From: Richard Millet <richard.millet@berkeley.edu>
Date: Fri, 27 Aug 2010 17:03:55 +0000 (+0000)
Subject: CSPACE-2735: Security interceptor not handling HyperJaxb3 IDs properly -preventing... 
X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=38d4114e0405d40580d9f0cfbd9e945f538f9605;p=tmp%2Fjakarta-migration.git

CSPACE-2735: Security interceptor not handling HyperJaxb3 IDs properly -preventing gets and deletes on permrole and accountrole relationships.
---

diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java
index 69c262452..be950eacd 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java
@@ -157,6 +157,7 @@ public class SecurityInterceptor implements PreProcessInterceptor {
 		String uriPath = uriInfo.getPath();
 
 		MultivaluedMap<String, String> pathParams = uriInfo.getPathParameters();
+		
 		for (String pathParamName : pathParams.keySet()) {
 			//assumption : path params for csid for any entity has substring csid in name
 			String pathParamValue = pathParams.get(pathParamName).get(0);
@@ -164,10 +165,6 @@ public class SecurityInterceptor implements PreProcessInterceptor {
 				//replace csids with wildcard
 				uriPath = uriPath.replace(pathParamValue, "*");
 			}
-			if ((pathParamName.toLowerCase().indexOf("id") > -1)) {
-				//replace id with wildcard
-				uriPath = uriPath.replace(pathParamValue, "*");
-			}
 			if ((pathParamName.toLowerCase().indexOf("predicate") > -1)) {
 				//replace csids with wildcard
 				uriPath = uriPath.replace(pathParamValue, "*");
@@ -182,6 +179,18 @@ public class SecurityInterceptor implements PreProcessInterceptor {
 				uriPath = uriPath.replace(pathParamValue, "*");
 			}
 		}
+		
+		// FIXME: REM
+		// Since the hjid (HyperJaxb3 generated IDs are not unique strings in URIs that also have a CSID,
+		// we need to replace hjid last.  We can fix this by having HyperJaxb3 generate UUID.
+		// Assumption : path param name for csid is lowercase
+		//
+		List<String> hjidValueList = pathParams.get("id");
+		if (hjidValueList != null) {
+			String hjidValue = hjidValueList.get(0); //should be just one value, so get the first.
+			uriPath = uriPath.replace(hjidValue, "*");
+		}
+		
 		uriPath = uriPath.replace("//", "/");
 		return uriPath;
 	}