From: Richard Millet Date: Wed, 23 Oct 2019 21:04:20 +0000 (-0700) Subject: DRYD-732: Added support for invoking batch jobs with the new /batch/{csid}/invoke... X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=b0e7977b4b09f7cd0552de83cced9c07435b17c5;p=tmp%2Fjakarta-migration.git DRYD-732: Added support for invoking batch jobs with the new /batch/{csid}/invoke subresource. --- diff --git a/services/batch/service/src/main/java/org/collectionspace/services/batch/BatchResource.java b/services/batch/service/src/main/java/org/collectionspace/services/batch/BatchResource.java index fb3c912da..ce62f98e9 100644 --- a/services/batch/service/src/main/java/org/collectionspace/services/batch/BatchResource.java +++ b/services/batch/service/src/main/java/org/collectionspace/services/batch/BatchResource.java @@ -42,6 +42,11 @@ import org.collectionspace.services.common.invocable.InvocationContext; import org.collectionspace.services.common.invocable.InvocationResults; import org.collectionspace.services.common.query.QueryManager; import org.collectionspace.services.jaxb.AbstractCommonList; +import org.collectionspace.services.authorization.AuthZ; +import org.collectionspace.services.authorization.CSpaceResource; +import org.collectionspace.services.authorization.PermissionException; +import org.collectionspace.services.authorization.URIResourceImpl; +import org.collectionspace.services.authorization.perms.ActionType; import java.util.List; @@ -60,6 +65,7 @@ import javax.ws.rs.core.UriInfo; @Produces({"application/xml"}) @Consumes({"application/xml"}) public class BatchResource extends NuxeoBasedResource { + private static String BATCH_INVOKE_RESNAME = "batch/invoke"; protected final String COMMON_SCHEMA = "batch_common"; @@ -209,8 +215,56 @@ public class BatchResource extends NuxeoBasedResource { return result; } + /* + * This method allows backward compatibility with the old API for running reports. + */ + private boolean isAuthorizedToInvokeBatchJobs(ServiceContext ctx) { + boolean result = true; + + // + // Until we enforce a user having POST perms on "/batch/*/invoke", we will continue to allow users with + // POST perms on "/batch" to run reports -see JIRA issue https://collectionspace.atlassian.net/browse/DRYD-732 + // + // To start enforcing POST perms on "/batch/*/invoke", uncomment the following block of code + // + + CSpaceResource res = new URIResourceImpl(ctx.getTenantId(), BATCH_INVOKE_RESNAME, AuthZ.getMethod(ActionType.CREATE)); + if (AuthZ.get().isAccessAllowed(res) == false) { + result = false; + } + + return result; + } + + /* + * This method is deprecated as of CollectionSpace v5.3. POST/invoke requests should be made to the + * '/reports/{csid}/invoke' endpoint + */ @POST @Path("{csid}") + @Deprecated + public InvocationResults invokeBatchJobDeprecated( + @Context ResourceMap resourceMap, + @Context UriInfo ui, + @PathParam("csid") String csid, + InvocationContext invContext) { + try { + ServiceContext ctx = createServiceContext(ui); + if (isAuthorizedToInvokeBatchJobs(ctx)) { + BatchDocumentModelHandler handler = (BatchDocumentModelHandler)createDocumentHandler(ctx); + return handler.invokeBatchJob(ctx, csid, resourceMap, invContext, getBatchCommon(csid)); + } else { + throw new PermissionException(); + } + } catch (Exception e) { + String msg = String.format("%s Could not invoke batch job with CSID='%s'.", + ServiceMessages.POST_FAILED, csid); + throw bigReThrow(e, msg); + } + } + + @POST + @Path("{csid}/invoke") public InvocationResults invokeBatchJob( @Context ResourceMap resourceMap, @Context UriInfo ui, diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/ForbiddenException.java b/services/common/src/main/java/org/collectionspace/services/common/security/ForbiddenException.java new file mode 100644 index 000000000..e69de29bb diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/ServiceForbiddenException.java b/services/common/src/main/java/org/collectionspace/services/common/security/ServiceForbiddenException.java deleted file mode 100644 index d33145342..000000000 --- a/services/common/src/main/java/org/collectionspace/services/common/security/ServiceForbiddenException.java +++ /dev/null @@ -1,92 +0,0 @@ -/** - * This document is a part of the source code and related artifacts - * for CollectionSpace, an open source collections management system - * for museums and related institutions: - - * http://www.collectionspace.org - * http://wiki.collectionspace.org - - * Copyright 2009 University of California at Berkeley - - * Licensed under the Educational Community License (ECL), Version 2.0. - * You may not use this file except in compliance with this License. - - * You may obtain a copy of the ECL 2.0 License at - - * https://source.collectionspace.org/collection-space/LICENSE.txt - - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.collectionspace.services.common.security; - -import org.collectionspace.services.common.ServiceException; - -/** - * ServiceForbidenException is thrown when access to service is not allowed for - * one or more of the following reasons: - * - access not allowed - * - no application key found - * @author - */ -public class ServiceForbiddenException extends ServiceException { - - final public static int HTTP_CODE = 401; - - /** - * Creates a new instance of UnauthorizedException without detail message. - */ - public ServiceForbiddenException() { - super(HTTP_CODE); - } - - /** - * Constructs an instance of UnauthorizedException with the specified detail message. - * @param msg the detail message. - */ - public ServiceForbiddenException(String msg) { - super(msg); - setErrorCode(HTTP_CODE); - } - - /** - * Constructs a new exception with the specified detail message and - * cause.

Note that the detail message associated with - * cause is not automatically incorporated in - * this exception's detail message. - * - * @param message the detail message (which is saved for later retrieval - * by the {@link #getMessage()} method). - * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause()} method). (A null value is - * permitted, and indicates that the cause is nonexistent or - * unknown.) - * @since 1.4 - */ - public ServiceForbiddenException(String message, Throwable cause) { - super(message, cause); - setErrorCode(HTTP_CODE); - } - - /** - * Constructs a new exception with the specified cause and a detail - * message of (cause==null ? null : cause.toString()) (which - * typically contains the class and detail message of cause). - * This constructor is useful for exceptions that are little more than - * wrappers for other throwables (for example, {@link - * java.security.PrivilegedActionException}). - * - * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause()} method). (A null value is - * permitted, and indicates that the cause is nonexistent or - * unknown.) - * @since 1.4 - */ - public ServiceForbiddenException(Throwable cause) { - super(cause); - setErrorCode(HTTP_CODE); - } -} diff --git a/services/report/service/src/main/java/org/collectionspace/services/report/ReportResource.java b/services/report/service/src/main/java/org/collectionspace/services/report/ReportResource.java index cbf26cd96..297780e39 100644 --- a/services/report/service/src/main/java/org/collectionspace/services/report/ReportResource.java +++ b/services/report/service/src/main/java/org/collectionspace/services/report/ReportResource.java @@ -164,9 +164,6 @@ public class ReportResource extends NuxeoBasedResource { * @param csid the csid * @return the report */ -// @GET -// @Path("{csid}/output") -// @Produces("application/pdf") public Response invokeReport( @Context UriInfo ui, @PathParam("csid") String csid) { @@ -249,7 +246,7 @@ public class ReportResource extends NuxeoBasedResource { @POST @Path("{csid}") @Deprecated - public Response invokeReport( + public Response invokeReportDeprecated( @Context UriInfo ui, @PathParam("csid") String csid, InvocationContext invContext) { @@ -280,7 +277,7 @@ public class ReportResource extends NuxeoBasedResource { @POST @Path("{csid}/invoke") - public Response invokeReportNew( + public Response invokeReport( @Context UriInfo ui, @PathParam("csid") String csid, InvocationContext invContext) {