10 +786,12 @@ public class DataManagementPlanManager { } } - public FileEnvelope getXmlDocument(String id) throws InstantiationException, IllegalAccessException, IOException { + public FileEnvelope getXmlDocument(String id, Principal principal) throws InstantiationException, IllegalAccessException, IOException { ExportXmlBuilder xmlBuilder = new ExportXmlBuilder(); VisibilityRuleService visibilityRuleService = utilitiesService.getVisibilityRuleService(); eu.eudat.data.entities.DMP dmp = databaseRepository.getDmpDao().find(UUID.fromString(id)); + if (!dmp.isPublic() && dmp.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()).collect(Collectors.toList()).size() == 0) + throw new UnauthorisedException(); List datasets = dmp.getDataset().stream().collect(Collectors.toList()); String fileName = dmp.getLabel(); fileName = fileName.replaceAll("[^a-zA-Z0-9+ ]", ""); @@ -893,8 +897,10 @@ public class DataManagementPlanManager { return fileEnvelope; } - public ResponseEntity getRDAJsonDocument(String id) throws IOException { + public ResponseEntity getRDAJsonDocument(String id, Principal principal) throws IOException { eu.eudat.data.entities.DMP dmp = databaseRepository.getDmpDao().find(UUID.fromString(id)); + if (!dmp.isPublic() && dmp.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()).collect(Collectors.toList()).size() == 0) + throw new UnauthorisedException(); RDAExportModel rdaExportModel = new RDAExportModel().fromDataModel(dmp); ObjectMapper mapper = new ObjectMapper(); @@ -921,20 +927,17 @@ public class DataManagementPlanManager { return new ResponseEntity<>(content, responseHeaders, HttpStatus.OK); } - public ResponseEntity getDocument(String id, String contentType) throws InstantiationException, IllegalAccessException, IOException { + public ResponseEntity getDocument(String id, String contentType, Principal principal) throws InstantiationException, IllegalAccessException, IOException { File file; switch (contentType) { case "application/xml": - file = getXmlDocument(id).getFile(); + file = getXmlDocument(id, principal).getFile(); break; case "application/msword": - file = getWordDocument(id); + file = getWordDocument(id, principal); break; - /*case "application/pdf": - file = getPdfDocument(id); - break;*/ default: - file = getXmlDocument(id).getFile(); + file = getXmlDocument(id, principal).getFile(); } InputStream resource = new FileInputStream(file); HttpHeaders responseHeaders = new HttpHeaders(); @@ -1133,7 +1136,7 @@ public class DataManagementPlanManager { fileHeaders.setContentType(MediaType.MULTIPART_FORM_DATA); LinkedMultiValueMap addFileMap = new LinkedMultiValueMap<>(); - File file = getWordDocument(id.toString()); + File file = getWordDocument(id.toString(), principal); addFileMap.add("filename", file.getName()); FileSystemResource fileSystemResource = new FileSystemResource(file); addFileMap.add("file", fileSystemResource);