vmario/docs
1
0
Fork 0
mirror of https://github.com/sismics/docs.git synced 2024-11-21 21:47:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

#83: Access documents by a shared tag

Browse Source
This commit is contained in:
jendib 2016-05-06 00:36:54 +02:00
parent 5226df53a2
commit f12e3ec663
11 changed files with 267 additions and 188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs-core/src/main/java/com/sismics/docs/core/dao/jpa/TagDao.java
View File

@ -213,7 +213,7 @@ public class TagDao {
Map<String, Object> parameterMap = new HashMap<>();
List<String> criteriaList = new ArrayList<>();
StringBuilder sb = new StringBuilder("select t.TAG_ID_C as c0, t.TAG_NAME_C as c1, t.TAG_COLOR_C as c2, t.TAG_IDPARENT_C as c3 ");
StringBuilder sb = new StringBuilder("select distinct t.TAG_ID_C as c0, t.TAG_NAME_C as c1, t.TAG_COLOR_C as c2, t.TAG_IDPARENT_C as c3 ");
sb.append(" from T_TAG t ");
// Add search criterias
@ -223,6 +223,7 @@ public class TagDao {
}
if (criteria.getTargetIdList() != null) {
sb.append(" left join T_ACL a on a.ACL_TARGETID_C in (:targetIdList) and a.ACL_SOURCEID_C = t.TAG_ID_C and a.ACL_PERM_C = 'READ' and a.ACL_DELETEDATE_D is null ");
criteriaList.add("a.ACL_ID_C is not null");
parameterMap.put("targetIdList", criteria.getTargetIdList());
}
if (criteria.getDocumentId() != null) {

8
docs-web-common/src/test/java/com/sismics/docs/rest/BaseJerseyTest.java
View File

@ -30,7 +30,7 @@ public abstract class BaseJerseyTest extends JerseyTest {
/**
* Test HTTP server.
*/
protected HttpServer httpServer;
private HttpServer httpServer;
/**
* Utility class for the REST client.
@ -45,7 +45,11 @@ public abstract class BaseJerseyTest extends JerseyTest {
@Override
protected Application configure() {
enable(TestProperties.LOG_TRAFFIC);
// enable(TestProperties.DUMP_ENTITY);
String travisEnv = System.getenv("TRAVIS");
if (travisEnv == null || !travisEnv.equals("true")) {
// Travis don't like entity dumped in the logs
enable(TestProperties.DUMP_ENTITY);
}
return new Application();
}

20
docs-web/src/main/java/com/sismics/docs/rest/resource/AuditLogResource.java
View File

@ -1,14 +1,5 @@
package com.sismics.docs.rest.resource;
import javax.json.Json;
import javax.json.JsonArrayBuilder;
import javax.json.JsonObjectBuilder;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import com.google.common.base.Strings;
import com.sismics.docs.core.constant.PermType;
import com.sismics.docs.core.dao.jpa.AclDao;
@ -21,6 +12,15 @@ import com.sismics.docs.core.util.jpa.SortCriteria;
import com.sismics.rest.exception.ForbiddenClientException;
import com.sismics.rest.util.JsonUtil;
import javax.json.Json;
import javax.json.JsonArrayBuilder;
import javax.json.JsonObjectBuilder;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.Path;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
/**
* Audit log REST resources.
*
@ -50,7 +50,7 @@ public class AuditLogResource extends BaseResource {
// Check ACL on the document
AclDao aclDao = new AclDao();
if (!aclDao.checkPermission(documentId, PermType.READ, getTargetIdList(null))) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
criteria.setDocumentId(documentId);
}

30
docs-web/src/main/java/com/sismics/docs/rest/resource/CommentResource.java
View File

