DRYD-764: Add authz checks before running report.

author Richard Millet <remillet@gmail.com>

Tue, 15 Oct 2019 05:26:37 +0000 (23:26 -0600)

committer Richard Millet <remillet@gmail.com>

Tue, 15 Oct 2019 05:26:37 +0000 (23:26 -0600)
author Richard Millet <remillet@gmail.com>
Tue, 15 Oct 2019 05:26:37 +0000 (23:26 -0600)
committer Richard Millet <remillet@gmail.com>
Tue, 15 Oct 2019 05:26:37 +0000 (23:26 -0600)
diff --git a/services/batch/service/src/main/java/org/collectionspace/services/batch/nuxeo/BatchDocumentModelHandler.java b/services/batch/service/src/main/java/org/collectionspace/services/batch/nuxeo/BatchDocumentModelHandler.java

index 62898cd810a36471d2ed057fe98bf34958b96ef7..d02241f6f000900d34cb28ac40a85cdede7e8354 100644 (file)
--- a/services/batch/service/src/main/java/org/collectionspace/services/batch/nuxeo/BatchDocumentModelHandler.java
+++ b/services/batch/service/src/main/java/org/collectionspace/services/batch/nuxeo/BatchDocumentModelHandler.java
@@ -49,6 +49,7 @@ import org.collectionspace.services.batch.ResourceActionGroupList;
  import org.collectionspace.services.client.PoxPayloadIn;
  import org.collectionspace.services.client.PoxPayloadOut;
  import org.collectionspace.services.common.ResourceMap;
+import org.collectionspace.services.common.api.Tools;
  import org.collectionspace.services.common.authorization_mgt.ActionGroup;
  import org.collectionspace.services.common.context.ServiceContext;
  import org.collectionspace.services.common.document.BadRequestException;
@@ -160,7 +161,7 @@ public class BatchDocumentModelHandler extends NuxeoDocumentModelHandler<BatchCo
                         AccountResource accountResource = new AccountResource();
                         List<String> roleDisplayNameList = accountResource.getAccountRoles(AuthN.get().getUserId(), AuthN.get().getCurrentTenantId());
                         for (String target : forRolesList.getRoleDisplayName()) {
-                               if (roleDisplayNameList.contains(target)) {
+                               if (Tools.listContainsIgnoreCase(roleDisplayNameList, target)) {
                                         result = true;
                                         break;
                                 }
diff --git a/services/common-api/src/main/java/org/collectionspace/services/common/api/Tools.java b/services/common-api/src/main/java/org/collectionspace/services/common/api/Tools.java

index 09968b51a0d085cab2fcc2cbdf872a5fd318d18e..599d83916e7e68ea47916134aacd9164be3bb028 100644 (file)
--- a/services/common-api/src/main/java/org/collectionspace/services/common/api/Tools.java
+++ b/services/common-api/src/main/java/org/collectionspace/services/common/api/Tools.java
@@ -28,6 +28,8 @@ import java.io.InputStream;
  import java.util.List;
  import java.util.Properties;
  import  java.util.regex.Pattern;
+import org.apache.commons.lang3.StringUtils;
+
  
  import java.util.regex.Matcher;
  
@@ -407,4 +409,16 @@ public class Tools {
              return true;
          }
      }
+    
+    static public boolean listContainsIgnoreCase(List<String> theList, String searchStr) {
+       boolean result = false;
+       
+       for (String listItem : theList) {
+               if (StringUtils.containsIgnoreCase(listItem, searchStr)) {
+                       return true;
+               }
+       }
+       
+       return result;
+    }
  }
diff --git a/services/report/service/src/main/java/org/collectionspace/services/report/nuxeo/ReportDocumentModelHandler.java b/services/report/service/src/main/java/org/collectionspace/services/report/nuxeo/ReportDocumentModelHandler.java

index 0795dc474f002aa6c4ac6b709f41eb7014b5a750..0a179a0781f9f74118ea33999b18340ff9b75715 100644 (file)
--- a/services/report/service/src/main/java/org/collectionspace/services/report/nuxeo/ReportDocumentModelHandler.java
+++ b/services/report/service/src/main/java/org/collectionspace/services/report/nuxeo/ReportDocumentModelHandler.java
@@ -581,7 +581,7 @@ public class ReportDocumentModelHandler extends NuxeoDocumentModelHandler<Report
                         AccountResource accountResource = new AccountResource();
                         List<String> roleDisplayNameList = accountResource.getAccountRoles(AuthN.get().getUserId(), AuthN.get().getCurrentTenantId());
                         for (String target : forRolesList.getRoleDisplayName()) {
-                               if (roleDisplayNameList.contains(target)) {
+                               if (Tools.listContainsIgnoreCase(roleDisplayNameList, target)) {
                                         result = true;
                                         break;
                                 }
author	Richard Millet <remillet@gmail.com>
	Tue, 15 Oct 2019 05:26:37 +0000 (23:26 -0600)
committer	Richard Millet <remillet@gmail.com>
	Tue, 15 Oct 2019 05:26:37 +0000 (23:26 -0600)
services/batch/service/src/main/java/org/collectionspace/services/batch/nuxeo/BatchDocumentModelHandler.java		patch \| blob \| history
services/common-api/src/main/java/org/collectionspace/services/common/api/Tools.java		patch \| blob \| history
services/report/service/src/main/java/org/collectionspace/services/report/nuxeo/ReportDocumentModelHandler.java		patch \| blob \| history