Use read perm for gets (#3777)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
DARPA-ASKEM · Jun 6, 2024 · 9343cda · 9343cda
1 parent 2c3994a
commit 9343cda
Show file tree

Hide file tree

Showing 7 changed files with 11 additions and 11 deletions.
diff --git a/.../java/software/uncharted/terarium/hmiserver/controller/dataservice/DatasetController.java b/.../java/software/uncharted/terarium/hmiserver/controller/dataservice/DatasetController.java
@@ -490,7 +490,7 @@ public ResponseEntity<PresignedURL> getDownloadURL(
  @RequestParam("filename") final String filename,
  @RequestParam(name = "project-id", required = false) final UUID projectId) {
  final Schema.Permission permission =
- projectService.checkPermissionCanWrite(currentUserService.get().getId(), projectId);
+ projectService.checkPermissionCanRead(currentUserService.get().getId(), projectId);
 
  final Optional<Dataset> dataset;
  try {

diff --git a/...in/java/software/uncharted/terarium/hmiserver/controller/dataservice/ModelController.java b/...in/java/software/uncharted/terarium/hmiserver/controller/dataservice/ModelController.java
@@ -137,7 +137,7 @@ ResponseEntity<ModelDescription> getDescription(
  @PathVariable("id") final UUID id, @RequestParam("project-id") final UUID projectId) {
 
  final Schema.Permission permission =
- projectService.checkPermissionCanWrite(currentUserService.get().getId(), projectId);
+ projectService.checkPermissionCanRead(currentUserService.get().getId(), projectId);
 
  try {
  final Optional<ModelDescription> model = modelService.getDescription(id, permission);
@@ -442,7 +442,7 @@ ResponseEntity<List<ModelConfiguration>> getModelConfigurationsForModelId(
  @RequestParam(value = "page-size", required = false, defaultValue = "100") final int pageSize,
  @RequestParam(name = "project-id", required = false) final UUID projectId) {
  final Schema.Permission permission =
- projectService.checkPermissionCanWrite(currentUserService.get().getId(), projectId);
+ projectService.checkPermissionCanRead(currentUserService.get().getId(), projectId);
 
  try {
  final List<ModelConfiguration> modelConfigurations =

diff --git a/...ftware/uncharted/terarium/hmiserver/controller/dataservice/NotebookSessionController.java b/...ftware/uncharted/terarium/hmiserver/controller/dataservice/NotebookSessionController.java
@@ -242,7 +242,7 @@ ResponseEntity<NotebookSession> cloneNotebookSession(
  @PathVariable("id") final UUID id,
  @RequestParam(name = "project-id", required = false) final UUID projectId) {
  final Schema.Permission permission =
- projectService.checkPermissionCanWrite(currentUserService.get().getId(), projectId);
+ projectService.checkPermissionCanRead(currentUserService.get().getId(), projectId);
  try {
  final Optional<NotebookSession> session = sessionService.getAsset(id, permission);
  if (session.isEmpty()) {

diff --git a/...va/software/uncharted/terarium/hmiserver/controller/dataservice/SimulationController.java b/...va/software/uncharted/terarium/hmiserver/controller/dataservice/SimulationController.java
@@ -133,7 +133,7 @@ public ResponseEntity<Simulation> getSimulation(
  @PathVariable("id") final UUID id,
  @RequestParam(name = "project-id", required = false) final UUID projectId) {
  final Schema.Permission permission =
- projectService.checkPermissionCanWrite(currentUserService.get().getId(), projectId);
+ projectService.checkPermissionCanRead(currentUserService.get().getId(), projectId);
 
  try {
  Optional<Simulation> simulation = simulationService.getAsset(id, permission);

diff --git a/.../java/software/uncharted/terarium/hmiserver/controller/dataservice/TDSCodeController.java b/.../java/software/uncharted/terarium/hmiserver/controller/dataservice/TDSCodeController.java
@@ -189,7 +189,7 @@ public ResponseEntity<Code> getCode(
  @PathVariable("id") final UUID id,
  @RequestParam(name = "project-id", required = false) final UUID projectId) {
  final Schema.Permission permission =
- projectService.checkPermissionCanWrite(currentUserService.get().getId(), projectId);
+ projectService.checkPermissionCanRead(currentUserService.get().getId(), projectId);
 
