diff --git a/dbrepo-database-service/rest-service/src/main/java/at/tuwien/endpoints/DatabaseEndpoint.java b/dbrepo-database-service/rest-service/src/main/java/at/tuwien/endpoints/DatabaseEndpoint.java
index f44d81db88fb1e7501b28bfcc0b0ef87cfc08359..d2f571e4d2fab5b4d864306fd3a005595dd67551 100644
--- a/dbrepo-database-service/rest-service/src/main/java/at/tuwien/endpoints/DatabaseEndpoint.java
+++ b/dbrepo-database-service/rest-service/src/main/java/at/tuwien/endpoints/DatabaseEndpoint.java
@@ -274,7 +274,7 @@ public class DatabaseEndpoint {
log.debug("endpoint find database, containerId={}, databaseId={}", containerId, databaseId);
final Database database = databaseService.findById(containerId, databaseId);
final DatabaseDto dto = databaseMapper.databaseToDatabaseDto(database);
- if (principal != null && database.getOwner().equals(principal)) {
+ if (principal != null && database.getOwner().equalsPrincipal(principal)) {
/* only owner sees the access rights */ // TODO improve this by proper mapping
final List<DatabaseAccess> accesses = accessService.list(databaseId);
dto.setAccesses(accesses.stream()
diff --git a/dbrepo-database-service/rest-service/src/test/java/at/tuwien/service/AccessServiceIntegrationTest.java b/dbrepo-database-service/rest-service/src/test/java/at/tuwien/service/AccessServiceIntegrationTest.java
index 549b9489a0678756b1b466941b98bab4fe2a9c6f..50c451ccfa7a8ff0d74bfc0d699cd6481135e041 100644
--- a/dbrepo-database-service/rest-service/src/test/java/at/tuwien/service/AccessServiceIntegrationTest.java
+++ b/dbrepo-database-service/rest-service/src/test/java/at/tuwien/service/AccessServiceIntegrationTest.java
@@ -100,7 +100,7 @@ public class AccessServiceIntegrationTest extends BaseUnitTest {
userRepository.save(USER_2_SIMPLE);
userRepository.save(USER_3_SIMPLE);
containerRepository.save(CONTAINER_1_SIMPLE);
- databaseRepository.save(DATABASE_1);
+ databaseRepository.save(DATABASE_1_SIMPLE);
}
@AfterEach
diff --git a/dbrepo-metadata-db/entities/src/main/java/at/tuwien/entities/user/User.java b/dbrepo-metadata-db/entities/src/main/java/at/tuwien/entities/user/User.java
index 9325962eac8748c095dd1e4425ad27ee291dce0b..98e6fbda337b38df9f931a586e9e5034d41fe58a 100644
--- a/dbrepo-metadata-db/entities/src/main/java/at/tuwien/entities/user/User.java
+++ b/dbrepo-metadata-db/entities/src/main/java/at/tuwien/entities/user/User.java
@@ -110,7 +110,7 @@ public class User {
* @param principal The user principal.
* @return True if the user are equal, false otherwise.
