Refactors DMP's pdf, xml, document and rda-json export security.
This commit is contained in:
parent
c0df37e996
commit
d279cb65be
|
@ -87,9 +87,10 @@ public class DMPs extends BaseController {
|
||||||
|
|
||||||
@RequestMapping(method = RequestMethod.GET, value = {"{id}"})
|
@RequestMapping(method = RequestMethod.GET, value = {"{id}"})
|
||||||
public @ResponseBody
|
public @ResponseBody
|
||||||
ResponseEntity getSingle(@PathVariable String id, @RequestHeader("Content-Type") String contentType, Principal principal) throws IllegalAccessException, InstantiationException, IOException {
|
ResponseEntity getSingle(@PathVariable String id, @RequestHeader("Content-Type") String contentType,
|
||||||
|
@ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws IllegalAccessException, InstantiationException, IOException {
|
||||||
if (contentType.equals("application/xml") || contentType.equals("application/msword")) {
|
if (contentType.equals("application/xml") || contentType.equals("application/msword")) {
|
||||||
return this.dataManagementPlanManager.getDocument(id, contentType);
|
return this.dataManagementPlanManager.getDocument(id, contentType, principal);
|
||||||
} else {
|
} else {
|
||||||
eu.eudat.models.data.dmp.DataManagementPlan dataManagementPlan = this.dataManagementPlanManager.getSingle(id, principal, this.dynamicGrantConfiguration);
|
eu.eudat.models.data.dmp.DataManagementPlan dataManagementPlan = this.dataManagementPlanManager.getSingle(id, principal, this.dynamicGrantConfiguration);
|
||||||
return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem<DataManagementPlan>().status(ApiMessageCode.NO_MESSAGE).payload(dataManagementPlan));
|
return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem<DataManagementPlan>().status(ApiMessageCode.NO_MESSAGE).payload(dataManagementPlan));
|
||||||
|
@ -105,8 +106,8 @@ public class DMPs extends BaseController {
|
||||||
|
|
||||||
@RequestMapping(method = RequestMethod.GET, value = {"rda/{id}"})
|
@RequestMapping(method = RequestMethod.GET, value = {"rda/{id}"})
|
||||||
public @ResponseBody
|
public @ResponseBody
|
||||||
ResponseEntity getRDAJsonDocument(@PathVariable String id, Principal principal) throws IOException {
|
ResponseEntity getRDAJsonDocument(@PathVariable String id, @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws IOException {
|
||||||
return this.dataManagementPlanManager.getRDAJsonDocument(id);
|
return this.dataManagementPlanManager.getRDAJsonDocument(id, principal);
|
||||||
}
|
}
|
||||||
|
|
||||||
@RequestMapping(method = RequestMethod.GET, value = {"/overview/{id}"})
|
@RequestMapping(method = RequestMethod.GET, value = {"/overview/{id}"})
|
||||||
|
@ -185,8 +186,9 @@ public class DMPs extends BaseController {
|
||||||
|
|
||||||
@RequestMapping(method = RequestMethod.GET, value = {"/getPDF/{id}"})
|
@RequestMapping(method = RequestMethod.GET, value = {"/getPDF/{id}"})
|
||||||
public @ResponseBody
|
public @ResponseBody
|
||||||
ResponseEntity<byte[]> getPDFDocument(@PathVariable String id, @RequestHeader("Content-Type") String contentType) throws IllegalAccessException, IOException, InstantiationException, InterruptedException {
|
ResponseEntity<byte[]> getPDFDocument(@PathVariable String id, @RequestHeader("Content-Type") String contentType,
|
||||||
File file = this.dataManagementPlanManager.getWordDocument(id);
|
@ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws IllegalAccessException, IOException, InstantiationException, InterruptedException {
|
||||||
|
File file = this.dataManagementPlanManager.getWordDocument(id, principal);
|
||||||
String name = file.getName().substring(0, file.getName().length() - 5);
