Apply role based search filters in existing endpoints #442
Conversation
check authorization in DataAutoCompleteController
…er in public methods
There was a problem hiding this comment.
@litvinovg thanks for this PR.
I have posted a couple of comments in the case you have any idea how to additionally improve efficiency of the implementation. Basically, it is about invoking current roles multiple time in some cases. It is the most important that permission set is loaded just one (and it is the case at the moment), therefore I am approving this PR.
...in/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/IndividualListController.java
Show resolved
Hide resolved
...in/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/IndividualListController.java
Show resolved
Hide resolved
...src/main/java/edu/cornell/mannlib/vitro/webapp/search/controller/AutocompleteController.java
Show resolved
Hide resolved
litvinovg
force-pushed
the
search_endpoints_hide_data
branch
from
3cb3103 to
eb8cac5
Compare
|
Are there any other controllers that require updates? https://github.com/search?q=repo%3Avivo-project%2FVitro+WebServlet&type=code&p=1 https://github.com/search?q=repo%3Avivo-project%2FVIVO%20WebServlet&type=code |
I didn't find any. |
What does this pull request do?
A follow-up PR for recently merged PR-433 and PR-434
to apply role based search filters in existing endpoints.
What's new?
Applied search filters in IndividualListController, AutocompleteController
Fixed unsafe DataAutoCompleteController, perform authorization checks for each returned result.
Refactored SearchFiltering methods to remove dependency on not needed VitroRequest parameter
Applied search filters to DefaultObjectPropertyFormGeneratory
Removed unused import in DefaultObjectPropertyFormGenerator
How should this be tested?
A description of what steps someone could take to:
Interested parties
@VIVO-project/vivo-committers