Alicia.DeDiosFuente · b9845ff3 · 939766e3 · 4b32c9ef · e34d695e · 7b204ae1
--- a/AoU-Access/src/main/java/ch/unige/aou/controller/access/SearchController.java

+ 52

− 13
+++ b/AoU-Access/src/main/java/ch/unige/aou/controller/access/SearchController.java

+ 52

− 13
 @@ -46,6 +46,8 @@ import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PathVariable;
 @@ -56,11 +58,15 @@ import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.servlet.mvc.method.annotation.StreamingResponseBody;

+import ch.unige.solidify.auth.model.AuthApplicationRole;
+import ch.unige.solidify.auth.service.ApplicationRoleListService;
 import ch.unige.solidify.config.SolidifyEventPublisher;
 import ch.unige.solidify.controller.index.IndexDataReadOnlyController;
 import ch.unige.solidify.exception.SolidifyHttpErrorException;
+import ch.unige.solidify.exception.SolidifyRestException;
 import ch.unige.solidify.exception.SolidifyRuntimeException;
 import ch.unige.solidify.index.indexing.IndexingService;
+import ch.unige.solidify.model.security.DownloadToken;
 import ch.unige.solidify.rest.ActionName;
 import ch.unige.solidify.rest.FacetPage;
 import ch.unige.solidify.rest.FacetRequest;
 @@ -68,6 +74,7 @@ import ch.unige.solidify.rest.FieldsRequest;
 import ch.unige.solidify.rest.RestCollection;
 import ch.unige.solidify.rest.SearchCondition;
 import ch.unige.solidify.security.EveryonePermissions;
+import ch.unige.solidify.service.DownloadTokenService;
 import ch.unige.solidify.util.FileTool;
 import ch.unige.solidify.util.StringTool;

 @@ -81,18 +88,21 @@ import ch.unige.aou.model.index.PublicationIndexEntry;
 import ch.unige.aou.model.publication.DocumentFileType;
 import ch.unige.aou.model.publication.MetadataFile;
 import ch.unige.aou.model.rest.AouSearchCondition;
+import ch.unige.aou.model.security.DownloadTokenType;
+import ch.unige.aou.model.security.User;
 import ch.unige.aou.rest.AouActionName;
 import ch.unige.aou.rest.UrlPath;
 import ch.unige.aou.service.PublicationDownloadService;
 import ch.unige.aou.service.PublicationStatisticService;
 import ch.unige.aou.service.QueryBuilderService;
 import ch.unige.aou.service.SearchService;
+import ch.unige.aou.service.rest.trusted.TrustedUserRemoteResourceService;

 @RestController
 @EveryonePermissions
 @ConditionalOnBean(AccessController.class)
 @RequestMapping(UrlPath.ACCESS_METADATA)
-public class SearchController extends IndexDataReadOnlyController<String, PublicationIndexEntry> {
+public class SearchController extends IndexDataReadOnlyController<String, PublicationIndexEntry> implements ApplicationRoleListService {
  private static final Logger log = LoggerFactory.getLogger(SearchController.class);

  private static final String WITH_RESTRICTED_ACCESS_MASTERS_PARAM = "with-restricted-access-masters";
 @@ -101,11 +111,15 @@ public class SearchController extends IndexDataReadOnlyController<String, Public
  private final QueryBuilderService queryBuilderService;
  private final PublicationDownloadService publicationDownloadService;
  private final PublicationStatisticService publicationStatisticService;
+  private final TrustedUserRemoteResourceService trustedUserRemoteResourceService;
+  private final DownloadTokenService downloadTokenService;
  private final SearchService searchService;

  protected SearchController(AouProperties aouProperties, IndexingService<PublicationIndexEntry> indexResourceService,
          QueryBuilderService queryBuilderService, PublicationDownloadService archiveDownloadService,
          PublicationStatisticService publicationStatisticService,
+          TrustedUserRemoteResourceService trustedUserRemoteResourceService,
+          DownloadTokenService downloadTokenService,
          SearchService searchService) {
    super(indexResourceService);
    this.queryBuilderService = queryBuilderService;
 @@ -113,6 +127,8 @@ public class SearchController extends IndexDataReadOnlyController<String, Public
    this.publicationStatisticService = publicationStatisticService;
    this.publicationDownloadService = archiveDownloadService;
    this.searchService = searchService;
+    this.trustedUserRemoteResourceService = trustedUserRemoteResourceService;
+    this.downloadTokenService = downloadTokenService;
  }

