Merge branch '950-minervanet-error-report-113' into 'master'

Resolve "MINERVANET - Error Report 113" Closes #950 See merge request minerva/core!928

Merge branch '950-minervanet-error-report-113' into 'master'
Resolve "MINERVANET - Error Report 113" Closes #950 See merge request minerva/core!928
79916664 · Piotr Gawron · ff285a55 · 5d0a570c · 79916664 · 79916664
Commit 79916664 authored Sep 16, 2019 by Piotr Gawron
--- a/CHANGELOG
+++ b/CHANGELOG
+minerva (14.0.0~beta.2) unstable; urgency=low
+  * Bug fix: allow user to remove own comments (#931)
+  * Bug fix: validation of project name length is provided (#950)
+
+ -- Piotr Gawron <piotr.gawron@uni.lu>  Mon, 16 Sep 2019 21:00:00 +0200
+
 minerva (14.0.0~beta.1) unstable; urgency=low
  * Bug fix: problem with changing user role (#932)


--- a/frontend-js/src/main/js/gui/admin/AddProjectDialog.js
+++ b/frontend-js/src/main/js/gui/admin/AddProjectDialog.js
@@ -1282,6 +1282,11 @@ AddProjectDialog.prototype.checkValidity = function () {
    isValid = false;
  }

+  var name = self.getName();
+  if (name.length > 255) {
+    error += "<li>name must be shorter than 256 characters</li>";
+    isValid = false;
+  }

  var rootExist = 0, i;
  for (i = 0; i < self.getZipEntries().length; i++) {

--- a/frontend-js/src/main/js/gui/admin/CommentsAdminPanel.js
+++ b/frontend-js/src/main/js/gui/admin/CommentsAdminPanel.js
@@ -113,17 +113,18 @@ CommentsAdminPanel.prototype.refreshComments = function () {
    comments = result;
    return self.getServerConnector().getLoggedUser();
  }).then(function (user) {
+    var curatorAccess = self.getConfiguration().getPrivilegeType(PrivilegeType.IS_CURATOR);
    var writeAccess = self.getConfiguration().getPrivilegeType(PrivilegeType.WRITE_PROJECT);
-    var isAdmin = self.getConfiguration().getPrivilegeType(PrivilegeType.IS_ADMIN);
+    var adminAccess = self.getConfiguration().getPrivilegeType(PrivilegeType.IS_ADMIN);
    var disable = true;
-    if (user.hasPrivilege(writeAccess, self.getProject().getProjectId()) || user.hasPrivilege(isAdmin)) {
+    if ((user.hasPrivilege(writeAccess, self.getProject().getProjectId()) && user.hasPrivilege(curatorAccess)) || user.hasPrivilege(adminAccess)) {
      disable = false;
    }

    var dataTable = $($("[name='commentsTable']", self.getElement())[0]).DataTable();
    var data = [];
    for (var i = 0; i < comments.length; i++) {
-      data.push(self.commentToTableRow(comments[i], disable));
+      data.push(self.commentToTableRow(comments[i], disable && comments[i].getAuthor() !== user.getLogin()));
    }
    dataTable.clear().rows.add(data).draw();
  });
@@ -169,12 +170,12 @@ CommentsAdminPanel.prototype.commentToTableRow = function (comment, disable) {
  }

  var author = comment.getAuthor();
-  if (author === undefined) {
+  if (author === undefined || author === null) {
    author = "N/A";
  }

  var email = comment.getEmail();
-  if (email === undefined) {
+  if (email === undefined || email === null) {
    email = "N/A";
  }


--- a/frontend-js/src/main/js/map/data/Comment.js
+++ b/frontend-js/src/main/js/map/data/Comment.js
@@ -25,7 +25,7 @@ function Comment(javaObject) {
    this.setTitle(javaObject.title);
    this.setContent(javaObject.content);
  }
-  this.setAuthor(javaObject.author);
+  this.setAuthor(javaObject.owner);
  this.setEmail(javaObject.email);
 }


--- a/rest-api/src/main/java/lcsb/mapviewer/api/projects/ProjectRestImpl.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/projects/ProjectRestImpl.java
@@ -276,6 +276,9 @@ public class ProjectRestImpl extends BaseRestImpl {
          throw new QueryException("You cannot modify projectId");
        }
      } else if (fieldName.equalsIgnoreCase("name")) {
+        if (value != null && ((String) value).length() > 255) {
+          throw new QueryException("name is too long");
+        }
        project.setName((String) value);
      } else if (fieldName.equalsIgnoreCase("notifyEmail")) {
        project.setNotifyEmail(stringValue);
@@ -377,6 +380,9 @@ public class ProjectRestImpl extends BaseRestImpl {
    params.projectFile(file);
    params.projectId(projectId);
    params.projectName(getFirstValue(data.get("name")));
+    if (params.getProjectName() != null && params.getProjectName().length() > 255) {
+      throw new QueryException("name is too long");
+    }
    params.projectOrganism(getFirstValue(data.get("organism")));
    params.sbgnFormat(getFirstValue(data.get("sbgn")));
    params.semanticZoomContainsMultipleLayouts(getFirstValue(data.get("semantic-zoom-contains-multiple-layouts")));

--- a/web/src/test/java/lcsb/mapviewer/web/ControllerIntegrationTest.java
+++ b/web/src/test/java/lcsb/mapviewer/web/ControllerIntegrationTest.java
@@ -305,6 +305,12 @@ abstract public class ControllerIntegrationTest {
    });
  }

