From bb7695e2776ebaf618eeb68c5ab014c5a92da316 Mon Sep 17 00:00:00 2001
From: Timm Fitschen <t.fitschen@indiscale.com>
Date: Mon, 21 Oct 2019 12:47:59 +0200
Subject: [PATCH] BUG: Anonymous throws 500 in ScriptingResource

---
 .../caosdb/server/resource/ScriptingResource.java     | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/main/java/caosdb/server/resource/ScriptingResource.java b/src/main/java/caosdb/server/resource/ScriptingResource.java
index 81a84ab6..43e11cf6 100644
--- a/src/main/java/caosdb/server/resource/ScriptingResource.java
+++ b/src/main/java/caosdb/server/resource/ScriptingResource.java
@@ -27,6 +27,7 @@ package caosdb.server.resource;
 import caosdb.server.FileSystem;
 import caosdb.server.accessControl.Principal;
 import caosdb.server.accessControl.SessionToken;
+import caosdb.server.accessControl.UserSources;
 import caosdb.server.entity.FileProperties;
 import caosdb.server.entity.Message;
 import caosdb.server.scripting.CallerSerializer;
@@ -82,6 +83,9 @@ public class ScriptingResource extends AbstractCaosDBServerResource {
   @Override
   protected Representation httpPostInChildClass(Representation entity) throws Exception {
 
+    if(isAnonymous()) {
+      throw ServerMessages.AUTHORIZATION_ERROR;
+    }
     MediaType mediaType = entity.getMediaType();
     try {
       if (mediaType.equals(MediaType.MULTIPART_FORM_DATA, true)) {
@@ -201,7 +205,12 @@ public class ScriptingResource extends AbstractCaosDBServerResource {
   public Object generateAuthToken() {
     return SessionToken.generate((Principal) getUser().getPrincipal(), null);
   }
-
+  
+  boolean isAnonymous() {
+    boolean ret = getUser().hasRole(UserSources.ANONYMOUS_ROLE);
+    return ret;
+  }
+  
   public int callScript(
       List<String> commandLine, Integer timeoutMs, List<FileProperties> files, Object authToken)
       throws Message {
-- 
GitLab