[DEV] add security connected to access on data

This commit is contained in:
Edouard DUPIN 2022-05-18 20:10:21 +02:00
parent b4d280039d
commit 0aefa81c1d
2 changed files with 23 additions and 20 deletions

View File

@ -3,17 +3,21 @@ package org.kar.karideo.api;
import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
import org.glassfish.jersey.media.multipart.FormDataParam;
import org.kar.karideo.ConfigVariable;
import org.kar.karideo.GenericContext;
import org.kar.karideo.WebLauncher;
import org.kar.karideo.db.DBEntry;
import org.kar.karideo.model.Data;
import org.kar.karideo.model.DataSmall;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.imageio.ImageIO;
import javax.ws.rs.*;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.StreamingOutput;
import java.awt.*;
import java.awt.image.BufferedImage;
@ -323,7 +327,12 @@ public class DataResource {
@POST
@Path("/upload/")
@Consumes({MediaType.MULTIPART_FORM_DATA})
public Response uploadFile(@FormDataParam("file") InputStream fileInputStream, @FormDataParam("file") FormDataContentDisposition fileMetaData) {
@RolesAllowed("USER")
public Response uploadFile(@Context SecurityContext sc, @FormDataParam("file") InputStream fileInputStream, @FormDataParam("file") FormDataContentDisposition fileMetaData) {
GenericContext gc = (GenericContext) sc.getUserPrincipal();
System.out.println("===================================================");
System.out.println("== DATA uploadFile " + gc.user);
System.out.println("===================================================");
//public NodeSmall uploadFile(final FormDataMultiPart form) {
System.out.println("Upload file: ");
String filePath = ConfigVariable.getTmpDataFolder() + File.separator + tmpFolderId++;
@ -340,15 +349,13 @@ public class DataResource {
//@Secured
@GET
@Path("{id}")
//@RolesAllowed("GUEST")
@RolesAllowed("USER")
@Produces(MediaType.APPLICATION_OCTET_STREAM)
public Response retriveDataId(/*@Context SecurityContext sc,*/ @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception {
/*
public Response retriveDataId(@Context SecurityContext sc, @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception {
GenericContext gc = (GenericContext) sc.getUserPrincipal();
System.out.println("===================================================");
System.out.println("== USER get data ? " + gc.user);
System.out.println("== DATA retriveDataId ? " + gc.user);
System.out.println("===================================================");
*/
DataSmall value = getSmall(id);
if (value == null) {
Response.status(404).
@ -361,15 +368,13 @@ public class DataResource {
//@Secured
@GET
@Path("thumbnail/{id}")
//@RolesAllowed("GUEST")
@RolesAllowed("USER")
@Produces(MediaType.APPLICATION_OCTET_STREAM)
public Response retriveDataThumbnailId(/*@Context SecurityContext sc,*/ @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception {
/*
public Response retriveDataThumbnailId(@Context SecurityContext sc, @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception {
GenericContext gc = (GenericContext) sc.getUserPrincipal();
System.out.println("===================================================");
System.out.println("== USER get data ? " + gc.user);
System.out.println("== DATA retriveDataThumbnailId ? " + gc.user);
System.out.println("===================================================");
*/
DataSmall value = getSmall(id);
if (value == null) {
Response.status(404).
@ -410,15 +415,13 @@ public class DataResource {
//@Secured
@GET
@Path("{id}/{name}")
//@RolesAllowed("GUEST")
@RolesAllowed("USER")
@Produces(MediaType.APPLICATION_OCTET_STREAM)
public Response retriveDataFull(/*@Context SecurityContext sc,*/ @HeaderParam("Range") String range, @PathParam("id") Long id, @PathParam("name") String name) throws Exception {
/*
public Response retriveDataFull(@Context SecurityContext sc, @HeaderParam("Range") String range, @PathParam("id") Long id, @PathParam("name") String name) throws Exception {
GenericContext gc = (GenericContext) sc.getUserPrincipal();
System.out.println("===================================================");
System.out.println("== USER get data ? " + gc.user);
System.out.println("== DATA retriveDataFull ? " + gc.user);
System.out.println("===================================================");
*/
DataSmall value = getSmall(id);
if (value == null) {
Response.status(404).

View File

@ -54,7 +54,7 @@ public class SeriesResource {
@Path("{id}/add_cover")
@Consumes({MediaType.MULTIPART_FORM_DATA})
public Response uploadCover(@PathParam("id") Long id,
@FormDataParam("file_name") String fileName,
@FormDataParam("fileName") String fileName,
@FormDataParam("file") InputStream fileInputStream,
@FormDataParam("file") FormDataContentDisposition fileMetaData
) {
@ -62,8 +62,8 @@ public class SeriesResource {
}
@GET
@Path("{id}/rm_cover/{cover_id}")
public Response removeCover(@PathParam("id") Long nodeId, @PathParam("cover_id") Long coverId) {
@Path("{id}/rm_cover/{coverId}")
public Response removeCover(@PathParam("id") Long nodeId, @PathParam("coverId") Long coverId) {
return NodeInterface.removeCover(typeInNode, nodeId, coverId);
}