*/
- public boolean equals(Principal principal) {
+ public boolean equalsPrincipal(Principal principal) {
if (principal == null) {
return false;
}
diff --git a/dbrepo-query-service/rest-service/src/main/java/at/tuwien/endpoint/StoreEndpoint.java b/dbrepo-query-service/rest-service/src/main/java/at/tuwien/endpoint/StoreEndpoint.java
index bb2b18b343425d1e083a171df5bf8edcde86057b..7c0da7215e72955570bf276ce5352070c845f2d5 100644
--- a/dbrepo-query-service/rest-service/src/main/java/at/tuwien/endpoint/StoreEndpoint.java
+++ b/dbrepo-query-service/rest-service/src/main/java/at/tuwien/endpoint/StoreEndpoint.java
@@ -12,6 +12,7 @@ import at.tuwien.querystore.Query;
import at.tuwien.exception.*;
import at.tuwien.mapper.QueryMapper;
import at.tuwien.service.*;
+import at.tuwien.validation.EndpointValidator;
import io.micrometer.core.annotation.Timed;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.media.Content;
@@ -43,17 +44,19 @@ public class StoreEndpoint {
private final UserService userService;
private final StoreService storeService;
private final IdentifierMapper identifierMapper;
+ private final EndpointValidator endpointValidator;
private final IdentifierService identifierService;
@Autowired
public StoreEndpoint(UserMapper userMapper, QueryMapper queryMapper, UserService userService,
StoreService storeService, IdentifierMapper identifierMapper,
- IdentifierService identifierService) {
+ EndpointValidator endpointValidator, IdentifierService identifierService) {
this.userMapper = userMapper;
this.queryMapper = queryMapper;
this.userService = userService;
this.storeService = storeService;
this.identifierMapper = identifierMapper;
+ this.endpointValidator = endpointValidator;
this.identifierService = identifierService;
}
@@ -103,9 +106,10 @@ public class StoreEndpoint {
@RequestParam(value = "persisted", required = false) Boolean persisted,
Principal principal) throws QueryStoreException,
DatabaseNotFoundException, ImageNotSupportedException, ContainerNotFoundException,
- DatabaseConnectionException, TableMalformedException, UserNotFoundException {
+ DatabaseConnectionException, TableMalformedException, UserNotFoundException, NotAllowedException {
log.debug("endpoint list queries, containerId={}, databaseId={}, persisted={}, principal={}", containerId,
databaseId, persisted, principal);
+ endpointValidator.validateOnlyAccess(containerId, databaseId, principal);
final List<Query> queries = storeService.findAll(containerId, databaseId, persisted, principal);
final List<Identifier> identifiers = identifierService.findAll();
final List<User> users = userService.findAll();
@@ -172,6 +176,7 @@ public class StoreEndpoint {
DatabaseConnectionException {
log.debug("endpoint find query, containerId={}, databaseId={}, queryId={}, principal={}", containerId, databaseId,
queryId, principal);
+ endpointValidator.validateOnlyAccess(containerId, databaseId, principal);
final Query query = storeService.findOne(containerId, databaseId, queryId, principal);
final QueryDto dto = queryMapper.queryToQueryDto(query);
final User creator = userService.findByUsername(query.getCreatedBy());
@@ -229,10 +234,15 @@ public class StoreEndpoint {
@NotNull Principal principal)
throws QueryStoreException, DatabaseNotFoundException, ImageNotSupportedException,
DatabaseConnectionException, UserNotFoundException, QueryNotFoundException,
- QueryAlreadyPersistedException {
+ QueryAlreadyPersistedException, NotAllowedException {
log.debug("endpoint persist query, container, containerId={}, databaseId={}, queryId={}, principal={}",
containerId, databaseId, queryId, principal);
+ endpointValidator.validateOnlyAccess(containerId, databaseId, principal);
final Query check = storeService.findOne(containerId, databaseId, queryId, principal);
