From f3794af63715c08f311dd336b041479dc41d5764 Mon Sep 17 00:00:00 2001 From: Marcos Lopez Gonzalez Date: Thu, 27 May 2021 14:32:57 +0200 Subject: [PATCH] hiding proposer email for users without rights to edit --- .../BaseChangeSuggestionServiceIT.java | 12 +++++++---- .../GrSciCollEditorAuthorizationService.java | 5 ++--- .../BaseChangeSuggestionService.java | 20 +++++++++++++++++-- .../CollectionChangeSuggestionService.java | 7 +++++-- .../InstitutionChangeSuggestionService.java | 7 +++++-- 5 files changed, 38 insertions(+), 13 deletions(-) diff --git a/registry-integration-tests/src/test/java/org/gbif/registry/ws/it/collections/service/suggestions/BaseChangeSuggestionServiceIT.java b/registry-integration-tests/src/test/java/org/gbif/registry/ws/it/collections/service/suggestions/BaseChangeSuggestionServiceIT.java index eaf8da6ba9..1679534d7e 100644 --- a/registry-integration-tests/src/test/java/org/gbif/registry/ws/it/collections/service/suggestions/BaseChangeSuggestionServiceIT.java +++ b/registry-integration-tests/src/test/java/org/gbif/registry/ws/it/collections/service/suggestions/BaseChangeSuggestionServiceIT.java @@ -30,6 +30,7 @@ import org.gbif.api.model.registry.LenientEquals; import org.gbif.api.service.collections.CrudService; import org.gbif.api.vocabulary.Country; +import org.gbif.api.vocabulary.UserRole; import org.gbif.registry.database.TestCaseDatabaseInitializer; import org.gbif.registry.ws.it.collections.service.BaseServiceIT; import org.gbif.ws.client.filter.SimplePrincipalProvider; @@ -126,7 +127,7 @@ public void newEntitySuggestionTest() { } @Test - public void changeInstitutionSuggestionTest() { + public void updateEntityChangeSuggestionTest() { // State T entity = createEntity(); @@ -179,9 +180,6 @@ public void changeInstitutionSuggestionTest() { assertEquals(Status.APPLIED, suggestion.getStatus()); assertNotNull(suggestion.getApplied()); assertNotNull(suggestion.getAppliedBy()); - - T appliedEntity = crudService.get(entityKey); - assertTrue(appliedEntity.lenientEquals(suggestion.getSuggestedEntity())); } @Test @@ -334,6 +332,12 @@ public void listTest() { // Then assertEquals(0, results.getResults().size()); assertEquals(0, results.getCount()); + + // When - user with no rights can't see the proposer email + resetSecurityContext("user", UserRole.USER); + results = changeSuggestionService.list(null, null, null, null, entity2Key, DEFAULT_PAGE); + // Then + assertTrue(results.getResults().stream().allMatch(v -> v.getProposerEmail() == null)); } @Test diff --git a/registry-security/src/main/java/org/gbif/registry/security/grscicoll/GrSciCollEditorAuthorizationService.java b/registry-security/src/main/java/org/gbif/registry/security/grscicoll/GrSciCollEditorAuthorizationService.java index 823e865dac..0b6f43305e 100644 --- a/registry-security/src/main/java/org/gbif/registry/security/grscicoll/GrSciCollEditorAuthorizationService.java +++ b/registry-security/src/main/java/org/gbif/registry/security/grscicoll/GrSciCollEditorAuthorizationService.java @@ -17,9 +17,7 @@ import org.gbif.api.model.collections.Collection; import org.gbif.api.model.collections.suggestions.Type; -import org.gbif.api.model.registry.Identifier; import org.gbif.api.model.registry.MachineTag; -import org.gbif.api.vocabulary.IdentifierType; import org.gbif.registry.domain.collections.Constants; import org.gbif.registry.persistence.mapper.UserRightsMapper; import org.gbif.registry.persistence.mapper.collections.ChangeSuggestionMapper; @@ -177,7 +175,8 @@ public boolean allowedToUpdateChangeSuggestion(int key, String entityType, Strin } else if (changeSuggestion.getType() == Type.UPDATE || changeSuggestion.getType() == Type.DELETE) { Collection entity = null; - if (COLLECTION.equalsIgnoreCase(entityType)) { + if (COLLECTION.equalsIgnoreCase(entityType) + && changeSuggestion.getSuggestedEntity() != null) { try { entity = objectMapper.readValue(changeSuggestion.getSuggestedEntity(), Collection.class); } catch (JsonProcessingException e) { diff --git a/registry-service/src/main/java/org/gbif/registry/service/collections/suggestions/BaseChangeSuggestionService.java b/registry-service/src/main/java/org/gbif/registry/service/collections/suggestions/BaseChangeSuggestionService.java index b757924561..f0e6c764ff 100644 --- a/registry-service/src/main/java/org/gbif/registry/service/collections/suggestions/BaseChangeSuggestionService.java +++ b/registry-service/src/main/java/org/gbif/registry/service/collections/suggestions/BaseChangeSuggestionService.java @@ -30,6 +30,8 @@ import org.gbif.registry.persistence.mapper.collections.ChangeSuggestionMapper; import org.gbif.registry.persistence.mapper.collections.dto.ChangeDto; import org.gbif.registry.persistence.mapper.collections.dto.ChangeSuggestionDto; +import org.gbif.registry.security.SecurityContextCheck; +import org.gbif.registry.security.grscicoll.GrSciCollEditorAuthorizationService; import org.gbif.registry.service.collections.merge.MergeService; import java.lang.reflect.Field; @@ -93,6 +95,7 @@ public abstract class BaseChangeSuggestionService< private final EmailSender emailSender; private final CollectionsEmailManager emailManager; private final EventManager eventManager; + private final GrSciCollEditorAuthorizationService