RED-8361 - Returned error status codes should be checked
- renamed and rework the access permission validations Signed-off-by: Corina Olariu <corina.olariu.ext@knecon.com>
This commit is contained in:
Corina Olariu
parent
95978b85af
commit
80e783d46b
@ -45,7 +45,7 @@ public class ComponentLogController implements ComponentLogResource {
|
|||||||
@Override
|
@Override
|
||||||
public ComponentLog getComponentLog(String dossierId, String fileId, boolean includeOverrides) {
|
public ComponentLog getComponentLog(String dossierId, String fileId, boolean includeOverrides) {
|
||||||
|
|
||||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||||
accessControlService.validateFileResourceExistence(fileId);
|
accessControlService.validateFileResourceExistence(fileId);
|
||||||
|
|
||||||
return componentLogService.getComponentLog(dossierId, fileId, includeOverrides);
|
return componentLogService.getComponentLog(dossierId, fileId, includeOverrides);
|
||||||
@ -55,7 +55,7 @@ public class ComponentLogController implements ComponentLogResource {
|
|||||||
@PreAuthorize("hasAuthority('" + GET_RSS + "')")
|
@PreAuthorize("hasAuthority('" + GET_RSS + "')")
|
||||||
public void addOverrides(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody ComponentsOverrides componentsOverrides) {
|
public void addOverrides(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody ComponentsOverrides componentsOverrides) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.validateFileResourceExistence(fileId);
|
accessControlService.validateFileResourceExistence(fileId);
|
||||||
|
|
||||||
if (componentsOverrides.getComponentOverrides() == null || componentsOverrides.getComponentOverrides().isEmpty()) {
|
if (componentsOverrides.getComponentOverrides() == null || componentsOverrides.getComponentOverrides().isEmpty()) {
|
||||||
@ -73,7 +73,7 @@ public class ComponentLogController implements ComponentLogResource {
|
|||||||
@PreAuthorize("hasAuthority('" + GET_RSS + "')")
|
@PreAuthorize("hasAuthority('" + GET_RSS + "')")
|
||||||
public ComponentsOverrides getOverrides(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
public ComponentsOverrides getOverrides(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||||
|
|
||||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||||
accessControlService.validateFileResourceExistence(fileId);
|
accessControlService.validateFileResourceExistence(fileId);
|
||||||
return componentOverrideService.getOverrides(dossierId, fileId);
|
return componentOverrideService.getOverrides(dossierId, fileId);
|
||||||
}
|
}
|
||||||
@ -82,7 +82,7 @@ public class ComponentLogController implements ComponentLogResource {
|
|||||||
@PreAuthorize("hasAuthority('" + GET_RSS + "')")
|
@PreAuthorize("hasAuthority('" + GET_RSS + "')")
|
||||||
public void revertOverrides(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody RevertOverrideRequest revertOverrideRequest) {
|
public void revertOverrides(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody RevertOverrideRequest revertOverrideRequest) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.validateFileResourceExistence(fileId);
|
accessControlService.validateFileResourceExistence(fileId);
|
||||||
|
|
||||||
if (revertOverrideRequest.getComponents() == null || revertOverrideRequest.getComponents().isEmpty()) {
|
if (revertOverrideRequest.getComponents() == null || revertOverrideRequest.getComponents().isEmpty()) {
|
||||||
|
|||||||
@ -82,7 +82,7 @@ public class DictionaryController implements DictionaryResource {
|
|||||||
if (dossierId == null) {
|
if (dossierId == null) {
|
||||||
dictionaryService.addGlobalEntries(type, dossierTemplateId, entries, removeCurrent, dictionaryEntryType);
|
dictionaryService.addGlobalEntries(type, dossierTemplateId, entries, removeCurrent, dictionaryEntryType);
|
||||||
} else {
|
} else {
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||||
|
|
||||||
dictionaryService.addDossierEntries(type, dossierTemplateId, entries, removeCurrent, dossierId, dictionaryEntryType);
|
dictionaryService.addDossierEntries(type, dossierTemplateId, entries, removeCurrent, dossierId, dictionaryEntryType);
|
||||||
}
|
}
|
||||||
@ -117,7 +117,7 @@ public class DictionaryController implements DictionaryResource {
|
|||||||
if (dossierId == null) {
|
if (dossierId == null) {
|
||||||
dictionaryService.deleteGlobalEntries(type, dossierTemplateId, entries, dictionaryEntryType);
|
dictionaryService.deleteGlobalEntries(type, dossierTemplateId, entries, dictionaryEntryType);
|
||||||
} else {
|
} else {
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||||
dictionaryService.deleteDossierEntries(type, dossierTemplateId, entries, dossierId, dictionaryEntryType);
|
dictionaryService.deleteDossierEntries(type, dossierTemplateId, entries, dossierId, dictionaryEntryType);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -43,7 +43,7 @@ public class DocumentController implements DocumentResource {
|
|||||||
public ResponseEntity<?> getDocumentText(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
public ResponseEntity<?> getDocumentText(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||||
|
|
||||||
// check access to resources and check for deletion
|
// check access to resources and check for deletion
|
||||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||||
accessControlService.validateFileResourceExistence(fileId);
|
accessControlService.validateFileResourceExistence(fileId);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -59,7 +59,7 @@ public class DocumentController implements DocumentResource {
|
|||||||
public ResponseEntity<?> getDocumentPositions(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
public ResponseEntity<?> getDocumentPositions(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||||
|
|
||||||
// check access to resources and check for deletion
|
// check access to resources and check for deletion
|
||||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||||
accessControlService.validateFileResourceExistence(fileId);
|
accessControlService.validateFileResourceExistence(fileId);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -75,7 +75,7 @@ public class DocumentController implements DocumentResource {
|
|||||||
public ResponseEntity<?> getDocumentStructure(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
public ResponseEntity<?> getDocumentStructure(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||||
|
|
||||||
// check access to resources and check for deletion
|
// check access to resources and check for deletion
|
||||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||||
accessControlService.validateFileResourceExistence(fileId);
|
accessControlService.validateFileResourceExistence(fileId);
|
||||||
try {
|
try {
|
||||||
return buildZipFileResponseEntity(fileId, dossierId, FileType.DOCUMENT_STRUCTURE);
|
return buildZipFileResponseEntity(fileId, dossierId, FileType.DOCUMENT_STRUCTURE);
|
||||||
@ -90,7 +90,7 @@ public class DocumentController implements DocumentResource {
|
|||||||
public ResponseEntity<?> getDocumentPages(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
public ResponseEntity<?> getDocumentPages(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||||
|
|
||||||
// check access to resources and check for deletion
|
// check access to resources and check for deletion
|
||||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||||
accessControlService.validateFileResourceExistence(fileId);
|
accessControlService.validateFileResourceExistence(fileId);
|
||||||
try {
|
try {
|
||||||
return buildZipFileResponseEntity(fileId, dossierId, FileType.DOCUMENT_PAGES);
|
return buildZipFileResponseEntity(fileId, dossierId, FileType.DOCUMENT_PAGES);
|
||||||
@ -105,7 +105,7 @@ public class DocumentController implements DocumentResource {
|
|||||||
public ResponseEntity<?> getSimplifiedSectionText(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
public ResponseEntity<?> getSimplifiedSectionText(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||||
|
|
||||||
// check access to resources and check for deletion
|
// check access to resources and check for deletion
|
||||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||||
accessControlService.validateFileResourceExistence(fileId);
|
accessControlService.validateFileResourceExistence(fileId);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|||||||
@ -121,7 +121,7 @@ public class DossierAttributesController implements DossierAttributesResource {
|
|||||||
@PreAuthorize("hasAuthority('" + WRITE_FILE_ATTRIBUTES + "')")
|
@PreAuthorize("hasAuthority('" + WRITE_FILE_ATTRIBUTES + "')")
|
||||||
public DossierAttributes setDossierAttributes(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody DossierAttributes dossierAttributes) {
|
public DossierAttributes setDossierAttributes(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody DossierAttributes dossierAttributes) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyUserIsDossierOwner(dossierId);
|
accessControlService.verifyUserIsDossierOwner(dossierId);
|
||||||
var result = dossierAttributesManagementService.setDossierAttributes(dossierId, dossierAttributes.getDossierAttributeList());
|
var result = dossierAttributesManagementService.setDossierAttributes(dossierId, dossierAttributes.getDossierAttributeList());
|
||||||
auditPersistenceService.insertRecord(AuditRequest.builder()
|
auditPersistenceService.insertRecord(AuditRequest.builder()
|
||||||
@ -138,7 +138,7 @@ public class DossierAttributesController implements DossierAttributesResource {
|
|||||||
@PreAuthorize("hasAuthority('" + WRITE_DOSSIER_ATTRIBUTES + "')")
|
@PreAuthorize("hasAuthority('" + WRITE_DOSSIER_ATTRIBUTES + "')")
|
||||||
public DossierAttributes addOrUpdateDossierAttribute(String dossierId, DossierAttribute dossierAttribute) {
|
public DossierAttributes addOrUpdateDossierAttribute(String dossierId, DossierAttribute dossierAttribute) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyUserIsDossierOwner(dossierId);
|
accessControlService.verifyUserIsDossierOwner(dossierId);
|
||||||
DossierAttribute result = dossierAttributesManagementService.addOrUpdateDossierAttribute(dossierId, dossierAttribute);
|
DossierAttribute result = dossierAttributesManagementService.addOrUpdateDossierAttribute(dossierId, dossierAttribute);
|
||||||
auditPersistenceService.insertRecord(AuditRequest.builder()
|
auditPersistenceService.insertRecord(AuditRequest.builder()
|
||||||
@ -175,7 +175,7 @@ public class DossierAttributesController implements DossierAttributesResource {
|
|||||||
@PreAuthorize("hasAuthority('" + WRITE_DOSSIER_ATTRIBUTES + "')")
|
@PreAuthorize("hasAuthority('" + WRITE_DOSSIER_ATTRIBUTES + "')")
|
||||||
public void deleteDossierAttribute(String dossierId, String dossierAttributeId) {
|
public void deleteDossierAttribute(String dossierId, String dossierAttributeId) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyUserIsDossierOwner(dossierId);
|
accessControlService.verifyUserIsDossierOwner(dossierId);
|
||||||
dossierAttributesManagementService.deleteDossierAttribute(dossierId, dossierAttributeId);
|
dossierAttributesManagementService.deleteDossierAttribute(dossierId, dossierAttributeId);
|
||||||
auditPersistenceService.insertRecord(AuditRequest.builder()
|
auditPersistenceService.insertRecord(AuditRequest.builder()
|
||||||
|
|||||||
@ -18,7 +18,6 @@ import java.util.Set;
|
|||||||
import java.util.TreeSet;
|
import java.util.TreeSet;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
import com.iqser.red.service.persistence.management.v1.processor.exception.NotFoundException;
|
|
||||||
import com.iqser.red.service.persistence.management.v1.processor.service.DossierCreatorService;
|
import com.iqser.red.service.persistence.management.v1.processor.service.DossierCreatorService;
|
||||||
|
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
@ -42,7 +41,6 @@ import com.iqser.red.service.persistence.management.v1.processor.roles.Applicati
|
|||||||
import com.iqser.red.service.persistence.management.v1.processor.service.AccessControlService;
|
import com.iqser.red.service.persistence.management.v1.processor.service.AccessControlService;
|
||||||
import com.iqser.red.service.persistence.management.v1.processor.service.DossierManagementService;
|
import com.iqser.red.service.persistence.management.v1.processor.service.DossierManagementService;
|
||||||
import com.iqser.red.service.persistence.management.v1.processor.service.FileStatusManagementService;
|
import com.iqser.red.service.persistence.management.v1.processor.service.FileStatusManagementService;
|
||||||
import com.iqser.red.service.persistence.management.v1.processor.service.FilterByPermissionsService;
|
|
||||||
import com.iqser.red.service.persistence.management.v1.processor.service.persistence.AuditPersistenceService;
|
import com.iqser.red.service.persistence.management.v1.processor.service.persistence.AuditPersistenceService;
|
||||||
import com.iqser.red.service.persistence.management.v1.processor.service.persistence.NotificationPersistenceService;
|
import com.iqser.red.service.persistence.management.v1.processor.service.persistence.NotificationPersistenceService;
|
||||||
import com.iqser.red.service.persistence.management.v1.processor.service.users.UserService;
|
import com.iqser.red.service.persistence.management.v1.processor.service.users.UserService;
|
||||||
@ -351,7 +349,7 @@ public class DossierController implements DossierResource {