@ -1,20 +1,5 @@
package com.sismics.docs.rest.resource;
import java.util.List;
import javax.json.Json;
import javax.json.JsonArrayBuilder;
import javax.json.JsonObjectBuilder;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import com.sismics.docs.core.constant.PermType;
import com.sismics.docs.core.dao.jpa.CommentDao;
import com.sismics.docs.core.dao.jpa.DocumentDao;
@ -24,6 +9,13 @@ import com.sismics.rest.exception.ForbiddenClientException;
import com.sismics.rest.util.ValidationUtil;
import com.sismics.util.ImageUtil;
import javax.json.Json;
import javax.json.JsonArrayBuilder;
import javax.json.JsonObjectBuilder;
import javax.ws.rs.*;
import javax.ws.rs.core.Response;
import java.util.List;
/**
* Comment REST resource.
*
@ -52,7 +44,7 @@ public class CommentResource extends BaseResource {
// Read access on doc gives access to write comments
DocumentDao documentDao = new DocumentDao();
if (documentDao.getDocument(documentId, PermType.READ, getTargetIdList(null)) == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// Create the comment
@ -90,7 +82,7 @@ public class CommentResource extends BaseResource {
CommentDao commentDao = new CommentDao();
Comment comment = commentDao.getActiveById(id);
if (comment == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// If the current user owns the comment, skip ACL check
@ -98,7 +90,7 @@ public class CommentResource extends BaseResource {
// Get the associated document
DocumentDao documentDao = new DocumentDao();
if (documentDao.getDocument(comment.getDocumentId(), PermType.WRITE, getTargetIdList(null)) == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
}
@ -126,7 +118,7 @@ public class CommentResource extends BaseResource {
// Read access on doc gives access to read comments
DocumentDao documentDao = new DocumentDao();
if (documentDao.getDocument(documentId, PermType.READ, getTargetIdList(shareId)) == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// Assemble results

75
docs-web/src/main/java/com/sismics/docs/rest/resource/DocumentResource.java
View File

@ -1,57 +1,14 @@
package com.sismics.docs.rest.resource;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import javax.json.Json;
import javax.json.JsonArrayBuilder;
import javax.json.JsonObjectBuilder;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.StreamingOutput;
import com.sismics.docs.core.dao.jpa.criteria.TagCriteria;
import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormat;
import org.joda.time.format.DateTimeFormatter;
import org.joda.time.format.DateTimeFormatterBuilder;
import org.joda.time.format.DateTimeParser;
import com.google.common.base.Joiner;
import com.google.common.base.Strings;
import com.google.common.io.ByteStreams;
import com.sismics.docs.core.constant.Constants;
import com.sismics.docs.core.constant.PermType;
import com.sismics.docs.core.dao.jpa.AclDao;
import com.sismics.docs.core.dao.jpa.ContributorDao;
import com.sismics.docs.core.dao.jpa.DocumentDao;
import com.sismics.docs.core.dao.jpa.FileDao;
import com.sismics.docs.core.dao.jpa.RelationDao;
import com.sismics.docs.core.dao.jpa.TagDao;
import com.sismics.docs.core.dao.jpa.UserDao;
import com.sismics.docs.core.dao.jpa.*;
import com.sismics.docs.core.dao.jpa.criteria.DocumentCriteria;
import com.sismics.docs.core.dao.jpa.dto.AclDto;
import com.sismics.docs.core.dao.jpa.dto.ContributorDto;
import com.sismics.docs.core.dao.jpa.dto.DocumentDto;
import com.sismics.docs.core.dao.jpa.dto.RelationDto;
import com.sismics.docs.core.dao.jpa.dto.TagDto;
import com.sismics.docs.core.dao.jpa.criteria.TagCriteria;
import com.sismics.docs.core.dao.jpa.dto.*;
import com.sismics.docs.core.event.DocumentCreatedAsyncEvent;
import com.sismics.docs.core.event.DocumentDeletedAsyncEvent;
import com.sismics.docs.core.event.DocumentUpdatedAsyncEvent;
@ -60,7 +17,6 @@ import com.sismics.docs.core.model.context.AppContext;
import com.sismics.docs.core.model.jpa.Acl;
import com.sismics.docs.core.model.jpa.Document;
import com.sismics.docs.core.model.jpa.File;
import com.sismics.docs.core.model.jpa.Tag;
import com.sismics.docs.core.model.jpa.User;
import com.sismics.docs.core.util.PdfUtil;
import com.sismics.docs.core.util.jpa.PaginatedList;
@ -72,6 +28,23 @@ import com.sismics.rest.exception.ServerException;
import com.sismics.rest.util.JsonUtil;
import com.sismics.rest.util.ValidationUtil;
import com.sismics.util.mime.MimeType;
import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormat;
import org.joda.time.format.DateTimeFormatter;
import org.joda.time.format.DateTimeFormatterBuilder;
import org.joda.time.format.DateTimeParser;
import javax.json.Json;
import javax.json.JsonArrayBuilder;
import javax.json.JsonObjectBuilder;
import javax.ws.rs.*;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.StreamingOutput;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.text.MessageFormat;
import java.util.*;
/**
* Document REST resources.
@ -98,7 +71,7 @@ public class DocumentResource extends BaseResource {
AclDao aclDao = new AclDao();
DocumentDto documentDto = documentDao.getDocument(documentId, PermType.READ, getTargetIdList(shareId));
if (documentDto == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
JsonObjectBuilder document = Json.createObjectBuilder()
@ -215,7 +188,7 @@ public class DocumentResource extends BaseResource {
DocumentDao documentDao = new DocumentDao();
final DocumentDto documentDto = documentDao.getDocument(documentId, PermType.READ, getTargetIdList(shareId));
if (documentDto == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// Get files
@ -606,7 +579,7 @@ public class DocumentResource extends BaseResource {
DocumentDao documentDao = new DocumentDao();
Document document = documentDao.getById(id);
if (document == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// Update the document
@ -712,7 +685,7 @@ public class DocumentResource extends BaseResource {
FileDao fileDao = new FileDao();
DocumentDto documentDto = documentDao.getDocument(id, PermType.WRITE, getTargetIdList(null));
if (documentDto == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
List<File> fileList = fileDao.getByDocumentId(principal.getId(), id);