+ if (!check.getCreatedBy().equals(principal.getName())) {
+ log.error("Cannot persist foreign query: created by {}", check.getCreatedBy());
+ throw new NotAllowedException("Cannot persist foreign query: created by " + check.getCreatedBy());
+ }
if (check.getIsPersisted()) {
log.error("Failed to persist, is already persisted");
throw new QueryAlreadyPersistedException("Failed to persist");
diff --git a/dbrepo-query-service/rest-service/src/main/java/at/tuwien/endpoint/ViewEndpoint.java b/dbrepo-query-service/rest-service/src/main/java/at/tuwien/endpoint/ViewEndpoint.java
index d176b8741b5491e2b4e7eb6e2c3050f241d35697..20d93d7077970907d45594a9f56cd347fcaf808a 100644
--- a/dbrepo-query-service/rest-service/src/main/java/at/tuwien/endpoint/ViewEndpoint.java
+++ b/dbrepo-query-service/rest-service/src/main/java/at/tuwien/endpoint/ViewEndpoint.java
@@ -24,7 +24,6 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.Authentication;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.*;
@@ -150,7 +149,7 @@ public class ViewEndpoint {
databaseId, data, principal);
/* check */
final Database database = databaseService.find(containerId, databaseId);
- if (!database.getOwner().equals(principal)) {
+ if (!database.getOwner().equalsPrincipal(principal)) {
log.error("Failed to create view: not the database owner");
throw new NotAllowedException("Failed to create view: not the database owner");
}
@@ -253,7 +252,7 @@ public class ViewEndpoint {
databaseId, viewId, principal);
/* check */
final Database database = databaseService.find(containerId, databaseId);
- if (!database.getOwner().equals(principal)) {
+ if (!database.getOwner().equalsPrincipal(principal)) {
log.error("Failed to delete view: not the database owner");
throw new NotAllowedException("Failed to delete view: not the database owner");
}
diff --git a/dbrepo-query-service/rest-service/src/main/java/at/tuwien/validation/EndpointValidator.java b/dbrepo-query-service/rest-service/src/main/java/at/tuwien/validation/EndpointValidator.java
index 61775a087420a25a9ff0b7dc6de167b67e4e3497..c264c9f50c24c96b31b98120155d95ed8e8a7605 100644
--- a/dbrepo-query-service/rest-service/src/main/java/at/tuwien/validation/EndpointValidator.java
+++ b/dbrepo-query-service/rest-service/src/main/java/at/tuwien/validation/EndpointValidator.java
@@ -3,12 +3,18 @@ package at.tuwien.validation;
import at.tuwien.SortType;
import at.tuwien.api.database.query.ExecuteStatementDto;
import at.tuwien.config.QueryConfig;
-import at.tuwien.exception.PaginationException;
-import at.tuwien.exception.QueryMalformedException;
-import at.tuwien.exception.SortException;
+import at.tuwien.entities.database.Database;
+import at.tuwien.entities.database.DatabaseAccess;
+import at.tuwien.entities.user.User;
+import at.tuwien.exception.*;
+import at.tuwien.service.AccessService;
+import at.tuwien.service.DatabaseService;
+import at.tuwien.service.UserService;
import lombok.extern.log4j.Log4j2;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import java.security.Principal;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;
@@ -19,10 +25,18 @@ import java.util.regex.Pattern;
@Component
public class EndpointValidator {
+ private final UserService userService;
private final QueryConfig queryConfig;
+ private final AccessService accessService;
+ private final DatabaseService databaseService;
- public EndpointValidator(QueryConfig queryConfig) {
+ @Autowired
+ public EndpointValidator(UserService userService, QueryConfig queryConfig, AccessService accessService,
+ DatabaseService databaseService) {
+ this.userService = userService;
this.queryConfig = queryConfig;
+ this.accessService = accessService;
+ this.databaseService = databaseService;
}
public void validateDataParams(Long page, Long size) throws PaginationException {