|
|||||||
public void deleteDossier(@PathVariable(DOSSIER_ID_PARAM) String dossierId) {
|
public void deleteDossier(@PathVariable(DOSSIER_ID_PARAM) String dossierId) {
|
||||||
|
|
||||||
Dossier dossier = dossierACLService.enhanceDossierWithACLData(dossierManagementService.getDossierById(dossierId, true, false));
|
Dossier dossier = dossierACLService.enhanceDossierWithACLData(dossierManagementService.getDossierById(dossierId, true, false));
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
|
|
||||||
if (dossier.getOwnerId() != null && !dossier.getOwnerId().equals(KeycloakSecurity.getUserId())) {
|
if (dossier.getOwnerId() != null && !dossier.getOwnerId().equals(KeycloakSecurity.getUserId())) {
|
||||||
throw new AccessDeniedException("Can not delete dossier that is owned by a different user");
|
throw new AccessDeniedException("Can not delete dossier that is owned by a different user");
|
||||||
@ -384,7 +382,7 @@ public class DossierController implements DossierResource {
|
|||||||
@RequestParam(name = INCLUDE_ARCHIVED_PARAM, defaultValue = "false", required = false) boolean includeArchived,
|
@RequestParam(name = INCLUDE_ARCHIVED_PARAM, defaultValue = "false", required = false) boolean includeArchived,
|
||||||
@RequestParam(name = INCLUDE_DELETED_PARAM, defaultValue = "false", required = false) boolean includeDeleted) {
|
@RequestParam(name = INCLUDE_DELETED_PARAM, defaultValue = "false", required = false) boolean includeDeleted) {
|
||||||
|
|
||||||
accessControlService.verifyDossierViewPermission(dossierId);
|
accessControlService.checkViewPermissionsToDossier(dossierId);
|
||||||
|
|
||||||
return dossierACLService.enhanceDossierWithACLData(dossierManagementService.getDossierById(dossierId, includeArchived, includeDeleted));
|
return dossierACLService.enhanceDossierWithACLData(dossierManagementService.getDossierById(dossierId, includeArchived, includeDeleted));
|
||||||
}
|
}
|
||||||
|
|||||||
@ -34,7 +34,7 @@ public class DossierStatsController implements DossierStatsResource {
|
|||||||
@PreAuthorize("hasAuthority('" + READ_DOSSIER + "')")
|
@PreAuthorize("hasAuthority('" + READ_DOSSIER + "')")
|
||||||
public DossierStats getDossierStats(@PathVariable(DOSSIER_ID_PARAM) String dossierId) {
|
public DossierStats getDossierStats(@PathVariable(DOSSIER_ID_PARAM) String dossierId) {
|
||||||
|
|
||||||
accessControlService.verifyDossierViewPermission(dossierId);
|
accessControlService.checkViewPermissionsToDossier(dossierId);
|
||||||
return dossierStatsService.getDossierStats(dossierId);
|
return dossierStatsService.getDossierStats(dossierId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -32,7 +32,7 @@ public class EntityLogController implements EntityLogResource {
|
|||||||
@RequestParam(value = "excludedType", required = false) List<String> excludedTypes,
|
@RequestParam(value = "excludedType", required = false) List<String> excludedTypes,
|
||||||
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.validateFileResourceExistence(fileId);
|
accessControlService.validateFileResourceExistence(fileId);
|
||||||
return entityLogService.getEntityLog(dossierId, fileId, excludedTypes, includeUnprocessed);
|
return entityLogService.getEntityLog(dossierId, fileId, excludedTypes, includeUnprocessed);
|
||||||
}
|
}
|
||||||
@ -43,7 +43,7 @@ public class EntityLogController implements EntityLogResource {
|
|||||||
@PathVariable(FILE_ID) String fileId,
|
@PathVariable(FILE_ID) String fileId,
|
||||||
@RequestBody FilteredEntityLogRequest filteredEntityLogRequest) {
|
@RequestBody FilteredEntityLogRequest filteredEntityLogRequest) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.validateFileResourceExistence(fileId);
|
accessControlService.validateFileResourceExistence(fileId);
|
||||||
return entityLogService.getFilteredEntityLog(dossierId, fileId, filteredEntityLogRequest);
|
return entityLogService.getFilteredEntityLog(dossierId, fileId, filteredEntityLogRequest);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -78,7 +78,7 @@ public class FileManagementController implements FileManagementResource {
|
|||||||
@PreAuthorize("hasAuthority('" + DELETE_FILE + "')")
|
@PreAuthorize("hasAuthority('" + DELETE_FILE + "')")
|
||||||
public void deleteFile(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
public void deleteFile(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
fileService.deleteFile(dossierId, fileId);
|
fileService.deleteFile(dossierId, fileId);
|
||||||
auditPersistenceService.audit(AuditRequest.builder()
|
auditPersistenceService.audit(AuditRequest.builder()
|
||||||
.userId(KeycloakSecurity.getUserId())
|
.userId(KeycloakSecurity.getUserId())
|
||||||
@ -95,7 +95,7 @@ public class FileManagementController implements FileManagementResource {
|
|||||||
@PreAuthorize("hasAuthority('" + DELETE_FILE + "')")
|
@PreAuthorize("hasAuthority('" + DELETE_FILE + "')")
|
||||||
public void deleteFiles(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody List<String> fileIds) {
|
public void deleteFiles(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody List<String> fileIds) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
List<String> errorIds = new ArrayList<>();
|
List<String> errorIds = new ArrayList<>();
|
||||||
for (String fileId : fileIds) {
|
for (String fileId : fileIds) {
|
||||||
try {
|
try {
|
||||||
@ -124,7 +124,7 @@ public class FileManagementController implements FileManagementResource {
|
|||||||
@PathVariable(FILE_ID) String fileId,
|
@PathVariable(FILE_ID) String fileId,
|
||||||
@RequestParam(value = "inline", required = false, defaultValue = FALSE) boolean inline) {
|
@RequestParam(value = "inline", required = false, defaultValue = FALSE) boolean inline) {
|
||||||
|
|
||||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||||
return getResponseEntityForPDFDocument(fileId, dossierId, FileType.ORIGIN, inline);
|
return getResponseEntityForPDFDocument(fileId, dossierId, FileType.ORIGIN, inline);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -136,7 +136,7 @@ public class FileManagementController implements FileManagementResource {
|
|||||||
@PathVariable(FILE_ID) String fileId,
|
@PathVariable(FILE_ID) String fileId,
|
||||||
@RequestParam(value = "inline", required = false, defaultValue = FALSE) boolean inline) {
|
@RequestParam(value = "inline", required = false, defaultValue = FALSE) boolean inline) {
|
||||||
|
|
||||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||||
// Viewer Document Returns
|
// Viewer Document Returns
|
||||||
if (storageService.objectExists(TenantContext.getTenantId(), StorageIdUtils.getStorageId(dossierId, fileId, FileType.VIEWER_DOCUMENT))) {
|
