RED-8361 - Returned error status codes should be checked #326
@ -13,6 +13,7 @@ import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import com.iqser.red.service.persistence.management.v1.processor.exception.BadRequestException;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.AccessControlService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.ComponentLogService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.ComponentOverrideService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.persistence.AuditPersistenceService;
|
||||
@ -38,11 +39,15 @@ public class ComponentLogController implements ComponentLogResource {
|
||||
ComponentLogService componentLogService;
|
||||
ComponentOverrideService componentOverrideService;
|
||||
AuditPersistenceService auditPersistenceService;
|
||||
AccessControlService accessControlService;
|
||||
|
||||
|
||||
@Override
|
||||
public ComponentLog getComponentLog(String dossierId, String fileId, boolean includeOverrides) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
|
||||
return componentLogService.getComponentLog(dossierId, fileId, includeOverrides);
|
||||
}
|
||||
|
||||
@ -50,6 +55,9 @@ public class ComponentLogController implements ComponentLogResource {
|
||||
@PreAuthorize("hasAuthority('" + GET_RSS + "')")
|
||||
public void addOverrides(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody ComponentsOverrides componentsOverrides) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
|
||||
if (componentsOverrides.getComponentOverrides() == null || componentsOverrides.getComponentOverrides().isEmpty()) {
|
||||
throw new BadRequestException("Request body cannot be empty!");
|
||||
}
|
||||
@ -65,6 +73,8 @@ public class ComponentLogController implements ComponentLogResource {
|
||||
@PreAuthorize("hasAuthority('" + GET_RSS + "')")
|
||||
public ComponentsOverrides getOverrides(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
return componentOverrideService.getOverrides(dossierId, fileId);
|
||||
}
|
||||
|
||||
@ -72,6 +82,9 @@ public class ComponentLogController implements ComponentLogResource {
|
||||
@PreAuthorize("hasAuthority('" + GET_RSS + "')")
|
||||
public void revertOverrides(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody RevertOverrideRequest revertOverrideRequest) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
|
||||
if (revertOverrideRequest.getComponents() == null || revertOverrideRequest.getComponents().isEmpty()) {
|
||||
throw new BadRequestException("Request body cannot be empty!");
|
||||
}
|
||||
|
||||
@ -23,6 +23,7 @@ import org.springframework.web.bind.annotation.RequestPart;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.multipart.MultipartFile;
|
||||
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.AccessControlService;
|
||||
import com.knecon.fforesight.keycloakcommons.security.KeycloakSecurity;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.exception.BadRequestException;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.DictionaryService;
|
||||
@ -54,6 +55,7 @@ public class DictionaryController implements DictionaryResource {
|
||||
|
||||
private final DictionaryService dictionaryService;
|
||||
private final AuditPersistenceService auditClient;
|
||||
private final AccessControlService accessControlService;
|
||||
|
||||
|
||||
@Override
|
||||
@ -80,6 +82,8 @@ public class DictionaryController implements DictionaryResource {
|
||||
if (dossierId == null) {
|
||||
dictionaryService.addGlobalEntries(type, dossierTemplateId, entries, removeCurrent, dictionaryEntryType);
|
||||
} else {
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
|
||||
dictionaryService.addDossierEntries(type, dossierTemplateId, entries, removeCurrent, dossierId, dictionaryEntryType);
|
||||
}
|
||||
}
|
||||
@ -113,6 +117,7 @@ public class DictionaryController implements DictionaryResource {
|
||||
if (dossierId == null) {
|
||||
dictionaryService.deleteGlobalEntries(type, dossierTemplateId, entries, dictionaryEntryType);
|
||||
} else {
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
dictionaryService.deleteDossierEntries(type, dossierTemplateId, entries, dossierId, dictionaryEntryType);
|
||||
}
|
||||
|
||||
|
||||
@ -16,6 +16,7 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.AccessControlService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.FileManagementStorageService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.FileStatusService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.utils.StringEncodingUtils;
|
||||
@ -34,12 +35,17 @@ public class DocumentController implements DocumentResource {
|
||||
|
||||
private final FileStatusService fileStatusService;
|
||||
private final FileManagementStorageService fileManagementStorageService;
|
||||
private final AccessControlService accessControlService;
|
||||
|
||||
|
||||
@SneakyThrows
|
||||
@PreAuthorize("hasAuthority('" + READ_REDACTION_LOG + "')")
|
||||
public ResponseEntity<?> getDocumentText(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
// check access to resources and check for deletion
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
|
||||
try {
|
||||
return buildZipFileResponseEntity(fileId, dossierId, FileType.DOCUMENT_TEXT);
|
||||
} catch (FeignException e) {
|
||||
@ -52,6 +58,10 @@ public class DocumentController implements DocumentResource {
|
||||
@PreAuthorize("hasAuthority('" + READ_REDACTION_LOG + "')")
|
||||
public ResponseEntity<?> getDocumentPositions(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
// check access to resources and check for deletion
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
|
||||
try {
|
||||
return buildZipFileResponseEntity(fileId, dossierId, FileType.DOCUMENT_POSITION);
|
||||
} catch (FeignException e) {
|
||||
@ -64,6 +74,9 @@ public class DocumentController implements DocumentResource {
|
||||
@PreAuthorize("hasAuthority('" + READ_REDACTION_LOG + "')")
|
||||
public ResponseEntity<?> getDocumentStructure(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
// check access to resources and check for deletion
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
try {
|
||||
return buildZipFileResponseEntity(fileId, dossierId, FileType.DOCUMENT_STRUCTURE);
|
||||
} catch (FeignException e) {
|
||||
@ -76,6 +89,9 @@ public class DocumentController implements DocumentResource {
|
||||
@PreAuthorize("hasAuthority('" + READ_REDACTION_LOG + "')")
|
||||
public ResponseEntity<?> getDocumentPages(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
// check access to resources and check for deletion
