inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD (5.2) to 5.2.N (5.2.1)

Browse Source 
126448 jkaabimofrad: Merged FILE-FOLDER-API (5.2.0) to HEAD (5.2)
      122008 jvonka: (Quick) Shared Links API - limit @WebApiNoAuth to specific GET methods (not complete resource)
      RA-775, RA-750


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@126793 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Ancuta Morarasu
2016-05-11 11:21:10 +00:00
parent e6a946a443
commit 7cf61675a8
2 changed files with 35 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
source/java/org/alfresco/rest/framework/core/ResourceInspector.java
View File

@@ -70,6 +70,7 @@ import org.springframework.util.ReflectionUtils;
* Looks at resources to see what they can do
*
* @author Gethin James
* @author janv
*/
public class ResourceInspector
{
@@ -125,7 +126,12 @@ public class ResourceInspector
findOperation(MultiPartResourceAction.Create.class, HttpMethod.POST, helper);
boolean noAuth = resource.isAnnotationPresent(WebApiNoAuth.class);
Set<Class<? extends ResourceAction>> apiNoAuth = (noAuth ? ALL_ENTITY_RESOURCE_INTERFACES : helper.apiNoAuth);
if (noAuth)
{
throw new IllegalArgumentException("@WebApiNoAuth should not be on all (entity resource class) - only on individual methods: "+urlPath);
}
Set<Class<? extends ResourceAction>> apiNoAuth = helper.apiNoAuth;
if (resource.isAnnotationPresent(WebApiDeleted.class))
{
@@ -164,7 +170,12 @@ public class ResourceInspector
findOperation(BinaryResourceAction.Update.class, HttpMethod.PUT, helperForAddressProps);
boolean noAuth = resource.isAnnotationPresent(WebApiNoAuth.class);
Set<Class<? extends ResourceAction>> apiNoAuth = (noAuth ? ALL_PROPERTY_RESOURCE_INTERFACES : helperForAddressProps.apiNoAuth);
if (noAuth)
{
throw new IllegalArgumentException("@WebApiNoAuth should not be on all (address properties) - only on individual methods: "+entityPath);
}
Set<Class<? extends ResourceAction>> apiNoAuth = helperForAddressProps.apiNoAuth;
if (resource.isAnnotationPresent(WebApiDeleted.class))
{
@@ -202,7 +213,12 @@ public class ResourceInspector
findOperation(MultiPartRelationshipResourceAction.Create.class, HttpMethod.POST, helper);
boolean noAuth = resource.isAnnotationPresent(WebApiNoAuth.class);
Set<Class<? extends ResourceAction>> apiNoAuth = (noAuth ? ALL_RELATIONSHIP_RESOURCE_INTERFACES : helper.apiNoAuth);
if (noAuth)
{
throw new IllegalArgumentException("@WebApiNoAuth should not be on all (relationship resource class) - only on methods: "+urlPath);
}
Set<Class<? extends ResourceAction>> apiNoAuth = helper.apiNoAuth;
if (resource.isAnnotationPresent(WebApiDeleted.class))
{
@@ -239,6 +255,10 @@ public class ResourceInspector
if (isNoAuth(aMethod))
{
if (! httpMethod.equals(HttpMethod.GET))
{
throw new IllegalArgumentException("@WebApiNoAuth should only be on GET methods: "+operation.getTitle());
}
helper.whenOperationNoAuth(resourceInterfaceWithOneMethod, aMethod);
}
}