From 440106630bde48666f3dcea12f671ac3031fff42 Mon Sep 17 00:00:00 2001 From: pvannierop Date: Fri, 15 Nov 2024 11:14:36 +0100 Subject: [PATCH 1/2] Fix redundant auth checks for json format data uploads --- .../org/radarbase/gateway/io/AvroRecordProcessor.kt | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/radar-gateway/src/main/kotlin/org/radarbase/gateway/io/AvroRecordProcessor.kt b/radar-gateway/src/main/kotlin/org/radarbase/gateway/io/AvroRecordProcessor.kt index 4683a17..15d7163 100644 --- a/radar-gateway/src/main/kotlin/org/radarbase/gateway/io/AvroRecordProcessor.kt +++ b/radar-gateway/src/main/kotlin/org/radarbase/gateway/io/AvroRecordProcessor.kt @@ -66,8 +66,16 @@ class AvroRecordProcessor( val entitiesChecked = HashSet() for (entity in this) { - // only check entities once - if (!entitiesChecked.add(entity)) continue + // Make sure to perform the permission check on entities only once. + // Note: + // There is a 'feature' around the comparison of EntityDetails objects; the checkPermissions method + // updates the EntityDetails object with the organization id. This means that for effective comparison + // we have to make copy of entity details so that the original entity details are compared. Without + // this every entity processed here would be considered as an entity different from all previous and + // would trigger a new permission check. This situation is a consequence of the later addition of the + // concept of organization to the entity details. + val entityCheck = entity.copy() + if (!entitiesChecked.add(entityCheck)) continue authService.checkPermission( Permission.MEASUREMENT_CREATE, @@ -160,6 +168,7 @@ class AvroRecordProcessor( ) defaultProject } + else -> jsonProject["string"]?.asText() ?: throw context.invalidContent( "Project ID should be wrapped in string union type", ) From 2e54179850eb0180bca7f9fc1dbff5c7b8216794 Mon Sep 17 00:00:00 2001 From: pvannierop Date: Fri, 15 Nov 2024 11:15:24 +0100 Subject: [PATCH 2/2] Set project version to 0.7.5 --- buildSrc/src/main/kotlin/Versions.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildSrc/src/main/kotlin/Versions.kt b/buildSrc/src/main/kotlin/Versions.kt index 6b26887..2158d8d 100644 --- a/buildSrc/src/main/kotlin/Versions.kt +++ b/buildSrc/src/main/kotlin/Versions.kt @@ -1,6 +1,6 @@ @Suppress("ConstPropertyName") object Versions { - const val project = "0.7.4" + const val project = "0.7.5" const val java = 17 const val kotlin = "1.9.22"