Skip to content

Commit

Permalink
#4557 - Bulk process page should not show processes from other projects
Browse files Browse the repository at this point in the history 
- After enabling method security, remove pointles preauthorize annotations
  • Loading branch information
@reckart
reckart committed Mar 9, 2024
1 parent 07b448f commit 29123a8
Show file tree
Hide file tree
Showing 9 changed files with 34 additions and 69 deletions.
4 changes: 0 additions & 4 deletions inception/inception-curation/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,10 +114,6 @@
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-autoconfigure</artifactId>
Expand Down
2 changes: 0 additions & 2 deletions .../src/main/java/de/tudarmstadt/ukp/inception/curation/service/CurationDocumentService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@

import org.apache.uima.UIMAException;
import org.apache.uima.cas.CAS;
import org.springframework.security.access.prepost.PreAuthorize;

import de.tudarmstadt.ukp.clarin.webanno.api.casstorage.ConcurentCasModificationException;
import de.tudarmstadt.ukp.clarin.webanno.model.AnnotationDocument;
Expand All @@ -50,7 +49,6 @@ public interface CurationDocumentService
* @throws IOException
* if an I/O error occurs.
*/
@PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')")
void writeCurationCas(CAS aCas, SourceDocument document, boolean aUpdateTimestamp)
throws IOException;

Expand Down
20 changes: 8 additions & 12 deletions ...e/tudarmstadt/ukp/inception/diam/service/DiamWebsocketController_ViewportRoutingTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -219,22 +219,18 @@ public void tearDown()
@Test
public void thatViewportBasedMessageRoutingWorks() throws Exception
{
CountDownLatch subscriptionDone = new CountDownLatch(2);
CountDownLatch initDone = new CountDownLatch(2);
var subscriptionDone = new CountDownLatch(2);
var initDone = new CountDownLatch(2);

ViewportDefinition vpd1 = new ViewportDefinition(testAnnotationDocument, 10, 20,
FORMAT_LEGACY);
ViewportDefinition vpd2 = new ViewportDefinition(testAnnotationDocument, 30, 40,
FORMAT_LEGACY);
var vpd1 = new ViewportDefinition(testAnnotationDocument, 10, 20, FORMAT_LEGACY);
var vpd2 = new ViewportDefinition(testAnnotationDocument, 30, 40, FORMAT_LEGACY);

var sessionHandler1 = new SessionHandler(subscriptionDone, initDone, vpd1);
var sessionHandler2 = new SessionHandler(subscriptionDone, initDone, vpd2);

// try {
StompSession session1 = stompClient.connect(websocketUrl, sessionHandler1).get(1000,
SECONDS);
StompSession session2 = stompClient.connect(websocketUrl, sessionHandler2).get(1000,
SECONDS);
var session1 = stompClient.connect(websocketUrl, sessionHandler1).get(1000, SECONDS);
var session2 = stompClient.connect(websocketUrl, sessionHandler2).get(1000, SECONDS);
// }
// catch (Exception e) {
// Thread.sleep(Duration.of(3, ChronoUnit.HOURS).toMillis());
Expand Down Expand Up @@ -341,7 +337,7 @@ public ApplicationContextProvider applicationContextProvider()
public DaoAuthenticationProvider internalAuthenticationProvider(PasswordEncoder aEncoder,
@Lazy UserDetailsManager aUserDetailsManager)
{
DaoAuthenticationProvider authProvider = new InceptionDaoAuthenticationProvider();
var authProvider = new InceptionDaoAuthenticationProvider();
authProvider.setUserDetailsService(aUserDetailsManager);
authProvider.setPasswordEncoder(aEncoder);
return authProvider;
Expand All @@ -362,7 +358,7 @@ public String getId()
@Override
public void render(VDocument aResponse, RenderRequest aRequest)
{
AnnotationLayer layer = new AnnotationLayer();
var layer = new AnnotationLayer();
layer.setId(1l);
aResponse.add(
new VSpan(layer, new VID(1), new VRange(aRequest.getWindowBeginOffset(),
Expand Down
14 changes: 3 additions & 11 deletions ...cuments-api/src/main/java/de/tudarmstadt/ukp/inception/documents/api/DocumentService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@
import org.apache.uima.cas.CAS;
import org.apache.uima.resource.metadata.TypeSystemDescription;
import org.apache.wicket.validation.ValidationError;
import org.springframework.security.access.prepost.PreAuthorize;

import de.tudarmstadt.ukp.clarin.webanno.api.casstorage.CasAccessMode;
import de.tudarmstadt.ukp.clarin.webanno.api.casstorage.CasUpgradeMode;
Expand Down Expand Up @@ -71,7 +70,6 @@ public interface DocumentService
* {@link SourceDocument} to be created
* @return the source document
*/
@PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER','ROLE_REMOTE')")
SourceDocument createSourceDocument(SourceDocument document);

/**
Expand Down Expand Up @@ -148,7 +146,6 @@ List<SourceDocument> listSourceDocumentsInState(Project aProject,
* @throws IOException
* If the source document searched for deletion is not available
*/
@PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER', 'ROLE_REMOTE')")
void removeSourceDocument(SourceDocument document) throws IOException;

/**
Expand All @@ -164,7 +161,6 @@ List<SourceDocument> listSourceDocumentsInState(Project aProject,
* @throws UIMAException
* if a conversion error occurs.
*/
@PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER','ROLE_REMOTE')")
void uploadSourceDocument(InputStream file, SourceDocument document)
throws IOException, UIMAException;

Expand All @@ -184,7 +180,6 @@ void uploadSourceDocument(InputStream file, SourceDocument document)
* @throws UIMAException
* if a conversion error occurs.
*/
@PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER','ROLE_REMOTE')")
void uploadSourceDocument(InputStream file, SourceDocument document,
TypeSystemDescription aFullProjectTypeSystem)
throws IOException, UIMAException;
Expand All @@ -208,7 +203,6 @@ SourceDocumentState setSourceDocumentState(SourceDocument aDocument,
* and id of {@link User}
* @return the annotation document.
*/
@PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')")
AnnotationDocument createAnnotationDocument(AnnotationDocument annotationDocument);

/**
Expand All @@ -224,7 +218,6 @@ SourceDocumentState setSourceDocumentState(SourceDocument aDocument,
* @throws IOException
* if an I/O error occurs.
*/
@PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')")
void writeAnnotationCas(CAS aCas, AnnotationDocument aAnnotationDocument,
boolean aExplicitAnnotatorUserAction)
throws IOException;
Expand All @@ -244,7 +237,6 @@ void writeAnnotationCas(CAS aCas, AnnotationDocument aAnnotationDocument,
* @throws IOException
* if an I/O error occurs.
*/
@PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')")
void writeAnnotationCas(CAS aCas, SourceDocument aDocument, User aUser,
boolean aExplicitAnnotatorUserAction)
throws IOException;
Expand Down Expand Up @@ -282,7 +274,6 @@ void writeAnnotationCas(CAS aCas, SourceDocument aDocument, String aUser,
* @throws IOException
* if an I/O error occurs.
*/
@PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')")
void resetAnnotationCas(SourceDocument aDocument, User aUser,
AnnotationDocumentStateChangeFlag... aFlags)
throws UIMAException, IOException;
Expand Down Expand Up @@ -528,10 +519,11 @@ CAS createOrReadInitialCas(SourceDocument aDocument, CasUpgradeMode aUpgradeMode
* @param document
* The {@link SourceDocument} to be examined
* @return the file size of the initial CAS for the given source document.
* @throws IOException accessing the file.
* @throws IOException
* accessing the file.
*/
Optional<Long> getInitialCasFileSize(SourceDocument document) throws IOException;

