Improve message on lack of permissions to perform map operations

main
Paulo Gustavo Veiga 2022-03-14 15:04:15 -03:00
parent e38c1bcc7c
commit 7ca5bf716f
2 changed files with 12 additions and 8 deletions

View File

@ -18,10 +18,7 @@
package com.wisemapping.rest; package com.wisemapping.rest;
import com.wisemapping.exceptions.LabelCouldNotFoundException; import com.wisemapping.exceptions.*;
import com.wisemapping.exceptions.MapCouldNotFoundException;
import com.wisemapping.exceptions.SessionExpiredException;
import com.wisemapping.exceptions.WiseMappingException;
import com.wisemapping.model.*; import com.wisemapping.model.*;
import com.wisemapping.rest.model.*; import com.wisemapping.rest.model.*;
import com.wisemapping.security.Utils; import com.wisemapping.security.Utils;
@ -249,8 +246,15 @@ public class MindmapController extends BaseController {
} }
@NotNull @NotNull
private Mindmap findMindmapById(int id) throws MapCouldNotFoundException { private Mindmap findMindmapById(int id) throws MapCouldNotFoundException, AccessDeniedSecurityException {
Mindmap result = mindmapService.findMindmapById(id); // Has enough permissions ?
final User user = Utils.getUser();
if (!mindmapService.hasPermissions(user, id, CollaborationRole.VIEWER)) {
throw new AccessDeniedSecurityException("No enough permissions to open map. Id:" + id);
}
// Does the map exists ?
final Mindmap result = mindmapService.findMindmapById(id);
if (result == null) { if (result == null) {
throw new MapCouldNotFoundException("Map could not be found. Id:" + id); throw new MapCouldNotFoundException("Map could not be found. Id:" + id);
} }
@ -489,7 +493,7 @@ public class MindmapController extends BaseController {
@RequestMapping(method = RequestMethod.PUT, value = "/maps/{id}/lock", consumes = {"text/plain"}, produces = {"application/json", "application/xml"}) @RequestMapping(method = RequestMethod.PUT, value = "/maps/{id}/lock", consumes = {"text/plain"}, produces = {"application/json", "application/xml"})
@ResponseStatus(value = HttpStatus.NO_CONTENT) @ResponseStatus(value = HttpStatus.NO_CONTENT)
public void updateMapLock(@RequestBody String value, @PathVariable int id) throws IOException, WiseMappingException { public void updateMapLock(@RequestBody String value, @PathVariable int id) throws WiseMappingException {
final User user = Utils.getUser(); final User user = Utils.getUser();
final LockManager lockManager = mindmapService.getLockManager(); final LockManager lockManager = mindmapService.getLockManager();
final Mindmap mindmap = findMindmapById(id); final Mindmap mindmap = findMindmapById(id);

View File

@ -176,7 +176,7 @@ public class MindmapController {
private MindMapBean findMindmapBean(int mapId) throws MapCouldNotFoundException, AccessDeniedSecurityException { private MindMapBean findMindmapBean(int mapId) throws MapCouldNotFoundException, AccessDeniedSecurityException {
final User user = Utils.getUser(); final User user = Utils.getUser();
if (!mindmapService.hasPermissions(user, mapId, CollaborationRole.VIEWER)) { if (!mindmapService.hasPermissions(user, mapId, CollaborationRole.VIEWER)) {
throw new AccessDeniedSecurityException("No enough permissions to open map with id" + mapId); throw new AccessDeniedSecurityException("No enough permissions to open map with id " + mapId);
} }
final Mindmap mindmap = findMindmap(mapId); final Mindmap mindmap = findMindmap(mapId);