git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/branches/data-analysis/tabulardata/tabular-data-service/1.8@160583 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
parent
24a3a8889d
commit
4142d7a590
2
pom.xml
2
pom.xml
|
@ -10,7 +10,7 @@
|
||||||
|
|
||||||
<groupId>org.gcube.data.analysis.tabulardata</groupId>
|
<groupId>org.gcube.data.analysis.tabulardata</groupId>
|
||||||
<artifactId>tabular-data-manager</artifactId>
|
<artifactId>tabular-data-manager</artifactId>
|
||||||
<version>1.8.1-SNAPSHOT</version>
|
<version>1.8.2-SNAPSHOT</version>
|
||||||
<packaging>war</packaging>
|
<packaging>war</packaging>
|
||||||
<repositories>
|
<repositories>
|
||||||
<repository>
|
<repository>
|
||||||
|
|
|
@ -62,6 +62,9 @@ public class HistoryManagerImpl implements HistoryManager{
|
||||||
tabularResource = getUserAuthorizedObject(tabularResourceId, StorableTabularResource.class, entityManager);
|
tabularResource = getUserAuthorizedObject(tabularResourceId, StorableTabularResource.class, entityManager);
|
||||||
}catch(NoSuchObjectException e){
|
}catch(NoSuchObjectException e){
|
||||||
throw new NoSuchTabularResourceException(tabularResourceId);
|
throw new NoSuchTabularResourceException(tabularResourceId);
|
||||||
|
}catch (InternalSecurityException e) {
|
||||||
|
logger.error("error on authorization",e);
|
||||||
|
throw e;
|
||||||
}finally{
|
}finally{
|
||||||
if (entityManager!=null && entityManager.isOpen())
|
if (entityManager!=null && entityManager.isOpen())
|
||||||
entityManager.close();
|
entityManager.close();
|
||||||
|
|
|
@ -107,10 +107,11 @@ public class Util {
|
||||||
public static <T, R extends Identifiable> R getUserAuthorizedObject(
|
public static <T, R extends Identifiable> R getUserAuthorizedObject(
|
||||||
T id, Class<R> objectClass, EntityManager entityManager) throws NoSuchObjectException, InternalSecurityException{
|
T id, Class<R> objectClass, EntityManager entityManager) throws NoSuchObjectException, InternalSecurityException{
|
||||||
String caller = AuthorizationProvider.instance.get().getClient().getId();
|
String caller = AuthorizationProvider.instance.get().getClient().getId();
|
||||||
|
String scope = ScopeProvider.instance.get();
|
||||||
R sTr = entityManager.find(objectClass, id);
|
R sTr = entityManager.find(objectClass, id);
|
||||||
if (sTr==null || !sTr.getScopes().contains(ScopeProvider.instance.get())) throw new NoSuchObjectException();
|
if (sTr==null || !sTr.getScopes().contains(ScopeProvider.instance.get())) throw new NoSuchObjectException();
|
||||||
if (!sTr.getOwner().equals(caller) && !sTr.getSharedWith().contains(String.format("u(%s)", caller)) &&
|
if (!sTr.getOwner().equals(caller) && !sTr.getSharedWith().contains(String.format("u(%s)", caller)) &&
|
||||||
!sTr.getSharedWith().contains(String.format("g(%s)", caller)))
|
!sTr.getSharedWith().contains(String.format("g(%s)", scope)))
|
||||||
throw new InternalSecurityException(caller+" is not authorized to use "+objectClass.getName()+" with id "+id.toString());
|
throw new InternalSecurityException(caller+" is not authorized to use "+objectClass.getName()+" with id "+id.toString());
|
||||||
return sTr;
|
return sTr;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue