RED-8361 - Returned error status codes should be checked
- renamed and rework the access permission validations Signed-off-by: Corina Olariu <corina.olariu.ext@knecon.com>
This commit is contained in:
Corina Olariu
parent
95978b85af
commit
80e783d46b
@ -45,7 +45,7 @@ public class ComponentLogController implements ComponentLogResource {
|
||||
@Override
|
||||
public ComponentLog getComponentLog(String dossierId, String fileId, boolean includeOverrides) {
|
||||
|
||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
|
||||
return componentLogService.getComponentLog(dossierId, fileId, includeOverrides);
|
||||
@ -55,7 +55,7 @@ public class ComponentLogController implements ComponentLogResource {
|
||||
@PreAuthorize("hasAuthority('" + GET_RSS + "')")
|
||||
public void addOverrides(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody ComponentsOverrides componentsOverrides) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
|
||||
if (componentsOverrides.getComponentOverrides() == null || componentsOverrides.getComponentOverrides().isEmpty()) {
|
||||
@ -73,7 +73,7 @@ public class ComponentLogController implements ComponentLogResource {
|
||||
@PreAuthorize("hasAuthority('" + GET_RSS + "')")
|
||||
public ComponentsOverrides getOverrides(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
return componentOverrideService.getOverrides(dossierId, fileId);
|
||||
}
|
||||
@ -82,7 +82,7 @@ public class ComponentLogController implements ComponentLogResource {
|
||||
@PreAuthorize("hasAuthority('" + GET_RSS + "')")
|
||||
public void revertOverrides(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody RevertOverrideRequest revertOverrideRequest) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
|
||||
if (revertOverrideRequest.getComponents() == null || revertOverrideRequest.getComponents().isEmpty()) {
|
||||
|
||||
@ -82,7 +82,7 @@ public class DictionaryController implements DictionaryResource {
|
||||
if (dossierId == null) {
|
||||
dictionaryService.addGlobalEntries(type, dossierTemplateId, entries, removeCurrent, dictionaryEntryType);
|
||||
} else {
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
|
||||
dictionaryService.addDossierEntries(type, dossierTemplateId, entries, removeCurrent, dossierId, dictionaryEntryType);
|
||||
}
|
||||
@ -117,7 +117,7 @@ public class DictionaryController implements DictionaryResource {
|
||||
if (dossierId == null) {
|
||||
dictionaryService.deleteGlobalEntries(type, dossierTemplateId, entries, dictionaryEntryType);
|
||||
} else {
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
dictionaryService.deleteDossierEntries(type, dossierTemplateId, entries, dossierId, dictionaryEntryType);
|
||||
}
|
||||
|
||||
|
||||
@ -43,7 +43,7 @@ public class DocumentController implements DocumentResource {
|
||||
public ResponseEntity<?> getDocumentText(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
// check access to resources and check for deletion
|
||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
|
||||
try {
|
||||
@ -59,7 +59,7 @@ public class DocumentController implements DocumentResource {
|
||||
public ResponseEntity<?> getDocumentPositions(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
// check access to resources and check for deletion
|
||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
|
||||
try {
|
||||
@ -75,7 +75,7 @@ public class DocumentController implements DocumentResource {
|
||||
public ResponseEntity<?> getDocumentStructure(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
// check access to resources and check for deletion
|
||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
try {
|
||||
return buildZipFileResponseEntity(fileId, dossierId, FileType.DOCUMENT_STRUCTURE);
|
||||
@ -90,7 +90,7 @@ public class DocumentController implements DocumentResource {
|
||||
public ResponseEntity<?> getDocumentPages(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
// check access to resources and check for deletion
|
||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
try {
|
||||
return buildZipFileResponseEntity(fileId, dossierId, FileType.DOCUMENT_PAGES);
|
||||
@ -105,7 +105,7 @@ public class DocumentController implements DocumentResource {
|
||||
public ResponseEntity<?> getSimplifiedSectionText(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
// check access to resources and check for deletion
|
||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
|
||||
try {
|
||||
|
||||
@ -121,7 +121,7 @@ public class DossierAttributesController implements DossierAttributesResource {
|
||||
@PreAuthorize("hasAuthority('" + WRITE_FILE_ATTRIBUTES + "')")
|
||||
public DossierAttributes setDossierAttributes(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody DossierAttributes dossierAttributes) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsDossierOwner(dossierId);
|
||||
var result = dossierAttributesManagementService.setDossierAttributes(dossierId, dossierAttributes.getDossierAttributeList());
|
||||
auditPersistenceService.insertRecord(AuditRequest.builder()
|
||||
@ -138,7 +138,7 @@ public class DossierAttributesController implements DossierAttributesResource {
|
||||
@PreAuthorize("hasAuthority('" + WRITE_DOSSIER_ATTRIBUTES + "')")
|
||||
public DossierAttributes addOrUpdateDossierAttribute(String dossierId, DossierAttribute dossierAttribute) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsDossierOwner(dossierId);
|
||||
DossierAttribute result = dossierAttributesManagementService.addOrUpdateDossierAttribute(dossierId, dossierAttribute);
|
||||
auditPersistenceService.insertRecord(AuditRequest.builder()
|
||||
@ -175,7 +175,7 @@ public class DossierAttributesController implements DossierAttributesResource {
|
||||
@PreAuthorize("hasAuthority('" + WRITE_DOSSIER_ATTRIBUTES + "')")
|
||||
public void deleteDossierAttribute(String dossierId, String dossierAttributeId) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsDossierOwner(dossierId);
|
||||
dossierAttributesManagementService.deleteDossierAttribute(dossierId, dossierAttributeId);
|
||||
auditPersistenceService.insertRecord(AuditRequest.builder()
|
||||
|
||||
@ -18,7 +18,6 @@ import java.util.Set;
|
||||
import java.util.TreeSet;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import com.iqser.red.service.persistence.management.v1.processor.exception.NotFoundException;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.DossierCreatorService;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
@ -42,7 +41,6 @@ import com.iqser.red.service.persistence.management.v1.processor.roles.Applicati
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.AccessControlService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.DossierManagementService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.FileStatusManagementService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.FilterByPermissionsService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.persistence.AuditPersistenceService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.persistence.NotificationPersistenceService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.users.UserService;
|
||||
@ -351,7 +349,7 @@ public class DossierController implements DossierResource {
|
||||
public void deleteDossier(@PathVariable(DOSSIER_ID_PARAM) String dossierId) {
|
||||
|
||||
Dossier dossier = dossierACLService.enhanceDossierWithACLData(dossierManagementService.getDossierById(dossierId, true, false));
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
|
||||
if (dossier.getOwnerId() != null && !dossier.getOwnerId().equals(KeycloakSecurity.getUserId())) {
|
||||
throw new AccessDeniedException("Can not delete dossier that is owned by a different user");
|
||||
@ -384,7 +382,7 @@ public class DossierController implements DossierResource {
|
||||
@RequestParam(name = INCLUDE_ARCHIVED_PARAM, defaultValue = "false", required = false) boolean includeArchived,
|
||||
@RequestParam(name = INCLUDE_DELETED_PARAM, defaultValue = "false", required = false) boolean includeDeleted) {
|
||||
|
||||
accessControlService.verifyDossierViewPermission(dossierId);
|
||||
accessControlService.checkViewPermissionsToDossier(dossierId);
|
||||
|
||||
return dossierACLService.enhanceDossierWithACLData(dossierManagementService.getDossierById(dossierId, includeArchived, includeDeleted));
|
||||
}
|
||||
|
||||
@ -34,7 +34,7 @@ public class DossierStatsController implements DossierStatsResource {
|
||||
@PreAuthorize("hasAuthority('" + READ_DOSSIER + "')")
|
||||
public DossierStats getDossierStats(@PathVariable(DOSSIER_ID_PARAM) String dossierId) {
|
||||
|
||||
accessControlService.verifyDossierViewPermission(dossierId);
|
||||
accessControlService.checkViewPermissionsToDossier(dossierId);
|
||||
return dossierStatsService.getDossierStats(dossierId);
|
||||
}
|
||||
|
||||
|
||||
@ -32,7 +32,7 @@ public class EntityLogController implements EntityLogResource {
|
||||
@RequestParam(value = "excludedType", required = false) List<String> excludedTypes,
|
||||
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
return entityLogService.getEntityLog(dossierId, fileId, excludedTypes, includeUnprocessed);
|
||||
}
|
||||
@ -43,7 +43,7 @@ public class EntityLogController implements EntityLogResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestBody FilteredEntityLogRequest filteredEntityLogRequest) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
return entityLogService.getFilteredEntityLog(dossierId, fileId, filteredEntityLogRequest);
|
||||
}
|
||||
|
||||
@ -78,7 +78,7 @@ public class FileManagementController implements FileManagementResource {
|
||||
@PreAuthorize("hasAuthority('" + DELETE_FILE + "')")
|
||||
public void deleteFile(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
fileService.deleteFile(dossierId, fileId);
|
||||
auditPersistenceService.audit(AuditRequest.builder()
|
||||
.userId(KeycloakSecurity.getUserId())
|
||||
@ -95,7 +95,7 @@ public class FileManagementController implements FileManagementResource {
|
||||
@PreAuthorize("hasAuthority('" + DELETE_FILE + "')")
|
||||
public void deleteFiles(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody List<String> fileIds) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
List<String> errorIds = new ArrayList<>();
|
||||
for (String fileId : fileIds) {
|
||||
try {
|
||||
@ -124,7 +124,7 @@ public class FileManagementController implements FileManagementResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestParam(value = "inline", required = false, defaultValue = FALSE) boolean inline) {
|
||||
|
||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
return getResponseEntityForPDFDocument(fileId, dossierId, FileType.ORIGIN, inline);
|
||||
}
|
||||
|
||||
@ -136,7 +136,7 @@ public class FileManagementController implements FileManagementResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestParam(value = "inline", required = false, defaultValue = FALSE) boolean inline) {
|
||||
|
||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
// Viewer Document Returns
|
||||
if (storageService.objectExists(TenantContext.getTenantId(), StorageIdUtils.getStorageId(dossierId, fileId, FileType.VIEWER_DOCUMENT))) {
|
||||
return getResponseEntityForPDFDocument(fileId, dossierId, FileType.VIEWER_DOCUMENT, inline);
|
||||
@ -181,7 +181,7 @@ public class FileManagementController implements FileManagementResource {
|
||||
@PreAuthorize("hasAuthority('" + DELETE_FILE + "')")
|
||||
public void hardDeleteFiles(@PathVariable(DOSSIER_ID) String dossierId, @RequestParam(FILE_IDS) Set<String> fileIds) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
for (String fileId : fileIds) {
|
||||
if (fileStatusManagementService.getFileStatus(fileId).getAssignee() != null) {
|
||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||
@ -202,7 +202,7 @@ public class FileManagementController implements FileManagementResource {
|
||||
@PreAuthorize("hasAuthority('" + DELETE_FILE + "')")
|
||||
public void restoreFiles(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody Set<String> fileIds) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
verifyUserIsDossierOwnerOrApproverOrAssignedReviewer(dossierId, fileIds);
|
||||
fileService.undeleteFiles(dossierId, fileIds);
|
||||
auditPersistenceService.audit(AuditRequest.builder()
|
||||
@ -219,7 +219,7 @@ public class FileManagementController implements FileManagementResource {
|
||||
@PreAuthorize("hasAuthority('" + ROTATE_PAGE + "')")
|
||||
public void rotatePages(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody RotatePagesRequest rotatePagesRequest) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
accessControlService.verifyUserIsReviewer(dossierId, fileId);
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ public class HighlightsController implements HighlightsResource {
|
||||
@PreAuthorize("hasAuthority('" + GET_HIGHLIGHTS + "')")
|
||||
public Highlights getHighlights(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
fileStatusService.getStatus(fileId);
|
||||
|
||||
if (storageService.objectExists(TenantContext.getTenantId(), getStorageId(dossierId, fileId, FileType.TEXT_HIGHLIGHTS))) {
|
||||
@ -68,7 +68,7 @@ public class HighlightsController implements HighlightsResource {
|
||||
public void convertHighlights(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody AnnotationIds annotationIds) {
|
||||
|
||||
try {
