Tighten authorization check.

SVN: 26172

Tighten authorization check.
cbeb7eea · brinn · e8c10517 · cbeb7eea
Commit cbeb7eea authored 12 years ago by brinn
--- a/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/api/internal/authorization/ScreeningPlateListReadOnlyPredicate.java
+++ b/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/api/internal/authorization/ScreeningPlateListReadOnlyPredicate.java
@@ -32,6 +32,7 @@ import ch.systemsx.cisd.openbis.generic.shared.authorization.RoleWithIdentifier;
 import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.ShouldFlattenCollections;
 import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.AbstractSpacePredicate;
 import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
+import ch.systemsx.cisd.openbis.generic.shared.dto.exception.UndefinedSpaceException;
 import ch.systemsx.cisd.openbis.generic.shared.util.SpaceCodeHelper;
 import ch.systemsx.cisd.openbis.plugin.screening.shared.api.v1.dto.PlateIdentifier;
@@ -62,22 +63,27 @@ public class ScreeningPlateListReadOnlyPredicate extends
        final List<String> permIds = new ArrayList<String>(plates.size());
        for (PlateIdentifier plate : plates)
        {
+            boolean hasPermId = false;
            if (plate.getPermId() != null)
            {
                permIds.add(plate.getPermId());
-            } else
+                hasPermId = true;
+            }
+            final String spaceCodeOrNull =
+                    SpaceCodeHelper.getSpaceCode(person, plate.tryGetSpaceCode());
+            if (spaceCodeOrNull == null && hasPermId == false)
+            {
+                throw new UndefinedSpaceException();
+            }
+            if (spaceCodeOrNull != null && plate.isSharedPlate() == false)
            {
-                final String spaceCode =
+                final Status status =
-                        SpaceCodeHelper.getSpaceCode(person, plate.tryGetSpaceCode());
+                        evaluate(person, allowedRoles, authorizationDataProvider
-                if (plate.isSharedPlate() == false)
+                                .getHomeDatabaseInstance(), spaceCodeOrNull);
+                if (Status.OK.equals(status) == false)
                {
-                    final Status status =
+                    return status;
-                            evaluate(person, allowedRoles, authorizationDataProvider
-                                    .getHomeDatabaseInstance(), spaceCode);
-                    if (Status.OK.equals(status) == false)
-                    {
-                        return status;
-                    }
                }
            }
        }