38
docs-web/src/main/java/com/sismics/docs/rest/resource/FileResource.java
View File

@ -16,17 +16,7 @@ import java.util.zip.ZipOutputStream;
import javax.json.Json;
import javax.json.JsonArrayBuilder;
import javax.json.JsonObjectBuilder;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
@ -100,7 +90,7 @@ public class FileResource extends BaseResource {
DocumentDao documentDao = new DocumentDao();
documentDto = documentDao.getDocument(documentId, PermType.WRITE, getTargetIdList(null));
if (documentDto == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
}
@ -215,7 +205,7 @@ public class FileResource extends BaseResource {
File file = fileDao.getFile(id, principal.getId());
DocumentDto documentDto = documentDao.getDocument(documentId, PermType.WRITE, getTargetIdList(null));
if (file == null || documentDto == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// Check that the file is orphan
@ -277,7 +267,7 @@ public class FileResource extends BaseResource {
// Get the document
DocumentDao documentDao = new DocumentDao();
if (documentDao.getDocument(documentId, PermType.WRITE, getTargetIdList(null)) == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// Reorder files
@ -313,7 +303,7 @@ public class FileResource extends BaseResource {
if (documentId != null) {
AclDao aclDao = new AclDao();
if (!aclDao.checkPermission(documentId, PermType.READ, getTargetIdList(shareId))) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
} else if (!authenticated) {
throw new ForbiddenClientException();
@ -360,7 +350,7 @@ public class FileResource extends BaseResource {
DocumentDao documentDao = new DocumentDao();
File file = fileDao.getFile(id);
if (file == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
DocumentDto documentDto = null;
@ -371,7 +361,7 @@ public class FileResource extends BaseResource {
throw new ForbiddenClientException();
}
} else if ((documentDto = documentDao.getDocument(file.getDocumentId(), PermType.WRITE, getTargetIdList(null))) == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// Delete the file
@ -433,7 +423,7 @@ public class FileResource extends BaseResource {
UserDao userDao = new UserDao();
File file = fileDao.getFile(fileId);
if (file == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
if (file.getDocumentId() == null) {
@ -454,7 +444,7 @@ public class FileResource extends BaseResource {
// Get the stored file
java.nio.file.Path storedFile;
String mimeType;
boolean decrypt = false;
boolean decrypt;
if (size != null) {
storedFile = DirectoryUtil.getStorageDirectory().resolve(fileId + "_" + size);
mimeType = MimeType.IMAGE_JPEG; // Thumbnails are JPEG
@ -488,8 +478,12 @@ public class FileResource extends BaseResource {
try {
ByteStreams.copy(responseInputStream, outputStream);
} finally {
responseInputStream.close();
outputStream.close();
try {
responseInputStream.close();
outputStream.close();
} catch (IOException e) {
// Ignore
}
}
}
};
@ -521,7 +515,7 @@ public class FileResource extends BaseResource {
DocumentDao documentDao = new DocumentDao();
DocumentDto documentDto = documentDao.getDocument(documentId, PermType.READ, getTargetIdList(shareId));
if (documentDto == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// Get files and user associated with this document

