diff --git a/source/java/org/alfresco/rest/api/impl/QuickShareLinksImpl.java b/source/java/org/alfresco/rest/api/impl/QuickShareLinksImpl.java index 363e21dcdd..c342ba6594 100644 --- a/source/java/org/alfresco/rest/api/impl/QuickShareLinksImpl.java +++ b/source/java/org/alfresco/rest/api/impl/QuickShareLinksImpl.java @@ -125,11 +125,20 @@ public class QuickShareLinksImpl implements QuickShareLinks, InitializingBean *

* Note: does *not* require authenticated access for (public) shared link. */ - public QuickShareLink readById(String sharedId, Parameters parameters) + public QuickShareLink readById(final String sharedId, Parameters parameters) { checkEnabled(); - return getQuickShareInfo(sharedId); + Pair pair = quickShareService.getTenantNodeRefFromSharedId(sharedId); + String networkTenantDomain = pair.getFirst(); + + return TenantUtil.runAsSystemTenant(new TenantUtil.TenantRunAsWork() + { + public QuickShareLink doWork() throws Exception + { + return getQuickShareInfo(sharedId); + } + }, networkTenantDomain); } /** @@ -254,6 +263,7 @@ public class QuickShareLinksImpl implements QuickShareLinks, InitializingBean { // Note: this throws AccessDeniedException (=> 403) via QuickShareService (when NodeService tries to getAspects) QuickShareDTO qsDto = quickShareService.shareContent(nodeRef); + result.add(getQuickShareInfo(qsDto.getId())); } catch (AccessDeniedException ade) diff --git a/source/java/org/alfresco/rest/framework/core/ResourceInspector.java b/source/java/org/alfresco/rest/framework/core/ResourceInspector.java index 5d84c4bbb5..f132e0b689 100644 --- a/source/java/org/alfresco/rest/framework/core/ResourceInspector.java +++ b/source/java/org/alfresco/rest/framework/core/ResourceInspector.java @@ -70,6 +70,7 @@ import org.springframework.util.ReflectionUtils; * Looks at resources to see what they can do * * @author Gethin James + * @author janv */ public class ResourceInspector { @@ -125,7 +126,12 @@ public class ResourceInspector findOperation(MultiPartResourceAction.Create.class, HttpMethod.POST, helper); boolean noAuth = resource.isAnnotationPresent(WebApiNoAuth.class); - Set> apiNoAuth = (noAuth ? ALL_ENTITY_RESOURCE_INTERFACES : helper.apiNoAuth); + if (noAuth) + { + throw new IllegalArgumentException("@WebApiNoAuth should not be on all (entity resource class) - only on individual methods: "+urlPath); + } + + Set> apiNoAuth = helper.apiNoAuth; if (resource.isAnnotationPresent(WebApiDeleted.class)) { @@ -164,7 +170,12 @@ public class ResourceInspector findOperation(BinaryResourceAction.Update.class, HttpMethod.PUT, helperForAddressProps); boolean noAuth = resource.isAnnotationPresent(WebApiNoAuth.class); - Set> apiNoAuth = (noAuth ? ALL_PROPERTY_RESOURCE_INTERFACES : helperForAddressProps.apiNoAuth); + if (noAuth) + { + throw new IllegalArgumentException("@WebApiNoAuth should not be on all (address properties) - only on individual methods: "+entityPath); + } + + Set> apiNoAuth = helperForAddressProps.apiNoAuth; if (resource.isAnnotationPresent(WebApiDeleted.class)) { @@ -202,7 +213,12 @@ public class ResourceInspector findOperation(MultiPartRelationshipResourceAction.Create.class, HttpMethod.POST, helper); boolean noAuth = resource.isAnnotationPresent(WebApiNoAuth.class); - Set> apiNoAuth = (noAuth ? ALL_RELATIONSHIP_RESOURCE_INTERFACES : helper.apiNoAuth); + if (noAuth) + { + throw new IllegalArgumentException("@WebApiNoAuth should not be on all (relationship resource class) - only on methods: "+urlPath); + } + + Set> apiNoAuth = helper.apiNoAuth; if (resource.isAnnotationPresent(WebApiDeleted.class)) { @@ -239,6 +255,10 @@ public class ResourceInspector if (isNoAuth(aMethod)) { + if (! httpMethod.equals(HttpMethod.GET)) + { + throw new IllegalArgumentException("@WebApiNoAuth should only be on GET methods: "+operation.getTitle()); + } helper.whenOperationNoAuth(resourceInterfaceWithOneMethod, aMethod); } }