diff --git a/src/main/java/org/gcube/gcat/persistence/ckan/CKANPackage.java b/src/main/java/org/gcube/gcat/persistence/ckan/CKANPackage.java index 97c8c7e..7cec842 100644 --- a/src/main/java/org/gcube/gcat/persistence/ckan/CKANPackage.java +++ b/src/main/java/org/gcube/gcat/persistence/ckan/CKANPackage.java @@ -230,14 +230,20 @@ public class CKANPackage extends CKAN implements Moderated { * */ public ObjectNode checkAuthor(ObjectNode objectNode, String authorName, String authorEmail) { - if(!updateOperation) { // this prevent to change the original author in case of update + if(!updateOperation) { objectNode.put(AUTHOR_KEY, authorName); objectNode.put(AUTHOR_EMAIL_KEY, authorEmail); - }else { + }else { // this prevent to change the original author in case of update Role role = ckanUser.getRole(); if(role.ordinal() < Role.ADMIN.ordinal()) { - objectNode.remove(AUTHOR_KEY); - objectNode.remove(AUTHOR_EMAIL_KEY); + if(result.get(AUTHOR_KEY).asText().compareTo(authorName)!=0) { + throw new BadRequestException("Only Catalogue-Admins or above can change the authorship (i.e. " + AUTHOR_KEY + " field) of an item."); + } + + if(result.get(AUTHOR_EMAIL_KEY).asText().compareTo(authorEmail)!=0) { + throw new BadRequestException("Only Catalogue-Admins or above can change the authorship (i.e. " + AUTHOR_EMAIL_KEY + " field) of an item."); + } + } } return objectNode; @@ -263,7 +269,14 @@ public class CKANPackage extends CKAN implements Moderated { // We need to enforce the itemID to properly manage resource persistence if(objectNode.has(ID_KEY)) { - itemID = objectNode.get(ID_KEY).asText(); + String id = objectNode.get(ID_KEY).asText(); + if(itemID==null) { + itemID = id; + }else { + if(id.compareTo(itemID)!=0) { + throw new BadRequestException("Item ID comntained in the request body does not match with the id of the item in Ckan."); + } + } } // To include private item in search result (e.g. listing) a private package must be searchable @@ -335,7 +348,7 @@ public class CKANPackage extends CKAN implements Moderated { return objectNode; } - protected JsonNode validateJson(String json) { + protected JsonNode validateJso(String json) { try { // check base information (and set them if needed) ObjectNode objectNode = checkBaseInformation(json); @@ -859,8 +872,6 @@ public class CKANPackage extends CKAN implements Moderated { try { this.updateOperation = true; - JsonNode jsonNode = validateJson(json); - /* * Going to read the item from CKAN just to check the item status. * I need to reset the result first because the current contains @@ -869,6 +880,8 @@ public class CKANPackage extends CKAN implements Moderated { this.result = null; readItem(); + JsonNode jsonNode = validateJson(json); + jsonNode = checkModerationUpdate(jsonNode); Map originalResources = new HashMap<>();