@@ -74,4 +88,20 @@ public class EndpointValidator {
throw new QueryMalformedException("Query contains forbidden keyword(s): " + Arrays.toString(words.toArray()));
}
+ public void validateOnlyAccess(Long containerId, Long databaseId, Principal principal) throws DatabaseNotFoundException, NotAllowedException {
+ final Database database = databaseService.find(containerId, databaseId);
+ if (database.getIsPublic()) {
+ log.trace("database with id {} is public: no access needed", databaseId);
+ return;
+ }
+ log.trace("database with id {} is private", databaseId);
+ if (principal == null) {
+ log.error("Access not allowed: database with id {} is not public and no authorization provided", databaseId);
+ throw new NotAllowedException("Access not allowed: database with id " + databaseId + " is not public and no authorization provided");
+ }
+ log.trace("principal is {}", principal);
+ final DatabaseAccess access = accessService.find(databaseId, principal.getName());
+ log.trace("found access {}", access);
+ }
+
}
diff --git a/dbrepo-query-service/rest-service/src/test/java/at/tuwien/endpoint/StoreEndpointUnitTest.java b/dbrepo-query-service/rest-service/src/test/java/at/tuwien/endpoint/StoreEndpointUnitTest.java
index ff6762bcbe721cf34b12c54526b1f6cdfbcb0e44..7b8e72dded4c4d0155d6868b44752c3ce958feb4 100644
--- a/dbrepo-query-service/rest-service/src/test/java/at/tuwien/endpoint/StoreEndpointUnitTest.java
+++ b/dbrepo-query-service/rest-service/src/test/java/at/tuwien/endpoint/StoreEndpointUnitTest.java
@@ -33,11 +33,9 @@ import org.springframework.test.context.junit.jupiter.SpringExtension;
import java.security.Principal;
import java.util.List;
import java.util.Optional;
-import java.util.UUID;
import static org.junit.jupiter.api.Assertions.*;
-import static org.mockito.Mockito.doReturn;
-import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.*;
@Log4j2
@SpringBootTest
@@ -68,9 +66,6 @@ public class StoreEndpointUnitTest extends BaseUnitTest {
@MockBean
private DatabaseService databaseService;
- @MockBean
- private DatabaseAccessRepository accessRepository;
-
@MockBean
private AccessService accessService;
@@ -79,17 +74,27 @@ public class StoreEndpointUnitTest extends BaseUnitTest {
@Test
@WithAnonymousUser
- public void findAll_anonymous_succeeds() throws QueryStoreException, DatabaseNotFoundException, ImageNotSupportedException,
- ContainerNotFoundException, DatabaseConnectionException, TableMalformedException, UserNotFoundException {
+ public void findAll_privateAnonymous_fails() {
/* test */
- findAll_generic(CONTAINER_1_ID, DATABASE_1_ID, DATABASE_1, null);
+ assertThrows(NotAllowedException.class, () -> {
+ findAll_generic(CONTAINER_1_ID, DATABASE_1_ID, DATABASE_1, null);
+ });
+ }
+
+ @Test
+ @WithAnonymousUser
+ public void findAll_publicAnonymous_succeeds() throws QueryStoreException, DatabaseNotFoundException, ImageNotSupportedException,
+ ContainerNotFoundException, DatabaseConnectionException, TableMalformedException, UserNotFoundException, NotAllowedException {
+
+ /* test */
+ findAll_generic(CONTAINER_3_ID, DATABASE_3_ID, DATABASE_3, null);
}
@Test
@WithMockUser(username = USER_1_USERNAME)
public void findAll_noRole_succeeds() throws QueryStoreException, DatabaseNotFoundException, ImageNotSupportedException,
- ContainerNotFoundException, DatabaseConnectionException, TableMalformedException, UserNotFoundException {
+ ContainerNotFoundException, DatabaseConnectionException, TableMalformedException, UserNotFoundException, NotAllowedException {
/* test */
findAll_generic(CONTAINER_1_ID, DATABASE_1_ID, DATABASE_1, USER_1_PRINCIPAL);
@@ -98,67 +103,83 @@ public class StoreEndpointUnitTest extends BaseUnitTest {
@Test
@WithMockUser(username = USER_1_USERNAME, authorities = {"list-queries"})
