public/docs
1
0
Fork 0
mirror of https://github.com/sismics/docs.git synced 2025-12-13 17:56:20 +00:00
Code Issues Releases Wiki Activity

Orphan files are linked to a specific user

Browse Source
This commit is contained in:
jendib
2015-03-06 22:40:33 +01:00
parent d0c259ead2
commit 18cedaef2c
6 changed files with 117 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs-web/src/main/java/com/sismics/docs/rest/resource/DocumentResource.java
View File

@@ -471,7 +471,7 @@ public class DocumentResource extends BaseResource {
List<File> fileList;
try {
document = documentDao.getDocument(id, principal.getId());
fileList = fileDao.getByDocumentId(id);
fileList = fileDao.getByDocumentId(principal.getId(), id);
} catch (NoResultException e) {
throw new ClientException("DocumentNotFound", MessageFormat.format("Document not found: {0}", id));
}

52
docs-web/src/main/java/com/sismics/docs/rest/resource/FileResource.java
View File

@@ -128,7 +128,7 @@ public class FileResource extends BaseResource {
FileDao fileDao = new FileDao();
int order = 0;
if (documentId != null) {
for (File file : fileDao.getByDocumentId(documentId)) {
for (File file : fileDao.getByDocumentId(principal.getId(), documentId)) {
file.setOrder(order++);
}
}
@@ -138,6 +138,7 @@ public class FileResource extends BaseResource {
file.setOrder(order);
file.setDocumentId(documentId);
file.setMimeType(mimeType);
file.setUserId(principal.getId());
String fileId = fileDao.create(file);
// Save the file
@@ -192,7 +193,7 @@ public class FileResource extends BaseResource {
Document document;
File file;
try {
file = fileDao.getFile(id);
file = fileDao.getFile(id, principal.getId());
document = documentDao.getDocument(documentId, principal.getId());
} catch (NoResultException e) {
throw new ClientException("DocumentNotFound", MessageFormat.format("Document not found: {0}", documentId));
@@ -205,7 +206,7 @@ public class FileResource extends BaseResource {
// Update the file
file.setDocumentId(documentId);
file.setOrder(fileDao.getByDocumentId(documentId).size());
file.setOrder(fileDao.getByDocumentId(principal.getId(), documentId).size());
fileDao.update(file);
// Raise a new file created event (it wasn't sent during file creation)
@@ -260,7 +261,7 @@ public class FileResource extends BaseResource {
// Reorder files
FileDao fileDao = new FileDao();
for (File file : fileDao.getByDocumentId(documentId)) {
for (File file : fileDao.getByDocumentId(principal.getId(), documentId)) {
int order = idList.lastIndexOf(file.getId());
if (order != -1) {
file.setOrder(order);
@@ -274,9 +275,10 @@ public class FileResource extends BaseResource {
}
/**
* Returns files linked to a document.
* Returns files linked to a document or not linked to any document.
*
* @param documentId Document ID
* @param shareId Sharing ID
* @return Response
* @throws JSONException
*/
@@ -305,7 +307,7 @@ public class FileResource extends BaseResource {
}
FileDao fileDao = new FileDao();
List<File> fileList = fileDao.getByDocumentId(documentId);
List<File> fileList = fileDao.getByDocumentId(principal.getId(), documentId);
JSONObject response = new JSONObject();
List<JSONObject> files = new ArrayList<>();
@@ -345,7 +347,15 @@ public class FileResource extends BaseResource {
File file;
try {
file = fileDao.getFile(id);
documentDao.getDocument(file.getDocumentId(), principal.getId());
if (file.getDocumentId() == null) {
// It's an orphan file
if (!file.getUserId().equals(principal.getId())) {
// But not ours
throw new ForbiddenClientException();
}
} else {
documentDao.getDocument(file.getDocumentId(), principal.getId());
}
} catch (NoResultException e) {
throw new ClientException("FileNotFound", MessageFormat.format("File not found: {0}", id));
}
@@ -392,14 +402,28 @@ public class FileResource extends BaseResource {
UserDao userDao = new UserDao();
File file;
Document document;
String userId;
try {
file = fileDao.getFile(fileId);
document = documentDao.getDocument(file.getDocumentId());
// Check document visibility
ShareDao shareDao = new ShareDao();
if (!shareDao.checkVisibility(document, principal.getId(), shareId)) {
throw new ForbiddenClientException();
if (file.getDocumentId() == null) {
// It's an orphan file
if (!file.getUserId().equals(principal.getId())) {
// But not ours
throw new ForbiddenClientException();
}
userId = file.getUserId();
} else {
// It's a file linked to a document
document = documentDao.getDocument(file.getDocumentId());
userId = document.getUserId();
// Check document visibility
ShareDao shareDao = new ShareDao();
if (!shareDao.checkVisibility(document, principal.getId(), shareId)) {
throw new ForbiddenClientException();
}
}
} catch (NoResultException e) {
throw new ClientException("FileNotFound", MessageFormat.format("File not found: {0}", fileId));
@@ -427,7 +451,7 @@ public class FileResource extends BaseResource {
// Stream the output and decrypt it if necessary
StreamingOutput stream;
User user = userDao.getById(document.getUserId());
User user = userDao.getById(userId);
try {
InputStream fileInputStream = new FileInputStream(storedfile);
final InputStream responseInputStream = decrypt ?
@@ -487,7 +511,7 @@ public class FileResource extends BaseResource {
// Get files and user associated with this document
FileDao fileDao = new FileDao();
UserDao userDao = new UserDao();
final List<File> fileList = fileDao.getByDocumentId(documentId);
final List<File> fileList = fileDao.getByDocumentId(principal.getId(), documentId);
final User user = userDao.getById(document.getUserId());
// Create the ZIP stream

