private String userName;
+ private boolean isFile = false;
+
/**
* @param _containerPanel
* @param _newImages the images of all the possible delete dialogs
private boolean canContinue() {
String userFullNameFromMap = GSS.get().findUserFullName(userName);
- if (groups == null || versions == null || userFullNameFromMap == null)
+ if(groups == null || versions == null || isFile && userFullNameFromMap == null)
return false;
return true;
}
}
private void getOwnerFullName() {
- FileResource fileResource = (FileResource) GSS.get().getCurrentSelection();
- userName = fileResource.getOwner();
- GSS.get().getUserFullName(userName);
+ if(GSS.get().getCurrentSelection() instanceof FileResource){
+ isFile = true;
+ FileResource fileResource = (FileResource) GSS.get().getCurrentSelection();
+ userName = fileResource.getOwner();
+ GSS.get().getUserFullName(userName);
+
+ }
}
}
}
String progress = req.getParameter(PROGRESS_PARAMETER);
- if (logger.isDebugEnabled())
+ if (logger.isDebugEnabled())
if (content)
logger.debug("Serving resource '" + path + "' headers and data");
else
User user = getUser(req);
User owner = getOwner(req);
- if (user == null) user = owner;
boolean exists = true;
Object resource = null;
FileHeaderDTO file = null;
return;
}
- if (!exists) {
- if (authDeferred) {
- // We do not want to leak information if the request
- // was not authenticated.
- resp.sendError(HttpServletResponse.SC_FORBIDDEN);
- return;
- }
- // A request for upload progress.
- if (progress != null && content) {
- serveProgress(req, resp, progress, user, null);
- return;
- }
-
- resp.sendError(HttpServletResponse.SC_NOT_FOUND, req.getRequestURI());
+ if (!exists && authDeferred) {
+ // We do not want to leak information if the request
+ // was not authenticated.
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
if (resource instanceof FolderDTO)
folder = (FolderDTO) resource;
else
- file = (FileHeaderDTO) resource;
+ file = (FileHeaderDTO) resource; // Note that file will be null, if (!exists).
// Now it's time to perform the deferred authentication check.
// Since regular signature checking was already performed,
// we need to check the read-all flag or the signature-in-parameters.
if (authDeferred)
- if (file != null && !file.isReadForAll() && content) {
+ if (file != null && !file.isReadForAll() && content) {
// Check for GET with the signature in the request parameters.
String auth = req.getParameter(AUTHORIZATION_PARAMETER);
String dateParam = req.getParameter(DATE_PARAMETER);
return;
}
}
- } else if (file != null && !file.isReadForAll() || folder != null && !folder.isReadForAll()) {
- // Check for a read-for-all file request.
+ } else if (user == null) {
+ if (file != null && file.isReadForAll()){
+ // For a read-for-all file request, pretend the owner is making it.
+ user = owner;
+ req.setAttribute(USER_ATTRIBUTE, user);
+ }else if(folder != null && folder.isReadForAll()){
+ // For a read-for-all folder request, pretend the owner is making it.
+ user = owner;
+ req.setAttribute(USER_ATTRIBUTE, user);
+ }
+ else{
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
+ }else{
resp.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
// A request for upload progress.
if (progress != null && content) {
if (file == null) {
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
- return;
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND, req.getRequestURI());
+ return;
}
serveProgress(req, resp, progress, user, file);
return;
else
throw e;
}
- if (folder != null
- || (ranges == null || ranges.isEmpty())
- && req.getHeader("Range") == null
- || ranges == FULL) {
+ if (folder != null || (ranges == null || ranges.isEmpty()) && req.getHeader("Range") == null || ranges == FULL) {
// Set the appropriate output headers
if (contentType != null) {
if (logger.isDebugEnabled())
IOException exception = null;
InputStream resourceInputStream = null;
User user = getUser(req);
- // Files open for all will not have specified a calling user in the request.
- if (user == null)
- user = getOwner(req);
if (user == null)
throw new ObjectNotFoundException("No user or owner specified");
if (file != null)
HttpServletRequest req, FileBodyDTO oldBody) throws IOException,
ObjectNotFoundException, InsufficientPermissionsException, RpcException {
IOException exception = null;
-
+
User user = getUser(req);
InputStream resourceInputStream = null;
if (file != null)
ObjectNotFoundException, InsufficientPermissionsException, RpcException {
IOException exception = null;
User user = getUser(req);
- if (user == null)
- user = getOwner(req);
InputStream resourceInputStream = oldBody == null ?
getService().getFileContents(user.getId(), file.getId()) :
getService().getFileContents(user.getId(), file.getId(), oldBody.getId());