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
|
||||
@ -83,7 +83,7 @@ public class HighlightsController implements HighlightsResource {
|
||||
public void deleteHighlights(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody AnnotationIds annotationIds) {
|
||||
|
||||
try {
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
|
||||
@ -99,7 +99,7 @@ public class HighlightsController implements HighlightsResource {
|
||||
public void deleteImportedRedactions(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody AnnotationIds annotationIds) {
|
||||
|
||||
try {
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
|
||||
|
||||
@ -79,7 +79,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@RequestBody Set<String> annotationIds,
|
||||
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
accessControlService.verifyUserIsApprover(dossierId);
|
||||
manualRedactionUndoService.undo(dossierId, fileId, annotationIds, includeUnprocessed);
|
||||
@ -94,7 +94,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@PathVariable(ANNOTATION_ID) String annotationId,
|
||||
@PathVariable(COMMENT_ID) String commentId) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||
|
||||
@ -116,7 +116,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestParam(value = "unprocessed", required = false, defaultValue = FALSE) boolean unprocessed) {
|
||||
|
||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
return manualRedactionService.getManualRedactions(fileId, unprocessed);
|
||||
}
|
||||
@ -127,7 +127,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
public AnnotationComments getComments(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @PathVariable(ANNOTATION_ID) String annotationId) {
|
||||
|
||||
dossierManagementService.getDossierById(dossierId, false, false);
|
||||
accessControlService.verifyDossierViewPermission(dossierId);
|
||||
accessControlService.checkViewPermissionsToDossier(dossierId);
|
||||
fileStatusManagementService.getFileStatus(fileId, false);
|
||||
|
||||
List<Comment> comments = commentService.getComments(fileId, annotationId);
|
||||
@ -142,7 +142,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@PathVariable(ANNOTATION_ID) String annotationId,
|
||||
@RequestBody AddCommentRequestModel addCommentRequest) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||
|
||||
@ -167,7 +167,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@RequestBody Set<AddRedactionRequestModel> addRedactionRequests) {
|
||||
|
||||
var dossier = dossierManagementService.getDossierById(dossierId, false, false);
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
if (addRedactionRequests.stream().anyMatch(AddRedactionRequestModel::isAddToAllDossiers)) {
|
||||
accessControlService.verifyUserIsApprover(dossierId);
|
||||
@ -197,7 +197,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
||||
|
||||
var dossier = dossierManagementService.getDossierById(dossierId, false, false);
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
if (removeRedactionRequests.stream().anyMatch(RemoveRedactionRequestModel::isRemoveFromAllDossiers)) {
|
||||
accessControlService.verifyUserIsApprover(dossierId);
|
||||
@ -225,7 +225,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestBody Set<ForceRedactionRequestModel> forceRedactionRequests) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||
|
||||
@ -249,7 +249,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestBody Set<LegalBasisChangeRequestModel> legalBasisChangeRequests) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||
|
||||
@ -276,7 +276,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
||||
|
||||
var dossier = dossierManagementService.getDossierById(dossierId, false, false);
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||
|
||||
@ -302,7 +302,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@RequestBody Set<ResizeRedactionRequestModel> resizeRedactionRequests,
|
||||
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||
|
||||
|
||||
@ -8,6 +8,7 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
@ -44,7 +45,7 @@ public class ReanalysisController implements ReanalysisResource {
|
||||
@PreAuthorize("hasAuthority('" + REANALYZE_DOSSIER + "')")
|
||||
public void reanalyzeDossier(@PathVariable(DOSSIER_ID) String dossierId, @RequestParam(value = FORCE_PARAM, required = false, defaultValue = FALSE) boolean force) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
reanalysisService.reanalyzeDossier(dossierId, force);
