import org.collectionspace.services.common.invocable.InvocationResults;
import org.collectionspace.services.common.query.QueryManager;
import org.collectionspace.services.jaxb.AbstractCommonList;
+import org.collectionspace.services.authorization.AuthZ;
+import org.collectionspace.services.authorization.CSpaceResource;
+import org.collectionspace.services.authorization.PermissionException;
+import org.collectionspace.services.authorization.URIResourceImpl;
+import org.collectionspace.services.authorization.perms.ActionType;
import java.util.List;
@Produces({"application/xml"})
@Consumes({"application/xml"})
public class BatchResource extends NuxeoBasedResource {
+ private static String BATCH_INVOKE_RESNAME = "batch/invoke";
protected final String COMMON_SCHEMA = "batch_common";
return result;
}
+ /*
+ * This method allows backward compatibility with the old API for running reports.
+ */
+ private boolean isAuthorizedToInvokeBatchJobs(ServiceContext<PoxPayloadIn, PoxPayloadOut> ctx) {
+ boolean result = true;
+
+ //
+ // Until we enforce a user having POST perms on "/batch/*/invoke", we will continue to allow users with
+ // POST perms on "/batch" to run reports -see JIRA issue https://collectionspace.atlassian.net/browse/DRYD-732
+ //
+ // To start enforcing POST perms on "/batch/*/invoke", uncomment the following block of code
+ //
+
+ CSpaceResource res = new URIResourceImpl(ctx.getTenantId(), BATCH_INVOKE_RESNAME, AuthZ.getMethod(ActionType.CREATE));
+ if (AuthZ.get().isAccessAllowed(res) == false) {
+ result = false;
+ }
+
+ return result;
+ }
+
+ /*
+ * This method is deprecated as of CollectionSpace v5.3. POST/invoke requests should be made to the
+ * '/reports/{csid}/invoke' endpoint
+ */
@POST
@Path("{csid}")
+ @Deprecated
+ public InvocationResults invokeBatchJobDeprecated(
+ @Context ResourceMap resourceMap,
+ @Context UriInfo ui,
+ @PathParam("csid") String csid,
+ InvocationContext invContext) {
+ try {
+ ServiceContext<PoxPayloadIn, PoxPayloadOut> ctx = createServiceContext(ui);
+ if (isAuthorizedToInvokeBatchJobs(ctx)) {
+ BatchDocumentModelHandler handler = (BatchDocumentModelHandler)createDocumentHandler(ctx);
+ return handler.invokeBatchJob(ctx, csid, resourceMap, invContext, getBatchCommon(csid));
+ } else {
+ throw new PermissionException();
+ }
+ } catch (Exception e) {
+ String msg = String.format("%s Could not invoke batch job with CSID='%s'.",
+ ServiceMessages.POST_FAILED, csid);
+ throw bigReThrow(e, msg);
+ }
+ }
+
+ @POST
+ @Path("{csid}/invoke")
public InvocationResults invokeBatchJob(
@Context ResourceMap resourceMap,
@Context UriInfo ui,
+++ /dev/null
-/**
- * This document is a part of the source code and related artifacts
- * for CollectionSpace, an open source collections management system
- * for museums and related institutions:
-
- * http://www.collectionspace.org
- * http://wiki.collectionspace.org
-
- * Copyright 2009 University of California at Berkeley
-
- * Licensed under the Educational Community License (ECL), Version 2.0.
- * You may not use this file except in compliance with this License.
-
- * You may obtain a copy of the ECL 2.0 License at
-
- * https://source.collectionspace.org/collection-space/LICENSE.txt
-
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.collectionspace.services.common.security;
-
-import org.collectionspace.services.common.ServiceException;
-
-/**
- * ServiceForbidenException is thrown when access to service is not allowed for
- * one or more of the following reasons:
- * - access not allowed
- * - no application key found
- * @author
- */
-public class ServiceForbiddenException extends ServiceException {
-
- final public static int HTTP_CODE = 401;
-
- /**
- * Creates a new instance of <code>UnauthorizedException</code> without detail message.
- */
- public ServiceForbiddenException() {
- super(HTTP_CODE);
- }
-
- /**
- * Constructs an instance of <code>UnauthorizedException</code> with the specified detail message.
- * @param msg the detail message.
- */
- public ServiceForbiddenException(String msg) {
- super(msg);
- setErrorCode(HTTP_CODE);
- }
-
- /**
- * Constructs a new exception with the specified detail message and
- * cause. <p>Note that the detail message associated with
- * <code>cause</code> is <i>not</i> automatically incorporated in
- * this exception's detail message.
- *
- * @param message the detail message (which is saved for later retrieval
- * by the {@link #getMessage()} method).
- * @param cause the cause (which is saved for later retrieval by the
- * {@link #getCause()} method). (A <tt>null</tt> value is
- * permitted, and indicates that the cause is nonexistent or
- * unknown.)
- * @since 1.4
- */
- public ServiceForbiddenException(String message, Throwable cause) {
- super(message, cause);
- setErrorCode(HTTP_CODE);
- }
-
- /**
- * Constructs a new exception with the specified cause and a detail
- * message of <tt>(cause==null ? null : cause.toString())</tt> (which
- * typically contains the class and detail message of <tt>cause</tt>).
- * This constructor is useful for exceptions that are little more than
- * wrappers for other throwables (for example, {@link
- * java.security.PrivilegedActionException}).
- *
- * @param cause the cause (which is saved for later retrieval by the
- * {@link #getCause()} method). (A <tt>null</tt> value is
- * permitted, and indicates that the cause is nonexistent or
- * unknown.)
- * @since 1.4
- */
- public ServiceForbiddenException(Throwable cause) {
- super(cause);
- setErrorCode(HTTP_CODE);
- }
-}
projects / tmp / jakarta-migration.git / commitdiff