Changeset 5923 for ComponentRegistry


Ignore:
Timestamp:
01/16/15 10:54:43 (9 years ago)
Author:
Twan Goosen
Message:

When saving a group component as new in private space, check whether referenced components are accessible to the current user (not just if they are already in the private space)
Fixes #717

Location:
ComponentRegistry/trunk/ComponentRegistry/src/main/java/clarin/cmdi/componentregistry
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • ComponentRegistry/trunk/ComponentRegistry/src/main/java/clarin/cmdi/componentregistry/ComponentRegistry.java

    r5872 r5923  
    249249
    250250    Number makeGroupMember(String principalName, String groupName) throws UserUnauthorizedException, ItemNotFoundException;
     251   
     252    boolean canCurrentUserAccessDescription(String cmdId) throws ItemNotFoundException, AuthenticationRequiredException;
    251253
    252254    //long removeGroupMember(String principalName, String groupName) throws  UserUnauthorizedException, ItemNotFoundException;

  • ComponentRegistry/trunk/ComponentRegistry/src/main/java/clarin/cmdi/componentregistry/impl/database/ComponentRegistryDbImpl.java

    r5872 r5923  
    800800    }
    801801
    802     private boolean canCurrentUserAccessDescription(String cmdId) throws ItemNotFoundException, AuthenticationRequiredException {
     802    @Override
     803    public boolean canCurrentUserAccessDescription(String cmdId) throws ItemNotFoundException, AuthenticationRequiredException {
    803804        if (cmdId == null) {
    804805            throw new ItemNotFoundException("Item with the null cmdIdentifier.");

  • ComponentRegistry/trunk/ComponentRegistry/src/main/java/clarin/cmdi/componentregistry/rest/MDValidator.java

    r5549 r5923  
    11package clarin.cmdi.componentregistry.rest;
    22
     3import clarin.cmdi.componentregistry.AuthenticationRequiredException;
    34import clarin.cmdi.componentregistry.ComponentRegistry;
    45import clarin.cmdi.componentregistry.ComponentRegistryException;
     
    1213import clarin.cmdi.componentregistry.components.CMDComponentSpec;
    1314import clarin.cmdi.componentregistry.components.CMDComponentType;
     15import clarin.cmdi.componentregistry.impl.database.GroupService;
    1416import clarin.cmdi.componentregistry.model.BaseDescription;
    1517import clarin.cmdi.schema.cmd.Validator.Message;
     
    3941    static final String SCHEMA_ERROR = "Error in reading general component schema: ";
    4042    static final String IO_ERROR = "Error while reading specification or general component schema: ";
     43    static final String INTERNAL_ERROR = "Internal error: ";   
    4144    static final String COMPONENT_NOT_REGISTERED_IN_APPROPRIATE_SPACE_ERROR = "referenced component cannot be found in the appropriate registry components: ";
    4245    static final String COMPONENT_REGISTRY_EXCEPTION_ERROR = "An exception occurred while accessing the component registry: ";
     
    119122            } catch (NullIdException e3) {
    120123                errorMessages.add(COMPONENT_NOT_REGISTERED_ERROR + e3);
     124            } catch(AuthenticationRequiredException e) {
     125                errorMessages.add(INTERNAL_ERROR + e);
    121126            }
    122127        }
     
    136141    }
    137142
    138     private void validateComponents(CMDComponentSpec componentSpec) throws ComponentRegistryException, UserUnauthorizedException, ItemNotFoundException, NullIdException {
     143    private void validateComponents(CMDComponentSpec componentSpec) throws ComponentRegistryException, UserUnauthorizedException, ItemNotFoundException, NullIdException, AuthenticationRequiredException {
    139144        validateComponents(Collections.singletonList(componentSpec.getCMDComponent()));
    140145    }
    141146
    142     private void validateComponents(List<CMDComponentType> cmdComponents) throws ComponentRegistryException, UserUnauthorizedException, ItemNotFoundException, NullIdException {
     147    private void validateComponents(List<CMDComponentType> cmdComponents) throws ComponentRegistryException, UserUnauthorizedException, ItemNotFoundException, NullIdException, AuthenticationRequiredException {
    143148        for (CMDComponentType cmdComponentType : cmdComponents) {
    144149            this.validateDescribedComponents(cmdComponentType);
     
    147152    }
    148153
    149     private void validateDescribedComponents(CMDComponentType cmdComponentType) throws ComponentRegistryException, UserUnauthorizedException, ItemNotFoundException, NullIdException {
     154    private void validateDescribedComponents(CMDComponentType cmdComponentType) throws ComponentRegistryException, UserUnauthorizedException, ItemNotFoundException, NullIdException, AuthenticationRequiredException {
    150155        this.checkComponentInSpace(cmdComponentType);
    151156    }
    152157
    153     private void checkComponentInSpace(CMDComponentType cmdComponentType) throws ComponentRegistryException, UserUnauthorizedException, ItemNotFoundException, NullIdException {
     158    private void checkComponentInSpace(CMDComponentType cmdComponentType) throws ComponentRegistryException, UserUnauthorizedException, ItemNotFoundException, NullIdException, AuthenticationRequiredException {
    154159        if (isDefinedInSeparateFile(cmdComponentType)) {
    155160            String id = cmdComponentType.getComponentId();
     
    160165            CMDComponentSpec registeredComponent = registry.getMDComponent(id);
    161166            if (registeredComponent != null) {
    162                 String componentId = cmdComponentType.getComponentId();
    163                 Boolean isPublicB = registry.isItemPublic(id);// throws ItemNotFoundException
    164                 boolean isPublic = isPublicB.booleanValue();
    165                 if (isPublic) {  // if  a component is public, it is available for any registry
     167                final String componentId = cmdComponentType.getComponentId();
     168                if (registry.isItemPublic(id)) {  // if  a component is public, it is available for any registry
    166169                    return;
    167170                };
    168171                // a private component for a private registry is available only if its owner is the owner of the resgitry
    169172                if (registry.getRegistrySpace().equals(RegistrySpace.PRIVATE)) {
    170                     Number registryOwnerId = registry.getRegistryOwner().getId();
    171                     Number componentOwnerId = registry.getBaseDescriptionOwnerId(cmdComponentType.getComponentId());
    172                     if (registryOwnerId.equals(componentOwnerId)) {
     173                    if(registry.canCurrentUserAccessDescription(componentId)) {
    173174                        return;
    174                     };
     175                    }
    175176                    errorMessages.add(COMPONENT_NOT_REGISTERED_IN_APPROPRIATE_SPACE_ERROR + componentId + " (private registry)");
    176177                    return;
Note: See TracChangeset for help on using the changeset viewer.