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
try {
|
||||
return buildZipFileResponseEntity(fileId, dossierId, FileType.DOCUMENT_PAGES);
|
||||
} catch (FeignException e) {
|
||||
@ -88,6 +104,10 @@ public class DocumentController implements DocumentResource {
|
||||
@PreAuthorize("hasAuthority('" + READ_REDACTION_LOG + "')")
|
||||
public ResponseEntity<?> getSimplifiedSectionText(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
// check access to resources and check for deletion
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
|
||||
try {
|
||||
|
||||
HttpHeaders httpHeaders = new HttpHeaders();
|
||||
|
||||
@ -118,9 +118,10 @@ public class DossierAttributesController implements DossierAttributesResource {
|
||||
}
|
||||
|
||||
|
||||
@PreAuthorize("hasAuthority('" + WRITE_FILE_ATTRIBUTES + "') && hasPermission(#dossierId, 'Dossier', 'ACCESS_OBJECT')")
|
||||
@PreAuthorize("hasAuthority('" + WRITE_FILE_ATTRIBUTES + "')")
|
||||
public DossierAttributes setDossierAttributes(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody DossierAttributes dossierAttributes) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsDossierOwner(dossierId);
|
||||
var result = dossierAttributesManagementService.setDossierAttributes(dossierId, dossierAttributes.getDossierAttributeList());
|
||||
auditPersistenceService.insertRecord(AuditRequest.builder()
|
||||
@ -134,9 +135,10 @@ public class DossierAttributesController implements DossierAttributesResource {
|
||||
}
|
||||
|
||||
|
||||
@PreAuthorize("hasAuthority('" + WRITE_DOSSIER_ATTRIBUTES + "') && hasPermission(#dossierId, 'Dossier', 'ACCESS_OBJECT')")
|
||||
@PreAuthorize("hasAuthority('" + WRITE_DOSSIER_ATTRIBUTES + "')")
|
||||
public DossierAttributes addOrUpdateDossierAttribute(String dossierId, DossierAttribute dossierAttribute) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsDossierOwner(dossierId);
|
||||
DossierAttribute result = dossierAttributesManagementService.addOrUpdateDossierAttribute(dossierId, dossierAttribute);
|
||||
auditPersistenceService.insertRecord(AuditRequest.builder()
|
||||
@ -170,9 +172,10 @@ public class DossierAttributesController implements DossierAttributesResource {
|
||||
}
|
||||
|
||||
|
||||
@PreAuthorize("hasAuthority('" + WRITE_DOSSIER_ATTRIBUTES + "') && hasPermission(#dossierId, 'Dossier', 'ACCESS_OBJECT')")
|
||||
@PreAuthorize("hasAuthority('" + WRITE_DOSSIER_ATTRIBUTES + "')")
|
||||
public void deleteDossierAttribute(String dossierId, String dossierAttributeId) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsDossierOwner(dossierId);
|
||||
dossierAttributesManagementService.deleteDossierAttribute(dossierId, dossierAttributeId);
|
||||
auditPersistenceService.insertRecord(AuditRequest.builder()
|
||||
|
||||
@ -18,7 +18,6 @@ import java.util.Set;
|
||||
import java.util.TreeSet;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import com.iqser.red.service.persistence.management.v1.processor.exception.NotFoundException;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.DossierCreatorService;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
@ -42,7 +41,6 @@ import com.iqser.red.service.persistence.management.v1.processor.roles.Applicati
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.AccessControlService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.DossierManagementService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.FileStatusManagementService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.FilterByPermissionsService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.persistence.AuditPersistenceService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.persistence.NotificationPersistenceService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.users.UserService;
|
||||
@ -351,6 +349,7 @@ public class DossierController implements DossierResource {
|
||||
public void deleteDossier(@PathVariable(DOSSIER_ID_PARAM) String dossierId) {
|
||||
|
||||
Dossier dossier = dossierACLService.enhanceDossierWithACLData(dossierManagementService.getDossierById(dossierId, true, false));
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
|
||||
if (dossier.getOwnerId() != null && !dossier.getOwnerId().equals(KeycloakSecurity.getUserId())) {
|
||||
throw new AccessDeniedException("Can not delete dossier that is owned by a different user");
|
||||
@ -383,11 +382,7 @@ public class DossierController implements DossierResource {
|
||||
@RequestParam(name = INCLUDE_ARCHIVED_PARAM, defaultValue = "false", required = false) boolean includeArchived,
|
||||
@RequestParam(name = INCLUDE_DELETED_PARAM, defaultValue = "false", required = false) boolean includeDeleted) {
|
||||
|
||||
try {
|
||||
accessControlService.verifyUserHasViewPermissions(dossierId);
|
||||
} catch (AccessDeniedException e) {
|
||||
throw new NotFoundException("Object not found");
|
||||
}
|
||||
accessControlService.checkViewPermissionsToDossier(dossierId);
|
||||
|
||||
return dossierACLService.enhanceDossierWithACLData(dossierManagementService.getDossierById(dossierId, includeArchived, includeDeleted));
|
||||
}
|
||||
@ -464,6 +459,7 @@ public class DossierController implements DossierResource {
|
||||
|
||||
|
||||
@PreAuthorize("hasAuthority('" + UNARCHIVE_DOSSIER + "')")
|
||||
@PreFilter("hasPermission(filterObject, 'Dossier', 'ACCESS_OBJECT')")
|
||||
public void unarchiveDossiers(@RequestBody Set<String> dossierIds) {
|
||||
|
||||
dossierManagementService.unarchiveDossiers(dossierIds);
|
||||
@ -480,6 +476,7 @@ public class DossierController implements DossierResource {
|
||||
|
||||
|
||||
@PreAuthorize("hasAuthority('" + DELETE_DOSSIER + "')")
|
||||
@PreFilter("hasPermission(filterObject, 'Dossier', 'ACCESS_OBJECT')")
|
||||
public void hardDeleteDossiers(@RequestParam(DOSSIER_ID_PARAM) Set<String> dossierIds) {
|
||||
|
||||
var filteredDossierIds = filterDossierIdsByOwnedKeepUnowned(dossierIds);
|
||||
@ -500,6 +497,7 @@ public class DossierController implements DossierResource {
|
||||
|
||||
|
||||
@PreAuthorize("hasAuthority('" + DELETE_DOSSIER + "')")
|
||||
@PreFilter("hasPermission(filterObject, 'Dossier', 'ACCESS_OBJECT')")
|
||||
public void undeleteDossiers(@RequestBody Set<String> dossierIds) {
|
||||
|
||||
var filteredDossierIds = filterDossierIdsByOwnedKeepUnowned(dossierIds);
|
||||
|
||||
@ -12,6 +12,7 @@ import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.AccessControlService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.DossierStatsService;
|
||||
import com.iqser.red.service.persistence.service.v1.api.external.resource.DossierStatsResource;
