Revision d235f94f
| b/src/gr/ebs/gss/server/rest/FilesHandler.java | ||
|---|---|---|
| 232 | 232 |
// Since regular signature checking was already performed, |
| 233 | 233 |
// we need to check the read-all flag or the signature-in-parameters. |
| 234 | 234 |
if (authDeferred) |
| 235 |
if (file != null && !file.isReadForAll() && content) {
|
|
| 235 |
if (file != null && !file.isReadForAll() && content) {
|
|
| 236 |
logger.debug("this case refers to a file with no public privileges");
|
|
| 236 | 237 |
// Check for GET with the signature in the request parameters. |
| 237 | 238 |
String auth = req.getParameter(AUTHORIZATION_PARAMETER); |
| 238 | 239 |
String dateParam = req.getParameter(DATE_PARAMETER); |
| ... | ... | |
| 326 | 327 |
return; |
| 327 | 328 |
} |
| 328 | 329 |
} |
| 329 |
} else if (user == null) {
|
|
| 330 |
if (file != null && file.isReadForAll()){
|
|
| 331 |
// For a read-for-all file request, pretend the owner is making it. |
|
| 332 |
user = owner; |
|
| 333 |
req.setAttribute(USER_ATTRIBUTE, user); |
|
| 334 |
}else if(folder != null && folder.isReadForAll()){
|
|
| 335 |
// For a read-for-all folder request, pretend the owner is making it. |
|
| 336 |
user = owner; |
|
| 337 |
req.setAttribute(USER_ATTRIBUTE, user); |
|
| 338 |
} |
|
| 339 |
else{
|
|
| 340 |
resp.sendError(HttpServletResponse.SC_FORBIDDEN); |
|
| 341 |
return; |
|
| 342 |
} |
|
| 343 |
}else{
|
|
| 344 |
resp.sendError(HttpServletResponse.SC_FORBIDDEN); |
|
| 345 |
return; |
|
| 346 | 330 |
} |
| 331 |
else if(folder != null && folder.isReadForAll() || file != null && file.isReadForAll()){
|
|
| 332 |
//This case refers to a folder or file with public privileges |
|
| 333 |
//For a read-for-all folder request, pretend the owner is making it. |
|
| 334 |
logger.debug("*********this case refers to a folder or file with public privileges");
|
|
| 335 |
user = owner; |
|
| 336 |
req.setAttribute(USER_ATTRIBUTE, user); |
|
| 337 |
}else if(folder != null && !folder.isReadForAll()){
|
|
| 338 |
//this case refers to a folder with no public privileges |
|
| 339 |
logger.debug("*********this case refers to a folder with no public privileges");
|
|
| 340 |
resp.sendError(HttpServletResponse.SC_FORBIDDEN); |
|
| 341 |
return; |
|
| 342 |
} |
|
| 343 |
else{
|
|
| 344 |
logger.debug("*********ANY other case");
|
|
| 345 |
resp.sendError(HttpServletResponse.SC_FORBIDDEN); |
|
| 346 |
return; |
|
| 347 |
} |
|
| 347 | 348 |
|
| 348 | 349 |
// If the resource is not a collection, and the resource path |
| 349 | 350 |
// ends with "/" or "\", return NOT FOUND. |
| ... | ... | |
| 407 | 408 |
// Find content type. |
| 408 | 409 |
String contentType = null; |
| 409 | 410 |
boolean isContentHtml = false; |
| 411 |
boolean expectJSON = false; |
|
| 410 | 412 |
|
| 411 | 413 |
if (file != null) {
|
| 412 | 414 |
contentType = version>0 ? oldBody.getMimeType() : file.getMimeType(); |
| ... | ... | |
| 422 | 424 |
if (accept != null && accept.contains("text/html")) {
|
| 423 | 425 |
contentType = "text/html;charset=UTF-8"; |
| 424 | 426 |
isContentHtml = true; |
| 425 |
} else |
|
| 427 |
}else if (accept != null && accept.contains("text/html") && !authDeferred){
|
|
| 428 |
//this is the case when clients send the appropriate headers, the contentType is "text/html" |
|
| 429 |
//and expect a JSON response. The above check applies to FireGSS client |
|
| 430 |
contentType = "text/html;charset=UTF-8"; |
|
| 431 |
isContentHtml = true; |
|
| 432 |
expectJSON = true; |
|
| 433 |
} |
|
| 434 |
else{
|
|
| 426 | 435 |
contentType = "application/json;charset=UTF-8"; |
| 436 |
expectJSON = true; |
|
| 437 |
} |
|
| 427 | 438 |
} |
| 428 | 439 |
|
| 429 | 440 |
|
| ... | ... | |
| 503 | 514 |
String contextServletPath = contextPath + servletPath; |
| 504 | 515 |
if (folder != null && content) |
| 505 | 516 |
// Serve the directory browser for a public folder |
| 506 |
if (isContentHtml) |
|
| 517 |
if (isContentHtml && !expectJSON)
|
|
| 507 | 518 |
renderResult = renderHtml(contextServletPath, relativePath, folder,user); |
| 508 |
// Serve the directory for an ordinary folder |
|
| 519 |
// Serve the directory for an ordinary folder or for fireGSS client
|
|
| 509 | 520 |
else |
| 510 | 521 |
try {
|
| 511 | 522 |
renderResult = renderJson(user, folder); |
| ... | ... | |
| 2206 | 2217 |
// Render the link to our parent (if required) |
| 2207 | 2218 |
String folderPath = folder.getPath(); |
| 2208 | 2219 |
int indexFolderPath = relativePath.indexOf(folderPath); |
| 2209 |
String relativePathNoFolderName = relativePath.substring(0, indexFolderPath); |
|
| 2220 |
String relativePathNoFolderName = null; |
|
| 2221 |
if(indexFolderPath != 0) |
|
| 2222 |
relativePathNoFolderName = relativePath.substring(0, indexFolderPath); |
|
| 2223 |
else |
|
| 2224 |
relativePathNoFolderName = relativePath; |
|
| 2210 | 2225 |
String parentDirectory = folderPath; |
| 2211 | 2226 |
//To-do: further search in encoding folder names with special characters |
| 2212 | 2227 |
//String rewrittenParentDirectory = rewriteUrl(parentDirectory); |
Also available in: Unified diff