  @Override
 @@ -142,7 +158,11 @@ public class SearchController extends IndexDataReadOnlyController<String, Public

    if (results.getContent().size() == 1) {
      PublicationIndexEntry t = results.stream().findFirst().get();
-      this.publicationStatisticService.createViewStats(t);
+      // Do not count ADMIN, ROOT and TRUSTED CLIENTS user for statistics
+      Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+      if (authentication == null || !this.isRootOrTrustedOrAdminRole()) {
+        this.publicationStatisticService.createViewStats(t);
+      }
      this.addLinks(t);
      return new ResponseEntity<>(t, HttpStatus.OK);
    } else if (!results.hasContent()) {
 @@ -160,7 +180,6 @@ public class SearchController extends IndexDataReadOnlyController<String, Public

    // Replaces field aliases by field names, set AND operator on specific fields
    List<SearchCondition> searchConditionList = this.queryBuilderService.completeSearchConditions(searchConditions);
-
    if (!withRestrictedAccessMaster) {
      // discard masters that are not public
      searchConditionList = this.queryBuilderService.addDiscardNonPublicMastersCondition(searchConditionList);
 @@ -253,16 +272,20 @@ public class SearchController extends IndexDataReadOnlyController<String, Public
    PublicationIndexEntry indexEntry = this.indexResourceService.findOne(this.getIndex(), publicationDownload.getPublicationId());

    // Increment number of downloads (only if file has a PRINCIPAL type level and is not an Imprimatur)
-    List<MetadataFile> metadataFiles = indexEntry.getFiles();
-    Optional<MetadataFile> downloadedFileOpt = metadataFiles.stream().filter(f -> f.getResId().equals(documentFileId)).findFirst();
-    if (downloadedFileOpt.isPresent()) {
-      MetadataFile downloadedFile = downloadedFileOpt.get();
-      if (!StringTool.isNullOrEmpty(downloadedFile.getTypeLevel())
-              && !StringTool.isNullOrEmpty(downloadedFile.getType())
-              && downloadedFile.getTypeLevel().equals(DocumentFileType.FileTypeLevel.PRINCIPAL.name())
-              && !downloadedFile.getType().equals(AouConstants.DOCUMENT_FILE_TYPE_IMPRIMATUR_VALUE)) {
-        // Use an event to make this call to database async, thus preventing the endpoint itself to use database a connection
-        SolidifyEventPublisher.getPublisher().publishEvent(new IncrementDownloadStatMessage(documentFileId, publicationDownload));
+    // Do not count ADMIN, ROOT and TRUSTED CLIENTS user for statistics
+    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+    if (authentication == null || (!this.checkUserInDownloadTokenIsAdminOrRootOrTrusted(documentFileId) && !this.isRootOrTrustedOrAdminRole())) {
+      List<MetadataFile> metadataFiles = indexEntry.getFiles();
+      Optional<MetadataFile> downloadedFileOpt = metadataFiles.stream().filter(f -> f.getResId().equals(documentFileId)).findFirst();
+      if (downloadedFileOpt.isPresent()) {
+        MetadataFile downloadedFile = downloadedFileOpt.get();
+        if (!StringTool.isNullOrEmpty(downloadedFile.getTypeLevel())
+                && !StringTool.isNullOrEmpty(downloadedFile.getType())
+                && downloadedFile.getTypeLevel().equals(DocumentFileType.FileTypeLevel.PRINCIPAL.name())
+                && !downloadedFile.getType().equals(AouConstants.DOCUMENT_FILE_TYPE_IMPRIMATUR_VALUE)) {
+          // Use an event to make this call to database async, thus preventing the endpoint itself to use database a connection
+          SolidifyEventPublisher.getPublisher().publishEvent(new IncrementDownloadStatMessage(documentFileId, publicationDownload));
+        }
      }
    }

 @@ -317,6 +340,22 @@ public class SearchController extends IndexDataReadOnlyController<String, Public
    return new ResponseEntity<>(inputStream, respHeaders, HttpStatus.OK);
  }

+  private boolean checkUserInDownloadTokenIsAdminOrRootOrTrusted(String documentFileId) {
+    String tokenHash = this.downloadTokenService.getTokenHashFromRequest(documentFileId, DownloadTokenType.ARCHIVE);
+    if (!StringTool.isNullOrEmpty(tokenHash)) {
+      DownloadToken downloadToken = this.downloadTokenService.findByTokenHash(tokenHash);
+      try {
+        User user = this.trustedUserRemoteResourceService.findByExternalUid(downloadToken.getUserId());
+        return user != null && (user.getApplicationRole().getResId().equals(AuthApplicationRole.ADMIN_ID) || user.getApplicationRole().getResId()
+                .equals(AuthApplicationRole.ROOT_ID)
+                || user.getApplicationRole().getResId().equals(AuthApplicationRole.TRUSTED_CLIENT_ID));
+      } catch (SolidifyRestException e) {
+        // If the user does not exist, an exception will be thrown meaning the user has no role ADMIN, ROOT or TRUSTED
+      }
+    }
+    return false;
+  }
+
  @Override
  protected String getIndex() {
    return this.indexName;