Fixed bug #23154

2 years ago · 8822df842d
parent 51d1f11d56
commit 8822df842d
2 changed files with 17 additions and 4 deletions
--- a/src/main/java/org/gcube/gcat/persistence/ckan/CKANPackage.java
+++ b/src/main/java/org/gcube/gcat/persistence/ckan/CKANPackage.java
@ -1073,11 +1073,11 @@ public class CKANPackage extends CKAN implements Moderated {
 						break;
 				
 					case EDITOR:
-						if(cmItemStatus!=null && cmItemStatus!=CMItemStatus.APPROVED) {
+//						if(cmItemStatus!=null && cmItemStatus!=CMItemStatus.APPROVED) {
 							q = String.format("%s AND %s:%s", q, AUTHOR_EMAIL_KEY, ckanUser.getEMail());
-						}else{
-							cmItemStatus = CMItemStatus.APPROVED;
-						}
+//						}else{
+//							cmItemStatus = CMItemStatus.APPROVED;
+//						}
 						break;
 						
 					case MEMBER:
--- a/src/main/java/org/gcube/gcat/rest/Resource.java
+++ b/src/main/java/org/gcube/gcat/rest/Resource.java
@ -3,6 +3,7 @@ package org.gcube.gcat.rest;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
+import javax.ws.rs.NotAuthorizedException;
 import javax.ws.rs.POST;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
@ -12,8 +13,10 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.ResponseBuilder;
 import javax.ws.rs.core.Response.Status;

+import org.gcube.common.authorization.control.annotations.AuthorizationControl;
 import org.gcube.gcat.annotation.PATCH;
 import org.gcube.gcat.api.GCatConstants;
+import org.gcube.gcat.api.roles.Role;
 import org.gcube.gcat.persistence.ckan.CKANResource;

 /**
@ -29,6 +32,9 @@ public class Resource extends BaseREST implements org.gcube.gcat.api.interfaces.
 	
 	@GET
 	@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
+	/* Catalogue-Member is not added to VRE members and is assumed as the default role in the catalogue for the VRE members. So we can't enforce
+	 * @AuthorizationControl(allowedRoles={Role.CATALOGUE_MEMBER, Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
+	 */
 	public String list(@PathParam(ITEM_ID_PARAMETER) String itemID) {
 		setCalledMethod("GET /" + COLLECTION);
 		CKANResource ckanResource = new CKANResource(itemID);
@ -39,6 +45,7 @@ public class Resource extends BaseREST implements org.gcube.gcat.api.interfaces.
 	@POST
 	@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
 	@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
+	@AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
 	public Response create(@PathParam(ITEM_ID_PARAMETER) String itemID, String json) {
 		setCalledMethod("POST /" + COLLECTION);
 		CKANResource ckanResource = new CKANResource(itemID);
@ -52,6 +59,9 @@ public class Resource extends BaseREST implements org.gcube.gcat.api.interfaces.
 	@GET
 	@Path("/{" + RESOURCE_ID_PARAMETER + "}")
 	@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
+	/* Catalogue-Member is not added to VRE members and is assumed as the default role in the catalogue for the VRE members. So we can't enforce
+	 * @AuthorizationControl(allowedRoles={Role.CATALOGUE_MEMBER, Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
+	 */
 	public String read(@PathParam(ITEM_ID_PARAMETER) String itemID,
 			@PathParam(RESOURCE_ID_PARAMETER) String resourceID) {
 		setCalledMethod("GET /" + COLLECTION + "/{" + RESOURCE_ID_PARAMETER + "}");
@ -64,6 +74,7 @@ public class Resource extends BaseREST implements org.gcube.gcat.api.interfaces.
 	@Path("/{" + RESOURCE_ID_PARAMETER + "}")
 	@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
 	@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
+	@AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
 	public String update(@PathParam(ITEM_ID_PARAMETER) String itemID,
 			@PathParam(RESOURCE_ID_PARAMETER) String resourceID, String json) {
 		setCalledMethod("PUT /" + COLLECTION + "/{" + RESOURCE_ID_PARAMETER + "}");
@ -76,6 +87,7 @@ public class Resource extends BaseREST implements org.gcube.gcat.api.interfaces.
 	@Path("/{" + RESOURCE_ID_PARAMETER + "}")
 	@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
 	@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
+	@AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
 	public String patch(@PathParam(ITEM_ID_PARAMETER) String itemID,
 			@PathParam(RESOURCE_ID_PARAMETER) String resourceID, String json) {
 		setCalledMethod("PATCH /" + COLLECTION + "/{" + RESOURCE_ID_PARAMETER + "}");
@ -86,6 +98,7 @@ public class Resource extends BaseREST implements org.gcube.gcat.api.interfaces.
 	
 	@DELETE
 	@Path("/{" + RESOURCE_ID_PARAMETER + "}")
+	@AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
 	public Response delete(@PathParam(ITEM_ID_PARAMETER) String itemID,
 			@PathParam(RESOURCE_ID_PARAMETER) String resourceID) {
 		setCalledMethod("DELETE /" + COLLECTION + "/{" + RESOURCE_ID_PARAMETER + "}");