|
String name = file.getName().substring(0, file.getName().length() - 5);
|
||||||
File pdffile = datasetManager.convertToPDF(file, environment, name);
|
File pdffile = datasetManager.convertToPDF(file, environment, name);
|
||||||
InputStream resource = new FileInputStream(pdffile);
|
InputStream resource = new FileInputStream(pdffile);
|
||||||
|
@ -203,9 +205,7 @@ public class DMPs extends BaseController {
|
||||||
resource.close();
|
resource.close();
|
||||||
Files.deleteIfExists(file.toPath());
|
Files.deleteIfExists(file.toPath());
|
||||||
Files.deleteIfExists(pdffile.toPath());
|
Files.deleteIfExists(pdffile.toPath());
|
||||||
return new ResponseEntity<>(content,
|
return new ResponseEntity<>(content, responseHeaders, HttpStatus.OK);
|
||||||
responseHeaders,
|
|
||||||
HttpStatus.OK);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@RequestMapping(method = RequestMethod.POST, value = {"/upload"})
|
@RequestMapping(method = RequestMethod.POST, value = {"/upload"})
|
||||||
|
|
|
@ -175,7 +175,7 @@ public class DataManagementPlanManager {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
public File getWordDocument(String id) throws InstantiationException, IllegalAccessException, IOException {
|
public File getWordDocument(String id, Principal principal) throws IOException {
|
||||||
WordBuilder wordBuilder = new WordBuilder();
|
WordBuilder wordBuilder = new WordBuilder();
|
||||||
VisibilityRuleService visibilityRuleService = this.utilitiesService.getVisibilityRuleService();
|
VisibilityRuleService visibilityRuleService = this.utilitiesService.getVisibilityRuleService();
|
||||||
DatasetWizardModel dataset = new DatasetWizardModel();
|
DatasetWizardModel dataset = new DatasetWizardModel();
|
||||||
|
@ -184,6 +184,8 @@ public class DataManagementPlanManager {
|
||||||
XWPFDocument document = new XWPFDocument(is);
|
XWPFDocument document = new XWPFDocument(is);
|
||||||
|
|
||||||
eu.eudat.data.entities.DMP dmpEntity = databaseRepository.getDmpDao().find(UUID.fromString(id));
|
eu.eudat.data.entities.DMP dmpEntity = databaseRepository.getDmpDao().find(UUID.fromString(id));
|
||||||
|
if (!dmpEntity.isPublic() && dmpEntity.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()).collect(Collectors.toList()).size() == 0)
|
||||||
|
throw new UnauthorisedException();
|
||||||
|
|
||||||
// Space above DMP title.
|
// Space above DMP title.
|
||||||
XWPFParagraph parAboveDmpTitle = document.createParagraph();
|
XWPFParagraph parAboveDmpTitle = document.createParagraph();
|
||||||
|
@ -784,10 +786,12 @@ public class DataManagementPlanManager {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public FileEnvelope getXmlDocument(String id) throws InstantiationException, IllegalAccessException, IOException {
|
public FileEnvelope getXmlDocument(String id, Principal principal) throws InstantiationException, IllegalAccessException, IOException {
|
||||||
ExportXmlBuilder xmlBuilder = new ExportXmlBuilder();
|
ExportXmlBuilder xmlBuilder = new ExportXmlBuilder();
|
||||||
VisibilityRuleService visibilityRuleService = utilitiesService.getVisibilityRuleService();
|
VisibilityRuleService visibilityRuleService = utilitiesService.getVisibilityRuleService();
|
||||||
eu.eudat.data.entities.DMP dmp = databaseRepository.getDmpDao().find(UUID.fromString(id));
|
eu.eudat.data.entities.DMP dmp = databaseRepository.getDmpDao().find(UUID.fromString(id));
|
||||||
|
if (!dmp.isPublic() && dmp.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()).collect(Collectors.toList()).size() == 0)
|
||||||
|
throw new UnauthorisedException();
|
||||||
