inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (4.3/Cloud)

Browse Source 
74316: Merged V4.2-BUG-FIX (4.2.3) to HEAD-BUG-FIX (5.0/Cloud)
      74270: Merged V4.1-BUG-FIX (4.1.10) to V4.2-BUG-FIX (4.2.3)
         73963: Merged DEV to V4.1-BUG-FIX (4.1.10)
            71918: MNT-10156: In Share show appropriate HTTP status codes (such as 403) rather than the default 500
               - Throw WebScriptException with 403 status code on ContentGet layer.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@74896 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Will Abson
2014-06-25 16:34:46 +00:00
parent ecad173150
commit db9e0932fa
2 changed files with 26 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
source/java/org/alfresco/repo/web/scripts/content/ContentGet.java
View File

@@ -34,6 +34,7 @@ import org.alfresco.model.ApplicationModel;
import org.alfresco.model.ContentModel; import org.alfresco.model.ContentModel;
import org.alfresco.repo.cmis.reference.ReferenceFactory; import org.alfresco.repo.cmis.reference.ReferenceFactory;
import org.alfresco.repo.content.MimetypeMap; import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.repo.web.scripts.FileTypeImageUtils; import org.alfresco.repo.web.scripts.FileTypeImageUtils;
import org.alfresco.service.cmr.dictionary.DictionaryService; import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.ContentService; import org.alfresco.service.cmr.repository.ContentService;
@@ -44,6 +45,7 @@ import org.alfresco.service.namespace.QName;
import org.apache.commons.io.FilenameUtils; import org.apache.commons.io.FilenameUtils;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException; import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest; import org.springframework.extensions.webscripts.WebScriptRequest;
import org.springframework.extensions.webscripts.WebScriptResponse; import org.springframework.extensions.webscripts.WebScriptResponse;
@@ -185,6 +187,8 @@ public class ContentGet extends StreamContent implements ServletContextAware
boolean rfc5987Supported = (null != userAgent) && (userAgent.contains("MSIE") || userAgent.contains(" Chrome/") || userAgent.contains(" FireFox/")); boolean rfc5987Supported = (null != userAgent) && (userAgent.contains("MSIE") || userAgent.contains(" Chrome/") || userAgent.contains(" FireFox/"));
try
{
if (attach && rfc5987Supported) if (attach && rfc5987Supported)
{ {
String name = (String) nodeService.getProperty(nodeRef, ContentModel.PROP_NAME); String name = (String) nodeService.getProperty(nodeRef, ContentModel.PROP_NAME);
@@ -207,6 +211,11 @@ public class ContentGet extends StreamContent implements ServletContextAware
streamContent(req, res, nodeRef, propertyQName, attach, null, null); streamContent(req, res, nodeRef, propertyQName, attach, null, null);
} }
} }
catch (AccessDeniedException e)
{
throw new WebScriptException(Status.STATUS_FORBIDDEN, e.getMessage());
}
}
/** /**
* Stream content rendition * Stream content rendition

3
source/test-java/org/alfresco/repo/web/scripts/quickshare/QuickShareRestApiTest.java
View File

@@ -210,6 +210,7 @@ public class QuickShareRestApiTest extends BaseWebScriptTest
final int expectedStatusOK = 200; final int expectedStatusOK = 200;
final int expectedStatusNotFound = 404; final int expectedStatusNotFound = 404;
final int expectedStatusServerError = 500; // currently mapped from AccessDenied (should it be 403, 404 or does it depend on use-case) final int expectedStatusServerError = 500; // currently mapped from AccessDenied (should it be 403, 404 or does it depend on use-case)
final int expectedStatusForbidden = 403;
String testNodeRef_3 = testNode.toString().replace("://", "/"); String testNodeRef_3 = testNode.toString().replace("://", "/");
@@ -236,7 +237,7 @@ public class QuickShareRestApiTest extends BaseWebScriptTest
// As user two ... // As user two ...
rsp = sendRequest(new GetRequest(AUTH_METADATA_URL.replace("{node_ref_3}", testNodeRef_3)), expectedStatusServerError, USER_TWO); rsp = sendRequest(new GetRequest(AUTH_METADATA_URL.replace("{node_ref_3}", testNodeRef_3)), expectedStatusServerError, USER_TWO);
rsp = sendRequest(new GetRequest(AUTH_CONTENT_URL.replace("{node_ref_3}", testNodeRef_3)), expectedStatusServerError, USER_TWO); rsp = sendRequest(new GetRequest(AUTH_CONTENT_URL.replace("{node_ref_3}", testNodeRef_3)), expectedStatusForbidden, USER_TWO);
rsp = sendRequest(new GetRequest(AUTH_CONTENT_THUMBNAIL_URL.replace("{node_ref_3}", testNodeRef_3).replace("{thumbnailname}", "doclib")), expectedStatusServerError, USER_TWO); rsp = sendRequest(new GetRequest(AUTH_CONTENT_THUMBNAIL_URL.replace("{node_ref_3}", testNodeRef_3).replace("{thumbnailname}", "doclib")), expectedStatusServerError, USER_TWO);
// As user one ... // As user one ...