|
||||
|
||||
auditPersistenceService.audit(AuditRequest.builder()
|
||||
@ -61,9 +62,6 @@ public class ReanalysisController implements ReanalysisResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestParam(value = FORCE_PARAM, required = false, defaultValue = FALSE) boolean force) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
|
||||
reanalysisService.reanalyzeFiles(dossierId, Sets.newHashSet(fileId), force);
|
||||
auditPersistenceService.audit(AuditRequest.builder()
|
||||
.userId(KeycloakSecurity.getUserId())
|
||||
@ -81,8 +79,6 @@ public class ReanalysisController implements ReanalysisResource {
|
||||
@RequestBody List<String> fileIds,
|
||||
@RequestParam(value = FORCE_PARAM, required = false, defaultValue = FALSE) boolean force) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
|
||||
reanalysisService.reanalyzeFiles(dossierId, new HashSet<>(fileIds), force);
|
||||
|
||||
auditPersistenceService.audit(AuditRequest.builder()
|
||||
@ -100,7 +96,7 @@ public class ReanalysisController implements ReanalysisResource {
|
||||
@PreAuthorize("hasAuthority('" + REANALYZE_DOSSIER + "')")
|
||||
public void ocrDossier(@PathVariable(DOSSIER_ID) String dossierId) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
|
||||
reanalysisService.ocrDossier(dossierId);
|
||||
|
||||
@ -120,7 +116,6 @@ public class ReanalysisController implements ReanalysisResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestParam(value = FORCE_PARAM, required = false, defaultValue = FALSE) boolean force) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
validateOCR(dossierId, fileId);
|
||||
reanalysisService.ocrFile(dossierId, fileId, force);
|
||||
auditPersistenceService.audit(AuditRequest.builder()
|
||||
|
||||
@ -149,7 +149,7 @@ public class StatusController implements StatusResource {
|
||||
@PreAuthorize("hasAuthority('" + READ_FILE_STATUS + "')")
|
||||
public FileStatus getFileStatus(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
return FileStatusMapper.toFileStatus(fileStatusManagementService.getFileStatus(fileId));
|
||||
}
|
||||
|
||||
@ -160,7 +160,7 @@ public class StatusController implements StatusResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestParam(name = ASSIGNEE_ID_REQUEST_PARAM, required = false) String assigneeId) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||
|
||||
log.debug("Requested [setFileReviewer] for dossier: {} / file: {} / reviewer: {}", dossierId, fileId, assigneeId);
|
||||
@ -240,7 +240,7 @@ public class StatusController implements StatusResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestParam(value = ASSIGNEE_ID_REQUEST_PARAM, required = false) String assigneeId) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
var fileStatus = fileStatusManagementService.getFileStatus(fileId);
|
||||
|
||||
setStatusUnderReviewForFile(dossierId, fileId, assigneeId);
|
||||
@ -270,7 +270,7 @@ public class StatusController implements StatusResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestParam(name = ASSIGNEE_ID_REQUEST_PARAM, required = false) String assigneeId) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
var fileStatus = fileStatusManagementService.getFileStatus(fileId);
|
||||
|
||||
setStatusUnderApprovalForFile(dossierId, fileId, assigneeId);
|
||||
@ -299,7 +299,7 @@ public class StatusController implements StatusResource {
|
||||
@PreAuthorize("hasAuthority('" + SET_STATUS_APPROVED + "')")
|
||||
public void setStatusApproved(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsApprover(dossierId);
|
||||
setStatusApprovedForFile(dossierId, fileId);
|
||||
auditPersistenceService.audit(AuditRequest.builder()
|
||||
@ -408,7 +408,7 @@ public class StatusController implements StatusResource {
|
||||
@PreAuthorize("hasAuthority('" + SET_REVIEWER + "')")
|
||||
public void setStatusNewForList(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody List<String> fileIds) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
for (var fileId : fileIds) {
|
||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||
var fileStatus = fileStatusManagementService.getFileStatus(fileId);
|
||||
|
||||
@ -41,7 +41,7 @@ public class StatusReportController implements StatusReportResource {
|
||||
@PreAuthorize("hasAuthority('" + READ_DOSSIER + "')")
|
||||
public ResponseEntity<?> generateStatusReport(@PathVariable(DOSSIER_ID) String dossierId) {
|
||||
|
||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
|
