Commit e516a2b0 authored by Piotr Gawron's avatar Piotr Gawron
Browse files

upload of files doesn't check privileges on overlays and projects

parent dc6408ee
package lcsb.mapviewer.api.files;
import java.util.TreeMap;
import java.util.Map;
import java.util.TreeMap;
import org.apache.commons.lang3.ArrayUtils;
import org.hibernate.QueryException;
......@@ -12,27 +12,18 @@ import lcsb.mapviewer.api.BaseRestImpl;
import lcsb.mapviewer.api.ObjectNotFoundException;
import lcsb.mapviewer.common.exception.InvalidStateException;
import lcsb.mapviewer.model.cache.UploadedFileEntry;
import lcsb.mapviewer.model.user.PrivilegeType;
import lcsb.mapviewer.model.user.User;
import lcsb.mapviewer.persist.dao.cache.UploadedFileEntryDao;
import lcsb.mapviewer.services.SecurityException;
import lcsb.mapviewer.services.interfaces.ILayoutService;
@Transactional(value = "txManager")
public class FileRestImpl extends BaseRestImpl {
@Autowired
private ILayoutService overlayService;
@Autowired
private UploadedFileEntryDao uploadedFileEntryDao;
public Map<String, Object> createFile(String token, String filename, String length) throws SecurityException {
User user = getUserService().getUserByToken(token);
if (!getUserService().userHasPrivilege(user, PrivilegeType.ADD_MAP)
&& overlayService.getAvailableCustomLayoutsNumber(user) == 0) {
throw new SecurityException("Access denied");
}
UploadedFileEntry entry = new UploadedFileEntry();
entry.setOriginalFileName(filename);
entry.setFileContent(new byte[] {});
......@@ -72,7 +63,8 @@ public class FileRestImpl extends BaseRestImpl {
return result;
}
public Map<String, Object> uploadContent(String token, String id, byte[] data) throws SecurityException, ObjectNotFoundException {
public Map<String, Object> uploadContent(String token, String id, byte[] data)
throws SecurityException, ObjectNotFoundException {
User user = getUserService().getUserByToken(token);
int fileId = Integer.valueOf(id);
UploadedFileEntry fileEntry = uploadedFileEntryDao.getById(fileId);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment