inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD (5.2) to 5.2.N (5.2.1)

Browse Source 
126448 jkaabimofrad: Merged FILE-FOLDER-API (5.2.0) to HEAD (5.2)
      122008 jvonka: (Quick) Shared Links API - limit @WebApiNoAuth to specific GET methods (not complete resource)
      RA-775, RA-750


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@126793 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Ancuta Morarasu
2016-05-11 11:21:10 +00:00
parent e6a946a443
commit 7cf61675a8
2 changed files with 35 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
source/java/org/alfresco/rest/api/impl/QuickShareLinksImpl.java
View File

@@ -125,12 +125,21 @@ public class QuickShareLinksImpl implements QuickShareLinks, InitializingBean
* <p> * <p>
* Note: does *not* require authenticated access for (public) shared link. * Note: does *not* require authenticated access for (public) shared link.
*/ */
public QuickShareLink readById(String sharedId, Parameters parameters) public QuickShareLink readById(final String sharedId, Parameters parameters)
{ {
checkEnabled(); checkEnabled();
Pair<String, NodeRef> pair = quickShareService.getTenantNodeRefFromSharedId(sharedId);
String networkTenantDomain = pair.getFirst();
return TenantUtil.runAsSystemTenant(new TenantUtil.TenantRunAsWork<QuickShareLink>()
{
public QuickShareLink doWork() throws Exception
{
return getQuickShareInfo(sharedId); return getQuickShareInfo(sharedId);
} }
}, networkTenantDomain);
}
/** /**
* Download content via shared link. * Download content via shared link.
@@ -254,6 +263,7 @@ public class QuickShareLinksImpl implements QuickShareLinks, InitializingBean
{ {
// Note: this throws AccessDeniedException (=> 403) via QuickShareService (when NodeService tries to getAspects) // Note: this throws AccessDeniedException (=> 403) via QuickShareService (when NodeService tries to getAspects)
QuickShareDTO qsDto = quickShareService.shareContent(nodeRef); QuickShareDTO qsDto = quickShareService.shareContent(nodeRef);
result.add(getQuickShareInfo(qsDto.getId())); result.add(getQuickShareInfo(qsDto.getId()));
} }
catch (AccessDeniedException ade) catch (AccessDeniedException ade)

26
source/java/org/alfresco/rest/framework/core/ResourceInspector.java
View File

@@ -70,6 +70,7 @@ import org.springframework.util.ReflectionUtils;
* Looks at resources to see what they can do * Looks at resources to see what they can do
* *
* @author Gethin James * @author Gethin James
* @author janv
*/ */
public class ResourceInspector public class ResourceInspector
{ {
@@ -125,7 +126,12 @@ public class ResourceInspector
findOperation(MultiPartResourceAction.Create.class, HttpMethod.POST, helper); findOperation(MultiPartResourceAction.Create.class, HttpMethod.POST, helper);
boolean noAuth = resource.isAnnotationPresent(WebApiNoAuth.class); boolean noAuth = resource.isAnnotationPresent(WebApiNoAuth.class);
Set<Class<? extends ResourceAction>> apiNoAuth = (noAuth ? ALL_ENTITY_RESOURCE_INTERFACES : helper.apiNoAuth); if (noAuth)
{
throw new IllegalArgumentException("@WebApiNoAuth should not be on all (entity resource class) - only on individual methods: "+urlPath);
}
Set<Class<? extends ResourceAction>> apiNoAuth = helper.apiNoAuth;
if (resource.isAnnotationPresent(WebApiDeleted.class)) if (resource.isAnnotationPresent(WebApiDeleted.class))
{ {
@@ -164,7 +170,12 @@ public class ResourceInspector
findOperation(BinaryResourceAction.Update.class, HttpMethod.PUT, helperForAddressProps); findOperation(BinaryResourceAction.Update.class, HttpMethod.PUT, helperForAddressProps);
boolean noAuth = resource.isAnnotationPresent(WebApiNoAuth.class); boolean noAuth = resource.isAnnotationPresent(WebApiNoAuth.class);
Set<Class<? extends ResourceAction>> apiNoAuth = (noAuth ? ALL_PROPERTY_RESOURCE_INTERFACES : helperForAddressProps.apiNoAuth); if (noAuth)
{
throw new IllegalArgumentException("@WebApiNoAuth should not be on all (address properties) - only on individual methods: "+entityPath);
}
Set<Class<? extends ResourceAction>> apiNoAuth = helperForAddressProps.apiNoAuth;
if (resource.isAnnotationPresent(WebApiDeleted.class)) if (resource.isAnnotationPresent(WebApiDeleted.class))
{ {
@@ -202,7 +213,12 @@ public class ResourceInspector
findOperation(MultiPartRelationshipResourceAction.Create.class, HttpMethod.POST, helper); findOperation(MultiPartRelationshipResourceAction.Create.class, HttpMethod.POST, helper);
boolean noAuth = resource.isAnnotationPresent(WebApiNoAuth.class); boolean noAuth = resource.isAnnotationPresent(WebApiNoAuth.class);
Set<Class<? extends ResourceAction>> apiNoAuth = (noAuth ? ALL_RELATIONSHIP_RESOURCE_INTERFACES : helper.apiNoAuth); if (noAuth)
{
throw new IllegalArgumentException("@WebApiNoAuth should not be on all (relationship resource class) - only on methods: "+urlPath);
}
Set<Class<? extends ResourceAction>> apiNoAuth = helper.apiNoAuth;
if (resource.isAnnotationPresent(WebApiDeleted.class)) if (resource.isAnnotationPresent(WebApiDeleted.class))
{ {
@@ -239,6 +255,10 @@ public class ResourceInspector
if (isNoAuth(aMethod)) if (isNoAuth(aMethod))
{ {
if (! httpMethod.equals(HttpMethod.GET))
{
throw new IllegalArgumentException("@WebApiNoAuth should only be on GET methods: "+operation.getTitle());
}
helper.whenOperationNoAuth(resourceInterfaceWithOneMethod, aMethod); helper.whenOperationNoAuth(resourceInterfaceWithOneMethod, aMethod);
} }
} }