  try {
  final Optional<Code> code = codeService.getAsset(id, permission);

diff --git a/...java/software/uncharted/terarium/hmiserver/controller/dataservice/WorkflowController.java b/...java/software/uncharted/terarium/hmiserver/controller/dataservice/WorkflowController.java
@@ -110,7 +110,7 @@ public ResponseEntity<Workflow> getWorkflow(
  @PathVariable("id") final UUID id,
  @RequestParam(name = "project-id", required = false) final UUID projectId) {
  final Schema.Permission permission =
- projectService.checkPermissionCanWrite(currentUserService.get().getId(), projectId);
+ projectService.checkPermissionCanRead(currentUserService.get().getId(), projectId);
 
  final Optional<Workflow> workflow = workflowService.getAsset(id, permission);
  return workflow.map(ResponseEntity::ok)

diff --git a/...rver/src/main/java/software/uncharted/terarium/hmiserver/service/data/ProjectService.java b/...rver/src/main/java/software/uncharted/terarium/hmiserver/service/data/ProjectService.java
@@ -93,12 +93,12 @@ public Schema.Permission checkPermissionCanReadOrNone(final String userId, final
  if (rebacUser.can(rebacProject, Schema.Permission.READ)) {
  return Schema.Permission.READ;
  }
- return Schema.Permission.NONE;
  } catch (final Exception e) {
  log.error("Error updating project", e);
  throw new ResponseStatusException(
  HttpStatus.SERVICE_UNAVAILABLE, messages.get("rebac.service-unavailable"));
  }
+ return Schema.Permission.NONE;
  }
 
  public Schema.Permission checkPermissionCanRead(final String userId, final UUID projectId)
@@ -109,12 +109,12 @@ public Schema.Permission checkPermissionCanRead(final String userId, final UUID
  if (rebacUser.can(rebacProject, Schema.Permission.READ)) {
  return Schema.Permission.READ;
  }
- throw new ResponseStatusException(HttpStatus.FORBIDDEN, messages.get("rebac.unauthorized-update"));
  } catch (final Exception e) {
  log.error("Error check project permission", e);
  throw new ResponseStatusException(
  HttpStatus.SERVICE_UNAVAILABLE, messages.get("rebac.service-unavailable"));
  }
+ throw new ResponseStatusException(HttpStatus.FORBIDDEN, messages.get("rebac.unauthorized-update"));
  }
 
  public Schema.Permission checkPermissionCanWrite(final String userId, final UUID projectId)
@@ -125,12 +125,12 @@ public Schema.Permission checkPermissionCanWrite(final String userId, final UUID
  if (rebacUser.can(rebacProject, Schema.Permission.WRITE)) {
  return Schema.Permission.WRITE;
  }
- throw new ResponseStatusException(HttpStatus.FORBIDDEN, messages.get("rebac.unauthorized-update"));
  } catch (final Exception e) {
  log.error("Error check project permission", e);
  throw new ResponseStatusException(
  HttpStatus.SERVICE_UNAVAILABLE, messages.get("rebac.service-unavailable"));
  }
+ throw new ResponseStatusException(HttpStatus.FORBIDDEN, messages.get("rebac.unauthorized-update"));
  }
 
  public Schema.Permission checkPermissionCanAdministrate(final String userId, final UUID projectId)
@@ -141,11 +141,11 @@ public Schema.Permission checkPermissionCanAdministrate(final String userId, fin
  if (rebacUser.can(rebacProject, Schema.Permission.ADMINISTRATE)) {
  return Schema.Permission.ADMINISTRATE;
  }
- throw new ResponseStatusException(HttpStatus.FORBIDDEN, messages.get("rebac.unauthorized-update"));
  } catch (final Exception e) {
  log.error("Error check project permission", e);
  throw new ResponseStatusException(
  HttpStatus.SERVICE_UNAVAILABLE, messages.get("rebac.service-unavailable"));
  }
+ throw new ResponseStatusException(HttpStatus.FORBIDDEN, messages.get("rebac.unauthorized-update"));
  }
 }