kangaroo-and-rabbit/karideo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[DEV] add security connected to access on data

Browse Source
This commit is contained in:
Edouard DUPIN 2022-05-18 20:10:21 +02:00
parent b4d280039d
commit 0aefa81c1d
2 changed files with 23 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
back/src/org/kar/karideo/api/DataResource.java
View File

@ -3,17 +3,21 @@ package org.kar.karideo.api;
import org.glassfish.jersey.media.multipart.FormDataContentDisposition; import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
import org.glassfish.jersey.media.multipart.FormDataParam; import org.glassfish.jersey.media.multipart.FormDataParam;
import org.kar.karideo.ConfigVariable; import org.kar.karideo.ConfigVariable;
import org.kar.karideo.GenericContext;
import org.kar.karideo.WebLauncher; import org.kar.karideo.WebLauncher;
import org.kar.karideo.db.DBEntry; import org.kar.karideo.db.DBEntry;
import org.kar.karideo.model.Data; import org.kar.karideo.model.Data;
import org.kar.karideo.model.DataSmall; import org.kar.karideo.model.DataSmall;
import javax.annotation.security.PermitAll; import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.imageio.ImageIO; import javax.imageio.ImageIO;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.StreamingOutput; import javax.ws.rs.core.StreamingOutput;
import java.awt.*; import java.awt.*;
import java.awt.image.BufferedImage; import java.awt.image.BufferedImage;
@ -323,7 +327,12 @@ public class DataResource {
@POST @POST
@Path("/upload/") @Path("/upload/")
@Consumes({MediaType.MULTIPART_FORM_DATA}) @Consumes({MediaType.MULTIPART_FORM_DATA})
public Response uploadFile(@FormDataParam("file") InputStream fileInputStream, @FormDataParam("file") FormDataContentDisposition fileMetaData) { @RolesAllowed("USER")
public Response uploadFile(@Context SecurityContext sc, @FormDataParam("file") InputStream fileInputStream, @FormDataParam("file") FormDataContentDisposition fileMetaData) {
GenericContext gc = (GenericContext) sc.getUserPrincipal();
System.out.println("===================================================");
System.out.println("== DATA uploadFile " + gc.user);
System.out.println("===================================================");
//public NodeSmall uploadFile(final FormDataMultiPart form) { //public NodeSmall uploadFile(final FormDataMultiPart form) {
System.out.println("Upload file: "); System.out.println("Upload file: ");
String filePath = ConfigVariable.getTmpDataFolder() + File.separator + tmpFolderId++; String filePath = ConfigVariable.getTmpDataFolder() + File.separator + tmpFolderId++;
@ -340,15 +349,13 @@ public class DataResource {
//@Secured //@Secured
@GET @GET
@Path("{id}") @Path("{id}")
//@RolesAllowed("GUEST") @RolesAllowed("USER")
@Produces(MediaType.APPLICATION_OCTET_STREAM) @Produces(MediaType.APPLICATION_OCTET_STREAM)
public Response retriveDataId(/*@Context SecurityContext sc,*/ @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception { public Response retriveDataId(@Context SecurityContext sc, @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception {
/*
GenericContext gc = (GenericContext) sc.getUserPrincipal(); GenericContext gc = (GenericContext) sc.getUserPrincipal();
System.out.println("==================================================="); System.out.println("===================================================");
System.out.println("== USER get data ? " + gc.user); System.out.println("== DATA retriveDataId ? " + gc.user);
System.out.println("==================================================="); System.out.println("===================================================");
*/
DataSmall value = getSmall(id); DataSmall value = getSmall(id);
if (value == null) { if (value == null) {
Response.status(404). Response.status(404).
@ -361,15 +368,13 @@ public class DataResource {
//@Secured //@Secured
@GET @GET
@Path("thumbnail/{id}") @Path("thumbnail/{id}")
//@RolesAllowed("GUEST") @RolesAllowed("USER")
@Produces(MediaType.APPLICATION_OCTET_STREAM) @Produces(MediaType.APPLICATION_OCTET_STREAM)
public Response retriveDataThumbnailId(/*@Context SecurityContext sc,*/ @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception { public Response retriveDataThumbnailId(@Context SecurityContext sc, @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception {
/*
GenericContext gc = (GenericContext) sc.getUserPrincipal(); GenericContext gc = (GenericContext) sc.getUserPrincipal();
System.out.println("==================================================="); System.out.println("===================================================");
System.out.println("== USER get data ? " + gc.user); System.out.println("== DATA retriveDataThumbnailId ? " + gc.user);
System.out.println("==================================================="); System.out.println("===================================================");
*/
DataSmall value = getSmall(id); DataSmall value = getSmall(id);
if (value == null) { if (value == null) {
Response.status(404). Response.status(404).
@ -410,15 +415,13 @@ public class DataResource {
//@Secured //@Secured
@GET @GET
@Path("{id}/{name}") @Path("{id}/{name}")
//@RolesAllowed("GUEST") @RolesAllowed("USER")
@Produces(MediaType.APPLICATION_OCTET_STREAM) @Produces(MediaType.APPLICATION_OCTET_STREAM)
public Response retriveDataFull(/*@Context SecurityContext sc,*/ @HeaderParam("Range") String range, @PathParam("id") Long id, @PathParam("name") String name) throws Exception { public Response retriveDataFull(@Context SecurityContext sc, @HeaderParam("Range") String range, @PathParam("id") Long id, @PathParam("name") String name) throws Exception {
/*
GenericContext gc = (GenericContext) sc.getUserPrincipal(); GenericContext gc = (GenericContext) sc.getUserPrincipal();
System.out.println("==================================================="); System.out.println("===================================================");
System.out.println("== USER get data ? " + gc.user); System.out.println("== DATA retriveDataFull ? " + gc.user);
System.out.println("==================================================="); System.out.println("===================================================");
*/
DataSmall value = getSmall(id); DataSmall value = getSmall(id);
if (value == null) { if (value == null) {
Response.status(404). Response.status(404).

6
back/src/org/kar/karideo/api/SeriesResource.java
View File

@ -54,7 +54,7 @@ public class SeriesResource {
@Path("{id}/add_cover") @Path("{id}/add_cover")
@Consumes({MediaType.MULTIPART_FORM_DATA}) @Consumes({MediaType.MULTIPART_FORM_DATA})
public Response uploadCover(@PathParam("id") Long id, public Response uploadCover(@PathParam("id") Long id,
@FormDataParam("file_name") String fileName, @FormDataParam("fileName") String fileName,
@FormDataParam("file") InputStream fileInputStream, @FormDataParam("file") InputStream fileInputStream,
@FormDataParam("file") FormDataContentDisposition fileMetaData @FormDataParam("file") FormDataContentDisposition fileMetaData
) { ) {
@ -62,8 +62,8 @@ public class SeriesResource {
} }
@GET @GET
@Path("{id}/rm_cover/{cover_id}") @Path("{id}/rm_cover/{coverId}")
public Response removeCover(@PathParam("id") Long nodeId, @PathParam("cover_id") Long coverId) { public Response removeCover(@PathParam("id") Long nodeId, @PathParam("coverId") Long coverId) {
return NodeInterface.removeCover(typeInNode, nodeId, coverId); return NodeInterface.removeCover(typeInNode, nodeId, coverId);
} }