Skip to content

Commit

Permalink
#3233 Add remarks for user service; restrict to role publisher
Browse files Browse the repository at this point in the history
  • Loading branch information
@SaCodematix
SaCodematix committed Nov 16, 2023
1 parent 42b3b92 commit 1e93408
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 9 deletions.
2 changes: 1 addition & 1 deletion src/main/java/eu/dzhw/fdz/metadatamanagement/datapackagemanagement/domain/DataPackage.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,7 @@ public class DataPackage extends AbstractShadowableRdcDomainObject
private List<I18nLink> additionalLinks;

/**
* Remarks for User Service config
* Remarks for the User Service configuration.
*/
@Indexed
private String remarksUserService;
Expand Down
13 changes: 5 additions & 8 deletions src/main/java/eu/dzhw/fdz/metadatamanagement/ordermanagement/rest/OrderResource.java
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package eu.dzhw.fdz.metadatamanagement.ordermanagement.rest;

import java.time.ZoneId;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
Expand All @@ -14,7 +13,6 @@
import org.springframework.http.CacheControl;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.ExceptionHandler;
Expand Down Expand Up @@ -101,7 +99,6 @@ public ResponseEntity<IdAndVersionOrderProjection> createOrder(@RequestBody @Val
*/
@GetMapping("/api/orders/{id:.+}")
@Operation(summary = "Get the current status of the order as it is stored in the MDM.")
@Secured(value = {AuthoritiesConstants.PUBLISHER})
public ResponseEntity<Order> findOrder(@PathVariable String id) {
Optional<Order> optional = orderRepository.findById(id);

Expand All @@ -111,24 +108,24 @@ public ResponseEntity<Order> findOrder(@PathVariable String id) {

Order entity = optional.get();

Collection<?> g = SecurityContextHolder.getContext().getAuthentication().getAuthorities();
boolean b = SecurityContextHolder.getContext().getAuthentication().getAuthorities()
.contains(new SimpleGrantedAuthority(AuthoritiesConstants.PUBLISHER));
// do not provide field remarksUserService to users without role PUBLISHER
if (!(SecurityContextHolder.getContext().getAuthentication().getAuthorities()
.contains(new SimpleGrantedAuthority(AuthoritiesConstants.PUBLISHER)))) {
.contains(new SimpleGrantedAuthority(AuthoritiesConstants.PUBLISHER)))) {
for (Product product : entity.getProducts()) {
if (product != null && product.getDataPackage() != null) {
product.getDataPackage().setRemarksUserService(null);
}
if (product != null && product.getStudy() != null) {
product.getStudy().setRemarksUserService(null);
}
}
}

return ResponseEntity.ok()
.cacheControl(CacheControl.maxAge(0, TimeUnit.DAYS).mustRevalidate().cachePublic())
.eTag(entity.getVersion().toString())
.lastModified(
entity.getLastModifiedDate().atZone(ZoneId.of("GMT")).toInstant().toEpochMilli())
entity.getLastModifiedDate().atZone(ZoneId.of("GMT")).toInstant().toEpochMilli())
.body(entity);
}

Expand Down

0 comments on commit 1e93408

Please sign in to comment.