From 5694697c5f07af963e462eb711296d16aad6c164 Mon Sep 17 00:00:00 2001
From: Paulo Gustavo Veiga <pveiga@wisemapping.com>
Date: Wed, 9 Mar 2022 17:18:14 -0800
Subject: [PATCH] Improve exception handling on non permissions

---
 .../com/wisemapping/webmvc/MindmapController.java   | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/wise-webapp/src/main/java/com/wisemapping/webmvc/MindmapController.java b/wise-webapp/src/main/java/com/wisemapping/webmvc/MindmapController.java
index f517df48..e38dc9c5 100644
--- a/wise-webapp/src/main/java/com/wisemapping/webmvc/MindmapController.java
+++ b/wise-webapp/src/main/java/com/wisemapping/webmvc/MindmapController.java
@@ -19,6 +19,7 @@
 package com.wisemapping.webmvc;
 
 
+import com.wisemapping.exceptions.AccessDeniedSecurityException;
 import com.wisemapping.exceptions.MapCouldNotFoundException;
 import com.wisemapping.exceptions.MapNonPublicException;
 import com.wisemapping.exceptions.WiseMappingException;
@@ -52,7 +53,8 @@ public class MindmapController {
     private MindmapService mindmapService;
 
     @RequestMapping(value = "maps/{id}/print")
-    public String showPrintPage(@PathVariable int id, @NotNull Model model) throws MapCouldNotFoundException {
+    public String showPrintPage(@PathVariable int id, @NotNull Model model) throws MapCouldNotFoundException, AccessDeniedSecurityException {
+
         final MindMapBean mindmap = findMindmapBean(id);
         model.addAttribute("principal", Utils.getUser());
         model.addAttribute("mindmap", mindmap);
@@ -127,7 +129,7 @@ public class MindmapController {
     }
 
     @RequestMapping(value = "maps/{id}/embed")
-    public ModelAndView showEmbeddedPage(@PathVariable int id, @RequestParam(required = false) Float zoom) throws MapCouldNotFoundException, MapNonPublicException {
+    public ModelAndView showEmbeddedPage(@PathVariable int id, @RequestParam(required = false) Float zoom) throws MapCouldNotFoundException, MapNonPublicException, AccessDeniedSecurityException {
         if (!mindmapService.isMindmapPublic(id)) {
             throw new MapNonPublicException("Map " + id + " is not public.");
         }
@@ -171,7 +173,12 @@ public class MindmapController {
     }
 
     @NotNull
-    private MindMapBean findMindmapBean(int mapId) throws MapCouldNotFoundException {
+    private MindMapBean findMindmapBean(int mapId) throws MapCouldNotFoundException, AccessDeniedSecurityException {
+        final User user = Utils.getUser();
+        if (!mindmapService.hasPermissions(user, mapId, CollaborationRole.VIEWER)) {
+            throw new AccessDeniedSecurityException("No enough permissions to open map with id" + mapId);
+        }
+
         final Mindmap mindmap = findMindmap(mapId);
         return new MindMapBean(mindmap, Utils.getUser());
     }