gCubeSystem
/
gcat
15
0
Fork 0
Code Issues Pull Requests Releases 13 Wiki Activity

Added check for Profile management. Only editor and admin can do that

This commit is contained in:
Luca Frosini 2019-09-16 15:46:11 +02:00
parent 1c64d870f0
commit 8afc2aa2cf
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/org/gcube/gcat/persistence/ckan/CKANUser.java
View File

@ -256,7 +256,7 @@ public class CKANUser extends CKAN {
ckanOrganization.addUserToOrganisation(ckanUsername, role);
}
private Role getRole() {
public Role getRole() {
if(role == null) {
role = Role.MEMBER;
List<String> roles = getPortalUser().getRoles();

12
src/main/java/org/gcube/gcat/profile/ISProfile.java
View File

@ -5,6 +5,7 @@ import java.util.List;
import java.util.Set;
import javax.ws.rs.InternalServerErrorException;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.WebApplicationException;
@ -12,6 +13,9 @@ import org.gcube.common.resources.gcore.GenericResource;
import org.gcube.common.resources.gcore.Resources;
import org.gcube.datacatalogue.metadatadiscovery.reader.MetadataFormatDiscovery;
import org.gcube.datacatalogue.metadatadiscovery.reader.QueryForResourceUtil;
import org.gcube.gcat.persistence.ckan.CKANUser;
import org.gcube.gcat.persistence.ckan.CKANUser.Role;
import org.gcube.gcat.persistence.ckan.CKANUserCache;
import org.gcube.gcat.utils.Constants;
import org.gcube.informationsystem.publisher.RegistryPublisher;
import org.gcube.informationsystem.publisher.RegistryPublisherFactory;
@ -156,6 +160,10 @@ public class ISProfile {
public boolean createOrUpdate(String name, String xml) throws SAXException {
try {
CKANUser ckanUser = CKANUserCache.getCurrrentCKANUser();
if(ckanUser.getRole().ordinal()<Role.EDITOR.ordinal()) {
throw new NotAuthorizedException("You are not authorized to manage profiles, only Catalogue Editor can manipulate profiles.");
}
MetadataUtility metadataUtility = new MetadataUtility();
metadataUtility.validateProfile(xml);
if(metadataUtility.getMetadataFormat(name) == null) {
@ -180,6 +188,10 @@ public class ISProfile {
public boolean delete(String name) {
try {
CKANUser ckanUser = CKANUserCache.getCurrrentCKANUser();
if(ckanUser.getRole().ordinal()<Role.EDITOR.ordinal()) {
throw new NotAuthorizedException("You are not authorized to manage profiles, only Catalogue Editor can manipulate profiles.");
}
MetadataUtility metadataUtility = new MetadataUtility();
if(metadataUtility.getMetadataFormat(name) == null) {
throw new NotFoundException("Profile with name " + name + " not found");