if (storageService.objectExists(TenantContext.getTenantId(), StorageIdUtils.getStorageId(dossierId, fileId, FileType.VIEWER_DOCUMENT))) {
|
||||||
return getResponseEntityForPDFDocument(fileId, dossierId, FileType.VIEWER_DOCUMENT, inline);
|
return getResponseEntityForPDFDocument(fileId, dossierId, FileType.VIEWER_DOCUMENT, inline);
|
||||||
@ -181,7 +181,7 @@ public class FileManagementController implements FileManagementResource {
|
|||||||
@PreAuthorize("hasAuthority('" + DELETE_FILE + "')")
|
@PreAuthorize("hasAuthority('" + DELETE_FILE + "')")
|
||||||
public void hardDeleteFiles(@PathVariable(DOSSIER_ID) String dossierId, @RequestParam(FILE_IDS) Set<String> fileIds) {
|
public void hardDeleteFiles(@PathVariable(DOSSIER_ID) String dossierId, @RequestParam(FILE_IDS) Set<String> fileIds) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||||
for (String fileId : fileIds) {
|
for (String fileId : fileIds) {
|
||||||
if (fileStatusManagementService.getFileStatus(fileId).getAssignee() != null) {
|
if (fileStatusManagementService.getFileStatus(fileId).getAssignee() != null) {
|
||||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||||
@ -202,7 +202,7 @@ public class FileManagementController implements FileManagementResource {
|
|||||||
@PreAuthorize("hasAuthority('" + DELETE_FILE + "')")
|
@PreAuthorize("hasAuthority('" + DELETE_FILE + "')")
|
||||||
public void restoreFiles(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody Set<String> fileIds) {
|
public void restoreFiles(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody Set<String> fileIds) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
verifyUserIsDossierOwnerOrApproverOrAssignedReviewer(dossierId, fileIds);
|
verifyUserIsDossierOwnerOrApproverOrAssignedReviewer(dossierId, fileIds);
|
||||||
fileService.undeleteFiles(dossierId, fileIds);
|
fileService.undeleteFiles(dossierId, fileIds);
|
||||||
auditPersistenceService.audit(AuditRequest.builder()
|
auditPersistenceService.audit(AuditRequest.builder()
|
||||||
@ -219,7 +219,7 @@ public class FileManagementController implements FileManagementResource {
|
|||||||
@PreAuthorize("hasAuthority('" + ROTATE_PAGE + "')")
|
@PreAuthorize("hasAuthority('" + ROTATE_PAGE + "')")
|
||||||
public void rotatePages(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody RotatePagesRequest rotatePagesRequest) {
|
public void rotatePages(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody RotatePagesRequest rotatePagesRequest) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||||
accessControlService.verifyUserIsReviewer(dossierId, fileId);
|
accessControlService.verifyUserIsReviewer(dossierId, fileId);
|
||||||
|
|
||||||
|
|||||||
@ -49,7 +49,7 @@ public class HighlightsController implements HighlightsResource {
|
|||||||
@PreAuthorize("hasAuthority('" + GET_HIGHLIGHTS + "')")
|
@PreAuthorize("hasAuthority('" + GET_HIGHLIGHTS + "')")
|
||||||
public Highlights getHighlights(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
public Highlights getHighlights(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||||
fileStatusService.getStatus(fileId);
|
fileStatusService.getStatus(fileId);
|
||||||
|
|
||||||
if (storageService.objectExists(TenantContext.getTenantId(), getStorageId(dossierId, fileId, FileType.TEXT_HIGHLIGHTS))) {
|
if (storageService.objectExists(TenantContext.getTenantId(), getStorageId(dossierId, fileId, FileType.TEXT_HIGHLIGHTS))) {
|
||||||
@ -68,7 +68,7 @@ public class HighlightsController implements HighlightsResource {
|
|||||||
public void convertHighlights(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody AnnotationIds annotationIds) {
|
public void convertHighlights(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody AnnotationIds annotationIds) {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||||
|
|
||||||
@ -83,7 +83,7 @@ public class HighlightsController implements HighlightsResource {
|
|||||||
public void deleteHighlights(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody AnnotationIds annotationIds) {
|
public void deleteHighlights(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody AnnotationIds annotationIds) {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||||
|
|
||||||
@ -99,7 +99,7 @@ public class HighlightsController implements HighlightsResource {
|
|||||||
public void deleteImportedRedactions(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody AnnotationIds annotationIds) {
|
public void deleteImportedRedactions(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody AnnotationIds annotationIds) {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||||
|
|
||||||
|
|||||||
@ -79,7 +79,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
|||||||
@RequestBody Set<String> annotationIds,
|
@RequestBody Set<String> annotationIds,
|
||||||
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||||
accessControlService.verifyUserIsApprover(dossierId);
|
accessControlService.verifyUserIsApprover(dossierId);
|
||||||
manualRedactionUndoService.undo(dossierId, fileId, annotationIds, includeUnprocessed);
|
manualRedactionUndoService.undo(dossierId, fileId, annotationIds, includeUnprocessed);
|
||||||
@ -94,7 +94,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
|||||||
@PathVariable(ANNOTATION_ID) String annotationId,
|
@PathVariable(ANNOTATION_ID) String annotationId,
|
||||||
@PathVariable(COMMENT_ID) String commentId) {
|
@PathVariable(COMMENT_ID) String commentId) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||||
|
|
||||||
@ -116,7 +116,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
|||||||
@PathVariable(FILE_ID) String fileId,
|
@PathVariable(FILE_ID) String fileId,
|
||||||
@RequestParam(value = "unprocessed", required = false, defaultValue = FALSE) boolean unprocessed) {
|
@RequestParam(value = "unprocessed", required = false, defaultValue = FALSE) boolean unprocessed) {
|
||||||
|
|
||||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||||
accessControlService.validateFileResourceExistence(fileId);
|
accessControlService.validateFileResourceExistence(fileId);
|
||||||
return manualRedactionService.getManualRedactions(fileId, unprocessed);
|
return manualRedactionService.getManualRedactions(fileId, unprocessed);
|
||||||
}
|
}
|
||||||
@ -127,7 +127,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
|||||||
public AnnotationComments getComments(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @PathVariable(ANNOTATION_ID) String annotationId) {
|
public AnnotationComments getComments(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @PathVariable(ANNOTATION_ID) String annotationId) {
|
||||||
|
|
||||||
dossierManagementService.getDossierById(dossierId, false, false);
|
dossierManagementService.getDossierById(dossierId, false, false);
