From 8822df842d90532dc07c76da2d56089f8dbbe938 Mon Sep 17 00:00:00 2001
From: Luca Frosini <luca.frosini@isti.cnr.it>
Date: Fri, 8 Apr 2022 17:48:28 +0200
Subject: [PATCH] Fixed bug #23154

---
 .../gcube/gcat/persistence/ckan/CKANPackage.java    |  8 ++++----
 src/main/java/org/gcube/gcat/rest/Resource.java     | 13 +++++++++++++
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/gcube/gcat/persistence/ckan/CKANPackage.java b/src/main/java/org/gcube/gcat/persistence/ckan/CKANPackage.java
index b19b124..f79b5cb 100644
--- a/src/main/java/org/gcube/gcat/persistence/ckan/CKANPackage.java
+++ b/src/main/java/org/gcube/gcat/persistence/ckan/CKANPackage.java
@@ -1073,11 +1073,11 @@ public class CKANPackage extends CKAN implements Moderated {
 						break;
 				
 					case EDITOR:
-						if(cmItemStatus!=null && cmItemStatus!=CMItemStatus.APPROVED) {
+//						if(cmItemStatus!=null && cmItemStatus!=CMItemStatus.APPROVED) {
 							q = String.format("%s AND %s:%s", q, AUTHOR_EMAIL_KEY, ckanUser.getEMail());
-						}else{
-							cmItemStatus = CMItemStatus.APPROVED;
-						}
+//						}else{
+//							cmItemStatus = CMItemStatus.APPROVED;
+//						}
 						break;
 						
 					case MEMBER:
diff --git a/src/main/java/org/gcube/gcat/rest/Resource.java b/src/main/java/org/gcube/gcat/rest/Resource.java
index 58d2b27..83fd9c1 100644
--- a/src/main/java/org/gcube/gcat/rest/Resource.java
+++ b/src/main/java/org/gcube/gcat/rest/Resource.java
@@ -3,6 +3,7 @@ package org.gcube.gcat.rest;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
+import javax.ws.rs.NotAuthorizedException;
 import javax.ws.rs.POST;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
@@ -12,8 +13,10 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.ResponseBuilder;
 import javax.ws.rs.core.Response.Status;
 
+import org.gcube.common.authorization.control.annotations.AuthorizationControl;
 import org.gcube.gcat.annotation.PATCH;
 import org.gcube.gcat.api.GCatConstants;
+import org.gcube.gcat.api.roles.Role;
 import org.gcube.gcat.persistence.ckan.CKANResource;
 
 /**
@@ -29,6 +32,9 @@ public class Resource extends BaseREST implements org.gcube.gcat.api.interfaces.
 	
 	@GET
 	@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
+	/* Catalogue-Member is not added to VRE members and is assumed as the default role in the catalogue for the VRE members. So we can't enforce
+	 * @AuthorizationControl(allowedRoles={Role.CATALOGUE_MEMBER, Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
+	 */
 	public String list(@PathParam(ITEM_ID_PARAMETER) String itemID) {
 		setCalledMethod("GET /" + COLLECTION);
 		CKANResource ckanResource = new CKANResource(itemID);
@@ -39,6 +45,7 @@ public class Resource extends BaseREST implements org.gcube.gcat.api.interfaces.
 	@POST
 	@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
 	@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
+	@AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
 	public Response create(@PathParam(ITEM_ID_PARAMETER) String itemID, String json) {
 		setCalledMethod("POST /" + COLLECTION);
 		CKANResource ckanResource = new CKANResource(itemID);
@@ -52,6 +59,9 @@ public class Resource extends BaseREST implements org.gcube.gcat.api.interfaces.
 	@GET
 	@Path("/{" + RESOURCE_ID_PARAMETER + "}")
 	@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
+	/* Catalogue-Member is not added to VRE members and is assumed as the default role in the catalogue for the VRE members. So we can't enforce
+	 * @AuthorizationControl(allowedRoles={Role.CATALOGUE_MEMBER, Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
+	 */
 	public String read(@PathParam(ITEM_ID_PARAMETER) String itemID,
 			@PathParam(RESOURCE_ID_PARAMETER) String resourceID) {
 		setCalledMethod("GET /" + COLLECTION + "/{" + RESOURCE_ID_PARAMETER + "}");
@@ -64,6 +74,7 @@ public class Resource extends BaseREST implements org.gcube.gcat.api.interfaces.
 	@Path("/{" + RESOURCE_ID_PARAMETER + "}")
 	@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
 	@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
+	@AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
 	public String update(@PathParam(ITEM_ID_PARAMETER) String itemID,
 			@PathParam(RESOURCE_ID_PARAMETER) String resourceID, String json) {
 		setCalledMethod("PUT /" + COLLECTION + "/{" + RESOURCE_ID_PARAMETER + "}");
@@ -76,6 +87,7 @@ public class Resource extends BaseREST implements org.gcube.gcat.api.interfaces.
 	@Path("/{" + RESOURCE_ID_PARAMETER + "}")
 	@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
 	@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
+	@AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
 	public String patch(@PathParam(ITEM_ID_PARAMETER) String itemID,
 			@PathParam(RESOURCE_ID_PARAMETER) String resourceID, String json) {
 		setCalledMethod("PATCH /" + COLLECTION + "/{" + RESOURCE_ID_PARAMETER + "}");
@@ -86,6 +98,7 @@ public class Resource extends BaseREST implements org.gcube.gcat.api.interfaces.
 	
 	@DELETE
 	@Path("/{" + RESOURCE_ID_PARAMETER + "}")
+	@AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
 	public Response delete(@PathParam(ITEM_ID_PARAMETER) String itemID,
 			@PathParam(RESOURCE_ID_PARAMETER) String resourceID) {
 		setCalledMethod("DELETE /" + COLLECTION + "/{" + RESOURCE_ID_PARAMETER + "}");