||||
try {
|
||||
StatusReportResponse statusReportResponse = statusReportClient.generateStatusReport(dossierId);
|
||||
|
||||
@ -67,7 +67,7 @@ public class UploadController implements UploadResource {
|
||||
@PathVariable(DOSSIER_ID) String dossierId,
|
||||
@RequestParam(value = "keepManualRedactions", required = false, defaultValue = "false") boolean keepManualRedactions) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
if (file.getOriginalFilename() == null) {
|
||||
throw new BadRequestException("Could not upload file, no filename provided.");
|
||||
}
|
||||
@ -101,7 +101,7 @@ public class UploadController implements UploadResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestParam(value = "pageInclusionRequest", required = false) Set<Integer> pageInclusionRequest) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||
|
||||
|
||||
@ -47,7 +47,7 @@ public class VersionsController implements VersionsResource {
|
||||
@PreAuthorize("hasAuthority('" + READ_VERSIONS + "')")
|
||||
public Long getDossierDictionaryVersion(@PathVariable(DOSSIER_TEMPLATE_PARAMETER_NAME) String dossierTemplateId, @PathVariable(DOSSIER_ID_PARAM) String dossierId) {
|
||||
|
||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
return dictionaryPersistenceService.getVersionForDossier(dossierId);
|
||||
}
|
||||
|
||||
|
||||
@ -36,7 +36,7 @@ public class ViewedPagesController implements ViewedPagesResource {
|
||||
@PreAuthorize("hasAuthority('" + MANAGE_VIEWED_PAGES + "')")
|
||||
public void addPage(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody ViewedPagesRequest viewedPagesRequest) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsReviewer(dossierId, fileId);
|
||||
viewedPagesPersistenceService.insertPage(fileId, KeycloakSecurity.getUserId(), viewedPagesRequest.getPage());
|
||||
}
|
||||
@ -45,7 +45,7 @@ public class ViewedPagesController implements ViewedPagesResource {
|
||||
@PreAuthorize("hasAuthority('" + MANAGE_VIEWED_PAGES + "')")
|
||||
public void removePage(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @PathVariable(PAGE) int page) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsReviewer(dossierId, fileId);
|
||||
viewedPagesPersistenceService.removePage(fileId, KeycloakSecurity.getUserId(), page);
|
||||
}
|
||||
@ -54,7 +54,7 @@ public class ViewedPagesController implements ViewedPagesResource {
|
||||
@PreAuthorize("hasAuthority('" + MANAGE_VIEWED_PAGES + "')")
|
||||
public ViewedPages getViewedPages(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsReviewer(dossierId, fileId);
|
||||
try {
|
||||
var pages = MagicConverter.convert(viewedPagesPersistenceService.findViewedPages(fileId, KeycloakSecurity.getUserId()), ViewedPage.class);
|
||||
|
||||
@ -1,6 +1,5 @@
|
||||
package com.iqser.red.service.persistence.management.v1.processor.service;
|
||||
|
||||
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.access.prepost.PostAuthorize;
|
||||
import org.springframework.security.acls.AclPermissionEvaluator;
|
||||
@ -11,7 +10,6 @@ import com.iqser.red.service.persistence.management.v1.processor.acl.custom.doss
|
||||
import com.iqser.red.service.persistence.management.v1.processor.exception.BadRequestException;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.exception.NotAllowedException;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.exception.NotFoundException;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.persistence.DossierPersistenceService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.users.UserService;
|
||||
import com.iqser.red.service.persistence.service.v1.api.shared.model.dossiertemplate.dossier.file.WorkflowStatus;
|
||||
import com.knecon.fforesight.keycloakcommons.security.KeycloakSecurity;
|
||||
@ -82,6 +80,7 @@ public class AccessControlService {
|
||||
}
|
||||
|
||||
|
||||
// checks that the user has view permissions to dossier and returns 403 if it doesn't
|
||||
@PostAuthorize("hasPermission(#dossierId, 'Dossier', 'VIEW_OBJECT')")
|
||||
public void verifyUserHasViewPermissions(String dossierId) {
|
||||
|
||||
@ -125,6 +124,7 @@ public class AccessControlService {
|
||||
|
||||
|
||||
|
||||
// checks that the user has view permissions to dossier and returns a boolean flag
|
||||
public boolean hasUserViewPermissionsForDossier(String dossierId) {
|
||||
|
||||
return aclPermissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), dossierId, "Dossier", "VIEW_OBJECT");
|
||||
