v0.2.52..v0.2.53 changeset FolderResource.java
Garret Voltz edited this page Feb 12, 2020
·
1 revision
diff --git a/hoot-services/src/main/java/hoot/services/controllers/osm/map/FolderResource.java b/hoot-services/src/main/java/hoot/services/controllers/osm/map/FolderResource.java
index a8b3ab5..d8ad739 100644
--- a/hoot-services/src/main/java/hoot/services/controllers/osm/map/FolderResource.java
+++ b/hoot-services/src/main/java/hoot/services/controllers/osm/map/FolderResource.java
@@ -69,6 +69,7 @@ import com.querydsl.core.Tuple;
import com.querydsl.core.types.dsl.Expressions;
import com.querydsl.sql.SQLQuery;
+import hoot.services.controllers.osm.user.UserResource;
import hoot.services.models.db.FolderMapMappings;
import hoot.services.models.db.Folders;
import hoot.services.models.db.Users;
@@ -82,6 +83,10 @@ public class FolderResource {
private static final Logger logger = LoggerFactory.getLogger(FolderResource.class);
public static boolean folderIsPublic(List<Folders> folders, Folders f, Users user) {
+ // If the user is an admin
+ if(UserResource.adminUserCheck(user)) {
+ return true;
+ }
// If its public & attached to root (0)
if(f.isPublic() && f.getParentId().equals(0L)) {
return true;
@@ -169,8 +174,8 @@ public class FolderResource {
.from(folderMapMappings)
.leftJoin(folders).on(folders.id.eq(folderMapMappings.folderId))
.where(folders.id.ne(0L));
- if(user != null) {
- // public or folder owned by current user
+ if (user != null && !UserResource.adminUserCheck(user)) {
+ // public or folder owned by current user or user is admin
sql.where(folders.publicCol.isTrue().or(folders.userId.eq(user.getId())));
}
List<FolderMapMappings> links = sql.orderBy(folderMapMappings.folderId.asc()).fetch();
@@ -338,7 +343,7 @@ public class FolderResource {
}
- DbUtils.setFolderParent(folderId, newParentFolderId);
+ DbUtils.setFolderParent(folderId, parentFolder);
java.util.Map<String, Object> ret = new HashMap<String, Object>();
ret.put("success", true);
@@ -393,14 +398,16 @@ public class FolderResource {
throw new ForbiddenException(Response.status(Status.FORBIDDEN).type(MediaType.TEXT_PLAIN).entity("You must own the folder to set/view it's attributes").build());
}
+ // If a folder is changed to public, it will recurse up the parents and set those folders to public
+ // If a folder is changed private, it will recurse down that folder and set everything to private
String query = String.format("with recursive related_folders as (" +
- " select id,parent_id,display_name,user_id,public,created_at from folders where id = %d" +
+ " select id, parent_id, display_name, user_id, public, created_at from folders where id = %d" +
" union" +
- " select f.id,f.parent_id,f.display_name,f.user_id,f.public,f.created_at from folders f" +
+ " select f.id, f.parent_id, f.display_name, f.user_id, f.public, f.created_at from folders f" +
" inner join related_folders rf on (" +
- " f.id != 0 AND (f.parent_id = rf.id" +
- " OR" +
- " f.id = rf.parent_id)" +
+ " f.id != 0 AND (" +
+ (visibility.equals("public") ? "f.id = rf.parent_id" : "f.parent_id = rf.id") +
+ " )" +
" )" +
")" +
"update folders x set public = %s " +
@@ -558,7 +565,8 @@ public class FolderResource {
if(folder == null) {
throw new NotFoundException();
}
- if(user == null || user.getId().equals(folder.getUserId()) || folder.isPublic()) {
+
+ if(user == null || UserResource.adminUserCheck(user) || user.getId().equals(folder.getUserId()) || folder.isPublic()) {
return folder;
}
throw new ForbiddenException(Response.status(Status.FORBIDDEN).type(MediaType.TEXT_PLAIN).entity("You do not have access to this folder").build());