From f4d18b0b88a4283f320a11e79f886cfa09a8bc47 Mon Sep 17 00:00:00 2001
From: tpylak <tpylak>
Date: Wed, 14 Oct 2009 11:56:43 +0000
Subject: [PATCH] LMS-1204 Calculated Columns: do not evaluate private columns
 of different users

SVN: 12967
---
 .../generic/server/AbstractServer.java        | 22 ++++++++++++++++---
 .../CustomGridExpressionValidator.java        |  2 +-
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/AbstractServer.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/AbstractServer.java
index 02c531d92cf..7ef2144e2db 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/AbstractServer.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/AbstractServer.java
@@ -16,6 +16,7 @@
 
 package ch.systemsx.cisd.openbis.generic.server;
 
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
@@ -35,6 +36,7 @@ import ch.systemsx.cisd.openbis.generic.server.plugin.ISampleTypeSlaveServerPlug
 import ch.systemsx.cisd.openbis.generic.server.plugin.SampleServerPluginRegistry;
 import ch.systemsx.cisd.openbis.generic.server.util.HibernateTransformer;
 import ch.systemsx.cisd.openbis.generic.shared.IServer;
+import ch.systemsx.cisd.openbis.generic.shared.authorization.validator.CustomGridExpressionValidator;
 import ch.systemsx.cisd.openbis.generic.shared.basic.IDataStoreBaseURLProvider;
 import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
 import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DisplaySettings;
@@ -310,9 +312,23 @@ public abstract class AbstractServer<T extends IServer> extends AbstractServiceW
 
     public List<GridCustomColumn> listGridCustomColumns(String sessionToken, String gridId)
     {
-        checkSession(sessionToken);
-        List<GridCustomColumnPE> columns =
+        Session session = getSession(sessionToken);
+
+        List<GridCustomColumnPE> columnPEs =
                 getDAOFactory().getGridCustomColumnDAO().listColumns(gridId);
-        return GridCustomColumnTranslator.translate(columns);
+
+        List<GridCustomColumn> result = new ArrayList<GridCustomColumn>();
+        List<GridCustomColumn> columns = GridCustomColumnTranslator.translate(columnPEs);
+        // we have to remove private columns of different users to avoid calculating them
+        CustomGridExpressionValidator validator = new CustomGridExpressionValidator();
+        PersonPE currentPerson = session.tryGetPerson();
+        for (GridCustomColumn column : columns)
+        {
+            if (validator.isValid(currentPerson, column))
+            {
+                result.add(column);
+            }
+        }
+        return result;
     }
 }
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/CustomGridExpressionValidator.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/CustomGridExpressionValidator.java
index 479ef6726c0..06c3c0087e1 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/CustomGridExpressionValidator.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/CustomGridExpressionValidator.java
@@ -56,7 +56,7 @@ public final class CustomGridExpressionValidator extends
                         registrator.getDatabaseInstance().getCode());
     }
 
-    public boolean isInstanceAdmin(final PersonPE person, final DatabaseInstance databaseInstance)
+    private static boolean isInstanceAdmin(final PersonPE person, final DatabaseInstance databaseInstance)
     {
         final Set<RoleAssignmentPE> roleAssignments = person.getAllPersonRoles();
         for (final RoleAssignmentPE roleAssignment : roleAssignments)
-- 
GitLab