Fix public map access.

This commit is contained in:
Paulo Gustavo Veiga 2023-08-10 23:18:59 -07:00
parent c783feef65
commit 87712b2493
3 changed files with 4 additions and 8 deletions

View File

@ -1,7 +1,5 @@
package com.wisemapping.config;
import com.wisemapping.exceptions.AccessDeniedSecurityException;
import com.wisemapping.exceptions.MapNotPublicSecurityException;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.HandlerExceptionResolver;
@ -11,8 +9,6 @@ import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
import org.springframework.web.servlet.view.JstlView;
import java.util.Properties;
@EnableWebMvc
@Configuration
public class AppConfig {

View File

@ -80,7 +80,7 @@ public class SecurityConfig {
.requestMatchers("/registration", "registration-success", "/registration-google").permitAll()
.requestMatchers("/forgot-password", "/forgot-password-success").permitAll()
.requestMatchers("/maps/*/embed", "/maps/*/try", "/maps/*/public").permitAll()
.requestMatchers("/restful/maps/*/document/xml-pub").permitAll()
.requestMatchers("/maps/*/document/xml-pub").permitAll()
.requestMatchers("/**").hasAnyRole("USER", "ADMIN")
.anyRequest().authenticated())
.formLogin((loginForm) ->
@ -112,7 +112,7 @@ public class SecurityConfig {
public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
return http.authorizeHttpRequests(
(auth) ->
auth.requestMatchers("/static/**", "/css/**", "/js/**", "/images/**", "/favicon.ico").permitAll()
auth.requestMatchers("/static/**", "/css/**", "/js/**", "/images/**", "/*").permitAll()
).build();
}

View File

@ -84,8 +84,7 @@ public class MindmapController extends BaseController {
List<Mindmap> mindmaps = mindmapService.findMindmapsByUser(user);
mindmaps = mindmaps
.stream()
.filter(m -> filter.accept(m, user))
.collect(Collectors.toUnmodifiableList());
.filter(m -> filter.accept(m, user)).toList();
return new RestMindmapList(mindmaps, user);
}
@ -148,6 +147,7 @@ public class MindmapController extends BaseController {
saveMindmapDocument(minor, mindmap, user);
}
@PreAuthorize("permitAll()")
@RequestMapping(method = RequestMethod.GET, value = {"/maps/{id}/document/xml", "/maps/{id}/document/xml-pub"}, consumes = {"text/plain"}, produces = {"application/xml; charset=UTF-8"})
@ResponseBody
public byte[] retrieveDocument(@PathVariable int id, @NotNull HttpServletResponse response) throws WiseMappingException, IOException {