|
||||
import com.iqser.red.service.persistence.service.v1.api.shared.model.DossierStats;
|
||||
@ -26,12 +27,14 @@ import lombok.extern.slf4j.Slf4j;
|
||||
public class DossierStatsController implements DossierStatsResource {
|
||||
|
||||
private final DossierStatsService dossierStatsService;
|
||||
private final AccessControlService accessControlService;
|
||||
|
||||
|
||||
@Override
|
||||
@PreAuthorize("hasAuthority('" + READ_DOSSIER + "') && hasPermission(#dossierId, 'Dossier', 'VIEW_OBJECT')")
|
||||
@PreAuthorize("hasAuthority('" + READ_DOSSIER + "')")
|
||||
public DossierStats getDossierStats(@PathVariable(DOSSIER_ID_PARAM) String dossierId) {
|
||||
|
||||
accessControlService.checkViewPermissionsToDossier(dossierId);
|
||||
return dossierStatsService.getDossierStats(dossierId);
|
||||
}
|
||||
|
||||
|
||||
@ -10,6 +10,7 @@ import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.AccessControlService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.EntityLogService;
|
||||
import com.iqser.red.service.persistence.service.v1.api.external.resource.EntityLogResource;
|
||||
import com.iqser.red.service.persistence.service.v1.api.shared.model.analysislog.entitylog.EntityLog;
|
||||
@ -22,6 +23,7 @@ import lombok.RequiredArgsConstructor;
|
||||
public class EntityLogController implements EntityLogResource {
|
||||
|
||||
private final EntityLogService entityLogService;
|
||||
private final AccessControlService accessControlService;
|
||||
|
||||
|
||||
@PreAuthorize("hasAuthority('" + READ_REDACTION_LOG + "')")
|
||||
@ -30,6 +32,8 @@ public class EntityLogController implements EntityLogResource {
|
||||
@RequestParam(value = "excludedType", required = false) List<String> excludedTypes,
|
||||
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
||||
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
return entityLogService.getEntityLog(dossierId, fileId, excludedTypes, includeUnprocessed);
|
||||
}
|
||||
|
||||
@ -39,6 +43,8 @@ public class EntityLogController implements EntityLogResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestBody FilteredEntityLogRequest filteredEntityLogRequest) {
|
||||
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
return entityLogService.getFilteredEntityLog(dossierId, fileId, filteredEntityLogRequest);
|
||||
}
|
||||
|
||||
|
||||
@ -78,6 +78,7 @@ public class FileManagementController implements FileManagementResource {
|
||||
@PreAuthorize("hasAuthority('" + DELETE_FILE + "')")
|
||||
public void deleteFile(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
fileService.deleteFile(dossierId, fileId);
|
||||
auditPersistenceService.audit(AuditRequest.builder()
|
||||
.userId(KeycloakSecurity.getUserId())
|
||||
@ -94,6 +95,7 @@ public class FileManagementController implements FileManagementResource {
|
||||
@PreAuthorize("hasAuthority('" + DELETE_FILE + "')")
|
||||
public void deleteFiles(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody List<String> fileIds) {
|
||||
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
List<String> errorIds = new ArrayList<>();
|
||||
for (String fileId : fileIds) {
|
||||
try {
|
||||
@ -122,6 +124,7 @@ public class FileManagementController implements FileManagementResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestParam(value = "inline", required = false, defaultValue = FALSE) boolean inline) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
return getResponseEntityForPDFDocument(fileId, dossierId, FileType.ORIGIN, inline);
|
||||
}
|
||||
|
||||
@ -133,6 +136,7 @@ public class FileManagementController implements FileManagementResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestParam(value = "inline", required = false, defaultValue = FALSE) boolean inline) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
// Viewer Document Returns
|
||||
if (storageService.objectExists(TenantContext.getTenantId(), StorageIdUtils.getStorageId(dossierId, fileId, FileType.VIEWER_DOCUMENT))) {
|
||||
return getResponseEntityForPDFDocument(fileId, dossierId, FileType.VIEWER_DOCUMENT, inline);
|
||||
@ -177,6 +181,7 @@ public class FileManagementController implements FileManagementResource {
|
||||
@PreAuthorize("hasAuthority('" + DELETE_FILE + "')")
|
||||
public void hardDeleteFiles(@PathVariable(DOSSIER_ID) String dossierId, @RequestParam(FILE_IDS) Set<String> fileIds) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
for (String fileId : fileIds) {
|
||||
if (fileStatusManagementService.getFileStatus(fileId).getAssignee() != null) {
|
||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||
@ -197,6 +202,7 @@ public class FileManagementController implements FileManagementResource {
|
||||
@PreAuthorize("hasAuthority('" + DELETE_FILE + "')")
|
||||
public void restoreFiles(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody Set<String> fileIds) {
|
||||
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
verifyUserIsDossierOwnerOrApproverOrAssignedReviewer(dossierId, fileIds);
|
||||
fileService.undeleteFiles(dossierId, fileIds);
|
||||
auditPersistenceService.audit(AuditRequest.builder()
|
||||
@ -213,6 +219,7 @@ public class FileManagementController implements FileManagementResource {
|
||||
@PreAuthorize("hasAuthority('" + ROTATE_PAGE + "')")
|
||||
public void rotatePages(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody RotatePagesRequest rotatePagesRequest) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
accessControlService.verifyUserIsReviewer(dossierId, fileId);
|
||||
|
||||
|
||||
@ -49,6 +49,7 @@ public class HighlightsController implements HighlightsResource {
|
||||
@PreAuthorize("hasAuthority('" + GET_HIGHLIGHTS + "')")
|
||||
public Highlights getHighlights(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
fileStatusService.getStatus(fileId);
|
||||
|
||||
if (storageService.objectExists(TenantContext.getTenantId(), getStorageId(dossierId, fileId, FileType.TEXT_HIGHLIGHTS))) {
|
||||
@ -67,6 +68,7 @@ public class HighlightsController implements HighlightsResource {
|
||||
public void convertHighlights(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody AnnotationIds annotationIds) {
|
||||
|
||||
try {
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
|
||||
@ -81,6 +83,7 @@ public class HighlightsController implements HighlightsResource {
|
||||
public void deleteHighlights(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody AnnotationIds annotationIds) {
|
||||
|
||||
try {
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
|
||||
@ -96,6 +99,7 @@ public class HighlightsController implements HighlightsResource {
