Merge branch '1370-overlay-list' into 'devel_15.1.x'

return proper status code for non existing project

See merge request !1255

CHANGELOG

@@ -3,6 +3,8 @@ minerva (15.1.1) stable; urgency=medium
     generated files that could not be opened in CellDesigner (#1363) 
   * Bug fix: zoom level change was not reflected in the url when submap was
     opened (#1338)
+  * Bug fix: API call returning list of overlays returned for non existing
+    project returned access denied status insted Not Found (#1370)
 
  -- Piotr Gawron <piotr.gawron@uni.lu>  Thu, 23 Nov 2020 15:00:00 +0200
 

rest-api/src/main/java/lcsb/mapviewer/api/projects/overlays/OverlayController.java

@@ -29,7 +29,8 @@ public class OverlayController extends BaseController {
     this.userService = userService;
   }
 
-  @PreAuthorize("hasAnyAuthority('IS_ADMIN', 'READ_PROJECT:' + #projectId)")
+  @PreAuthorize("hasAnyAuthority('IS_ADMIN', 'READ_PROJECT:' + #projectId) "
+      + "or not @projectService.projectExists(#projectId)")
   @PostFilter("hasAuthority('IS_ADMIN')" +
       " or hasAuthority('IS_CURATOR') and hasAuthority('READ_PROJECT:' + #projectId)" +
       " or hasAuthority('READ_PROJECT:' + #projectId) and (filterObject['creator'] == authentication.name or filterObject['publicOverlay'])")

web/src/test/java/lcsb/mapviewer/web/OverlayControllerIntegrationTestWithoutTransaction.java

@@ -112,4 +112,14 @@ public class OverlayControllerIntegrationTestWithoutTransaction extends Controll
       removeUserInSeparateThread(user);
     }
   }
+  
+  @Test
+  public void testListOverlaysByCreatorInNonExistingProject() throws Exception {
+
+    RequestBuilder request = get("/projects/NotExisting/overlays/?creator=blable");
+
+    mockMvc.perform(request)
+        .andExpect(status().isNotFound());
+  }
+  
 }