public/docs
1
0
Fork 0
mirror of https://github.com/sismics/docs.git synced 2025-12-29 17:41:44 +00:00
Code Issues Releases Wiki Activity

Closes #245: admin group undeletable + admin can see all

Browse Source
This commit is contained in:
Benjamin Gamard
2018-10-18 18:57:06 +02:00
parent 58af2b00cb
commit 0c257b763d
10 changed files with 67 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs-web/src/main/java/com/sismics/docs/rest/resource/DocumentResource.java
View File

@@ -377,7 +377,7 @@ public class DocumentResource extends BaseResource {
}
for (DocumentDto documentDto : paginatedList.getResultList()) {
// Get tags added by the current user on this document
// Get tags accessible by the current user on this document
List<TagDto> tagDtoList = tagDao.findByCriteria(new TagCriteria()
.setTargetIdList(getTargetIdList(null))
.setDocumentId(documentDto.getId()), new SortCriteria(1, true));

12
docs-web/src/main/java/com/sismics/docs/rest/resource/GroupResource.java
View File

@@ -1,7 +1,9 @@
package com.sismics.docs.rest.resource;
import com.google.common.base.Strings;
import com.google.common.collect.Sets;
import com.sismics.docs.core.dao.GroupDao;
import com.sismics.docs.core.dao.RoleBaseFunctionDao;
import com.sismics.docs.core.dao.UserDao;
import com.sismics.docs.core.dao.criteria.GroupCriteria;
import com.sismics.docs.core.dao.criteria.UserCriteria;
@@ -24,6 +26,7 @@ import javax.ws.rs.*;
import javax.ws.rs.core.Response;
import java.text.MessageFormat;
import java.util.List;
import java.util.Set;
/**
* Group REST resources.
@@ -185,6 +188,15 @@ public class GroupResource extends BaseResource {
if (group == null) {
throw new NotFoundException();
}
// Ensure that the admin group is not deleted
if (group.getRoleId() != null) {
RoleBaseFunctionDao roleBaseFunctionDao = new RoleBaseFunctionDao();
Set<String> baseFunctionSet = roleBaseFunctionDao.findByRoleId(Sets.newHashSet(group.getRoleId()));
if (baseFunctionSet.contains(BaseFunction.ADMIN.name())) {
throw new ClientException("ForbiddenError", "The administrators group cannot be deleted");
}
}
// Delete the group
groupDao.delete(group.getId(), principal.getId());

6
docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
View File

@@ -445,7 +445,7 @@ public class UserResource extends BaseResource {
throw new ForbiddenClientException();
}
// Ensure that the admin user is not deleted
// Ensure that the admin or guest users are not deleted
if (hasBaseFunction(BaseFunction.ADMIN) || principal.isGuest()) {
throw new ClientException("ForbiddenError", "This user cannot be deleted");
}
@@ -519,8 +519,8 @@ public class UserResource extends BaseResource {
}
// Ensure that the admin user is not deleted
RoleBaseFunctionDao userBaseFuction = new RoleBaseFunctionDao();
Set<String> baseFunctionSet = userBaseFuction.findByRoleId(Sets.newHashSet(user.getRoleId()));
RoleBaseFunctionDao roleBaseFunctionDao = new RoleBaseFunctionDao();
Set<String> baseFunctionSet = roleBaseFunctionDao.findByRoleId(Sets.newHashSet(user.getRoleId()));
if (baseFunctionSet.contains(BaseFunction.ADMIN.name())) {
throw new ClientException("ForbiddenError", "The admin user cannot be deleted");
}