From 1e93408bfd2638be1d3045830fc576af0229db72 Mon Sep 17 00:00:00 2001 From: Sabrina Arnold Date: Thu, 16 Nov 2023 12:44:31 +0100 Subject: [PATCH] #3233 Add remarks for user service; restrict to role publisher --- .../datapackagemanagement/domain/DataPackage.java | 2 +- .../ordermanagement/rest/OrderResource.java | 13 +++++-------- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/src/main/java/eu/dzhw/fdz/metadatamanagement/datapackagemanagement/domain/DataPackage.java b/src/main/java/eu/dzhw/fdz/metadatamanagement/datapackagemanagement/domain/DataPackage.java index d9f622f677..f639afab29 100644 --- a/src/main/java/eu/dzhw/fdz/metadatamanagement/datapackagemanagement/domain/DataPackage.java +++ b/src/main/java/eu/dzhw/fdz/metadatamanagement/datapackagemanagement/domain/DataPackage.java @@ -212,7 +212,7 @@ public class DataPackage extends AbstractShadowableRdcDomainObject private List additionalLinks; /** - * Remarks for User Service config + * Remarks for the User Service configuration. */ @Indexed private String remarksUserService; diff --git a/src/main/java/eu/dzhw/fdz/metadatamanagement/ordermanagement/rest/OrderResource.java b/src/main/java/eu/dzhw/fdz/metadatamanagement/ordermanagement/rest/OrderResource.java index 469b946685..24c7eced6e 100644 --- a/src/main/java/eu/dzhw/fdz/metadatamanagement/ordermanagement/rest/OrderResource.java +++ b/src/main/java/eu/dzhw/fdz/metadatamanagement/ordermanagement/rest/OrderResource.java @@ -1,7 +1,6 @@ package eu.dzhw.fdz.metadatamanagement.ordermanagement.rest; import java.time.ZoneId; -import java.util.Collection; import java.util.HashMap; import java.util.Map; import java.util.Optional; @@ -14,7 +13,6 @@ import org.springframework.http.CacheControl; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; -import org.springframework.security.access.annotation.Secured; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.bind.annotation.ExceptionHandler; @@ -101,7 +99,6 @@ public ResponseEntity createOrder(@RequestBody @Val */ @GetMapping("/api/orders/{id:.+}") @Operation(summary = "Get the current status of the order as it is stored in the MDM.") - @Secured(value = {AuthoritiesConstants.PUBLISHER}) public ResponseEntity findOrder(@PathVariable String id) { Optional optional = orderRepository.findById(id); @@ -111,16 +108,16 @@ public ResponseEntity findOrder(@PathVariable String id) { Order entity = optional.get(); - Collection g = SecurityContextHolder.getContext().getAuthentication().getAuthorities(); - boolean b = SecurityContextHolder.getContext().getAuthentication().getAuthorities() - .contains(new SimpleGrantedAuthority(AuthoritiesConstants.PUBLISHER)); // do not provide field remarksUserService to users without role PUBLISHER if (!(SecurityContextHolder.getContext().getAuthentication().getAuthorities() - .contains(new SimpleGrantedAuthority(AuthoritiesConstants.PUBLISHER)))) { + .contains(new SimpleGrantedAuthority(AuthoritiesConstants.PUBLISHER)))) { for (Product product : entity.getProducts()) { if (product != null && product.getDataPackage() != null) { product.getDataPackage().setRemarksUserService(null); } + if (product != null && product.getStudy() != null) { + product.getStudy().setRemarksUserService(null); + } } } @@ -128,7 +125,7 @@ public ResponseEntity findOrder(@PathVariable String id) { .cacheControl(CacheControl.maxAge(0, TimeUnit.DAYS).mustRevalidate().cachePublic()) .eTag(entity.getVersion().toString()) .lastModified( - entity.getLastModifiedDate().atZone(ZoneId.of("GMT")).toInstant().toEpochMilli()) + entity.getLastModifiedDate().atZone(ZoneId.of("GMT")).toInstant().toEpochMilli()) .body(entity); }