|
||||
public void deleteImportedRedactions(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody AnnotationIds annotationIds) {
|
||||
|
||||
try {
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
|
||||
|
||||
@ -79,6 +79,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@RequestBody Set<String> annotationIds,
|
||||
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
accessControlService.verifyUserIsApprover(dossierId);
|
||||
manualRedactionUndoService.undo(dossierId, fileId, annotationIds, includeUnprocessed);
|
||||
@ -93,6 +94,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@PathVariable(ANNOTATION_ID) String annotationId,
|
||||
@PathVariable(COMMENT_ID) String commentId) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||
|
||||
@ -114,6 +116,8 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestParam(value = "unprocessed", required = false, defaultValue = FALSE) boolean unprocessed) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.validateFileResourceExistence(fileId);
|
||||
return manualRedactionService.getManualRedactions(fileId, unprocessed);
|
||||
}
|
||||
|
||||
@ -123,6 +127,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
public AnnotationComments getComments(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @PathVariable(ANNOTATION_ID) String annotationId) {
|
||||
|
||||
dossierManagementService.getDossierById(dossierId, false, false);
|
||||
accessControlService.checkViewPermissionsToDossier(dossierId);
|
||||
fileStatusManagementService.getFileStatus(fileId, false);
|
||||
|
||||
List<Comment> comments = commentService.getComments(fileId, annotationId);
|
||||
@ -137,6 +142,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@PathVariable(ANNOTATION_ID) String annotationId,
|
||||
@RequestBody AddCommentRequestModel addCommentRequest) {
|
||||
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||
|
||||
@ -161,7 +167,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@RequestBody Set<AddRedactionRequestModel> addRedactionRequests) {
|
||||
|
||||
var dossier = dossierManagementService.getDossierById(dossierId, false, false);
|
||||
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
if (addRedactionRequests.stream().anyMatch(AddRedactionRequestModel::isAddToAllDossiers)) {
|
||||
accessControlService.verifyUserIsApprover(dossierId);
|
||||
@ -191,6 +197,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
||||
|
||||
var dossier = dossierManagementService.getDossierById(dossierId, false, false);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
if (removeRedactionRequests.stream().anyMatch(RemoveRedactionRequestModel::isRemoveFromAllDossiers)) {
|
||||
accessControlService.verifyUserIsApprover(dossierId);
|
||||
@ -218,6 +225,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestBody Set<ForceRedactionRequestModel> forceRedactionRequests) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||
|
||||
@ -241,6 +249,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestBody Set<LegalBasisChangeRequestModel> legalBasisChangeRequests) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||
|
||||
@ -267,6 +276,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
||||
|
||||
var dossier = dossierManagementService.getDossierById(dossierId, false, false);
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||
|
||||
@ -292,6 +302,7 @@ public class ManualRedactionController implements ManualRedactionResource {
|
||||
@RequestBody Set<ResizeRedactionRequestModel> resizeRedactionRequests,
|
||||
@RequestParam(value = "includeUnprocessed", required = false, defaultValue = FALSE) boolean includeUnprocessed) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||
|
||||
|
||||
@ -45,13 +45,7 @@ public class ReanalysisController implements ReanalysisResource {
|
||||
@PreAuthorize("hasAuthority('" + REANALYZE_DOSSIER + "')")
|
||||
public void reanalyzeDossier(@PathVariable(DOSSIER_ID) String dossierId, @RequestParam(value = FORCE_PARAM, required = false, defaultValue = FALSE) boolean force) {
|
||||
|
||||
try {
|
||||
accessControlService.verifyUserHasViewPermissions(dossierId);
|
||||
} catch (AccessDeniedException e) {
|
||||
throw new NotFoundException("Object not found");
|
||||
}
|
||||
|
||||
accessControlService.verifyUserHasAccessPermissions(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
reanalysisService.reanalyzeDossier(dossierId, force);
|
||||
|
||||
auditPersistenceService.audit(AuditRequest.builder()
|
||||
@ -102,13 +96,8 @@ public class ReanalysisController implements ReanalysisResource {
|
||||
@PreAuthorize("hasAuthority('" + REANALYZE_DOSSIER + "')")
|
||||
public void ocrDossier(@PathVariable(DOSSIER_ID) String dossierId) {
|
||||
|
||||
try {
|
||||
accessControlService.verifyUserHasViewPermissions(dossierId);
|
||||
} catch (AccessDeniedException e) {
|
||||
throw new NotFoundException("Object not found");
|
||||
}
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
|
||||
accessControlService.verifyUserHasAccessPermissions(dossierId);
|
||||
reanalysisService.ocrDossier(dossierId);
|
||||
|
||||
auditPersistenceService.audit(AuditRequest.builder()
|
||||
|
||||
@ -149,6 +149,7 @@ public class StatusController implements StatusResource {
|
||||
@PreAuthorize("hasAuthority('" + READ_FILE_STATUS + "')")
|
||||
public FileStatus getFileStatus(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
return FileStatusMapper.toFileStatus(fileStatusManagementService.getFileStatus(fileId));
|
||||
}
|
||||
|
||||
@ -159,6 +160,7 @@ public class StatusController implements StatusResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestParam(name = ASSIGNEE_ID_REQUEST_PARAM, required = false) String assigneeId) {
|
||||
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||
|
||||
log.debug("Requested [setFileReviewer] for dossier: {} / file: {} / reviewer: {}", dossierId, fileId, assigneeId);
|
||||
@ -238,6 +240,7 @@ public class StatusController implements StatusResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestParam(value = ASSIGNEE_ID_REQUEST_PARAM, required = false) String assigneeId) {
|
||||
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
var fileStatus = fileStatusManagementService.getFileStatus(fileId);
|
||||
|
||||
setStatusUnderReviewForFile(dossierId, fileId, assigneeId);
|
||||
@ -267,6 +270,7 @@ public class StatusController implements StatusResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestParam(name = ASSIGNEE_ID_REQUEST_PARAM, required = false) String assigneeId) {
|
||||
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
var fileStatus = fileStatusManagementService.getFileStatus(fileId);
|
||||
|
||||
setStatusUnderApprovalForFile(dossierId, fileId, assigneeId);
|
||||
@ -295,6 +299,7 @@ public class StatusController implements StatusResource {
|
||||
@PreAuthorize("hasAuthority('" + SET_STATUS_APPROVED + "')")
|
||||
public void setStatusApproved(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsApprover(dossierId);
|
||||
setStatusApprovedForFile(dossierId, fileId);
|
||||
auditPersistenceService.audit(AuditRequest.builder()
|
||||
@ -403,6 +408,7 @@ public class StatusController implements StatusResource {
|
||||
@PreAuthorize("hasAuthority('" + SET_REVIEWER + "')")
|
||||
public void setStatusNewForList(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody List<String> fileIds) {
|
||||
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
for (var fileId : fileIds) {
|
||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||
var fileStatus = fileStatusManagementService.getFileStatus(fileId);
|
||||
|
||||
@ -41,11 +41,7 @@ public class StatusReportController implements StatusReportResource {
|
||||
@PreAuthorize("hasAuthority('" + READ_DOSSIER + "')")
|
||||
public ResponseEntity<?> generateStatusReport(@PathVariable(DOSSIER_ID) String dossierId) {
|
||||
|
||||
try {
|
||||
accessControlService.verifyUserHasViewPermissions(dossierId);
|
||||
} catch (AccessDeniedException e) {
|
||||
throw new NotFoundException("Object not found");
|
||||
}
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
|
||||
try {
|
||||
StatusReportResponse statusReportResponse = statusReportClient.generateStatusReport(dossierId);
|
||||
|
||||
@ -67,6 +67,7 @@ public class UploadController implements UploadResource {
|
||||
@PathVariable(DOSSIER_ID) String dossierId,
|
||||
@RequestParam(value = "keepManualRedactions", required = false, defaultValue = "false") boolean keepManualRedactions) {
|
||||
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
if (file.getOriginalFilename() == null) {
|
||||
throw new BadRequestException("Could not upload file, no filename provided.");
|
||||
}
|
||||
@ -100,6 +101,7 @@ public class UploadController implements UploadResource {
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestParam(value = "pageInclusionRequest", required = false) Set<Integer> pageInclusionRequest) {
|
||||
|
||||
accessControlService.checkAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyFileIsNotApproved(dossierId, fileId);
|
||||
accessControlService.verifyUserIsReviewerOrApprover(dossierId, fileId);
|
||||
|
||||
|
||||
@ -11,6 +11,7 @@ import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.AccessControlService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.persistence.DictionaryPersistenceService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.persistence.RulesPersistenceService;
|
||||
import com.iqser.red.service.persistence.service.v1.api.external.resource.VersionsResource;
|
||||
@ -25,6 +26,7 @@ public class VersionsController implements VersionsResource {
|
||||
|
||||
private final DictionaryPersistenceService dictionaryPersistenceService;
|
||||
private final RulesPersistenceService rulesPersistenceService;
|
||||
private final AccessControlService accessControlService;
|
||||
|
||||
|
||||
@Override
|
||||
@ -45,6 +47,7 @@ public class VersionsController implements VersionsResource {
|
||||
@PreAuthorize("hasAuthority('" + READ_VERSIONS + "')")
|
||||
public Long getDossierDictionaryVersion(@PathVariable(DOSSIER_TEMPLATE_PARAMETER_NAME) String dossierTemplateId, @PathVariable(DOSSIER_ID_PARAM) String dossierId) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
return dictionaryPersistenceService.getVersionForDossier(dossierId);
|
||||
}
|
||||
|
||||
|
||||
@ -36,6 +36,7 @@ public class ViewedPagesController implements ViewedPagesResource {
|
||||
@PreAuthorize("hasAuthority('" + MANAGE_VIEWED_PAGES + "')")
|
||||
public void addPage(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody ViewedPagesRequest viewedPagesRequest) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsReviewer(dossierId, fileId);
|
||||
viewedPagesPersistenceService.insertPage(fileId, KeycloakSecurity.getUserId(), viewedPagesRequest.getPage());
|
||||
}
|
||||
@ -44,6 +45,7 @@ public class ViewedPagesController implements ViewedPagesResource {
|
||||
@PreAuthorize("hasAuthority('" + MANAGE_VIEWED_PAGES + "')")
|
||||
public void removePage(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @PathVariable(PAGE) int page) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsReviewer(dossierId, fileId);
|
||||
viewedPagesPersistenceService.removePage(fileId, KeycloakSecurity.getUserId(), page);
|
||||
}
|
||||
@ -52,6 +54,7 @@ public class ViewedPagesController implements ViewedPagesResource {
|
||||
@PreAuthorize("hasAuthority('" + MANAGE_VIEWED_PAGES + "')")
|
||||
public ViewedPages getViewedPages(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId) {
|
||||
|
||||
accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsReviewer(dossierId, fileId);
|
||||
try {
|
||||
var pages = MagicConverter.convert(viewedPagesPersistenceService.findViewedPages(fileId, KeycloakSecurity.getUserId()), ViewedPage.class);
|
||||
|
||||
@ -45,7 +45,7 @@ public interface ComponentLogResource {
|
||||
@ResponseStatus(value = HttpStatus.NO_CONTENT)
|
||||
@PostMapping(value = COMPONENT_LOG_PATH + OVERRIDE_PATH + DOSSIER_ID_PATH_VARIABLE + FILE_ID_PATH_VARIABLE, consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
@Operation(summary = "Adds overrides for components", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
void addOverrides(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody ComponentsOverrides componentsOverrides);
|
||||
|
||||
|
||||
@ -53,7 +53,7 @@ public interface ComponentLogResource {
|
||||
@ResponseStatus(value = HttpStatus.OK)
|
||||
@GetMapping(value = COMPONENT_LOG_PATH + OVERRIDE_PATH + DOSSIER_ID_PATH_VARIABLE + FILE_ID_PATH_VARIABLE, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@Operation(summary = "Gets overrides for components", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
ComponentsOverrides getOverrides(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId);
|
||||
|
||||
|
||||
@ -61,7 +61,7 @@ public interface ComponentLogResource {
|
||||
@ResponseStatus(value = HttpStatus.NO_CONTENT)
|
||||
@PostMapping(value = COMPONENT_LOG_PATH + OVERRIDE_PATH + "/revert" + DOSSIER_ID_PATH_VARIABLE + FILE_ID_PATH_VARIABLE, consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
