From 10ee17213c9b6539f09b04ef6c49b7d69b3cce2f Mon Sep 17 00:00:00 2001 From: LordofthePickle Date: Fri, 13 Jun 2025 10:20:18 +0200 Subject: [PATCH] Issue #1353, fixed NullCall in GetProjectByUuidDatabaseAction.java In this commit, a new query method was added to DatabaseSession.java which returns a hashmap of an IdEObject value with a UUID key (this allows for a faster run time via using HashMap.contains() and allows for the use of this query with other IdEObjects). In GetProjectByUuidDatabaseAction.java, logic was added to execute the new queryUuid() method while also performing authorization checks. Reported-By: zaqifathis --- .../bimserver/database/DatabaseSession.java | 24 ++++++ .../GetProjectByUuidDatabaseAction.java | 81 +++++++++++-------- 2 files changed, 73 insertions(+), 32 deletions(-) diff --git a/BimServer/src/org/bimserver/database/DatabaseSession.java b/BimServer/src/org/bimserver/database/DatabaseSession.java index 390b838c9b..2aa781c976 100644 --- a/BimServer/src/org/bimserver/database/DatabaseSession.java +++ b/BimServer/src/org/bimserver/database/DatabaseSession.java @@ -1644,6 +1644,30 @@ public Map query(IfcModelInterface model, Conditi return map; } + public Map queryUuid(Condition condition, Class clazz, QueryInterface query) throws BimserverDatabaseException { + IfcModelInterface model = createModel(query); + return queryUuid(model, condition, clazz, query); + } + public Map queryUuid(IfcModelInterface model, Condition condition, Class clazz, QueryInterface query) throws BimserverDatabaseException { + Map map = new HashMap(); + Set eClasses = new HashSet(); + condition.getEClassRequirements(eClasses); + for (EClass eClass : eClasses) { + TodoList todoList = new TodoList(); + getMap(eClass, model, query, todoList); + processTodoList(model, todoList, query); + List list = new ArrayList(model.getValues()); + for (IdEObject object : list) { + if (clazz.isInstance(object)) { + if (condition.matches(object)) { + map.put(object.getUuid(), clazz.cast(object)); + } + } + } + } + return map; + } + public T querySingle(Condition condition, Class clazz, QueryInterface query) throws BimserverDatabaseException { checkOpen(); Collection values = query(condition, clazz, query).values(); diff --git a/BimServer/src/org/bimserver/database/actions/GetProjectByUuidDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/GetProjectByUuidDatabaseAction.java index af27512c24..2075465d6c 100644 --- a/BimServer/src/org/bimserver/database/actions/GetProjectByUuidDatabaseAction.java +++ b/BimServer/src/org/bimserver/database/actions/GetProjectByUuidDatabaseAction.java @@ -19,42 +19,59 @@ import org.bimserver.BimserverDatabaseException; import org.bimserver.database.BimserverLockConflictException; +import org.bimserver.database.Database; import org.bimserver.database.DatabaseSession; +import org.bimserver.database.OldQuery; +import org.bimserver.database.query.conditions.AttributeCondition; +import org.bimserver.database.query.conditions.Condition; +import org.bimserver.database.query.conditions.IsOfTypeCondition; +import org.bimserver.database.query.conditions.Not; +import org.bimserver.database.query.literals.StringLiteral; import org.bimserver.models.log.AccessMethod; -import org.bimserver.models.store.Project; +import org.bimserver.models.store.*; import org.bimserver.shared.exceptions.UserException; import org.bimserver.webservices.authorization.Authorization; -public class GetProjectByUuidDatabaseAction extends BimDatabaseAction { - + +import java.util.Map; +import java.util.UUID; + +public class GetProjectByUuidDatabaseAction extends BimDatabaseAction { + private final String uuid; - private Authorization authorization; - - public GetProjectByUuidDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, String uuid, Authorization authorization) { - super(databaseSession, accessMethod); + private Authorization authorization; + + public GetProjectByUuidDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, String uuid, Authorization authorization) { + super(databaseSession, accessMethod); this.uuid = uuid; - this.authorization = authorization; - } - - @Override - public Project execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException { -// List projects = (List) getDatabaseSession().query(StorePackage.eINSTANCE.getProject_Uuid(), uuid); -// if (projects.size() == 0) { -// throw new UserException("Project with uuid " + uuid + " does not exist"); -// } -// Project project = (Project) projects.get(0); -// User user = getUserByUoid(authorization.getUoid()); -// if (user == null) { -// throw new UserException("Authenticated user required"); -// } -// if (project.getState() == ObjectState.DELETED && user.getUserType() != UserType.ADMIN) { -// throw new UserException("Project has been deleted"); -// } -// if (authorization.hasRightsOnProjectOrSuperProjectsOrSubProjects(user, project)) { -// return project; -// } else { -// throw new UserException("User '" + user.getUsername() + "' has no rights on this project"); -// } - // TODO reimplement - return null; - } + this.authorization = authorization; + } + + @Override + public Project execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException { + + UUID comparisonUUID; + try { + comparisonUUID = UUID.fromString(uuid); + } + catch (IllegalArgumentException e) { + throw new UserException("Invalid uuid format"); + } + User user = getUserByUoid(authorization.getUoid()); + Not notStoreProject = new Not(new AttributeCondition(StorePackage.eINSTANCE.getProject_Name(), new StringLiteral(Database.STORE_PROJECT_NAME))); + Condition condition = new IsOfTypeCondition(StorePackage.eINSTANCE.getProject()).and(notStoreProject); + Map results = getDatabaseSession().queryUuid(condition, Project.class, OldQuery.getDefault()); + if (results.containsKey(comparisonUUID)) { + if (!authorization.hasRightsOnProject(user, results.get(comparisonUUID))) { + throw new UserException("You do not have rights on this project"); + } + if (!results.get(comparisonUUID).getState().equals(ObjectState.ACTIVE) && + user.getUserType() != UserType.ADMIN && user.getUserType() != UserType.SYSTEM){ + throw new UserException("This project is not active"); + } + return results.get(comparisonUUID); + } + else { + throw new UserException("Project with uuid " + uuid + " does not exist"); + } + } } \ No newline at end of file