grSciCollEditorAuthorizationService; private CollectionEntityType collectionEntityType; protected BaseChangeSuggestionService( @@ -103,7 +106,8 @@ protected BaseChangeSuggestionService( ObjectMapper objectMapper, EmailSender emailSender, CollectionsEmailManager emailManager, - EventManager eventManager) { + EventManager eventManager, + GrSciCollEditorAuthorizationService grSciCollEditorAuthorizationService) { this.changeSuggestionMapper = changeSuggestionMapper; this.mergeService = mergeService; this.crudService = crudService; @@ -112,6 +116,7 @@ protected BaseChangeSuggestionService( this.emailSender = emailSender; this.emailManager = emailManager; this.eventManager = eventManager; + this.grSciCollEditorAuthorizationService = grSciCollEditorAuthorizationService; if (clazz == Institution.class) { collectionEntityType = CollectionEntityType.INSTITUTION; @@ -433,9 +438,13 @@ protected R dtoToChangeSuggestion(ChangeSuggestionDto dto) { suggestion.setModifiedBy(dto.getModifiedBy()); suggestion.setProposed(dto.getProposed()); suggestion.setProposedBy(dto.getProposedBy()); - suggestion.setProposerEmail(dto.getProposerEmail()); suggestion.setMergeTargetKey(dto.getMergeTargetKey()); + // we only show the proposer email for users with the right permissions (data protection) + if (hasRightsToSeeProposerEmail(dto)) { + suggestion.setProposerEmail(dto.getProposerEmail()); + } + // changes conversion suggestion.setChanges( dto.getChanges().stream() @@ -497,6 +506,13 @@ protected String toJson(T entity) { } } + protected boolean hasRightsToSeeProposerEmail(ChangeSuggestionDto dto) { + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + return SecurityContextCheck.checkUserInRole(authentication, GRSCICOLL_ADMIN_ROLE) + || grSciCollEditorAuthorizationService.allowedToUpdateChangeSuggestion( + dto.getKey(), dto.getEntityType().name().toLowerCase(), getUsername()); + } + protected abstract R newEmptyChangeSuggestion(); protected abstract ChangeSuggestionDto createConvertToCollectionSuggestionDto(R changeSuggestion); diff --git a/registry-service/src/main/java/org/gbif/registry/service/collections/suggestions/CollectionChangeSuggestionService.java b/registry-service/src/main/java/org/gbif/registry/service/collections/suggestions/CollectionChangeSuggestionService.java index b63db3ae04..bd47228ef3 100644 --- a/registry-service/src/main/java/org/gbif/registry/service/collections/suggestions/CollectionChangeSuggestionService.java +++ b/registry-service/src/main/java/org/gbif/registry/service/collections/suggestions/CollectionChangeSuggestionService.java @@ -9,6 +9,7 @@ import org.gbif.registry.mail.collections.CollectionsEmailManager; import org.gbif.registry.persistence.mapper.collections.ChangeSuggestionMapper; import org.gbif.registry.persistence.mapper.collections.dto.ChangeSuggestionDto; +import org.gbif.registry.security.grscicoll.GrSciCollEditorAuthorizationService; import org.gbif.registry.service.collections.merge.CollectionMergeService; import java.util.UUID; @@ -34,7 +35,8 @@ public CollectionChangeSuggestionService( ObjectMapper objectMapper, EmailSender emailSender, CollectionsEmailManager emailManager, - EventManager eventManager) { + EventManager eventManager, + GrSciCollEditorAuthorizationService grSciCollEditorAuthorizationService) { super( changeSuggestionMapper, collectionMergeService, @@ -43,7 +45,8 @@ public CollectionChangeSuggestionService( objectMapper, emailSender, emailManager, - eventManager); + eventManager, + grSciCollEditorAuthorizationService); this.changeSuggestionMapper = changeSuggestionMapper; } diff --git a/registry-service/src/main/java/org/gbif/registry/service/collections/suggestions/InstitutionChangeSuggestionService.java b/registry-service/src/main/java/org/gbif/registry/service/collections/suggestions/InstitutionChangeSuggestionService.java index 5320c43bfd..700e00a940 100644 --- a/registry-service/src/main/java/org/gbif/registry/service/collections/suggestions/InstitutionChangeSuggestionService.java +++ b/registry-service/src/main/java/org/gbif/registry/service/collections/suggestions/InstitutionChangeSuggestionService.java @@ -10,6 +10,7 @@ import org.gbif.registry.mail.collections.CollectionsEmailManager; import org.gbif.registry.persistence.mapper.collections.ChangeSuggestionMapper; import org.gbif.registry.persistence.mapper.collections.dto.ChangeSuggestionDto; +import org.gbif.registry.security.grscicoll.GrSciCollEditorAuthorizationService; import org.gbif.registry.service.collections.merge.InstitutionMergeService; import java.util.UUID; @@ -44,7 +45,8 @@ public InstitutionChangeSuggestionService( ObjectMapper objectMapper, EmailSender emailSender, CollectionsEmailManager emailManager, - EventManager eventManager) { + EventManager eventManager, + GrSciCollEditorAuthorizationService grSciCollEditorAuthorizationService) { super( changeSuggestionMapper, institutionMergeService, @@ -53,7 +55,8 @@ public InstitutionChangeSuggestionService( objectMapper, emailSender, emailManager, - eventManager); + eventManager, + grSciCollEditorAuthorizationService); this.changeSuggestionMapper = changeSuggestionMapper; this.institutionService = institutionService; this.institutionMergeService = institutionMergeService;