+  protected Project createProjectInSeparateThread(String projectId) throws Exception {
+    return callInSeparateThread(() -> {
+      return createProject(projectId);
+    });
+  }
+
  protected Layout createOverlay(Project project, User admin) {
    return createOverlay(project, admin, "elementIdentifier\tvalue\n\t-1");
  }

--- a/web/src/test/java/lcsb/mapviewer/web/ProjectControllerIntegrationTestForAsyncCalls.java
+++ b/web/src/test/java/lcsb/mapviewer/web/ProjectControllerIntegrationTestForAsyncCalls.java
@@ -194,13 +194,6 @@ public class ProjectControllerIntegrationTestForAsyncCalls extends ControllerInt
    }
  }

-  private Project createProjectInSeparateThread(String projectId) throws Exception {
-    return callInSeparateThread(() -> {
-      return createProject(projectId);
-    });
-
-  }
-
  private void grantPrivilegeInSeparateThread(User user, String string) throws Exception {
    callInSeparateThread(() -> {
      userService.grantUserPrivilege(user, PrivilegeType.valueOf(string.split(":")[0]), string.split(":")[1]);

--- a/web/src/test/java/lcsb/mapviewer/web/ProjectControllerIntegrationTestWithoutTransaction.java
+++ b/web/src/test/java/lcsb/mapviewer/web/ProjectControllerIntegrationTestWithoutTransaction.java
 package lcsb.mapviewer.web;

+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.patch;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

@@ -101,4 +102,52 @@ public class ProjectControllerIntegrationTestWithoutTransaction extends Controll
    }
  }

+  @Test
+  public void addProjectWithTooLongName() throws Exception {
+    User admin = userService.getUserByLogin(BUILT_IN_ADMIN_LOGIN);
+    UploadedFileEntry fileEntry = createFileInSeparateThread(
+        new String(Files.readAllBytes(Paths.get("./src/test/resources/generic.xml")), "UTF-8"),
+        admin);
+    try {
+      String invalidName = "aaaaaaaaxvncnbvscbnmcnbmccbnsbnsdsnbmdsvbnmsdvnbmsdbmnbndvmsbnmsvdnbmnmbdsvnbmdsvxncbmbnmscbnzdnbnabnsbnamsdbmnsadbmnasdbnmnbmsadbnmasdnbasdbnmsadnbnbmsadbnmadsnbmadsnbnbsadnbmadsbnndsabnbmdasbnmdsajqwrhgjrwhjghgjwerghjwreghwewnjnnbbbnbnbmbnbnzcmnnbmzcnmbcsbnmcsnbcnbzmnbczxnbmczxnbmcxznbcnxbmznbmxzcnbzcxnnbcxznbmzcnbczxnbmnbzcxnbmcznnczbnbzcnbmzcbnmbncznbcznbcz";
+
+      String body = EntityUtils.toString(new UrlEncodedFormEntity(Arrays.asList(
+          new BasicNameValuePair("file-id", String.valueOf(fileEntry.getId())),
+          new BasicNameValuePair("mapCanvasType", "OPEN_LAYERS"),
+          new BasicNameValuePair("name", invalidName),
+          new BasicNameValuePair("parser",
+              "lcsb.mapviewer.converter.model.celldesigner.CellDesignerXmlParser"))));
+
+      RequestBuilder request = post("/projects/" + TEST_PROJECT)
+          .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+          .content(body)
+          .session(createSession(BUILT_IN_ADMIN_LOGIN, BUILT_IN_ADMIN_PASSWORD));
+
+      mockMvc.perform(request).andExpect(status().isBadRequest());
+
+    } finally {
+      removeFileInSeparateThread(fileEntry);
+    }
+  }
+
+  @Test
+  public void modifyProjectWithTooLongName() throws Exception {
+    createProjectInSeparateThread(TEST_PROJECT);
+    try {
+      String invalidName = "aaaaaaaaxvncnbvscbnmcnbmccbnsbnsdsnbmdsvbnmsdvnbmsdbmnbndvmsbnmsvdnbmnmbdsvnbmdsvxncbmbnmscbnzdnbnabnsbnamsdbmnsadbmnasdbnmnbmsadbnmasdnbasdbnmsadnbnbmsadbnmadsnbmadsnbnbsadnbmadsbnndsabnbmdasbnmdsajqwrhgjrwhjghgjwerghjwreghwewnjnnbbbnbnbmbnbnzcmnnbmzcnmbcsbnmcsnbcnbzmnbczxnbmczxnbmcxznbcnxbmznbmxzcnbzcxnnbcxznbmzcnbczxnbmnbzcxnbmcznnczbnbzcnbmzcbnmbncznbcznbcz";
+
+      String content = "{\"project\":{\"name\":\"" + invalidName + "\"}}";
+
+      RequestBuilder request = patch("/projects/" + TEST_PROJECT + "/")
+          .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+          .content(content)
+          .session(createSession(BUILT_IN_ADMIN_LOGIN, BUILT_IN_ADMIN_PASSWORD));
+
+      mockMvc.perform(request).andExpect(status().isBadRequest());
+
+    } finally {
+      removeProjectInSeparateThread(TEST_PROJECT);
+    }
+  }
+
 }