41
docs-web/src/main/java/com/sismics/docs/rest/resource/GroupResource.java
View File

@ -1,22 +1,5 @@
package com.sismics.docs.rest.resource;
import java.text.MessageFormat;
import java.util.List;
import javax.json.Json;
import javax.json.JsonArrayBuilder;
import javax.json.JsonObjectBuilder;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import com.google.common.base.Strings;
import com.sismics.docs.core.dao.jpa.GroupDao;
import com.sismics.docs.core.dao.jpa.UserDao;
@ -34,6 +17,14 @@ import com.sismics.rest.exception.ForbiddenClientException;
import com.sismics.rest.util.JsonUtil;
import com.sismics.rest.util.ValidationUtil;
import javax.json.Json;
import javax.json.JsonArrayBuilder;
import javax.json.JsonObjectBuilder;
import javax.ws.rs.*;
import javax.ws.rs.core.Response;
import java.text.MessageFormat;
import java.util.List;
/**
* Group REST resources.
*
@ -109,12 +100,12 @@ public class GroupResource extends BaseResource {
GroupDao groupDao = new GroupDao();
Group group = groupDao.getActiveByName(groupName);
if (group == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// Avoid duplicates
Group existingGroup = groupDao.getActiveByName(name);
if (existingGroup != null && existingGroup.getId() != group.getId()) {
if (existingGroup != null && !existingGroup.getId().equals(group.getId())) {
throw new ClientException("GroupAlreadyExists", MessageFormat.format("This group already exists: {0}", name));
}
@ -155,7 +146,7 @@ public class GroupResource extends BaseResource {
GroupDao groupDao = new GroupDao();
Group group = groupDao.getActiveByName(groupName);
if (group == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// Delete the group
@ -191,14 +182,14 @@ public class GroupResource extends BaseResource {
GroupDao groupDao = new GroupDao();
Group group = groupDao.getActiveByName(groupName);
if (group == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// Get the user
UserDao userDao = new UserDao();
User user = userDao.getActiveByUsername(username);
if (user == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// Avoid duplicates
@ -248,14 +239,14 @@ public class GroupResource extends BaseResource {
GroupDao groupDao = new GroupDao();
Group group = groupDao.getActiveByName(groupName);
if (group == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// Get the user
UserDao userDao = new UserDao();
User user = userDao.getActiveByUsername(username);
if (user == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// Remove the membership
@ -315,7 +306,7 @@ public class GroupResource extends BaseResource {
GroupDao groupDao = new GroupDao();
Group group = groupDao.getActiveByName(groupName);
if (group == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// Build the response

22
docs-web/src/main/java/com/sismics/docs/rest/resource/ShareResource.java
View File