@Operation(summary = "Reverts overrides for components", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
void revertOverrides(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody RevertOverrideRequest revertOverrideRequest);
|
||||
|
||||
}
|
||||
|
||||
@ -129,7 +129,7 @@ public interface DictionaryResource {
|
||||
|
||||
@GetMapping(value = TYPE_PATH + DOSSIER_TEMPLATE_PATH_VARIABLE, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@Operation(summary = "Retrieve all entry types", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "Successfully retrieved all the entry types")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "Successfully retrieved all the entry types"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
TypeResponse getAllTypes(@PathVariable(DOSSIER_TEMPLATE_PARAMETER_NAME) String dossierTemplateId,
|
||||
@RequestParam(value = DOSSIER_ID_PARAMETER_NAME, required = false) String dossierId,
|
||||
@RequestParam(value = INCLUDE_DELETED_PARAMETER_NAME, required = false, defaultValue = "false") boolean includeDeleted);
|
||||
|
||||
@ -85,7 +85,7 @@ public interface DossierAttributesResource {
|
||||
|
||||
|
||||
@Operation(summary = "Set dossier attributes to an existing dossier", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
|
||||
@PostMapping(value = DOSSIER_ATTRIBUTES_PATH + SET_PATH + DOSSIER_ID_PATH_VARIABLE, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
DossierAttributes setDossierAttributes(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody DossierAttributes dossierAttributes);
|
||||
@ -94,7 +94,7 @@ public interface DossierAttributesResource {
|
||||
@ResponseBody
|
||||
@ResponseStatus(HttpStatus.OK)
|
||||
@Operation(summary = "Add or update a dossier attribute in existing dossier.", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
|
||||
@PostMapping(value = DOSSIER_ATTRIBUTES_PATH + UPDATE_PATH + DOSSIER_ID_PATH_VARIABLE, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
DossierAttributes addOrUpdateDossierAttribute(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody DossierAttribute dossierAttribute);
|
||||
@ -102,7 +102,7 @@ public interface DossierAttributesResource {
|
||||
|
||||
@ResponseStatus(HttpStatus.OK)
|
||||
@Operation(summary = "Get the dossier attributes.", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
|
||||
@GetMapping(value = DOSSIER_ATTRIBUTES_PATH + DOSSIER_ID_PATH_VARIABLE, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
DossierAttributes getDossierAttributes(@PathVariable(DOSSIER_ID) String dossierId);
|
||||
@ -111,7 +111,7 @@ public interface DossierAttributesResource {
|
||||
@ResponseBody
|
||||
@ResponseStatus(HttpStatus.NO_CONTENT)
|
||||
@Operation(summary = "Delete a specific dossier attribute.", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "NO_CONTENT")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "NO_CONTENT"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
|
||||
@DeleteMapping(value = DOSSIER_ATTRIBUTES_PATH + SET_PATH + DOSSIER_ID_PATH_VARIABLE + DOSSIER_ATTRIBUTE_ID_PATH)
|
||||
void deleteDossierAttribute(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(DOSSIER_ATTRIBUTE_ID) String dossierAttributeId);
|
||||
|
||||
@ -43,21 +43,21 @@ public interface FileManagementResource {
|
||||
@ResponseStatus(value = HttpStatus.NO_CONTENT)
|
||||
@DeleteMapping(value = DELETE_PATH + DOSSIER_ID_PATH_VARIABLE + FILE_ID_PATH_VARIABLE)
|
||||
@Operation(summary = "Deletes a file for a given dossierId and FileId", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
void deleteFile(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId);
|
||||
|
||||
|
||||
@ResponseStatus(value = HttpStatus.NO_CONTENT)
|
||||
@PostMapping(value = DELETE_PATH + DOSSIER_ID_PATH_VARIABLE)
|
||||
@Operation(summary = "Deletes a a list of files for a given dossierId", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
void deleteFiles(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody List<String> fileIds);
|
||||
|
||||
|
||||
@ResponseBody
|
||||
@ResponseStatus(value = HttpStatus.OK)
|
||||
@Operation(summary = "Returns a downloadable byte stream of the original file with the specified fileId", description = "Use the optional \"inline\" request parameter to select, if this downloadAnnotated will be opened in the browser.")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Could not prepare file download.")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Could not prepare file download."), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
@GetMapping(value = DOWNLOAD_ORIGINAL_PATH + DOSSIER_ID_PATH_VARIABLE + FILE_ID_PATH_VARIABLE)
|
||||
ResponseEntity<?> downloadOriginal(@PathVariable(DOSSIER_ID) String dossierId,
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@ -67,7 +67,7 @@ public interface FileManagementResource {
|
||||
@ResponseBody
|
||||
@ResponseStatus(value = HttpStatus.OK)
|
||||
@Operation(summary = "Returns a downloadable byte stream of the viewer document file with the specified fileId", description = "Use the optional \"inline\" request parameter to select, if this downloadAnnotated will be opened in the browser.")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Could not prepare file download.")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Could not prepare file download."), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
@GetMapping(value = DOWNLOAD_VIEWER_DOCUMENT_PATH + DOSSIER_ID_PATH_VARIABLE + FILE_ID_PATH_VARIABLE)
|
||||
ResponseEntity<?> downloadViewerDocument(@PathVariable(DOSSIER_ID) String dossierId,
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@ -85,14 +85,14 @@ public interface FileManagementResource {
|
||||
@ResponseStatus(value = HttpStatus.CREATED)
|
||||
@PostMapping(value = UNDELETE_PATH + DOSSIER_ID_PATH_VARIABLE, consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
@Operation(summary = "Restores an deleted file.", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "201", description = "File successfully restored."), @ApiResponse(responseCode = "400", description = "Incorrect dossier ID or file ID entered to restore file."), @ApiResponse(responseCode = "403", description = "Forbidden operation while restoring."), @ApiResponse(responseCode = "409", description = "Conflict occurred while restoring.")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "201", description = "File successfully restored."), @ApiResponse(responseCode = "400", description = "Incorrect dossier ID or file ID entered to restore file."), @ApiResponse(responseCode = "403", description = "Forbidden operation while restoring."), @ApiResponse(responseCode = "409", description = "Conflict occurred while restoring."), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
