Skip to content
Snippets Groups Projects

feat: [DLCM-2393] Add parameter in deposit to determine if the archive structure content is public

Merged feat: [DLCM-2393] Add parameter in deposit to determine if the archive structure content is public
adf-2393-deposit-parameter-for-archive-structure into master
All threads resolved!
Merged Alicia.DeDiosFuente requested to merge adf-2393-deposit-parameter-for-archive-structure into master
All threads resolved!
Compare
and
Show latest version
7 files
+ 32
140
Compare changes
  • Side-by-side
  • Inline
Files
7
DLCM-Access/src/main/java/ch/dlcm/service/security/MetadataPermissionService.java
+ 8
24
@@ -23,18 +23,14 @@
package ch.dlcm.service.security;
import java.util.NoSuchElementException;
import java.util.Optional;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.stereotype.Service;
import ch.unige.solidify.exception.SolidifyMfaNeededException;
import ch.dlcm.controller.AccessController;
import ch.dlcm.controller.DLCMControllerAction;
import ch.dlcm.model.Access;
import ch.dlcm.model.DataTag;
import ch.dlcm.model.MetadataVisibility;
import ch.dlcm.model.OrganizationalUnitAwareResource;
import ch.dlcm.model.index.ArchiveMetadata;
@@ -48,36 +44,24 @@ import ch.dlcm.service.rest.trusted.TrustedPersonRemoteResourceService;
public class MetadataPermissionService extends AbstractPermissionWithOrgUnitService {
private final SearchService searchService;
private final PersonRemoteResourceService trustedPersonRemoteResourceService;
private final MfaPermissionService mfaPermissionService;
public MetadataPermissionService(SearchService searchService,
TrustedPersonRemoteResourceService personRemoteResourceService,
PersonRemoteResourceService trustedPersonRemoteResourceService,
MfaPermissionService mfaPermissionService) {
public MetadataPermissionService(SearchService searchService, TrustedPersonRemoteResourceService personRemoteResourceService,
PersonRemoteResourceService trustedPersonRemoteResourceService) {
super(personRemoteResourceService);
this.searchService = searchService;
this.trustedPersonRemoteResourceService = trustedPersonRemoteResourceService;
this.mfaPermissionService = mfaPermissionService;
}
@Override
public boolean isAllowed(String targetResId, String actionString) {
final ArchiveMetadata archiveMetadata = this.getExistingResource(targetResId);
if(archiveMetadata == null) {
throw new NoSuchElementException("Archive not found");
}
// ADMIN cannot download closed archive
final DLCMControllerAction action = this.getControllerAction(actionString);
if (archiveMetadata.getCurrentAccess() == Access.CLOSED && this.isAdminRole() &&
if (this.isAdminRole() &&
(action == DLCMControllerAction.DOWNLOAD_ARCHIVE || action == DLCMControllerAction.PREPARE_DOWNLOAD_ARCHIVE)) {
return false;
}
boolean isAllowed = super.isAllowed(targetResId, actionString);
// CRIMSON and RED archives need MFA to be downloaded
if (isAllowed && (archiveMetadata.getDataTag().equals(DataTag.CRIMSON) || archiveMetadata.getDataTag().equals(DataTag.RED)) &&
!this.mfaPermissionService.isMfaAuthenticated()) {
throw new SolidifyMfaNeededException();
final ArchiveMetadata existingResource = this.getExistingResource(targetResId);
if (existingResource.getCurrentAccess() == Access.CLOSED) {
return false;
}
}
return isAllowed;
return super.isAllowed(targetResId, actionString);
}
@Override
protected boolean isAllowedToPerformActionOnResource(String personId, OrganizationalUnitAwareResource existingResource,