From 1cf12124670576f7bd13ca9f3e3448a603dfd4bf Mon Sep 17 00:00:00 2001
From: Timm Fitschen <t.fitschen@indiscale.com>
Date: Wed, 8 Dec 2021 22:01:19 +0100
Subject: [PATCH] DEPS: update shiro
---
pom.xml | 2 +-
.../java/org/caosdb/server/CaosDBServer.java | 2 ++
src/main/java/org/caosdb/server/jobs/Job.java | 7 +++----
.../caosdb/server/jobs/core/CheckPropValid.java | 16 +++++++---------
4 files changed, 13 insertions(+), 14 deletions(-)
diff --git a/pom.xml b/pom.xml
index d495e32d..609971c4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -73,7 +73,7 @@
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
- <version>1.5.3</version>
+ <version>1.8.0</version>
</dependency>
<dependency>
<groupId>junit</groupId>
diff --git a/src/main/java/org/caosdb/server/CaosDBServer.java b/src/main/java/org/caosdb/server/CaosDBServer.java
index 17bb1e50..a7aa4f8d 100644
--- a/src/main/java/org/caosdb/server/CaosDBServer.java
+++ b/src/main/java/org/caosdb/server/CaosDBServer.java
@@ -326,6 +326,8 @@ public class CaosDBServer extends Application {
// ChecksumUpdater
ChecksumUpdater.start();
+
+ ThreadContext.remove();
}
} else {
logger.info("NO BACKEND");
diff --git a/src/main/java/org/caosdb/server/jobs/Job.java b/src/main/java/org/caosdb/server/jobs/Job.java
index 2de6b085..14d1185c 100644
--- a/src/main/java/org/caosdb/server/jobs/Job.java
+++ b/src/main/java/org/caosdb/server/jobs/Job.java
@@ -28,6 +28,7 @@ import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.subject.Subject;
import org.caosdb.server.CaosDBException;
@@ -301,10 +302,8 @@ public abstract class Job {
}
protected final void checkPermission(final EntityInterface entity, final Permission permission)
- throws Message {
- if (!entity.getEntityACL().isPermitted(SecurityUtils.getSubject(), permission)) {
- throw ServerMessages.AUTHORIZATION_ERROR;
- }
+ throws AuthorizationException {
+ entity.checkPermission(permission);
}
/**
diff --git a/src/main/java/org/caosdb/server/jobs/core/CheckPropValid.java b/src/main/java/org/caosdb/server/jobs/core/CheckPropValid.java
index 390deedd..7d9dbc91 100644
--- a/src/main/java/org/caosdb/server/jobs/core/CheckPropValid.java
+++ b/src/main/java/org/caosdb/server/jobs/core/CheckPropValid.java
@@ -23,7 +23,7 @@
package org.caosdb.server.jobs.core;
import static org.caosdb.server.utils.ServerMessages.ENTITY_DOES_NOT_EXIST;
-
+import org.apache.shiro.authz.AuthorizationException;
import com.google.common.base.Objects;
import org.caosdb.server.database.exceptions.EntityDoesNotExistException;
import org.caosdb.server.database.exceptions.EntityWasNotUniqueException;
@@ -124,11 +124,14 @@ public class CheckPropValid extends EntityJob {
}
}
} catch (final Message m) {
- addError(property, m);
+ property.addError(m);
+ } catch (AuthorizationException e) {
+ property.addError( ServerMessages.AUTHORIZATION_ERROR);
+ property.addInfo(e.getMessage());
} catch (final EntityDoesNotExistException e) {
- addError(property, ENTITY_DOES_NOT_EXIST);
+ property.addError( ENTITY_DOES_NOT_EXIST);
} catch (final EntityWasNotUniqueException e) {
- addError(property, ServerMessages.ENTITY_NAME_DUPLICATES);
+ property.addError( ServerMessages.ENTITY_NAME_DUPLICATES);
}
}
@@ -147,11 +150,6 @@ public class CheckPropValid extends EntityJob {
checkPermission(property, EntityPermission.USE_AS_PROPERTY);
}
- private void addError(final EntityInterface property, final Message m) {
- property.addError(m);
- property.setEntityStatus(EntityStatus.UNQUALIFIED);
- }
-
private static void deriveOverrideStatus(final Property child, final EntityInterface parent) {
if (!Objects.equal(child.getName(), parent.getName())) {
if (child.hasName()) {
--
GitLab