From 1e878add872feb00a32795f89308095f698b6bd9 Mon Sep 17 00:00:00 2001
From: Martin Weise <martin.weise@tuwien.ac.at>
Date: Thu, 13 Feb 2025 15:45:54 +0100
Subject: [PATCH] New attempt

Signed-off-by: Martin Weise <martin.weise@tuwien.ac.at>
---
 .../main/java/at/tuwien/endpoints/DatabaseEndpoint.java    | 7 +++++++
 .../java/at/tuwien/endpoints/DatabaseEndpointUnitTest.java | 4 ++--
 .../java/at/tuwien/endpoints/TableEndpointUnitTest.java    | 4 ++--
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/DatabaseEndpoint.java b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/DatabaseEndpoint.java
index 50016103d8..41cc59ca6a 100644
--- a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/DatabaseEndpoint.java
+++ b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/DatabaseEndpoint.java
@@ -511,19 +511,26 @@ public class DatabaseEndpoint extends AbstractEndpoint {
                     .stream()
                     .filter(a -> a.getUser().getId().equals(getId(principal)))
                     .findFirst();
+            optional.ifPresentOrElse(access -> log.trace("user has access: {}", access), () -> log.trace("user has no access"));
             if (!database.getIsPublic() && !database.getIsSchemaPublic() && optional.isEmpty() && !isSystem(principal)) {
                 log.error("Failed to find database: not public and no access found");
                 throw new NotAllowedException("Failed to find database: not public and no access found");
             }
             /* reduce metadata */
+            final int tables = database.getTables()
+                    .size();
             database.setTables(database.getTables()
                     .stream()
                     .filter(t -> t.getIsPublic() || t.getIsSchemaPublic() || optional.isPresent())
                     .toList());
+            log.trace("filtered database tables from {} to {}", tables, database.getTables().size());
+            final int views = database.getViews()
+                    .size();
             database.setViews(database.getViews()
                     .stream()
                     .filter(v -> v.getIsPublic() || v.getIsSchemaPublic() || optional.isPresent())
                     .toList());
+            log.trace("filtered database views from {} to {}", views, database.getViews().size());
             if (!isSystem(principal) && !database.getOwner().getId().equals(getId(principal))) {
                 log.trace("authenticated user {} is not owner: remove access list", principal.getName());
                 database.setAccesses(List.of());
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/DatabaseEndpointUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/DatabaseEndpointUnitTest.java
index 7ab4d2c16a..f880681cfc 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/DatabaseEndpointUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/DatabaseEndpointUnitTest.java
@@ -574,8 +574,8 @@ public class DatabaseEndpointUnitTest extends AbstractUnitTest {
     }
 
     @Test
-    @WithAnonymousUser
-    public void findById_anonymousPrivateSchemaNoAccessSystem_succeeds() throws UserNotFoundException,
+    @WithMockUser(username = USER_LOCAL_ADMIN_USERNAME, authorities = {"system"})
+    public void findById_privateSchemaNoAccessInternalUser_succeeds() throws UserNotFoundException,
             NotAllowedException, DataServiceException, DatabaseNotFoundException, ExchangeNotFoundException,
             DataServiceConnectionException {
 
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/TableEndpointUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/TableEndpointUnitTest.java
index 094673416b..ba320e521f 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/TableEndpointUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/TableEndpointUnitTest.java
@@ -1258,12 +1258,12 @@ public class TableEndpointUnitTest extends AbstractUnitTest {
                     .findById(any(UUID.class));
         }
         if (access != null) {
-            when(accessService.find(any(Database.class), eq(user)))
+            when(accessService.find(any(Database.class), any(User.class)))
                     .thenReturn(access);
         } else {
             doThrow(AccessNotFoundException.class)
                     .when(accessService)
-                    .find(any(Database.class), eq(user));
+                    .find(any(Database.class), any(User.class));
         }
 
         /* test */
-- 
GitLab