Author: bleny Date: 2014-04-22 12:16:37 +0200 (Tue, 22 Apr 2014) New Revision: 1901 Url: http://forge.codelutin.com/projects/wao/repository/revisions/1901 Log: refs #4490 fix sample row filter values security issue Modified: trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/BoatsFilterValues.java trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/ContactsFilterValues.java trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/ObsMerBoatsService.java trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/SampleRowsFilterValues.java Modified: trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/BoatsFilterValues.java =================================================================== --- trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/BoatsFilterValues.java 2014-04-18 10:21:19 UTC (rev 1900) +++ trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/BoatsFilterValues.java 2014-04-22 10:16:37 UTC (rev 1901) @@ -21,6 +21,7 @@ * #L% */ +import com.google.common.base.Optional; import fr.ifremer.wao.BoatsFilter; import fr.ifremer.wao.entity.Boat; import fr.ifremer.wao.entity.ElligibleBoat; @@ -31,7 +32,9 @@ import fr.ifremer.wao.entity.TerrestrialLocation; import org.apache.commons.lang3.BooleanUtils; +import java.util.HashSet; import java.util.Locale; +import java.util.Set; import java.util.SortedSet; import java.util.TreeSet; @@ -46,6 +49,8 @@ private static final long serialVersionUID = 1L; + protected Optional<String> optionalCompanyId; + protected SampleRowsFilterValues elligibleForSampleRowsFilterValues; protected SortedSet<FilterOption> shipOwners = new TreeSet<>(); @@ -56,8 +61,9 @@ protected SortedSet<FilterOption> fleets = new TreeSet<>(); - public BoatsFilterValues(Locale locale, ObsProgram obsProgram) { + public BoatsFilterValues(Locale locale, ObsProgram obsProgram, Optional<String> optionalCompanyId) { super(locale, obsProgram); + this.optionalCompanyId = optionalCompanyId; this.elligibleForSampleRowsFilterValues = new SampleRowsFilterValues(locale, obsProgram); } @@ -90,10 +96,25 @@ fleet.getDescription())); } + Set<String> companyIds = new HashSet<>(); + for (FilterOption filterOption : elligibleForSampleRowsFilterValues.getCompanies()) { + String companyId = filterOption.getValue(); + companyIds.add(companyId); + } + for (ElligibleBoat elligibleBoat : boat.getElligibleBoat()) { SampleRow sampleRow = elligibleBoat.getSampleRow(); - // TODO brendan 08/04/14 vérifier que la sample row est bien associée à la société du coordinateur - if (obsProgram.equals(sampleRow.getObsProgram()) && (elligibleBoat.isGlobalActive() || BooleanUtils.isNotFalse(elligibleBoat.getCompanyActive()))) { + boolean sampleRowMatchesObsProgram = obsProgram.equals(sampleRow.getObsProgram()); + boolean sampleRowMatchesCompany = true; + if (optionalCompanyId.isPresent()) { + String sampleRowCompanyId = null; + if (sampleRow.getCompany() != null) { + sampleRowCompanyId = sampleRow.getCompany().getTopiaId(); + } + sampleRowMatchesCompany = optionalCompanyId.get().equals(sampleRowCompanyId); + } + boolean boatIsElligible = elligibleBoat.isGlobalActive() || BooleanUtils.isNotFalse(elligibleBoat.getCompanyActive()); + if (sampleRowMatchesObsProgram && sampleRowMatchesCompany && boatIsElligible) { elligibleForSampleRowsFilterValues.addSampleRow(sampleRow); } } Modified: trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/ContactsFilterValues.java =================================================================== --- trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/ContactsFilterValues.java 2014-04-18 10:21:19 UTC (rev 1900) +++ trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/ContactsFilterValues.java 2014-04-22 10:16:37 UTC (rev 1901) @@ -21,6 +21,7 @@ * #L% */ +import com.google.common.base.Optional; import fr.ifremer.wao.entity.Boat; import fr.ifremer.wao.entity.Contact; import fr.ifremer.wao.entity.ContactState; @@ -85,7 +86,7 @@ public ContactsFilterValues(Locale locale, ObsProgram obsProgram) { super(locale, obsProgram); - this.boatsFilterValues = new BoatsFilterValues(locale, obsProgram); + this.boatsFilterValues = new BoatsFilterValues(locale, obsProgram, Optional.<String>absent()); this.sampleRowsFilterValues = new SampleRowsFilterValues(locale, obsProgram); } Modified: trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/ObsMerBoatsService.java =================================================================== --- trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/ObsMerBoatsService.java 2014-04-18 10:21:19 UTC (rev 1900) +++ trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/ObsMerBoatsService.java 2014-04-22 10:16:37 UTC (rev 1901) @@ -69,19 +69,15 @@ BoatTopiaDao dao = getBoatDao(); - // XXX brendan 07/04/14 ne pas inclure les lignes qui ne sont pas associées à un autre société que celle du coordinateur -// Set<String> companyIds = null; -// if (authenticatedWaoUser.isCoordinatorOrObserver()) { -// companyIds = filter.getElligibleForSampleRowsFilter().getCompanyIds(); -// filter.getElligibleForSampleRowsFilter().setCompanyIds(ImmutableSet.of(authenticatedWaoUser.getCompany().getTopiaId())); -// } List<Boat> boats = dao.findAll(filter); -// if (authenticatedWaoUser.isCoordinatorOrObserver()) { -// filter.getElligibleForSampleRowsFilter().setCompanyIds(companyIds); -// } - BoatsFilterValues boatsFilterValues = new BoatsFilterValues(serviceContext.getLocale(), filter.getObsProgram()); + Optional<String> optionalCompanyId = Optional.absent(); + if (authenticatedWaoUser.isCoordinatorOrObserver()) { + optionalCompanyId = Optional.of(authenticatedWaoUser.getCompany().getTopiaId()); + } + BoatsFilterValues boatsFilterValues = new BoatsFilterValues(serviceContext.getLocale(), filter.getObsProgram(), optionalCompanyId); + for (Boat boat : boats) { boatsFilterValues.addBoat(boat); } Modified: trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/SampleRowsFilterValues.java =================================================================== --- trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/SampleRowsFilterValues.java 2014-04-18 10:21:19 UTC (rev 1900) +++ trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/SampleRowsFilterValues.java 2014-04-22 10:16:37 UTC (rev 1901) @@ -75,7 +75,7 @@ fishingZoneSectorNames.add(FilterOption.forString(fishingZone.getSectorName())); } //sampleRowCodes.add(FilterOption.forString(sampleRow.getCode())); - sampleRowCodes.add(FilterOption.forValueAndLabel(sampleRow.getCode(), sampleRow.getCode() + " " + (sampleRow.getCompany() == null ? "" : sampleRow.getCompany().getName()))); + sampleRowCodes.add(FilterOption.forString(sampleRow.getCode())); programNames.add(FilterOption.forString(sampleRow.getProgramName())); Company company = sampleRow.getCompany();