71424: permission check back to EvaluatorPlugin, exception message fix

DSpace · Jun 18, 2020 · d214fb0 · d214fb0
1 parent 8df9d27
commit d214fb0
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 39 deletions.
diff --git a/...-server-webapp/src/main/java/org/dspace/app/rest/repository/StatisticsRestRepository.java b/...-server-webapp/src/main/java/org/dspace/app/rest/repository/StatisticsRestRepository.java
@@ -70,8 +70,7 @@ public Page<UsageReportRest> findByObject(@Parameter(value = "uri", required = t
 
     @Override
     public Page<UsageReportRest> findAll(Context context, Pageable pageable) {
-        throw new RepositoryMethodNotImplementedException("No implementation found; Method not allowed!",
-            "getUsageReports");
+        throw new RepositoryMethodNotImplementedException("No implementation found; Method not allowed!", "findAll");
     }
 
     @Override

diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/UsageReportService.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/UsageReportService.java
@@ -22,9 +22,7 @@
 import org.dspace.app.rest.model.UsageReportPointDateRest;
 import org.dspace.app.rest.model.UsageReportPointDsoTotalVisitsRest;
 import org.dspace.app.rest.model.UsageReportRest;
-import org.dspace.app.rest.utils.ContextUtil;
 import org.dspace.app.rest.utils.DSpaceObjectUtils;
-import org.dspace.authorize.AuthorizeException;
 import org.dspace.authorize.service.AuthorizeService;
 import org.dspace.content.Bitstream;
 import org.dspace.content.DSpaceObject;
@@ -33,7 +31,6 @@
 import org.dspace.core.Constants;
 import org.dspace.core.Context;
 import org.dspace.handle.service.HandleService;
-import org.dspace.services.model.Request;
 import org.dspace.statistics.Dataset;
 import org.dspace.statistics.content.DatasetDSpaceObjectGenerator;
 import org.dspace.statistics.content.DatasetTimeGenerator;
@@ -70,40 +67,6 @@ public class UsageReportService extends AbstractDSpaceRestRepository {
     public static final String TOP_COUNTRIES_REPORT_ID = "TopCountries";
     public static final String TOP_CITIES_REPORT_ID = "TopCities";
 
-    /**
-     * Responsible for checking whether or not the user has used a valid request (valid UUID in /usagereports/{
-     * UUID_ReportID} or in /usagereports/search/object?uri={uri-ending-in/UUID} and whether or not the used has the
-     * given (READ) rights on the corresponding DSO.
-     *
-     * @param targetType usagereport or usagereportsearch, so we know how to extract the UUID
-     * @param targetId   string to extract uuid from
-     * @param action     type of access rights (READ)
-     * @throws AuthorizeException if user does not have given rights on dso whose uuid is extracted from the targetID
-     */
-    public void checkForPermissionAndValidRequest(String targetType, String targetId, int action)
-        throws AuthorizeException {
-        Request request = requestService.getCurrentRequest();
-        Context context = ContextUtil.obtainContext(request.getServletRequest());
-        UUID uuidObject = null;
-        if (StringUtils.equalsIgnoreCase(UsageReportRest.NAME, targetType)) {
-            // Get uuid from uuidDSO_reportId pathParam
-            uuidObject = UUID.fromString(StringUtils.substringBefore(targetId, "_"));
-        } else if (StringUtils.equalsIgnoreCase(UsageReportRest.NAME + "search", targetType)) {
-            // Get uuid from url (selfLink of dso) queryParam
-            uuidObject = UUID.fromString(StringUtils.substringAfterLast(targetId, "/"));
-        }
-        try {
-            DSpaceObject dso = dspaceObjectUtil.findDSpaceObject(context, uuidObject);
-            if (dso == null) {
-                throw new ResourceNotFoundException("No DSO found with this UUID: " + uuidObject);
-            }
-            authorizeService.authorizeAction(context, dso, action);
-        } catch (SQLException e) {
-            log.error(e.getMessage(), e);
-        }
-
-    }
-
     /**
      * Get list of usage reports that are applicable to the DSO (of given UUID)
      *

diff --git a/.../src/main/java/org/dspace/app/rest/security/UsageReportRestPermissionEvaluatorPlugin.java b/.../src/main/java/org/dspace/app/rest/security/UsageReportRestPermissionEvaluatorPlugin.java
@@ -46,6 +46,16 @@ public class UsageReportRestPermissionEvaluatorPlugin extends RestObjectPermissi
     @Autowired
     AuthorizeService authorizeService;
 
+
+
+    /**
+     * Responsible for checking whether or not the user has used a valid request (valid UUID in /usagereports/{
+     * UUID_ReportID} or in /usagereports/search/object?uri={uri-ending-in/UUID} and whether or not the used has the
+     * given (READ) rights on the corresponding DSO.
+     *
+     * @param targetType usagereport or usagereportsearch, so we know how to extract the UUID
+     * @param targetId   string to extract uuid from
+     */
     @Override
     public boolean hasDSpacePermission(Authentication authentication, Serializable targetId, String targetType,
                                        DSpaceRestPermission restPermission) {