@ -1,19 +1,6 @@
package com.sismics.docs.rest.resource;
import java.text.MessageFormat;
import java.util.List;
import javax.json.Json;
import javax.json.JsonObjectBuilder;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import com.sismics.docs.core.constant.AclTargetType;
import com.sismics.docs.core.constant.PermType;
import com.sismics.docs.core.dao.jpa.AclDao;
@ -26,6 +13,13 @@ import com.sismics.rest.exception.ForbiddenClientException;
import com.sismics.rest.util.JsonUtil;
import com.sismics.rest.util.ValidationUtil;
import javax.json.Json;
import javax.json.JsonObjectBuilder;
import javax.ws.rs.*;
import javax.ws.rs.core.Response;
import java.text.MessageFormat;
import java.util.List;
/**
* Share REST resources.
*
@ -55,7 +49,7 @@ public class ShareResource extends BaseResource {
// Get the document
DocumentDao documentDao = new DocumentDao();
if (documentDao.getDocument(documentId, PermType.WRITE, getTargetIdList(null)) == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// Create the share

40
docs-web/src/main/java/com/sismics/docs/rest/resource/TagResource.java
View File

@ -6,13 +6,7 @@ import java.util.List;
import javax.json.Json;
import javax.json.JsonArrayBuilder;
import javax.json.JsonObjectBuilder;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.*;
import javax.ws.rs.core.Response;
import com.sismics.docs.core.constant.PermType;
@ -20,6 +14,7 @@ import com.sismics.docs.core.dao.jpa.AclDao;
import com.sismics.docs.core.dao.jpa.criteria.TagCriteria;
import com.sismics.docs.core.dao.jpa.dto.TagDto;
import com.sismics.docs.core.model.jpa.Acl;
import com.sismics.docs.core.util.jpa.SortCriteria;
import org.apache.commons.lang.StringUtils;
import com.sismics.docs.core.dao.jpa.TagDao;
@ -50,7 +45,7 @@ public class TagResource extends BaseResource {
}
TagDao tagDao = new TagDao();
List<TagDto> tagDtoList = tagDao.findByCriteria(new TagCriteria().setTargetIdList(getTargetIdList(null)), null);
List<TagDto> tagDtoList = tagDao.findByCriteria(new TagCriteria().setTargetIdList(getTargetIdList(null)), new SortCriteria(1, true));
JsonArrayBuilder items = Json.createArrayBuilder();
for (TagDto tagDto : tagDtoList) {
items.add(Json.createObjectBuilder()
@ -121,18 +116,17 @@ public class TagResource extends BaseResource {
}
// Check the parent
TagDao tagDao = new TagDao();
if (StringUtils.isEmpty(parentId)) {
parentId = null;
} else {
List<TagDto> tagDtoList = tagDao.findByCriteria(new TagCriteria().setTargetIdList(getTargetIdList(null)).setId(parentId), null);
if (tagDtoList.size() == 0) {
AclDao aclDao = new AclDao();
if (!aclDao.checkPermission(parentId, PermType.READ, getTargetIdList(null))) {
throw new ClientException("ParentNotFound", MessageFormat.format("Parent not found: {0}", parentId));
}
parentId = tagDtoList.get(0).getId();
}
// Create the tag
TagDao tagDao = new TagDao();
Tag tag = new Tag();
tag.setName(name);
tag.setColor(color);
@ -188,25 +182,23 @@ public class TagResource extends BaseResource {
throw new ClientException("SpacesNotAllowed", "Spaces are not allowed in tag name");
}
// Get the tag
TagDao tagDao = new TagDao();
List<TagDto> tagDtoList = tagDao.findByCriteria(new TagCriteria().setTargetIdList(getTargetIdList(null)).setId(id), null);
if (tagDtoList.size() == 0) {
throw new ClientException("TagNotFound", MessageFormat.format("Tag not found: {0}", id));
// Check permission
AclDao aclDao = new AclDao();
if (!aclDao.checkPermission(id, PermType.WRITE, getTargetIdList(null))) {
throw new NotFoundException();
}
// Check the parent
if (StringUtils.isEmpty(parentId)) {
parentId = null;
} else {
tagDtoList = tagDao.findByCriteria(new TagCriteria().setTargetIdList(getTargetIdList(null)).setId(parentId), null);
if (tagDtoList.size() == 0) {
if (!aclDao.checkPermission(parentId, PermType.READ, getTargetIdList(null))) {
throw new ClientException("ParentNotFound", MessageFormat.format("Parent not found: {0}", parentId));
}
parentId = tagDtoList.get(0).getId();
}
// Update the tag
TagDao tagDao = new TagDao();
Tag tag = tagDao.getById(id);
if (!StringUtils.isEmpty(name)) {
tag.setName(name);
@ -239,13 +231,13 @@ public class TagResource extends BaseResource {
}
// Get the tag
TagDao tagDao = new TagDao();
List<TagDto> tagDtoList = tagDao.findByCriteria(new TagCriteria().setTargetIdList(getTargetIdList(null)).setId(id), null);
if (tagDtoList.size() == 0) {
throw new ClientException("TagNotFound", MessageFormat.format("Tag not found: {0}", id));
AclDao aclDao = new AclDao();
if (!aclDao.checkPermission(id, PermType.WRITE, getTargetIdList(null))) {
throw new NotFoundException();
}
// Delete the tag
TagDao tagDao = new TagDao();
tagDao.delete(id, principal.getId());
// Always return OK