|
||||||
accessControlService.verifyDossierViewPermission(dossierId);
|
accessControlService.checkViewPermissionsToDossier(dossierId);
|
||||||
fileStatusManagementService.getFileStatus(fileId, false);
|
fileStatusManagementService.getFileStatus(fileId, false);
|
||||||
|
|
||||||
List<Comment> comments = commentService.getComments(fileId, annotationId);
|
List<Comment> comments = commentService.getComments(fileId, annotationId);
|
||||||
@ -142,7 +142,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
|||||||
@PathVariable(ANNOTATION_ID) String annotationId,
|
@PathVariable(ANNOTATION_ID) String annotationId,
|
||||||
@RequestBody AddCommentRequestModel addCommentRequest) {
|
@RequestBody AddCommentRequestModel addCommentRequest) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||||
|
|
||||||
@ -167,7 +167,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
|||||||
@RequestBody Set<AddRedactionRequestModel> addRedactionRequests) {
|
@RequestBody Set<AddRedactionRequestModel> addRedactionRequests) {
|
||||||
|
|
||||||
var dossier = dossierManagementService.getDossierById(dossierId, false, false);
|
var dossier = dossierManagementService.getDossierById(dossierId, false, false);
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||||
if (addRedactionRequests.stream().anyMatch(AddRedactionRequestModel::isAddToAllDossiers)) {
|
if (addRedactionRequests.stream().anyMatch(AddRedactionRequestModel::isAddToAllDossiers)) {
|
||||||
accessControlService.verifyUserIsApprover(dossierId);
|
accessControlService.verifyUserIsApprover(dossierId);
|
||||||
@ -197,7 +197,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
|||||||
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
||||||
|
|
||||||
var dossier = dossierManagementService.getDossierById(dossierId, false, false);
|
var dossier = dossierManagementService.getDossierById(dossierId, false, false);
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||||
if (removeRedactionRequests.stream().anyMatch(RemoveRedactionRequestModel::isRemoveFromAllDossiers)) {
|
if (removeRedactionRequests.stream().anyMatch(RemoveRedactionRequestModel::isRemoveFromAllDossiers)) {
|
||||||
accessControlService.verifyUserIsApprover(dossierId);
|
accessControlService.verifyUserIsApprover(dossierId);
|
||||||
@ -225,7 +225,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
|||||||
@PathVariable(FILE_ID) String fileId,
|
@PathVariable(FILE_ID) String fileId,
|
||||||
@RequestBody Set<ForceRedactionRequestModel> forceRedactionRequests) {
|
@RequestBody Set<ForceRedactionRequestModel> forceRedactionRequests) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||||
|
|
||||||
@ -249,7 +249,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
|||||||
@PathVariable(FILE_ID) String fileId,
|
@PathVariable(FILE_ID) String fileId,
|
||||||
@RequestBody Set<LegalBasisChangeRequestModel> legalBasisChangeRequests) {
|
@RequestBody Set<LegalBasisChangeRequestModel> legalBasisChangeRequests) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||||
|
|
||||||
@ -276,7 +276,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
|||||||
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
||||||
|
|
||||||
var dossier = dossierManagementService.getDossierById(dossierId, false, false);
|
var dossier = dossierManagementService.getDossierById(dossierId, false, false);
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||||
|
|
||||||
@ -302,7 +302,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
|||||||
@RequestBody Set<ResizeRedactionRequestModel> resizeRedactionRequests,
|
@RequestBody Set<ResizeRedactionRequestModel> resizeRedactionRequests,
|
||||||
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||||
|
|
||||||
|
|||||||
@ -8,6 +8,7 @@ import java.util.List;
|
|||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
|
import org.springframework.security.access.AccessDeniedException;
|
||||||
import org.springframework.security.access.prepost.PreAuthorize;
|
import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
import org.springframework.web.bind.annotation.PathVariable;
|
import org.springframework.web.bind.annotation.PathVariable;
|
||||||
import org.springframework.web.bind.annotation.RequestBody;
|
import org.springframework.web.bind.annotation.RequestBody;
|
||||||
@ -44,7 +45,7 @@ public class ReanalysisController implements ReanalysisResource {
|
|||||||
@PreAuthorize("hasAuthority('" + REANALYZE_DOSSIER + "')")
|
@PreAuthorize("hasAuthority('" + REANALYZE_DOSSIER + "')")
|
||||||
public void reanalyzeDossier(@PathVariable(DOSSIER_ID) String dossierId, @RequestParam(value = FORCE_PARAM, required = false, defaultValue = FALSE) boolean force) {
|
public void reanalyzeDossier(@PathVariable(DOSSIER_ID) String dossierId, @RequestParam(value = FORCE_PARAM, required = false, defaultValue = FALSE) boolean force) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||||
reanalysisService.reanalyzeDossier(dossierId, force);
|
reanalysisService.reanalyzeDossier(dossierId, force);
|
||||||
|
|
||||||
auditPersistenceService.audit(AuditRequest.builder()
|
auditPersistenceService.audit(AuditRequest.builder()
|
||||||
@ -61,9 +62,6 @@ public class ReanalysisController implements ReanalysisResource {
|
|||||||
@PathVariable(FILE_ID) String fileId,
|
@PathVariable(FILE_ID) String fileId,
|
||||||
@RequestParam(value = FORCE_PARAM, required = false, defaultValue = FALSE) boolean force) {
|
@RequestParam(value = FORCE_PARAM, required = false, defaultValue = FALSE) boolean force) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
|
||||||
accessControlService.validateFileResourceExistence(fileId);
|
|
||||||
|
|
||||||
reanalysisService.reanalyzeFiles(dossierId, Sets.newHashSet(fileId), force);
|
reanalysisService.reanalyzeFiles(dossierId, Sets.newHashSet(fileId), force);
|
||||||
auditPersistenceService.audit(AuditRequest.builder()
|
auditPersistenceService.audit(AuditRequest.builder()
|
||||||
.userId(KeycloakSecurity.getUserId())
|
.userId(KeycloakSecurity.getUserId())
|
||||||
@ -81,8 +79,6 @@ public class ReanalysisController implements ReanalysisResource {
|
|||||||
@RequestBody List<String> fileIds,
|
@RequestBody List<String> fileIds,
|
||||||
@RequestParam(value = FORCE_PARAM, required = false, defaultValue = FALSE) boolean force) {
|
@RequestParam(value = FORCE_PARAM, required = false, defaultValue = FALSE) boolean force) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
|
||||||
|
|
||||||
reanalysisService.reanalyzeFiles(dossierId, new HashSet<>(fileIds), force);
|
reanalysisService.reanalyzeFiles(dossierId, new HashSet<>(fileIds), force);
|
||||||
|
|
||||||
auditPersistenceService.audit(AuditRequest.builder()
|
auditPersistenceService.audit(AuditRequest.builder()
|
