Bug/cite 221 #276
Bug/cite 221 #276
Conversation
|
Can one of the admins verify this patch? |
| @@ -248,13 +250,15 @@ public ICitation updateCitationFromZotero(IUser user, String groupId, String ite | |||
| return citation; | |||
| } catch (HttpClientErrorException ex) { | |||
| throw new CannotFindCitationException(ex); | |||
| } catch(DuplicateKeyException ex) { | |||
| throw ex; | |||
There was a problem hiding this comment.
no point in throwing an exception you catch; you can just let it be thrown
| return (ICitationGroup) groupOptional.get(); | ||
| if (groupOptional.isPresent()) { | ||
| ICitationGroup group = groupOptional.get(); | ||
| if (!group.getUsers().contains(user.getUsername())) { |
There was a problem hiding this comment.
if the user does not have access to the group, then they shouldn't be added.
|
Resolve conflicts please |
citesphere/pom.xml
Outdated
| @@ -25,7 +25,7 @@ | |||
| <spring.kafka.version>2.2.6.RELEASE</spring.kafka.version> | |||
| <spring-social-zotero.version>0.12</spring-social-zotero.version> | |||
| <citesphere.messages.version>0.4</citesphere.messages.version> | |||
| <citesphere.model.version>1.19</citesphere.model.version> | |||
| <citesphere.model.version>1.23-SNAPSHOT</citesphere.model.version> | |||
There was a problem hiding this comment.
this needs to be a proper version
| @@ -379,14 +383,17 @@ public CitationResults getGroupItems(IUser user, String groupId, String collecti | |||
|
|
|||
| ICitationGroup group = null; | |||
| Optional<ICitationGroup> groupOptional = groupRepository.findFirstByGroupId(new Long(groupId)); | |||
| if (!groupOptional.isPresent() || !groupOptional.get().getUsers().contains(user.getUsername())) { | |||
| if (!groupOptional.isPresent()) { | |||
There was a problem hiding this comment.
hm, I'm fairly certain this create a security issue here. Basically, doesn't this say "if the group does not yet locally exist, get it from zotero" (that's fine zotero will complain if the user does not have access), however, "if the group does exist, let's just add the user to the group" (this seems wrong, where is the check if the user has access?).
| @@ -399,13 +406,14 @@ public CitationResults getGroupItems(IUser user, String groupId, String collecti | |||
| long previousVersion = group.getContentVersion(); | |||
| // first update the group info | |||
| // if we are using a previously stored group, delete it | |||
| ICitationGroup zeteroGroup = null; | |||
| @@ -387,6 +391,9 @@ public CitationResults getGroupItems(IUser user, String groupId, String collecti | |||
| } | |||
| } else { | |||
| group = groupOptional.get(); | |||
| if (!group.getUsers().contains(user.getUsername())){ | |||
| group.getUsers().add(user.getUsername()); | |||
| } | |||
There was a problem hiding this comment.
this should not be needed, should it? this else should only be called if the group is present and the user has access to it?
|
Make it so, Jenkins. |
|
Build failed. Maybe you broke the test cases? |
|
Make it so, Jenkins. |
|
Build failed. Maybe you broke the test cases? |
|
There are test failures |
|
|
|
Jenkins successfully deployed Citesphere to be reviewed! |
Guidelines for Pull Requests
If you haven't yet read our code review guidelines, please do so, You can find them here.
Please confirm the following by adding an x for each item (turn
[ ]into[x]).Please provide a brief description of your ticket
unique: Spring Data: Unique field in MongoDB document
... Put ticket description here and add link to ticket ...
https://diging.atlassian.net/browse/CITE-221
Are there any other pull requests that this one depends on?
diging/citesphere-model#51
diging/citesphere-model#52
Anything else the reviewer needs to know?
... describe here ...