diff --git a/backend/core/src/main/java/org/opencdmp/authorization/Permission.java b/backend/core/src/main/java/org/opencdmp/authorization/Permission.java index fbf7f65c5..c07c2d3a7 100644 --- a/backend/core/src/main/java/org/opencdmp/authorization/Permission.java +++ b/backend/core/src/main/java/org/opencdmp/authorization/Permission.java @@ -131,6 +131,7 @@ public final class Permission { //Reference public static String BrowseReference = "BrowseReference"; + public static String BrowseExternalReference = "BrowseExternalReference"; public static String EditReference = "EditReference"; public static String DeleteReference = "DeleteReference"; diff --git a/backend/core/src/main/java/org/opencdmp/commons/types/user/AdditionalInfoEntity.java b/backend/core/src/main/java/org/opencdmp/commons/types/user/AdditionalInfoEntity.java index 8c453b1b6..ff53b312b 100644 --- a/backend/core/src/main/java/org/opencdmp/commons/types/user/AdditionalInfoEntity.java +++ b/backend/core/src/main/java/org/opencdmp/commons/types/user/AdditionalInfoEntity.java @@ -11,7 +11,7 @@ public class AdditionalInfoEntity { private UUID organizationId; public String getAvatarUrl() { - return avatarUrl; + return this.avatarUrl; } public void setAvatarUrl(String avatarUrl) { @@ -19,7 +19,7 @@ public class AdditionalInfoEntity { } public String getTimezone() { - return timezone; + return this.timezone; } public void setTimezone(String timezone) { @@ -27,7 +27,7 @@ public class AdditionalInfoEntity { } public String getCulture() { - return culture; + return this.culture; } public void setCulture(String culture) { @@ -35,7 +35,7 @@ public class AdditionalInfoEntity { } public String getLanguage() { - return language; + return this.language; } public void setLanguage(String language) { @@ -43,7 +43,7 @@ public class AdditionalInfoEntity { } public UUID getOrganizationId() { - return organizationId; + return this.organizationId; } public void setOrganizationId(UUID organizationId) { @@ -51,7 +51,7 @@ public class AdditionalInfoEntity { } public String getRoleOrganization() { - return roleOrganization; + return this.roleOrganization; } public void setRoleOrganization(String roleOrganization) { diff --git a/backend/core/src/main/java/org/opencdmp/query/ReferenceQuery.java b/backend/core/src/main/java/org/opencdmp/query/ReferenceQuery.java index 2dedd72ab..42be7a255 100644 --- a/backend/core/src/main/java/org/opencdmp/query/ReferenceQuery.java +++ b/backend/core/src/main/java/org/opencdmp/query/ReferenceQuery.java @@ -232,6 +232,7 @@ public class ReferenceQuery extends QueryBase { List predicates = new ArrayList<>(); if (userId != null || usePublic) { predicates.add(queryContext.CriteriaBuilder.or( + this.authService.authorize(Permission.BrowseExternalReference) ? queryContext.CriteriaBuilder.equal(queryContext.Root.get(ReferenceEntity._sourceType), ReferenceSourceType.External) : queryContext.CriteriaBuilder.or(), userId != null ? queryContext.CriteriaBuilder.equal(queryContext.Root.get(ReferenceEntity._createdById), userId) : queryContext.CriteriaBuilder.or(), //Creates a false query queryContext.CriteriaBuilder.in(queryContext.Root.get(ReferenceEntity._id)).value(this.queryUtilsService.buildSubQuery(new BuildSubQueryInput<>(new BuildSubQueryInput.Builder<>(DmpReferenceEntity.class, UUID.class) .query(queryContext.Query) diff --git a/backend/web/src/main/resources/config/permissions.yml b/backend/web/src/main/resources/config/permissions.yml index 95e75e050..973572fcd 100644 --- a/backend/web/src/main/resources/config/permissions.yml +++ b/backend/web/src/main/resources/config/permissions.yml @@ -677,6 +677,11 @@ permissions: clients: [ ] allowAnonymous: false allowAuthenticated: false + BrowseExternalReference: + roles: [ ] + clients: [ ] + allowAnonymous: false + allowAuthenticated: true EditReference: roles: - Admin