/**
* List all the {@link AnnotationDocument annotation documents} in a given project.
* <p>
Expand Down
45 changes: 23 additions & 22 deletions ...n-documents/src/main/java/de/tudarmstadt/ukp/inception/documents/DocumentServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -219,7 +219,7 @@ public void exportSourceDocuments(OutputStream os, List<SourceDocument> selected
{
try (var zos = new ZipOutputStream(os)) {
for (var doc : selectedDocuments) {
try (InputStream dis = new FileInputStream(getSourceDocumentFile(doc))) {
try (var dis = new FileInputStream(getSourceDocumentFile(doc))) {
zos.putNextEntry(new ZipEntry(doc.getName()));
IOUtils.copyLarge(dis, zos);
}
Expand Down Expand Up @@ -273,8 +273,9 @@ public boolean existsAnnotationDocument(SourceDocument aDocument, String aUserna
"FROM AnnotationDocument WHERE project = :project "
+ " AND document = :document AND user = :user",
AnnotationDocument.class)
.setParameter("project", aDocument.getProject())
.setParameter("document", aDocument).setParameter("user", aUsername)
.setParameter("project", aDocument.getProject()) //
.setParameter("document", aDocument) //
.setParameter("user", aUsername) //
.getSingleResult();
return true;
}
Expand All @@ -299,9 +300,8 @@ public AnnotationDocument createAnnotationDocument(AnnotationDocument aAnnotatio

return aAnnotationDocument;
}
else {
return entityManager.merge(aAnnotationDocument);
}

return entityManager.merge(aAnnotationDocument);
}

// NO TRANSACTION REQUIRED - This does not do any should not do a database access, so we do not
Expand Down Expand Up @@ -332,7 +332,8 @@ public boolean existsSourceDocument(Project aProject)
var query = cb.createQuery(Long.class);
var doc = query.from(SourceDocument.class);

query.select(cb.count(doc)).where(cb.equal(doc.get(SourceDocument_.project), aProject));
query.select(cb.count(doc)) //
.where(cb.equal(doc.get(SourceDocument_.project), aProject));

return entityManager.createQuery(query).getSingleResult() > 0;
}
Expand All @@ -344,12 +345,12 @@ public boolean existsSourceDocument(Project aProject, String aFileName)
Validate.notNull(aProject, "Project must be specified");
Validate.notBlank(aFileName, "File name must be specified");

String query = String.join("\n", //
var query = String.join("\n", //
"SELECT COUNT(*)", //
"FROM SourceDocument", //
"WHERE project = :project AND name =:name ");

long count = entityManager.createQuery(query, Long.class) //
var count = entityManager.createQuery(query, Long.class) //
.setParameter("project", aProject) //
.setParameter("name", aFileName) //
.getSingleResult();
Expand Down Expand Up @@ -383,10 +384,10 @@ public List<AnnotationDocument> createOrGetAnnotationDocuments(SourceDocument aD
return emptyList();
}

Set<String> usersWithoutAnnotationDocument = new HashSet<>();
var usersWithoutAnnotationDocument = new HashSet<String>();
aUsers.forEach(user -> usersWithoutAnnotationDocument.add(user.getUsername()));

List<AnnotationDocument> annDocs = listAnnotationDocuments(aDocument);
var annDocs = listAnnotationDocuments(aDocument);
annDocs.stream().forEach(annDoc -> usersWithoutAnnotationDocument.remove(annDoc.getUser()));

for (var user : usersWithoutAnnotationDocument) {
Expand All @@ -410,11 +411,11 @@ public List<AnnotationDocument> createOrGetAnnotationDocuments(
return emptyList();
}

Project project = aDocuments.iterator().next().getProject();
Set<SourceDocument> sourceDocsWithoutAnnotationDocument = new HashSet<>();
var project = aDocuments.iterator().next().getProject();
var sourceDocsWithoutAnnotationDocument = new HashSet<SourceDocument>();
aDocuments.forEach(srcDoc -> sourceDocsWithoutAnnotationDocument.add(srcDoc));

List<AnnotationDocument> annDocs = listAnnotationDocuments(project, aUser);
var annDocs = listAnnotationDocuments(project, aUser);
annDocs.stream().forEach(
annDoc -> sourceDocsWithoutAnnotationDocument.remove(annDoc.getDocument()));