List<Dataset> datasets = dmp.getDataset().stream().collect(Collectors.toList());
|
List<Dataset> datasets = dmp.getDataset().stream().collect(Collectors.toList());
|
||||||
String fileName = dmp.getLabel();
|
String fileName = dmp.getLabel();
|
||||||
fileName = fileName.replaceAll("[^a-zA-Z0-9+ ]", "");
|
fileName = fileName.replaceAll("[^a-zA-Z0-9+ ]", "");
|
||||||
|
@ -893,8 +897,10 @@ public class DataManagementPlanManager {
|
||||||
return fileEnvelope;
|
return fileEnvelope;
|
||||||
}
|
}
|
||||||
|
|
||||||
public ResponseEntity<byte[]> getRDAJsonDocument(String id) throws IOException {
|
public ResponseEntity<byte[]> getRDAJsonDocument(String id, Principal principal) throws IOException {
|
||||||
eu.eudat.data.entities.DMP dmp = databaseRepository.getDmpDao().find(UUID.fromString(id));
|
eu.eudat.data.entities.DMP dmp = databaseRepository.getDmpDao().find(UUID.fromString(id));
|
||||||
|
if (!dmp.isPublic() && dmp.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()).collect(Collectors.toList()).size() == 0)
|
||||||
|
throw new UnauthorisedException();
|
||||||
RDAExportModel rdaExportModel = new RDAExportModel().fromDataModel(dmp);
|
RDAExportModel rdaExportModel = new RDAExportModel().fromDataModel(dmp);
|
||||||
|
|
||||||
ObjectMapper mapper = new ObjectMapper();
|
ObjectMapper mapper = new ObjectMapper();
|
||||||
|
@ -921,20 +927,17 @@ public class DataManagementPlanManager {
|
||||||
return new ResponseEntity<>(content, responseHeaders, HttpStatus.OK);
|
return new ResponseEntity<>(content, responseHeaders, HttpStatus.OK);
|
||||||
}
|
}
|
||||||
|
|
||||||
public ResponseEntity<byte[]> getDocument(String id, String contentType) throws InstantiationException, IllegalAccessException, IOException {
|
public ResponseEntity<byte[]> getDocument(String id, String contentType, Principal principal) throws InstantiationException, IllegalAccessException, IOException {
|
||||||
File file;
|
File file;
|
||||||
switch (contentType) {
|
switch (contentType) {
|
||||||
case "application/xml":
|
case "application/xml":
|
||||||
file = getXmlDocument(id).getFile();
|
file = getXmlDocument(id, principal).getFile();
|
||||||
break;
|
break;
|
||||||
case "application/msword":
|
case "application/msword":
|
||||||
file = getWordDocument(id);
|
file = getWordDocument(id, principal);
|
||||||
break;
|
break;
|
||||||
/*case "application/pdf":
|
|
||||||
file = getPdfDocument(id);
|
|
||||||
break;*/
|
|
||||||
default:
|
default:
|
||||||
file = getXmlDocument(id).getFile();
|
file = getXmlDocument(id, principal).getFile();
|
||||||
}
|
}
|
||||||
InputStream resource = new FileInputStream(file);
|
InputStream resource = new FileInputStream(file);
|
||||||
HttpHeaders responseHeaders = new HttpHeaders();
|
HttpHeaders responseHeaders = new HttpHeaders();
|
||||||
|
@ -1133,7 +1136,7 @@ public class DataManagementPlanManager {
|
||||||
fileHeaders.setContentType(MediaType.MULTIPART_FORM_DATA);
|
fileHeaders.setContentType(MediaType.MULTIPART_FORM_DATA);
|
||||||
LinkedMultiValueMap<String, Object> addFileMap = new LinkedMultiValueMap<>();
|
LinkedMultiValueMap<String, Object> addFileMap = new LinkedMultiValueMap<>();
|
||||||
|
|
||||||
File file = getWordDocument(id.toString());
|
File file = getWordDocument(id.toString(), principal);
|
||||||
addFileMap.add("filename", file.getName());
|
addFileMap.add("filename", file.getName());
|
||||||
FileSystemResource fileSystemResource = new FileSystemResource(file);
|
FileSystemResource fileSystemResource = new FileSystemResource(file);
|
||||||
addFileMap.add("file", fileSystemResource);
|
addFileMap.add("file", fileSystemResource);
|
||||||
|
|
Loading…
Reference in New Issue