public void findAll_hasRole_succeeds() throws QueryStoreException, DatabaseNotFoundException, ImageNotSupportedException,
- ContainerNotFoundException, DatabaseConnectionException, TableMalformedException, UserNotFoundException {
+ ContainerNotFoundException, DatabaseConnectionException, TableMalformedException, UserNotFoundException, NotAllowedException {
/* test */
findAll_generic(CONTAINER_1_ID, DATABASE_1_ID, DATABASE_1, USER_1_PRINCIPAL);
}
@Test
- @WithMockUser(username = USER_1_USERNAME, authorities = {"list-queries"})
- public void findAll_noAccess_fails() {
+ @WithMockUser(username = USER_2_USERNAME, authorities = {"list-queries"})
+ public void findAll_privateNoAccess_fails() throws NotAllowedException {
+
+ /* mock */
+ doThrow(NotAllowedException.class)
+ .when(accessService)
+ .find(DATABASE_1_ID, USER_2_USERNAME);
/* test */
assertThrows(NotAllowedException.class, () -> {
- findAll_generic(CONTAINER_2_ID, DATABASE_2_ID, DATABASE_2, USER_1_PRINCIPAL);
+ findAll_generic(CONTAINER_1_ID, DATABASE_1_ID, DATABASE_1, USER_2_PRINCIPAL);
});
}
@Test
- @WithMockUser(username = USER_1_USERNAME, authorities = {"list-queries"})
- public void findAll_hasAccess_succeeds() throws UserNotFoundException, QueryStoreException,
- DatabaseConnectionException, TableMalformedException, DatabaseNotFoundException, ImageNotSupportedException,
- ContainerNotFoundException {
+ @WithMockUser(username = USER_2_USERNAME, authorities = {"list-queries"})
+ public void findAll_publicNoAccess_succeeds() throws UserNotFoundException, QueryStoreException,
+ DatabaseConnectionException, TableMalformedException, NotAllowedException, DatabaseNotFoundException,
+ ImageNotSupportedException, ContainerNotFoundException {
/* mock */
- when(accessRepository.findByDatabaseIdAndUsername(DATABASE_2_ID, USER_1_USERNAME))
- .thenReturn(Optional.of(DATABASE_1_RESEARCHER_READ_ACCESS));
+ doThrow(NotAllowedException.class)
+ .when(accessService)
+ .find(DATABASE_3_ID, USER_2_USERNAME);
/* test */
- findAll_generic(CONTAINER_2_ID, DATABASE_2_ID, DATABASE_2, USER_1_PRINCIPAL);
+ findAll_generic(CONTAINER_3_ID, DATABASE_3_ID, DATABASE_3, USER_2_PRINCIPAL);
}
@Test
- @WithMockUser(username = USER_2_USERNAME)
- public void findAll_dataSteward_succeeds() throws QueryStoreException, DatabaseNotFoundException, ImageNotSupportedException,
- ContainerNotFoundException, DatabaseConnectionException, TableMalformedException, UserNotFoundException {
+ @WithMockUser(username = USER_1_USERNAME, authorities = {"list-queries"})
+ public void findAll_hasAccess_succeeds() throws UserNotFoundException, QueryStoreException,
+ DatabaseConnectionException, TableMalformedException, DatabaseNotFoundException, ImageNotSupportedException,
+ ContainerNotFoundException, NotAllowedException {
+
+ /* mock */
+ when(accessService.find(DATABASE_2_ID, USER_1_USERNAME))
+ .thenReturn(DATABASE_1_RESEARCHER_READ_ACCESS);
/* test */
- findAll_generic(CONTAINER_1_ID, DATABASE_1_ID, DATABASE_1, USER_2_PRINCIPAL);
+ findAll_generic(CONTAINER_2_ID, DATABASE_2_ID, DATABASE_2, USER_1_PRINCIPAL);
}
@Test
- @WithMockUser(username = USER_3_USERNAME)
- public void findAll_developer_succeeds() throws QueryStoreException, DatabaseNotFoundException, ImageNotSupportedException,
- ContainerNotFoundException, DatabaseConnectionException, TableMalformedException, UserNotFoundException {
+ @WithAnonymousUser
+ public void find_publicAnonymous_succeeds() throws QueryStoreException, QueryNotFoundException, DatabaseNotFoundException,
+ ImageNotSupportedException, UserNotFoundException, NotAllowedException, DatabaseConnectionException {
+
+ /* mock */
+ when(userRepository.findByUsername(USER_1_USERNAME))
+ .thenReturn(Optional.of(USER_1));
/* test */
- findAll_generic(CONTAINER_1_ID, DATABASE_1_ID, DATABASE_1, USER_3_PRINCIPAL);
