From e0e2863c5ceb5d5c67417b8eb659f5234c8c6149 Mon Sep 17 00:00:00 2001 From: Paul Sarando Date: Mon, 11 Mar 2024 19:31:18 -0700 Subject: [PATCH] CORE-1967 Allow anonymous access in /filesystem/metadata endpoints Added secured-filesystem-metadata-routes to the optionally-authenticated-routes, allowing them to be accessed without the /secured prefix, and allowing anonymous access for GET endpoints. POST and CSV download endpoints still require authentication. --- src/terrain/routes.clj | 1 + src/terrain/routes/filesystem.clj | 8 ++++++++ src/terrain/util/transformers.clj | 8 +++++--- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/src/terrain/routes.clj b/src/terrain/routes.clj index 1dde919e..7f6fcd1e 100644 --- a/src/terrain/routes.clj +++ b/src/terrain/routes.clj @@ -88,6 +88,7 @@ (instant-launch-routes) (secured-data-routes) (secured-filesystem-routes) + (secured-filesystem-metadata-routes) (secured-search-routes) (app-category-routes) (app-avu-routes) diff --git a/src/terrain/routes/filesystem.clj b/src/terrain/routes/filesystem.clj index 7016dd5c..50029c1b 100644 --- a/src/terrain/routes/filesystem.clj +++ b/src/terrain/routes/filesystem.clj @@ -126,6 +126,7 @@ (config/metadata-routes-enabled))] (POST "/filesystem/metadata/csv-parser" [:as {:keys [user-info params] :as req}] + :middleware [require-authentication] (meta/parse-metadata-csv-file user-info params)) (GET "/filesystem/metadata/templates" [:as req] @@ -135,12 +136,15 @@ (controller req mt/do-metadata-template-view template-id)) (GET "/filesystem/metadata/template/:template-id/blank-csv" [template-id :as req] + :middleware [require-authentication] (controller req meta-raw/get-template-csv template-id)) (GET "/filesystem/metadata/template/:template-id/guide-csv" [template-id :as req] + :middleware [require-authentication] (controller req meta-raw/get-template-guide template-id)) (GET "/filesystem/metadata/template/:template-id/zip-csv" [template-id :as req] + :middleware [require-authentication] (controller req meta-raw/get-template-zip template-id)) (GET "/filesystem/metadata/template/attr/:attr-id" [attr-id :as req] @@ -150,15 +154,19 @@ (controller req meta/do-metadata-get :params data-id)) (POST "/filesystem/:data-id/metadata" [data-id :as req] + :middleware [require-authentication] (controller req meta/do-metadata-set data-id :params :body)) (POST "/filesystem/:data-id/metadata/copy" [data-id :as req] + :middleware [require-authentication] (controller req meta/do-metadata-copy :params data-id :body)) (POST "/filesystem/:data-id/metadata/save" [data-id :as req] + :middleware [require-authentication] (controller req meta/do-metadata-save data-id :params :body)) (POST "/filesystem/:data-id/ore/save" [data-id :as req] + :middleware [require-authentication] (controller req meta/do-ore-save data-id :params)))) (defn admin-filesystem-metadata-routes diff --git a/src/terrain/util/transformers.clj b/src/terrain/util/transformers.clj index d5d7b9b6..fad5b846 100644 --- a/src/terrain/util/transformers.clj +++ b/src/terrain/util/transformers.clj @@ -40,8 +40,10 @@ "Generates a set of query parameters to pass to a remote service that requires the username of the authenticated user." ([] - (user-params {})) + (user-params {})) ([existing-params] - (assoc existing-params :user (:shortUsername current-user))) + (as-> (add-current-user-to-map {}) m + (select-keys m [:user]) + (merge existing-params m))) ([existing-params param-keys] - (user-params (select-keys existing-params param-keys)))) + (user-params (select-keys existing-params param-keys))))