Alicia.DeDiosFuente · 3c655a05 · e2c80d2b · 6583cdc8 · 46e4e171 · b06ec063
--- a/DLCM-Access/src/main/java/ch/dlcm/service/security/MetadataPermissionService.java

+ 27

− 1
+++ b/DLCM-Access/src/main/java/ch/dlcm/service/security/MetadataPermissionService.java

+ 27

− 1
 @@ -31,6 +31,7 @@ import org.springframework.stereotype.Service;

 import ch.unige.solidify.exception.SolidifyMfaNeededException;

+import ch.dlcm.DLCMConstants;
 import ch.dlcm.controller.AccessController;
 import ch.dlcm.controller.DLCMControllerAction;
 import ch.dlcm.model.Access;
 @@ -38,10 +39,16 @@ import ch.dlcm.model.DataTag;
 import ch.dlcm.model.MetadataVisibility;
 import ch.dlcm.model.OrganizationalUnitAwareResource;
 import ch.dlcm.model.index.ArchiveMetadata;
+import ch.dlcm.model.oais.ArchivalInfoPackage;
 import ch.dlcm.model.security.Role;
+import ch.dlcm.model.security.User;
 import ch.dlcm.service.SearchService;
+import ch.dlcm.service.rest.abstractservice.ArchivalInfoPackageRemoteResourceService;
 import ch.dlcm.service.rest.abstractservice.PersonRemoteResourceService;
+import ch.dlcm.service.rest.abstractservice.UserRemoteResourceService;
+import ch.dlcm.service.rest.trusted.TrustedArchivalInfoPackageRemoteResourceService;
 import ch.dlcm.service.rest.trusted.TrustedPersonRemoteResourceService;
+import ch.dlcm.service.rest.trusted.TrustedUserRemoteResourceService;

 @Service
 @ConditionalOnBean(AccessController.class)
 @@ -49,15 +56,25 @@ public class MetadataPermissionService extends AbstractPermissionWithOrgUnitServ
  private final SearchService searchService;
  private final PersonRemoteResourceService trustedPersonRemoteResourceService;
  private final MfaPermissionService mfaPermissionService;
+
+  private final ArchivalInfoPackageRemoteResourceService trustedAipRemoteResourceService;
+
+  private final UserRemoteResourceService trustedUserRemoteResourceService;
+
  public MetadataPermissionService(SearchService searchService,
          TrustedPersonRemoteResourceService personRemoteResourceService,
          PersonRemoteResourceService trustedPersonRemoteResourceService,
+          TrustedArchivalInfoPackageRemoteResourceService trustedArchivalInfoPackageRemoteResourceService,
+          TrustedUserRemoteResourceService trustedUserRemoteResourceService,
          MfaPermissionService mfaPermissionService) {
    super(personRemoteResourceService);
    this.searchService = searchService;
    this.trustedPersonRemoteResourceService = trustedPersonRemoteResourceService;
    this.mfaPermissionService = mfaPermissionService;
+    this.trustedAipRemoteResourceService = trustedArchivalInfoPackageRemoteResourceService;
+    this.trustedUserRemoteResourceService = trustedUserRemoteResourceService;
  }
+
  @Override
  public boolean isAllowed(String targetResId, String actionString) {
    final ArchiveMetadata archiveMetadata = this.getExistingResource(targetResId);
 @@ -158,9 +175,18 @@ public class MetadataPermissionService extends AbstractPermissionWithOrgUnitServ
      final Optional<Role> inheritedRole = this.trustedPersonRemoteResourceService.findInheritedOrganizationalRole(personId,
              existingResource.getOrganizationalUnitId());
      final Optional<Role> role = Role.maxRole(orgUnitRole, inheritedRole);
-      return role.filter(value -> value.getResId().equals(Role.MANAGER_ID) || value.getResId().equals(Role.STEWARD_ID)).isPresent();
+      return role.filter(value -> value.getResId().equals(Role.MANAGER_ID) || value.getResId().equals(Role.STEWARD_ID)).isPresent()
+              ||  this.isArchiveCreator(existingResource.getResId());
    }
    return false;
  }

+  private boolean isArchiveCreator(String archiveId) {
+    ArchivalInfoPackage aip = this.trustedAipRemoteResourceService.findOne(archiveId);
+    String userId = this.getAuthentication().getName();
+    User user = this.trustedUserRemoteResourceService.findByExternalUid(userId);
+
+    return aip.getCreation().getWho().equals(user.getExternalUid());
+  }
+
 }