+ final QueryDto response = find_generic(CONTAINER_3_ID, DATABASE_3_ID, DATABASE_3, QUERY_4_ID, QUERY_4, null, null, null);
+ assertEquals(QUERY_4_ID, response.getId());
+ assertEquals(QUERY_4_STATEMENT, response.getQuery());
}
@Test
@WithAnonymousUser
- public void find_anonymous_succeeds() throws QueryStoreException, QueryNotFoundException, DatabaseNotFoundException,
- ImageNotSupportedException, UserNotFoundException, NotAllowedException, DatabaseConnectionException {
+ public void find_privateAnonymous_fails() {
/* mock */
when(userRepository.findByUsername(USER_1_USERNAME))
.thenReturn(Optional.of(USER_1));
/* test */
- final QueryDto response = find_generic(CONTAINER_1_ID, DATABASE_1_ID, DATABASE_1, QUERY_1_ID, QUERY_1, USER_1_USERNAME, null, null);
- assertEquals(QUERY_1_ID, response.getId());
- assertEquals(QUERY_1_STATEMENT, response.getQuery());
+ assertThrows(NotAllowedException.class, () -> {
+ find_generic(CONTAINER_1_ID, DATABASE_1_ID, DATABASE_1, QUERY_1_ID, QUERY_1, null, null, null);
+ });
}
@Test
@@ -198,7 +219,7 @@ public class StoreEndpointUnitTest extends BaseUnitTest {
public void find_databaseNotFound_fails() {
/* test */
- assertThrows(NotAllowedException.class, () -> {
+ assertThrows(DatabaseNotFoundException.class, () -> {
find_generic(CONTAINER_1_ID, DATABASE_1_ID, null, QUERY_1_ID, QUERY_1, USER_1_USERNAME, USER_1, USER_1_PRINCIPAL);
});
}
@@ -241,18 +262,17 @@ public class StoreEndpointUnitTest extends BaseUnitTest {
@Test
@WithMockUser(username = USER_2_USERNAME, authorities = "persist-query")
- public void persist_foreignWriteAll_succeeds() throws UserNotFoundException, QueryStoreException,
- NotAllowedException, DatabaseConnectionException, QueryAlreadyPersistedException, QueryNotFoundException,
- DatabaseNotFoundException, ImageNotSupportedException {
+ public void persist_foreignWriteAll_fails() {
/* mock */
when(userRepository.findByUsername(USER_1_USERNAME))
.thenReturn(Optional.of(USER_1));
/* test */
- final QueryDto response = persist_generic(CONTAINER_1_ID, DATABASE_1_ID, DATABASE_1, QUERY_1_ID, QUERY_1, USER_2_USERNAME, USER_2, USER_2_PRINCIPAL, DATABASE_1_DEVELOPER_WRITE_ALL_ACCESS);
- assertEquals(QUERY_1_ID, response.getId());
- assertEquals(QUERY_1_STATEMENT, response.getQuery());
+ assertThrows(NotAllowedException.class, () -> {
+ persist_generic(CONTAINER_1_ID, DATABASE_1_ID, DATABASE_1, QUERY_1_ID, QUERY_1, USER_2_USERNAME, USER_2, USER_2_PRINCIPAL, DATABASE_1_DEVELOPER_WRITE_ALL_ACCESS);
+ });
+
}
/* ################################################################################################### */
@@ -293,7 +313,7 @@ public class StoreEndpointUnitTest extends BaseUnitTest {
protected void findAll_generic(Long containerId, Long databaseId, Database database, Principal principal)
throws UserNotFoundException, QueryStoreException, DatabaseConnectionException, TableMalformedException,
- DatabaseNotFoundException, ImageNotSupportedException, ContainerNotFoundException {
+ DatabaseNotFoundException, ImageNotSupportedException, ContainerNotFoundException, NotAllowedException {
/* mock */
doReturn(List.of(QUERY_1)).when(storeService)
@@ -340,7 +360,7 @@ public class StoreEndpointUnitTest extends BaseUnitTest {
}
/* test */
- final ResponseEntity<QueryDto> response = storeEndpoint.find(CONTAINER_1_ID, DATABASE_1_ID, QUERY_1_ID, principal);
+ final ResponseEntity<QueryDto> response = storeEndpoint.find(containerId, databaseId, queryId, principal);
assertEquals(HttpStatus.OK, response.getStatusCode());
final QueryDto body = response.getBody();
assertNotNull(body);
diff --git a/dbrepo-user-service/rest-service/src/main/java/at/tuwien/endpoint/UserEndpoint.java b/dbrepo-user-service/rest-service/src/main/java/at/tuwien/endpoint/UserEndpoint.java