void restoreFiles(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody Set<String> fileIds);
|
||||
|
||||
|
||||
@ResponseStatus(value = HttpStatus.NO_CONTENT)
|
||||
@PostMapping(value = ROTATION_PATH + DOSSIER_ID_PATH_VARIABLE + FILE_ID_PATH_VARIABLE, consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
@Operation(summary = "Rotates one or more pages for one file.", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "Pages successfully rotated."), @ApiResponse(responseCode = "400", description = "Incorrect dossier ID, file ID, pages or rotation entered."), @ApiResponse(responseCode = "403", description = "Forbidden operation while rotating.")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "Pages successfully rotated."), @ApiResponse(responseCode = "400", description = "Incorrect dossier ID, file ID, pages or rotation entered."), @ApiResponse(responseCode = "403", description = "Forbidden operation while rotating."), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
void rotatePages(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody RotatePagesRequest rotatePagesRequest);
|
||||
|
||||
}
|
||||
|
||||
@ -34,28 +34,28 @@ public interface HighlightsResource {
|
||||
|
||||
@ResponseStatus(value = HttpStatus.OK)
|
||||
@Operation(summary = "Gets available highlights for the file", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
@GetMapping(value = DOSSIERS_PATH + DOSSIER_ID_PATH_VARIABLE + FILES_PATH + FILE_ID_PATH_VARIABLE + HIGHLIGHTS_PATH, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
Highlights getHighlights(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId);
|
||||
|
||||
|
||||
@ResponseStatus(value = HttpStatus.NO_CONTENT)
|
||||
@Operation(summary = "Converts highlights to imported redactions", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
@PostMapping(value = DOSSIERS_PATH + DOSSIER_ID_PATH_VARIABLE + FILES_PATH + FILE_ID_PATH_VARIABLE + HIGHLIGHTS_PATH + CONVERT_PATH, consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
void convertHighlights(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody AnnotationIds annotationIds);
|
||||
|
||||
|
||||
@ResponseStatus(value = HttpStatus.NO_CONTENT)
|
||||
@Operation(summary = "Removed highlights from the file", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
@PostMapping(value = DOSSIERS_PATH + DOSSIER_ID_PATH_VARIABLE + FILES_PATH + FILE_ID_PATH_VARIABLE + HIGHLIGHTS_PATH + DELETE_PATH, consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
void deleteHighlights(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody AnnotationIds annotationIds);
|
||||
|
||||
|
||||
@ResponseStatus(value = HttpStatus.NO_CONTENT)
|
||||
@Operation(summary = "Deletes wrong imported redactions for a file", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
@PostMapping(value = DOSSIERS_PATH + DOSSIER_ID_PATH_VARIABLE + FILES_PATH + FILE_ID_PATH_VARIABLE + IMPORTED_REDACTIONS_PATH + DELETE_PATH, consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
void deleteImportedRedactions(@PathVariable(DOSSIER_ID) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody AnnotationIds annotationIds);
|
||||
|
||||
|
||||
@ -42,13 +42,13 @@ public interface ReanalysisResource {
|
||||
|
||||
@PostMapping(value = REANALYSIS_REST_PATH + DOSSIER_ID_PATH_VARIABLE)
|
||||
@Operation(summary = "Reanalyze all files of the dossier.", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
void reanalyzeDossier(@PathVariable(DOSSIER_ID) String dossierId, @RequestParam(value = FORCE_PARAM, required = false, defaultValue = FALSE) boolean force);
|
||||
|
||||
|
||||
@PostMapping(value = REANALYSIS_REST_PATH + DOSSIER_ID_PATH_VARIABLE + FILE_ID_PATH_VARIABLE)
|
||||
@Operation(summary = "Reanalyze a file", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
void reanalyzeFile(@PathVariable(DOSSIER_ID) String dossierId,
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestParam(value = FORCE_PARAM, required = false, defaultValue = FALSE) boolean force);
|
||||
@ -56,7 +56,7 @@ public interface ReanalysisResource {
|
||||
|
||||
@PostMapping(value = REANALYSIS_REST_PATH + DOSSIER_ID_PATH_VARIABLE + BULK_REST_PATH)
|
||||
@Operation(summary = "Reanalyze multiple files for a dossier", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
void reanalyzeFilesForDossier(@PathVariable(DOSSIER_ID) String dossierId,
|
||||
@RequestBody List<String> fileIds,
|
||||
@RequestParam(value = FORCE_PARAM, required = false, defaultValue = FALSE) boolean force);
|
||||
@ -64,13 +64,13 @@ public interface ReanalysisResource {
|
||||
|
||||
@Operation(summary = "Ocr and reanalyze a dossier", description = "None")
|
||||
@PostMapping(value = OCR_REANALYSIS_REST_PATH + DOSSIER_ID_PATH_VARIABLE)
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
void ocrDossier(@PathVariable(DOSSIER_ID) String dossierId);
|
||||
|
||||
|
||||
@Operation(summary = "Ocr and reanalyze a file", description = "None")
|
||||
@PostMapping(value = OCR_REANALYSIS_REST_PATH + DOSSIER_ID_PATH_VARIABLE + FILE_ID_PATH_VARIABLE)
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK"), @ApiResponse(responseCode = "409", description = "Conflict")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK"), @ApiResponse(responseCode = "409", description = "Conflict"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
void ocrFile(@PathVariable(DOSSIER_ID) String dossierId,
|
||||
@PathVariable(FILE_ID) String fileId,
|
||||
@RequestParam(value = FORCE_PARAM, required = false, defaultValue = FALSE) boolean force);
|
||||
@ -78,7 +78,7 @@ public interface ReanalysisResource {
|
||||
|
||||
@Operation(summary = "Ocr and reanalyze multiple files for a dossier", description = "None")
|
||||
@PostMapping(value = OCR_REANALYSIS_REST_PATH + DOSSIER_ID_PATH_VARIABLE + BULK_REST_PATH)
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK"), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
void ocrFiles(@PathVariable(DOSSIER_ID) String dossierId, @RequestBody Set<String> fileIds);
|
||||
|
||||
|
||||
|
||||
@ -18,7 +18,7 @@ public interface StatusReportResource {
|
||||
|
||||
@GetMapping(value = STATUS_REPORT + DOSSIER_ID_PATH_VARIABLE)
|
||||
@Operation(summary = "Generate status report for dossier", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "Status report was generated.")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "Status report was generated."), @ApiResponse(responseCode = "404", description = "Not found")})
|
