Skip to content

v0.2.52..v0.2.53 changeset JobStatusManagerImpl.java

Jump to bottom
Garret Voltz edited this page Feb 12, 2020 · 1 revision 
diff --git a/hoot-services/src/main/java/hoot/services/job/JobStatusManagerImpl.java b/hoot-services/src/main/java/hoot/services/job/JobStatusManagerImpl.java
index 7490a0a..20b94e1 100644
--- a/hoot-services/src/main/java/hoot/services/job/JobStatusManagerImpl.java
+++ b/hoot-services/src/main/java/hoot/services/job/JobStatusManagerImpl.java
@@ -22,7 +22,7 @@
  * This will properly maintain the copyright information. DigitalGlobe
  * copyrights will be updated automatically.
  *
- * @copyright Copyright (C) 2015, 2016, 2017, 2019 DigitalGlobe (http://www.digitalglobe.com/)
+ * @copyright Copyright (C) 2015, 2016, 2017, 2019, 2020 DigitalGlobe (http://www.digitalglobe.com/)
  */
 package hoot.services.job;
 
@@ -44,8 +44,11 @@ import org.springframework.stereotype.Component;
 import org.springframework.transaction.annotation.Propagation;
 import org.springframework.transaction.annotation.Transactional;
 
+import com.querydsl.core.types.dsl.BooleanExpression;
+
 import hoot.services.command.Command;
 import hoot.services.command.ExternalCommand;
+import hoot.services.controllers.osm.user.UserResource;
 import hoot.services.models.db.CommandStatus;
 import hoot.services.utils.DbUtils;
 
@@ -216,10 +219,18 @@ public class JobStatusManagerImpl implements JobStatusManager {
     @Override
     public hoot.services.models.db.JobStatus getJobStatusObj(String jobId, Long userId) {
         try {
-            return createQuery().select(jobStatus).from(jobStatus).where(jobStatus.jobId.eq(jobId).and(
-                        jobStatus.userId.eq(userId).or(jobStatus.status.eq(RUNNING.ordinal()))
-                    )
-                ).fetchOne();
+            BooleanExpression isVisible = jobStatus.jobId.eq(jobId);
+
+            // if user is not admin enforce visiblity rules
+            // admins can see everything
+            if (!UserResource.adminUserCheck(DbUtils.getUser(userId))) {
+                isVisible = isVisible.and(
+                        jobStatus.userId.eq(userId)
+                        .or(jobStatus.status.eq(RUNNING.ordinal()))
+                    );
+            }
+
+            return createQuery().select(jobStatus).from(jobStatus).where(isVisible).fetchOne();
         }
         catch (Exception e) {
             logger.error("{} failed to fetch job status.", jobId, e);
@@ -231,9 +242,16 @@ public class JobStatusManagerImpl implements JobStatusManager {
     @Override
     public List<CommandStatus> getCommandDetail(String jobId, Long userId) {
         try {
-            return createQuery().select(commandStatus).from(commandStatus, jobStatus).where(jobStatus.jobId.eq(jobId)
-                    .and(jobStatus.userId.eq(userId)
-                    .and(jobStatus.jobId.eq(commandStatus.jobId)))).fetch();
+            BooleanExpression isVisible = jobStatus.jobId.eq(jobId)
+                    .and(jobStatus.jobId.eq(commandStatus.jobId));
+
+            // if user is not admin enforce visiblity rules
+            // admins can see everything
+            if (!UserResource.adminUserCheck(DbUtils.getUser(userId))) {
+                isVisible = isVisible.and(jobStatus.userId.eq(userId));
+            }
+
+            return createQuery().select(commandStatus).from(commandStatus, jobStatus).where(isVisible).fetch();
         }
         catch (Exception e) {
             logger.error("{} failed to fetch command status(es) for job with ID = {}", jobId, e);
Clone this wiki locally