Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
minerva
core
Commits
e516a2b0
Commit
e516a2b0
authored
Jan 22, 2019
by
Piotr Gawron
Browse files
upload of files doesn't check privileges on overlays and projects
parent
dc6408ee
Changes
1
Hide whitespace changes
Inline
Side-by-side
rest-api/src/main/java/lcsb/mapviewer/api/files/FileRestImpl.java
View file @
e516a2b0
package
lcsb.mapviewer.api.files
;
import
java.util.TreeMap
;
import
java.util.Map
;
import
java.util.TreeMap
;
import
org.apache.commons.lang3.ArrayUtils
;
import
org.hibernate.QueryException
;
...
...
@@ -12,27 +12,18 @@ import lcsb.mapviewer.api.BaseRestImpl;
import
lcsb.mapviewer.api.ObjectNotFoundException
;
import
lcsb.mapviewer.common.exception.InvalidStateException
;
import
lcsb.mapviewer.model.cache.UploadedFileEntry
;
import
lcsb.mapviewer.model.user.PrivilegeType
;
import
lcsb.mapviewer.model.user.User
;
import
lcsb.mapviewer.persist.dao.cache.UploadedFileEntryDao
;
import
lcsb.mapviewer.services.SecurityException
;
import
lcsb.mapviewer.services.interfaces.ILayoutService
;
@Transactional
(
value
=
"txManager"
)
public
class
FileRestImpl
extends
BaseRestImpl
{
@Autowired
private
ILayoutService
overlayService
;
@Autowired
private
UploadedFileEntryDao
uploadedFileEntryDao
;
public
Map
<
String
,
Object
>
createFile
(
String
token
,
String
filename
,
String
length
)
throws
SecurityException
{
User
user
=
getUserService
().
getUserByToken
(
token
);
if
(!
getUserService
().
userHasPrivilege
(
user
,
PrivilegeType
.
ADD_MAP
)
&&
overlayService
.
getAvailableCustomLayoutsNumber
(
user
)
==
0
)
{
throw
new
SecurityException
(
"Access denied"
);
}
UploadedFileEntry
entry
=
new
UploadedFileEntry
();
entry
.
setOriginalFileName
(
filename
);
entry
.
setFileContent
(
new
byte
[]
{});
...
...
@@ -72,7 +63,8 @@ public class FileRestImpl extends BaseRestImpl {
return
result
;
}
public
Map
<
String
,
Object
>
uploadContent
(
String
token
,
String
id
,
byte
[]
data
)
throws
SecurityException
,
ObjectNotFoundException
{
public
Map
<
String
,
Object
>
uploadContent
(
String
token
,
String
id
,
byte
[]
data
)
throws
SecurityException
,
ObjectNotFoundException
{
User
user
=
getUserService
().
getUserByToken
(
token
);
int
fileId
=
Integer
.
valueOf
(
id
);
UploadedFileEntry
fileEntry
=
uploadedFileEntryDao
.
getById
(
fileId
);
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