||||||
@ -100,7 +96,7 @@ public class ReanalysisController implements ReanalysisResource {
|
|||||||
@PreAuthorize("hasAuthority('" + REANALYZE_DOSSIER + "')")
|
@PreAuthorize("hasAuthority('" + REANALYZE_DOSSIER + "')")
|
||||||
public void ocrDossier(@PathVariable(DOSSIER_ID) String dossierId) {
|
public void ocrDossier(@PathVariable(DOSSIER_ID) String dossierId) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||||
|
|
||||||
reanalysisService.ocrDossier(dossierId);
|
reanalysisService.ocrDossier(dossierId);
|
||||||
|
|
||||||
@ -120,7 +116,6 @@ public class ReanalysisController implements ReanalysisResource {
|
|||||||
@PathVariable(FILE_ID) String fileId,
|
@PathVariable(FILE_ID) String fileId,
|
||||||
@RequestParam(value = FORCE_PARAM, required = false, defaultValue = FALSE) boolean force) {
|
@RequestParam(value = FORCE_PARAM, required = false, defaultValue = FALSE) boolean force) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
|
||||||
validateOCR(dossierId, fileId);
|
validateOCR(dossierId, fileId);
|
||||||
reanalysisService.ocrFile(dossierId, fileId, force);
|
reanalysisService.ocrFile(dossierId, fileId, force);
|
||||||
auditPersistenceService.audit(AuditRequest.builder()
|
auditPersistenceService.audit(AuditRequest.builder()
|
||||||
|
|||||||
@ -149,7 +149,7 @@ public class StatusController implements StatusResource {
|
|||||||
@PreAuthorize("hasAuthority('" + READ_FILE_STATUS + "')")
|
@PreAuthorize("hasAuthority('" + READ_FILE_STATUS + "')")
|
||||||
public FileStatus getFileStatus(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
public FileStatus getFileStatus(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||||
|
|
||||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||||
return FileStatusMapper.toFileStatus(fileStatusManagementService.getFileStatus(fileId));
|
return FileStatusMapper.toFileStatus(fileStatusManagementService.getFileStatus(fileId));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -160,7 +160,7 @@ public class StatusController implements StatusResource {
|
|||||||
@PathVariable(FILE_ID) String fileId,
|
@PathVariable(FILE_ID) String fileId,
|
||||||
@RequestParam(name = ASSIGNEE_ID_REQUEST_PARAM, required = false) String assigneeId) {
|
@RequestParam(name = ASSIGNEE_ID_REQUEST_PARAM, required = false) String assigneeId) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||||
|
|
||||||
log.debug("Requested [setFileReviewer] for dossier: {} / file: {} / reviewer: {}", dossierId, fileId, assigneeId);
|
log.debug("Requested [setFileReviewer] for dossier: {} / file: {} / reviewer: {}", dossierId, fileId, assigneeId);
|
||||||
@ -240,7 +240,7 @@ public class StatusController implements StatusResource {
|
|||||||
@PathVariable(FILE_ID) String fileId,
|
@PathVariable(FILE_ID) String fileId,
|
||||||
@RequestParam(value = ASSIGNEE_ID_REQUEST_PARAM, required = false) String assigneeId) {
|
@RequestParam(value = ASSIGNEE_ID_REQUEST_PARAM, required = false) String assigneeId) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
var fileStatus = fileStatusManagementService.getFileStatus(fileId);
|
var fileStatus = fileStatusManagementService.getFileStatus(fileId);
|
||||||
|
|
||||||
setStatusUnderReviewForFile(dossierId, fileId, assigneeId);
|
setStatusUnderReviewForFile(dossierId, fileId, assigneeId);
|
||||||
@ -270,7 +270,7 @@ public class StatusController implements StatusResource {
|
|||||||
@PathVariable(FILE_ID) String fileId,
|
@PathVariable(FILE_ID) String fileId,
|
||||||
@RequestParam(name = ASSIGNEE_ID_REQUEST_PARAM, required = false) String assigneeId) {
|
@RequestParam(name = ASSIGNEE_ID_REQUEST_PARAM, required = false) String assigneeId) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
var fileStatus = fileStatusManagementService.getFileStatus(fileId);
|
var fileStatus = fileStatusManagementService.getFileStatus(fileId);
|
||||||
|
|
||||||
setStatusUnderApprovalForFile(dossierId, fileId, assigneeId);
|
setStatusUnderApprovalForFile(dossierId, fileId, assigneeId);
|
||||||
@ -299,7 +299,7 @@ public class StatusController implements StatusResource {
|
|||||||
@PreAuthorize("hasAuthority('" + SET_STATUS_APPROVED + "')")
|
@PreAuthorize("hasAuthority('" + SET_STATUS_APPROVED + "')")
|
||||||
public void setStatusApproved(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
public void setStatusApproved(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyUserIsApprover(dossierId);
|
accessControlService.verifyUserIsApprover(dossierId);
|
||||||
setStatusApprovedForFile(dossierId, fileId);
|
setStatusApprovedForFile(dossierId, fileId);
|
||||||
auditPersistenceService.audit(AuditRequest.builder()
|
auditPersistenceService.audit(AuditRequest.builder()
|
||||||
@ -408,7 +408,7 @@ public class StatusController implements StatusResource {
|
|||||||
@PreAuthorize("hasAuthority('" + SET_REVIEWER + "')")
|
@PreAuthorize("hasAuthority('" + SET_REVIEWER + "')")
|
||||||
public void setStatusNewForList(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody List<String> fileIds) {
|
public void setStatusNewForList(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody List<String> fileIds) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
for (var fileId : fileIds) {
|
for (var fileId : fileIds) {
|
||||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||||
var fileStatus = fileStatusManagementService.getFileStatus(fileId);
|
var fileStatus = fileStatusManagementService.getFileStatus(fileId);
|
||||||
|
|||||||
@ -41,7 +41,7 @@ public class StatusReportController implements StatusReportResource {
|
|||||||
@PreAuthorize("hasAuthority('" + READ_DOSSIER + "')")
|
@PreAuthorize("hasAuthority('" + READ_DOSSIER + "')")
|
||||||
public ResponseEntity<?> generateStatusReport(@PathVariable(DOSSIER_ID) String dossierId) {
|
public ResponseEntity<?> generateStatusReport(@PathVariable(DOSSIER_ID) String dossierId) {
|
||||||
|
|
||||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
StatusReportResponse statusReportResponse = statusReportClient.generateStatusReport(dossierId);
|
StatusReportResponse statusReportResponse = statusReportClient.generateStatusReport(dossierId);
|
||||||
|
|||||||
@ -67,7 +67,7 @@ public class UploadController implements UploadResource {
|
|||||||
@PathVariable(DOSSIER_ID) String dossierId,
|
@PathVariable(DOSSIER_ID) String dossierId,
|
||||||
@RequestParam(value = "keepManualRedactions", required = false, defaultValue = "false") boolean keepManualRedactions) {
|
@RequestParam(value = "keepManualRedactions", required = false, defaultValue = "false") boolean keepManualRedactions) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
if (file.getOriginalFilename() == null) {
|
if (file.getOriginalFilename() == null) {
|
||||||