33
docs-web/src/main/java/com/sismics/docs/rest/resource/VocabularyResource.java
View File

@ -1,26 +1,18 @@
package com.sismics.docs.rest.resource;
import java.util.List;
import javax.json.Json;
import javax.json.JsonArrayBuilder;
import javax.json.JsonObjectBuilder;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import com.sismics.docs.core.dao.jpa.VocabularyDao;
import com.sismics.docs.core.model.jpa.Vocabulary;
import com.sismics.docs.rest.constant.BaseFunction;
import com.sismics.rest.exception.ForbiddenClientException;
import com.sismics.rest.util.ValidationUtil;
import javax.json.Json;
import javax.json.JsonArrayBuilder;
import javax.json.JsonObjectBuilder;
import javax.ws.rs.*;
import javax.ws.rs.core.Response;
import java.util.List;
/**
* Vocabulary REST resources.
*
@ -58,7 +50,7 @@ public class VocabularyResource extends BaseResource {
*
* @param name Name
* @param value Value
* @param order Order
* @param orderStr Order
* @return Response
*/
@PUT
@ -95,10 +87,11 @@ public class VocabularyResource extends BaseResource {
/**
* Update a vocabulary.
*
*
* @param id ID
* @param name Name
* @param value Value
* @param order Order
* @param orderStr Order
* @return Response
*/
@POST
@ -127,7 +120,7 @@ public class VocabularyResource extends BaseResource {
VocabularyDao vocabularyDao = new VocabularyDao();
Vocabulary vocabulary = vocabularyDao.getById(id);
if (vocabulary == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// Update the vocabulary
@ -169,7 +162,7 @@ public class VocabularyResource extends BaseResource {
VocabularyDao vocabularyDao = new VocabularyDao();
Vocabulary vocabulary = vocabularyDao.getById(id);
if (vocabulary == null) {
return Response.status(Status.NOT_FOUND).build();
throw new NotFoundException();
}
// Delete the vocabulary