index abee215b1eed6d1103b075d18dd2f7b8e8b3de65..08e2b0d7a36b8b02a9096b8f3c875049c4757cfc 100644
--- a/dbrepo-user-service/rest-service/src/main/java/at/tuwien/endpoint/UserEndpoint.java
+++ b/dbrepo-user-service/rest-service/src/main/java/at/tuwien/endpoint/UserEndpoint.java
@@ -107,7 +107,7 @@ public class UserEndpoint {
throws UserNotFoundException, ForeignUserException, UserAttributeNotFoundException {
log.debug("endpoint modify a user, id={}, data={}, principal={}", id, data, principal);
final User user = userService.find(UUID.fromString(id));
- if (!user.equals(principal)) {
+ if (!user.equalsPrincipal(principal)) {
log.error("Failed to modify user: attempting to modify other user");
throw new ForeignUserException("Failed to modify user: attempting to modify other user");
}
@@ -128,7 +128,7 @@ public class UserEndpoint {
throws UserNotFoundException, ForeignUserException, UserAttributeNotFoundException {
log.debug("endpoint modify a user theme, id={}, data={}, principal={}", id, data, principal);
final User user = userService.find(UUID.fromString(id));
- if (!user.equals(principal)) {
+ if (!user.equalsPrincipal(principal)) {
log.error("Failed to modify user: attempting to modify other user");
throw new ForeignUserException("Failed to modify user: attempting to modify other user");
}
@@ -149,7 +149,7 @@ public class UserEndpoint {
throws UserNotFoundException, ForeignUserException {
log.debug("endpoint modify a user password, id={}, data={}, principal={}", id, data, principal);
final User user = userService.find(UUID.fromString(id));
- if (!user.equals(principal)) {
+ if (!user.equalsPrincipal(principal)) {
log.error("Failed to modify user: attempting to modify other user");
throw new ForeignUserException("Failed to modify user: attempting to modify other user");
}
diff --git a/dbrepo-user-service/rest-service/src/test/java/at/tuwien/mapper/UserMapperTest.java b/dbrepo-user-service/rest-service/src/test/java/at/tuwien/mapper/UserMapperTest.java
index 613f43e10dc9d0b63931d598d9966457f0b42c32..eefde32629df5e8dfc5cad2ce9d3f2818dca815a 100644
--- a/dbrepo-user-service/rest-service/src/test/java/at/tuwien/mapper/UserMapperTest.java
+++ b/dbrepo-user-service/rest-service/src/test/java/at/tuwien/mapper/UserMapperTest.java
@@ -21,7 +21,7 @@ public class UserMapperTest extends BaseUnitTest {
}
@Test
- public void equals_identitiy_succeeds() {
+ public void equals_identity_succeeds() {
/* test */
assertEquals(USER_1, USER_1);
diff --git a/dbrepo-user-service/services/src/main/java/at/tuwien/service/impl/UserServiceImpl.java b/dbrepo-user-service/services/src/main/java/at/tuwien/service/impl/UserServiceImpl.java
index e791cc968ea6448c8e15d68c44c5d3424a832adf..56f67ca22d47699a3c6a2b75e82a06972bc7ea20 100644
--- a/dbrepo-user-service/services/src/main/java/at/tuwien/service/impl/UserServiceImpl.java
+++ b/dbrepo-user-service/services/src/main/java/at/tuwien/service/impl/UserServiceImpl.java
@@ -127,7 +127,7 @@ public class UserServiceImpl implements UserService {
ForeignUserException, UserAttributeNotFoundException {
/* check */
User user = find(id);
- if (!user.getUsername().equals(principal.getName())) {
+ if (!user.equalsPrincipal(principal)) {
log.error("Failed to modify user: attempting to modify other user");
throw new ForeignUserException("Failed to modify user: attempting to modify other user");
}
@@ -147,7 +147,7 @@ public class UserServiceImpl implements UserService {
ForeignUserException {
/* check */
final User user = find(id);
- if (!user.getUsername().equals(principal.getName())) {
+ if (!user.equalsPrincipal(principal)) {
log.error("Failed to modify user: attempting to modify other user");
throw new ForeignUserException("Failed to modify user: attempting to modify other user");
}