throw new BadRequestException("Could not upload file, no filename provided.");
|
throw new BadRequestException("Could not upload file, no filename provided.");
|
||||||
}
|
}
|
||||||
@ -101,7 +101,7 @@ public class UploadController implements UploadResource {
|
|||||||
@PathVariable(FILE_ID) String fileId,
|
@PathVariable(FILE_ID) String fileId,
|
||||||
@RequestParam(value = "pageInclusionRequest", required = false) Set<Integer> pageInclusionRequest) {
|
@RequestParam(value = "pageInclusionRequest", required = false) Set<Integer> pageInclusionRequest) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermission(dossierId);
|
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||||
|
|
||||||
|
|||||||
@ -47,7 +47,7 @@ public class VersionsController implements VersionsResource {
|
|||||||
@PreAuthorize("hasAuthority('" + READ_VERSIONS + "')")
|
@PreAuthorize("hasAuthority('" + READ_VERSIONS + "')")
|
||||||
public Long getDossierDictionaryVersion(@PathVariable(DOSSIER_TEMPLATE_PARAMETER_NAME) String dossierTemplateId, @PathVariable(DOSSIER_ID_PARAM) String dossierId) {
|
public Long getDossierDictionaryVersion(@PathVariable(DOSSIER_TEMPLATE_PARAMETER_NAME) String dossierTemplateId, @PathVariable(DOSSIER_ID_PARAM) String dossierId) {
|
||||||
|
|
||||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||||
return dictionaryPersistenceService.getVersionForDossier(dossierId);
|
return dictionaryPersistenceService.getVersionForDossier(dossierId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -36,7 +36,7 @@ public class ViewedPagesController implements ViewedPagesResource {
|
|||||||
@PreAuthorize("hasAuthority('" + MANAGE_VIEWED_PAGES + "')")
|
@PreAuthorize("hasAuthority('" + MANAGE_VIEWED_PAGES + "')")
|
||||||
public void addPage(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody ViewedPagesRequest viewedPagesRequest) {
|
public void addPage(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody ViewedPagesRequest viewedPagesRequest) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyUserIsReviewer(dossierId, fileId);
|
accessControlService.verifyUserIsReviewer(dossierId, fileId);
|
||||||
viewedPagesPersistenceService.insertPage(fileId, KeycloakSecurity.getUserId(), viewedPagesRequest.getPage());
|
viewedPagesPersistenceService.insertPage(fileId, KeycloakSecurity.getUserId(), viewedPagesRequest.getPage());
|
||||||
}
|
}
|
||||||
@ -45,7 +45,7 @@ public class ViewedPagesController implements ViewedPagesResource {
|
|||||||
@PreAuthorize("hasAuthority('" + MANAGE_VIEWED_PAGES + "')")
|
@PreAuthorize("hasAuthority('" + MANAGE_VIEWED_PAGES + "')")
|
||||||
public void removePage(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @PathVariable(PAGE) int page) {
|
public void removePage(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @PathVariable(PAGE) int page) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyUserIsReviewer(dossierId, fileId);
|
accessControlService.verifyUserIsReviewer(dossierId, fileId);
|
||||||
viewedPagesPersistenceService.removePage(fileId, KeycloakSecurity.getUserId(), page);
|
viewedPagesPersistenceService.removePage(fileId, KeycloakSecurity.getUserId(), page);
|
||||||
}
|
}
|
||||||
@ -54,7 +54,7 @@ public class ViewedPagesController implements ViewedPagesResource {
|
|||||||
@PreAuthorize("hasAuthority('" + MANAGE_VIEWED_PAGES + "')")
|
@PreAuthorize("hasAuthority('" + MANAGE_VIEWED_PAGES + "')")
|
||||||
public ViewedPages getViewedPages(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
public ViewedPages getViewedPages(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||||
|
|
||||||
accessControlService.verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyUserIsReviewer(dossierId, fileId);
|
accessControlService.verifyUserIsReviewer(dossierId, fileId);
|
||||||
try {
|
try {
|
||||||
var pages = MagicConverter.convert(viewedPagesPersistenceService.findViewedPages(fileId, KeycloakSecurity.getUserId()), ViewedPage.class);
|
var pages = MagicConverter.convert(viewedPagesPersistenceService.findViewedPages(fileId, KeycloakSecurity.getUserId()), ViewedPage.class);
|
||||||
|
|||||||
@ -1,6 +1,5 @@
|
|||||||
package com.iqser.red.service.persistence.management.v1.processor.service;
|
package com.iqser.red.service.persistence.management.v1.processor.service;
|
||||||
|
|
||||||
|
|
||||||
import org.springframework.http.HttpStatus;
|
import org.springframework.http.HttpStatus;
|
||||||
import org.springframework.security.access.prepost.PostAuthorize;
|
import org.springframework.security.access.prepost.PostAuthorize;
|
||||||
import org.springframework.security.acls.AclPermissionEvaluator;
|
import org.springframework.security.acls.AclPermissionEvaluator;
|
||||||
@ -11,7 +10,6 @@ import com.iqser.red.service.persistence.management.v1.processor.acl.custom.doss
|
|||||||
import com.iqser.red.service.persistence.management.v1.processor.exception.BadRequestException;
|
import com.iqser.red.service.persistence.management.v1.processor.exception.BadRequestException;
|
||||||
import com.iqser.red.service.persistence.management.v1.processor.exception.NotAllowedException;
|
import com.iqser.red.service.persistence.management.v1.processor.exception.NotAllowedException;
|
||||||
import com.iqser.red.service.persistence.management.v1.processor.exception.NotFoundException;
|
import com.iqser.red.service.persistence.management.v1.processor.exception.NotFoundException;
|
||||||
import com.iqser.red.service.persistence.management.v1.processor.service.persistence.DossierPersistenceService;
|
|
||||||
import com.iqser.red.service.persistence.management.v1.processor.service.users.UserService;
|
import com.iqser.red.service.persistence.management.v1.processor.service.users.UserService;
|
||||||
import com.iqser.red.service.persistence.service.v1.api.shared.model.dossiertemplate.dossier.file.WorkflowStatus;
|
import com.iqser.red.service.persistence.service.v1.api.shared.model.dossiertemplate.dossier.file.WorkflowStatus;
|
||||||
import com.knecon.fforesight.keycloakcommons.security.KeycloakSecurity;
|
import com.knecon.fforesight.keycloakcommons.security.KeycloakSecurity;
|
||||||
@ -82,6 +80,7 @@ public class AccessControlService {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// checks that the user has view permissions to dossier and returns 403 if it doesn't
|
||||||
@PostAuthorize("hasPermission(#dossierId, 'Dossier', 'VIEW_OBJECT')")
|
@PostAuthorize("hasPermission(#dossierId, 'Dossier', 'VIEW_OBJECT')")
|
||||||
public void verifyUserHasViewPermissions(String dossierId) {
|
public void verifyUserHasViewPermissions(String dossierId) {
|
||||||
|
|
||||||
@ -125,6 +124,7 @@ public class AccessControlService {
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