145
docs-web/src/test/java/com/sismics/docs/rest/TestAclResource.java
View File

@ -249,4 +249,149 @@ public class TestAclResource extends BaseJerseyTest {
groups = json.getJsonArray("groups");
Assert.assertEquals(1, groups.size());
}
@Test
public void testAclTags() {
// Login acltag1
clientUtil.createUser("acltag1");
String acltag1Token = clientUtil.login("acltag1");
// Login acltag2
clientUtil.createUser("acltag2");
String acltag2Token = clientUtil.login("acltag2");
// Create tag1 with acltag1
JsonObject json = target().path("/tag").request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag1Token)
.put(Entity.form(new Form()
.param("name", "AclTag1")
.param("color", "#ff0000")), JsonObject.class);
String tag1Id = json.getString("id");
Assert.assertNotNull(tag1Id);
// Create document1 with acltag1 tagged with tag1
json = target().path("/document").request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag1Token)
.put(Entity.form(new Form()
.param("title", "My super document 1")
.param("tags", tag1Id)
.param("language", "eng")), JsonObject.class);
String document1Id = json.getString("id");
// acltag2 cannot see document1
Response response = target().path("/document/" + document1Id).request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag2Token)
.get();
Assert.assertEquals(Status.NOT_FOUND.getStatusCode(), response.getStatus());
// acltag2 cannot see any tag
json = target().path("/tag/list").request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag2Token)
.get(JsonObject.class);
JsonArray tags = json.getJsonArray("tags");
Assert.assertEquals(0, tags.size());
// acltag2 cannot see any document
json = target().path("/document/list")
.queryParam("sort_column", 3)
.queryParam("asc", true)
.request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag2Token)
.get(JsonObject.class);
JsonArray documents = json.getJsonArray("documents");
Assert.assertEquals(0, documents.size());
// acltag2 cannot edit tag1
response = target().path("/tag/" + tag1Id).request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag2Token)
.post(Entity.form(new Form()
.param("name", "AclTag1")
.param("color", "#ff0000")));
Assert.assertEquals(Status.NOT_FOUND.getStatusCode(), response.getStatus());
// acltag2 cannot edit document1
response = target().path("/document/" + document1Id).request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag2Token)
.post(Entity.form(new Form()
.param("title", "My super document 1")
.param("tags", tag1Id)
.param("language", "eng")));
Assert.assertEquals(Status.FORBIDDEN.getStatusCode(), response.getStatus());
// Add an ACL READ for acltag2 with acltag1 on tag1
target().path("/acl").request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag1Token)
.put(Entity.form(new Form()
.param("source", tag1Id)
.param("perm", "READ")
.param("target", "acltag2")
.param("type", "USER")), JsonObject.class);
// acltag2 still cannot edit tag1
response = target().path("/tag/" + tag1Id).request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag2Token)
.post(Entity.form(new Form()
.param("name", "AclTag1")
.param("color", "#ff0000")));
Assert.assertEquals(Status.NOT_FOUND.getStatusCode(), response.getStatus());
// acltag2 still cannot edit document1
response = target().path("/document/" + document1Id).request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag2Token)
.post(Entity.form(new Form()
.param("title", "My super document 1")
.param("tags", tag1Id)
.param("language", "eng")));
Assert.assertEquals(Status.FORBIDDEN.getStatusCode(), response.getStatus());
// acltag2 can see document1 with tag1
json = target().path("/document/" + document1Id).request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag2Token)
.get(JsonObject.class);
tags = json.getJsonArray("tags");
Assert.assertEquals(1, tags.size());
Assert.assertEquals(tag1Id, tags.getJsonObject(0).getString("id"));
// acltag2 can see tag1
json = target().path("/tag/list").request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag2Token)
.get(JsonObject.class);
tags = json.getJsonArray("tags");
Assert.assertEquals(1, tags.size());
Assert.assertEquals(tag1Id, tags.getJsonObject(0).getString("id"));
// acltag2 can see exactly one document
json = target().path("/document/list")
.queryParam("sort_column", 3)
.queryParam("asc", true)
.request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag2Token)
.get(JsonObject.class);
documents = json.getJsonArray("documents");
Assert.assertEquals(1, documents.size());
// Add an ACL WRITE for acltag2 with acltag1 on tag1
target().path("/acl").request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag1Token)
.put(Entity.form(new Form()
.param("source", tag1Id)
.param("perm", "WRITE")
.param("target", "acltag2")
.param("type", "USER")), JsonObject.class);
// acltag2 can edit tag1
target().path("/tag/" + tag1Id).request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag2Token)
.post(Entity.form(new Form()
.param("name", "AclTag1")
.param("color", "#ff0000")), JsonObject.class);
// acltag2 can edit document1
target().path("/document/" + document1Id).request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acltag2Token)
.post(Entity.form(new Form()
.param("title", "My super document 1")
.param("tags", tag1Id)
.param("language", "eng")), JsonObject.class);
}
}