Expand Down Expand Up @@ -541,13 +542,13 @@ public boolean existsFinishedAnnotation(SourceDocument aDocument)
{
Validate.notNull(aDocument, "Source document must be specified");

String query = join("\n", //
var query = join("\n", //
"SELECT COUNT(*) ", //
"FROM AnnotationDocument ", //
"WHERE document = :document AND state = :state");

long count = entityManager.createQuery(query, Long.class)
.setParameter("document", aDocument)
var count = entityManager.createQuery(query, Long.class) //
.setParameter("document", aDocument) //
.setParameter("state", AnnotationDocumentState.FINISHED) //
.getSingleResult();

Expand All @@ -560,12 +561,12 @@ public boolean existsFinishedAnnotation(Project aProject)
{
Validate.notNull(aProject, "Project must be specified");

String query = join("\n", //
var query = join("\n", //
"SELECT COUNT(*) ", //
"FROM AnnotationDocument ", //
"WHERE document.project = :project AND state = :state");

long count = entityManager.createQuery(query, Long.class) //
var count = entityManager.createQuery(query, Long.class) //
.setParameter("project", aProject) //
.setParameter("state", AnnotationDocumentState.FINISHED) //
.getSingleResult();
Expand All @@ -579,7 +580,7 @@ public List<AnnotationDocument> listFinishedAnnotationDocuments(Project aProject
Validate.notNull(aProject, "Project must be specified");

// Get all annotators in the project
List<String> users = getAllAnnotators(aProject);
var users = getAllAnnotators(aProject);

// Bail out already. HQL doesn't seem to like queries with an empty
// parameter right of "in"
Expand All @@ -606,7 +607,7 @@ public List<AnnotationDocument> listFinishedAnnotationDocuments(SourceDocument a
Validate.notNull(aDocument, "Source document must be specified");

// Get all annotators in the project
List<String> users = getAllAnnotators(aDocument.getProject());
var users = getAllAnnotators(aDocument.getProject());
// Bail out already. HQL doesn't seem to like queries with an empty parameter right of "in"
if (users.isEmpty()) {
return new ArrayList<>();
Expand Down Expand Up @@ -647,7 +648,7 @@ public List<SourceDocument> listSourceDocumentsInState(Project aProject,
Validate.notNull(aStates, "States must be specified");
Validate.notEmpty(aStates, "States must not be an empty list");

String query = String.join("\n", //
var query = String.join("\n", //
"FROM SourceDocument", //
"WHERE project =:project", //
"AND state IN (:states)", //
Expand Down
5 changes: 0 additions & 5 deletions inception/inception-project-api/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,14 +52,9 @@
<artifactId>commons-lang3</artifactId>
</dependency>

<!-- Spring dependencies -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
</dependency>
</dependencies>
</project>
3 changes: 0 additions & 3 deletions ...on-project-api/src/main/java/de/tudarmstadt/ukp/inception/project/api/ProjectService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@

import org.apache.commons.lang3.Validate;
import org.slf4j.MDC;
import org.springframework.security.access.prepost.PreAuthorize;

import de.tudarmstadt.ukp.clarin.webanno.model.AnnotationLayer;
import de.tudarmstadt.ukp.clarin.webanno.model.PermissionLevel;
Expand Down Expand Up @@ -66,7 +65,6 @@ public interface ProjectService
* @deprecated Use {@link #assignRole(Project, User, PermissionLevel...)} instead.
*/
@Deprecated
@PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER', 'ROLE_REMOTE')")
void createProjectPermission(ProjectPermission aPermission);

/**
Expand Down Expand Up @@ -349,7 +347,6 @@ List<Project> listProjectsWithUserHavingRole(User aUser, PermissionLevel aRole,
* @throws IOException
* if the project to be deleted is not available in the file system
*/
@PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')")
void removeProject(Project aProject) throws IOException;

/**
Expand Down
4 changes: 0 additions & 4 deletions inception/inception-schema-api/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,10 +64,6 @@
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
</dependency>

<dependency>
<groupId>org.slf4j</groupId>
Expand Down
Loading

0 comments on commit 29123a8

Please sign in to comment.