// checks that the user has view permissions to dossier and returns a boolean flag
|
||||||
public boolean hasUserViewPermissionsForDossier(String dossierId) {
|
public boolean hasUserViewPermissionsForDossier(String dossierId) {
|
||||||
|
|
||||||
return aclPermissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), dossierId, "Dossier", "VIEW_OBJECT");
|
return aclPermissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), dossierId, "Dossier", "VIEW_OBJECT");
|
||||||
@ -153,28 +153,29 @@ public class AccessControlService {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void verifyDossierViewPermission(String dossierId) {
|
//verifies that user has view permissions to the dossier and responds with 404 if it doesn't
|
||||||
|
public void checkViewPermissionsToDossier(String dossierId) {
|
||||||
if (!hasUserViewPermissionsForDossier(dossierId)) {
|
if (!hasUserViewPermissionsForDossier(dossierId)) {
|
||||||
throw new NotFoundException("Object not found");
|
throw new NotFoundException("Object not found");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void verifyDossierAccessPermission(String dossierId) {
|
//verifies that dossier is present and not deleted and user has view permissions to the dossier and responds with 404 if it doesn't
|
||||||
verifyDossierViewPermission(dossierId);
|
public void checkDossierExistenceAndViewPermissionsToDossier(String dossierId) {
|
||||||
verifyUserHasAccessPermissions(dossierId);
|
|
||||||
}
|
|
||||||
|
|
||||||
public void verifyDossierViewPermissionAndResourceNotDeleted(String dossierId) {
|
|
||||||
|
|
||||||
// validates that the dossier is present and not deleted
|
|
||||||
dossierManagementService.getDossierById(dossierId, true, false);
|
dossierManagementService.getDossierById(dossierId, true, false);
|
||||||
verifyDossierViewPermission(dossierId);
|
checkViewPermissionsToDossier(dossierId);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public void verifyDossierAccessPermissionAndResourceNotDeleted(String dossierId) {
|
//verifies that user has access permissions to the dossier and responds with 403 in case it doesn't
|
||||||
verifyDossierViewPermissionAndResourceNotDeleted(dossierId);
|
@PostAuthorize("hasPermission(#dossierId, 'Dossier', 'ACCESS_OBJECT')")
|
||||||
verifyUserHasAccessPermissions(dossierId);
|
public void checkAccessPermissionsToDossier(String dossierId) {
|
||||||
|
checkViewPermissionsToDossier(dossierId);
|
||||||
|
}
|
||||||
|
|
||||||
|
//checks the existence of dossier and if it is not deleted and view permissions
|
||||||
|
@PostAuthorize("hasPermission(#dossierId, 'Dossier', 'ACCESS_OBJECT')")
|
||||||
|
public void checkDossierExistenceAndAccessPermissionsToDossier(String dossierId) {
|
||||||
|
checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void validateFileResourceExistence(String fileId) {
|
public void validateFileResourceExistence(String fileId) {
|
||||||
|
|||||||
@ -115,7 +115,7 @@ public class DictionaryService {
|
|||||||
public void deleteDossierEntries(String type, String dossierTemplateId, List<String> entries, String dossierId, DictionaryEntryType dictionaryEntryType) {
|
public void deleteDossierEntries(String type, String dossierTemplateId, List<String> entries, String dossierId, DictionaryEntryType dictionaryEntryType) {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||||
} catch (AccessDeniedException e) {
|
} catch (AccessDeniedException e) {
|
||||||
throw new NotFoundException("Object not found");
|
throw new NotFoundException("Object not found");
|
||||||
@ -212,7 +212,7 @@ public class DictionaryService {
|
|||||||
@PreAuthorize("hasAuthority('" + DELETE_DOSSIER_DICTIONARY_TYPE + "')")
|
@PreAuthorize("hasAuthority('" + DELETE_DOSSIER_DICTIONARY_TYPE + "')")
|
||||||
public void deleteDossierType(String type, String dossierTemplateId, String dossierId) {
|
public void deleteDossierType(String type, String dossierTemplateId, String dossierId) {
|
||||||
|
|
||||||
accessControlService.verifyDossierAccessPermissionAndResourceNotDeleted(dossierId);
|
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||||
deleteType(toTypeId(type, dossierTemplateId, dossierId));
|
deleteType(toTypeId(type, dossierTemplateId, dossierId));
|
||||||
}
|
}
|
||||||
@ -224,7 +224,7 @@ public class DictionaryService {
|
|||||||
List<Type> types = MagicConverter.convert(dictionaryPersistenceService.getAllTypesForDossierTemplate(dossierTemplateId, includeDeleted), Type.class);
|
List<Type> types = MagicConverter.convert(dictionaryPersistenceService.getAllTypesForDossierTemplate(dossierTemplateId, includeDeleted), Type.class);
|
||||||
if (dossierId != null) {
|
if (dossierId != null) {
|
||||||
try {
|
try {
|
||||||
accessControlService.verifyDossierViewPermission(dossierId);
|
accessControlService.checkViewPermissionsToDossier(dossierId);
|
||||||
dictionaryManagementService.checkDossierMatchesDossierTemplate(dossierId, dossierTemplateId);
|
dictionaryManagementService.checkDossierMatchesDossierTemplate(dossierId, dossierTemplateId);
|
||||||
// for every dossier template type check if a dossier type exists
|
// for every dossier template type check if a dossier type exists
|
||||||
types.forEach(t -> dictionaryManagementService.checkForDossierTypeExistenceAndCreate(toTypeId(t.getType(), t.getDossierTemplateId(), dossierId)));
|
types.forEach(t -> dictionaryManagementService.checkForDossierTypeExistenceAndCreate(toTypeId(t.getType(), t.getDossierTemplateId(), dossierId)));
|
||||||
@ -264,7 +264,7 @@ public class DictionaryService {
|
|||||||
|
|
||||||
try {
|
try {
|
||||||
if (dossierId != null) {
|
if (dossierId != null) {
|
||||||
accessControlService.verifyDossierViewPermission(dossierId);
|
accessControlService.checkViewPermissionsToDossier(dossierId);
|
||||||
}
|
}
|
||||||
var typeId = toTypeId(type, dossierTemplateId, dossierId);
|
var typeId = toTypeId(type, dossierTemplateId, dossierId);
|
||||||
// create dossier level type if it does not exist
|
// create dossier level type if it does not exist
|
||||||
@ -323,7 +323,7 @@ public class DictionaryService {
|
|||||||
|
|
||||||
try {
|
try {
|
||||||
if (dossierId != null) {
|
if (dossierId != null) {
|
||||||
accessControlService.verifyDossierViewPermission(dossierId);
|
accessControlService.checkViewPermissionsToDossier(dossierId);
|
||||||
}
|
}
|
||||||
var dossierTemplateDictionary = dictionaryPersistenceService.getType(toTypeId(type, dossierTemplateId));
|
var dossierTemplateDictionary = dictionaryPersistenceService.getType(toTypeId(type, dossierTemplateId));
|
||||||
var typeId = toTypeId(type, dossierTemplateId, dossierId);
|
var typeId = toTypeId(type, dossierTemplateId, dossierId);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user