||||
ResponseEntity<?> generateStatusReport(@PathVariable(DOSSIER_ID) String dossierId);
|
||||
|
||||
}
|
||||
|
||||
@ -1,13 +1,8 @@
|
||||
package com.iqser.red.service.persistence.management.v1.processor.service;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.access.prepost.PostAuthorize;
|
||||
import org.springframework.security.acls.AclPermissionEvaluator;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
@ -15,7 +10,6 @@ import com.iqser.red.service.persistence.management.v1.processor.acl.custom.doss
|
||||
import com.iqser.red.service.persistence.management.v1.processor.exception.BadRequestException;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.exception.NotAllowedException;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.exception.NotFoundException;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.roles.ApplicationRoles;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.users.UserService;
|
||||
import com.iqser.red.service.persistence.service.v1.api.shared.model.dossiertemplate.dossier.file.WorkflowStatus;
|
||||
import com.knecon.fforesight.keycloakcommons.security.KeycloakSecurity;
|
||||
@ -86,6 +80,7 @@ public class AccessControlService {
|
||||
}
|
||||
|
||||
|
||||
// checks that the user has view permissions to dossier and returns 403 if it doesn't
|
||||
@PostAuthorize("hasPermission(#dossierId, 'Dossier', 'VIEW_OBJECT')")
|
||||
public void verifyUserHasViewPermissions(String dossierId) {
|
||||
|
||||
@ -129,6 +124,7 @@ public class AccessControlService {
|
||||
|
||||
|
||||
|
||||
// checks that the user has view permissions to dossier and returns a boolean flag
|
||||
public boolean hasUserViewPermissionsForDossier(String dossierId) {
|
||||
|
||||
return aclPermissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), dossierId, "Dossier", "VIEW_OBJECT");
|
||||
@ -144,7 +140,7 @@ public class AccessControlService {
|
||||
public void verifyFileIsNotApproved(String dossierId, String fileId) {
|
||||
|
||||
try {
|
||||
var status = fileStatusManagementService.getFileStatus(fileId).getWorkflowStatus();
|
||||
var status = fileStatusManagementService.getFileStatus(fileId, false).getWorkflowStatus();
|
||||
|
||||
if (WorkflowStatus.APPROVED.equals(status)) {
|
||||
throw new NotAllowedException("File is already in status APPROVED.");
|
||||
@ -157,4 +153,36 @@ public class AccessControlService {
|
||||
}
|
||||
}
|
||||
|
||||
//verifies that user has view permissions to the dossier and responds with 404 if it doesn't
|
||||
public void checkViewPermissionsToDossier(String dossierId) {
|
||||
if (!hasUserViewPermissionsForDossier(dossierId)) {
|
||||
throw new NotFoundException("Object not found");
|
||||
}
|
||||
}
|
||||
|
||||
//verifies that dossier is present and not deleted and user has view permissions to the dossier and responds with 404 if it doesn't
|
||||
public void checkDossierExistenceAndViewPermissionsToDossier(String dossierId) {
|
||||
dossierManagementService.getDossierById(dossierId, true, false);
|
||||
checkViewPermissionsToDossier(dossierId);
|
||||
}
|
||||
|
||||
//verifies that user has access permissions to the dossier and responds with 403 in case it doesn't
|
||||
@PostAuthorize("hasPermission(#dossierId, 'Dossier', 'ACCESS_OBJECT')")
|
||||
public void checkAccessPermissionsToDossier(String dossierId) {
|
||||
checkViewPermissionsToDossier(dossierId);
|
||||
}
|
||||
|
||||
//checks the existence of dossier and if it is not deleted and view permissions
|
||||
@PostAuthorize("hasPermission(#dossierId, 'Dossier', 'ACCESS_OBJECT')")
|
||||
public void checkDossierExistenceAndAccessPermissionsToDossier(String dossierId) {
|
||||
checkDossierExistenceAndViewPermissionsToDossier(dossierId);
|
||||
}
|
||||
|
||||
public void validateFileResourceExistence(String fileId) {
|
||||
var status = fileStatusManagementService.getFileStatus(fileId);
|
||||
if(status.isSoftOrHardDeleted()) {
|
||||
throw new NotFoundException("Object not found");
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -115,7 +115,7 @@ public class DictionaryService {
|
||||
public void deleteDossierEntries(String type, String dossierTemplateId, List<String> entries, String dossierId, DictionaryEntryType dictionaryEntryType) {
|
||||
|
||||
try {
|
||||
accessControlService.verifyUserHasAccessPermissions(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||
} catch (AccessDeniedException e) {
|
||||
throw new NotFoundException("Object not found");
|
||||
@ -212,7 +212,7 @@ public class DictionaryService {
|
||||
@PreAuthorize("hasAuthority('" + DELETE_DOSSIER_DICTIONARY_TYPE + "')")
|
||||
public void deleteDossierType(String type, String dossierTemplateId, String dossierId) {
|
||||
|
||||
accessControlService.verifyUserHasAccessPermissions(dossierId);
|
||||
accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
|
||||
accessControlService.verifyUserIsMemberOrApprover(dossierId);
|
||||
deleteType(toTypeId(type, dossierTemplateId, dossierId));
|
||||
}
|
||||
@ -224,7 +224,7 @@ public class DictionaryService {
|
||||
List<Type> types = MagicConverter.convert(dictionaryPersistenceService.getAllTypesForDossierTemplate(dossierTemplateId, includeDeleted), Type.class);
|
||||
if (dossierId != null) {
|
||||
try {
|
||||
accessControlService.verifyUserHasViewPermissions(dossierId);
|
||||
accessControlService.checkViewPermissionsToDossier(dossierId);
|
||||
dictionaryManagementService.checkDossierMatchesDossierTemplate(dossierId, dossierTemplateId);
|
||||
// for every dossier template type check if a dossier type exists
|
||||
types.forEach(t -> dictionaryManagementService.checkForDossierTypeExistenceAndCreate(toTypeId(t.getType(), t.getDossierTemplateId(), dossierId)));
|
||||
@ -264,7 +264,7 @@ public class DictionaryService {
|
||||
|
||||
try {
|
||||
if (dossierId != null) {
|
||||
accessControlService.verifyUserHasViewPermissions(dossierId);
|
||||
accessControlService.checkViewPermissionsToDossier(dossierId);
|
||||
}
|
||||
var typeId = toTypeId(type, dossierTemplateId, dossierId);
|
||||
// create dossier level type if it does not exist
|
||||
@ -323,7 +323,7 @@ public class DictionaryService {
|
||||
|
||||
try {
|
||||
if (dossierId != null) {
|
||||
accessControlService.verifyUserHasViewPermissions(dossierId);
|
||||
accessControlService.checkViewPermissionsToDossier(dossierId);
|
||||
}
|
||||
var dossierTemplateDictionary = dictionaryPersistenceService.getType(toTypeId(type, dossierTemplateId));
|
||||
var typeId = toTypeId(type, dossierTemplateId, dossierId);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user