32
docs-web/src/test/java/com/sismics/docs/rest/TestFileResource.java
View File

@@ -228,6 +228,16 @@ public class TestFileResource extends BaseJerseyTest {
JSONArray files = json.getJSONArray("files");
Assert.assertEquals(1, files.length());
// Get the file data
fileResource = resource().path("/file/" + file1Id + "/data");
fileResource.addFilter(new CookieAuthenticationFilter(file2AuthenticationToken));
response = fileResource.get(ClientResponse.class);
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
InputStream is = response.getEntityInputStream();
byte[] fileBytes = ByteStreams.toByteArray(is);
Assert.assertEquals(MimeType.IMAGE_JPEG, MimeTypeUtil.guessMimeType(fileBytes));
Assert.assertEquals(163510, fileBytes.length);
// Create a document
WebResource documentResource = resource().path("/document");
documentResource.addFilter(new CookieAuthenticationFilter(file2AuthenticationToken));
@@ -259,5 +269,27 @@ public class TestFileResource extends BaseJerseyTest {
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
files = json.getJSONArray("files");
Assert.assertEquals(1, files.length());
// Add a file
fileResource = resource().path("/file");
fileResource.addFilter(new CookieAuthenticationFilter(file2AuthenticationToken));
form = new FormDataMultiPart();
file = this.getClass().getResourceAsStream("/file/PIA00452.jpg");
fdp = new FormDataBodyPart("file",
new BufferedInputStream(file),
MediaType.APPLICATION_OCTET_STREAM_TYPE);
form.bodyPart(fdp);
response = fileResource.type(MediaType.MULTIPART_FORM_DATA).put(ClientResponse.class, form);
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
json = response.getEntity(JSONObject.class);
String file2Id = json.getString("id");
// Deletes a file
fileResource = resource().path("/file/" + file2Id);
fileResource.addFilter(new CookieAuthenticationFilter(file2AuthenticationToken));
response = fileResource.delete(ClientResponse.class);
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
json = response.getEntity(JSONObject.class);
Assert.assertEquals("ok", json.getString("status"));
}
}