@ -153,28 +153,29 @@ public class AccessControlService {
|
||||
}
|
||||
}
|
||||
|
||||
public void verifyDossierViewPermission(String dossierId) {
|
||||
//verifies that user has view permissions to the dossier and responds with 404 if it doesn't
|
||||
public void checkViewPermissionsToDossier(String dossierId) {
|
||||
if (!hasUserViewPermissionsForDossier(dossierId)) {
|
||||
throw new NotFoundException("Object not found");
|
||||
}
|
||||
}
|
||||
|
||||
public void verifyDossierAccessPermission(String dossierId) {
|
||||
verifyDossierViewPermission(dossierId);
|
||||
verifyUserHasAccessPermissions(dossierId);
|
||||
}
|
||||
|
||||
public void verifyDossierViewPermissionAndResourceNotDeleted(String dossierId) {
|
||||
|
||||
// validates that the dossier is present and not deleted
|
||||
//verifies that dossier is present and not deleted and user has view permissions to the dossier and responds with 404 if it doesn't
|
||||
public void checkDossierExistenceAndViewPermissionsToDossier(String dossierId) {
|
||||
dossierManagementService.getDossierById(dossierId, true, false);
|
||||
verifyDossierViewPermission(dossierId);
|
||||
|
||||
checkViewPermissionsToDossier(dossierId);
|
||||
}
|
||||
|
||||
public void verifyDossierAccessPermissionAndResourceNotDeleted(String dossierId) {
|
||||
verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
||||
verifyUserHasAccessPermissions(dossierId);
|
||||
//verifies that user has access permissions to the dossier and responds with 403 in case it doesn't
|
||||
@PostAuthorize("hasPermission(#dossierId, 'Dossier', 'ACCESS_OBJECT')")
|
||||
public void checkAccessPermissionsToDossier(String dossierId) {
|
||||
checkViewPermissionsToDossier(dossierId);
|
||||
}
|
||||
|
||||
//checks the existence of dossier and if it is not deleted and view permissions
|
||||
@PostAuthorize("hasPermission(#dossierId, 'Dossier', 'ACCESS_OBJECT')")
|
||||
public void checkDossierExistenceAndAccessPermissionsToDossier(String dossierId) {
|
||||
checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
}
|
||||
|
||||
public void validateFileResourceExistence(String fileId) {
|
||||
|
||||
@ -115,7 +115,7 @@ public class DictionaryService {
|
||||
public void deleteDossierEntries(String type, String dossierTemplateId, List<String> entries, String dossierId, DictionaryEntryType dictionaryEntryType) {
|
||||
|
||||
try {
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||
} catch (AccessDeniedException e) {
|
||||
throw new NotFoundException("Object not found");
|
||||
@ -212,7 +212,7 @@ public class DictionaryService {
|
||||
@PreAuthorize("hasAuthority('" + DELETE_DOSSIER_DICTIONARY_TYPE + "')")
|
||||
public void deleteDossierType(String type, String dossierTemplateId, String dossierId) {
|
||||
|
||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||
deleteType(toTypeId(type, dossierTemplateId, dossierId));
|
||||
}
|
||||
@ -224,7 +224,7 @@ public class DictionaryService {
|
||||
List<Type> types = MagicConverter.convert(dictionaryPersistenceService.getAllTypesForDossierTemplate(dossierTemplateId, includeDeleted), Type.class);
|
||||
if (dossierId != null) {
|
||||
try {
|
||||
accessControlService.verifyDossierViewPermission(dossierId);
|
||||
accessControlService.checkViewPermissionsToDossier(dossierId);
|
||||
dictionaryManagementService.checkDossierMatchesDossierTemplate(dossierId, dossierTemplateId);
|
||||
// for every dossier template type check if a dossier type exists
|
||||
types.forEach(t -> dictionaryManagementService.checkForDossierTypeExistenceAndCreate(toTypeId(t.getType(), t.getDossierTemplateId(), dossierId)));
|
||||
@ -264,7 +264,7 @@ public class DictionaryService {
|
||||
|
||||
try {
|
||||
if (dossierId != null) {
|
||||
accessControlService.verifyDossierViewPermission(dossierId);
|
||||
accessControlService.checkViewPermissionsToDossier(dossierId);
|
||||
}
|
||||
var typeId = toTypeId(type, dossierTemplateId, dossierId);
|
||||
// create dossier level type if it does not exist
|
||||
@ -323,7 +323,7 @@ public class DictionaryService {
|
||||
|
||||
try {
|
||||
if (dossierId != null) {
|
||||
accessControlService.verifyDossierViewPermission(dossierId);
|
||||
accessControlService.checkViewPermissionsToDossier(dossierId);
|
||||
}
|
||||
var dossierTemplateDictionary = dictionaryPersistenceService.getType(toTypeId(type, dossierTemplateId));
|
||||
var typeId = toTypeId(type, dossierTemplateId, dossierId);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user