diff --git a/pom-dependency-tree.txt b/pom-dependency-tree.txt index 962a33b01..65d897f2a 100644 --- a/pom-dependency-tree.txt +++ b/pom-dependency-tree.txt @@ -1,4 +1,4 @@ -ai.elimu:webapp:war:2.6.139-SNAPSHOT +ai.elimu:webapp:war:2.6.140-SNAPSHOT +- ai.elimu:model:jar:model-2.0.124:compile | \- com.google.code.gson:gson:jar:2.13.1:compile | \- com.google.errorprone:error_prone_annotations:jar:2.38.0:compile diff --git a/src/main/java/ai/elimu/web/content/emoji/EmojiEditController.java b/src/main/java/ai/elimu/web/content/emoji/EmojiEditController.java index ff270a53d..1bd562709 100644 --- a/src/main/java/ai/elimu/web/content/emoji/EmojiEditController.java +++ b/src/main/java/ai/elimu/web/content/emoji/EmojiEditController.java @@ -11,6 +11,7 @@ import ai.elimu.util.DiscordHelper.Channel; import ai.elimu.util.DomainHelper; import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpSession; import jakarta.validation.Valid; @@ -23,6 +24,7 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang.StringUtils; +import org.springframework.http.HttpStatus; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.validation.BindingResult; @@ -110,10 +112,17 @@ public String handleSubmit( @ResponseBody public String handleAddContentLabelRequest( HttpServletRequest request, + HttpServletResponse response, HttpSession session, @PathVariable Long id) { log.info("handleAddContentLabelRequest"); + Contributor contributor = (Contributor) session.getAttribute("contributor"); + if (contributor == null) { + response.setStatus(HttpStatus.FORBIDDEN.value()); + return "error"; + } + log.info("id: " + id); Emoji emoji = emojiDao.read(id); @@ -129,7 +138,7 @@ public String handleAddContentLabelRequest( emojiDao.update(emoji); EmojiContributionEvent emojiContributionEvent = new EmojiContributionEvent(); - emojiContributionEvent.setContributor((Contributor) session.getAttribute("contributor")); + emojiContributionEvent.setContributor(contributor); emojiContributionEvent.setTimestamp(Calendar.getInstance()); emojiContributionEvent.setEmoji(emoji); emojiContributionEvent.setRevisionNumber(emoji.getRevisionNumber()); @@ -145,10 +154,17 @@ public String handleAddContentLabelRequest( @ResponseBody public String handleRemoveContentLabelRequest( HttpServletRequest request, + HttpServletResponse response, HttpSession session, @PathVariable Long id) { log.info("handleRemoveContentLabelRequest"); + Contributor contributor = (Contributor) session.getAttribute("contributor"); + if (contributor == null) { + response.setStatus(HttpStatus.FORBIDDEN.value()); + return "error"; + } + log.info("id: " + id); Emoji emoji = emojiDao.read(id); @@ -169,7 +185,7 @@ public String handleRemoveContentLabelRequest( emojiDao.update(emoji); EmojiContributionEvent emojiContributionEvent = new EmojiContributionEvent(); - emojiContributionEvent.setContributor((Contributor) session.getAttribute("contributor")); + emojiContributionEvent.setContributor(contributor); emojiContributionEvent.setTimestamp(Calendar.getInstance()); emojiContributionEvent.setEmoji(emoji); emojiContributionEvent.setRevisionNumber(emoji.getRevisionNumber()); diff --git a/src/main/java/ai/elimu/web/content/multimedia/image/ImageEditController.java b/src/main/java/ai/elimu/web/content/multimedia/image/ImageEditController.java index 85e28f97d..861bb91af 100644 --- a/src/main/java/ai/elimu/web/content/multimedia/image/ImageEditController.java +++ b/src/main/java/ai/elimu/web/content/multimedia/image/ImageEditController.java @@ -26,6 +26,7 @@ import ai.elimu.util.GitHubLfsHelper; import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpSession; import java.io.File; @@ -44,6 +45,7 @@ import org.apache.commons.io.FileUtils; import org.apache.commons.io.IOUtils; import org.apache.commons.lang.StringUtils; +import org.springframework.http.HttpStatus; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.validation.BindingResult; @@ -253,15 +255,20 @@ protected void initBinder(HttpServletRequest request, ServletRequestDataBinder b @ResponseBody public String handleAddContentLabelRequest( HttpServletRequest request, + HttpServletResponse response, HttpSession session, @PathVariable Long id) { log.info("handleAddContentLabelRequest"); + + Contributor contributor = (Contributor) session.getAttribute("contributor"); + if (contributor == null) { + response.setStatus(HttpStatus.FORBIDDEN.value()); + return "error"; + } log.info("id: " + id); Image image = imageDao.read(id); - Contributor contributor = (Contributor) session.getAttribute("contributor"); - String letterIdParameter = request.getParameter("letterId"); log.info("letterIdParameter: " + letterIdParameter); if (StringUtils.isNotBlank(letterIdParameter)) { @@ -332,15 +339,20 @@ public String handleAddContentLabelRequest( @ResponseBody public String handleRemoveContentLabelRequest( HttpServletRequest request, + HttpServletResponse response, HttpSession session, @PathVariable Long id) { log.info("handleRemoveContentLabelRequest"); + Contributor contributor = (Contributor) session.getAttribute("contributor"); + if (contributor == null) { + response.setStatus(HttpStatus.FORBIDDEN.value()); + return "error"; + } + log.info("id: " + id); Image image = imageDao.read(id); - Contributor contributor = (Contributor) session.getAttribute("contributor"); - String letterIdParameter = request.getParameter("letterId"); log.info("letterIdParameter: " + letterIdParameter); if (StringUtils.isNotBlank(letterIdParameter)) { diff --git a/src/main/java/ai/elimu/web/content/multimedia/video/VideoEditController.java b/src/main/java/ai/elimu/web/content/multimedia/video/VideoEditController.java index 7ac4ffb3a..438c1744a 100644 --- a/src/main/java/ai/elimu/web/content/multimedia/video/VideoEditController.java +++ b/src/main/java/ai/elimu/web/content/multimedia/video/VideoEditController.java @@ -24,6 +24,7 @@ import ai.elimu.util.GitHubLfsHelper; import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpSession; import java.io.IOException; @@ -36,6 +37,7 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang.StringUtils; +import org.springframework.http.HttpStatus; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.validation.BindingResult; @@ -185,10 +187,17 @@ protected void initBinder(HttpServletRequest request, ServletRequestDataBinder b @ResponseBody public String handleAddContentLabelRequest( HttpServletRequest request, + HttpServletResponse response, HttpSession session, @PathVariable Long id) { log.info("handleAddContentLabelRequest"); + Contributor contributor = (Contributor) session.getAttribute("contributor"); + if (contributor == null) { + response.setStatus(HttpStatus.FORBIDDEN.value()); + return "error"; + } + log.info("id: " + id); Video video = videoDao.read(id); @@ -204,7 +213,7 @@ public String handleAddContentLabelRequest( videoDao.update(video); VideoContributionEvent videoContributionEvent = new VideoContributionEvent(); - videoContributionEvent.setContributor((Contributor) session.getAttribute("contributor")); + videoContributionEvent.setContributor(contributor); videoContributionEvent.setTimestamp(Calendar.getInstance()); videoContributionEvent.setVideo(video); videoContributionEvent.setRevisionNumber(video.getRevisionNumber()); @@ -225,7 +234,7 @@ public String handleAddContentLabelRequest( videoDao.update(video); VideoContributionEvent videoContributionEvent = new VideoContributionEvent(); - videoContributionEvent.setContributor((Contributor) session.getAttribute("contributor")); + videoContributionEvent.setContributor(contributor); videoContributionEvent.setTimestamp(Calendar.getInstance()); videoContributionEvent.setVideo(video); videoContributionEvent.setRevisionNumber(video.getRevisionNumber()); @@ -246,7 +255,7 @@ public String handleAddContentLabelRequest( videoDao.update(video); VideoContributionEvent videoContributionEvent = new VideoContributionEvent(); - videoContributionEvent.setContributor((Contributor) session.getAttribute("contributor")); + videoContributionEvent.setContributor(contributor); videoContributionEvent.setTimestamp(Calendar.getInstance()); videoContributionEvent.setVideo(video); videoContributionEvent.setRevisionNumber(video.getRevisionNumber()); @@ -262,10 +271,17 @@ public String handleAddContentLabelRequest( @ResponseBody public String handleRemoveContentLabelRequest( HttpServletRequest request, + HttpServletResponse response, HttpSession session, @PathVariable Long id) { log.info("handleRemoveContentLabelRequest"); + Contributor contributor = (Contributor) session.getAttribute("contributor"); + if (contributor == null) { + response.setStatus(HttpStatus.FORBIDDEN.value()); + return "error"; + } + log.info("id: " + id); Video video = videoDao.read(id); @@ -286,7 +302,7 @@ public String handleRemoveContentLabelRequest( videoDao.update(video); VideoContributionEvent videoContributionEvent = new VideoContributionEvent(); - videoContributionEvent.setContributor((Contributor) session.getAttribute("contributor")); + videoContributionEvent.setContributor(contributor); videoContributionEvent.setTimestamp(Calendar.getInstance()); videoContributionEvent.setVideo(video); videoContributionEvent.setRevisionNumber(video.getRevisionNumber()); @@ -311,7 +327,7 @@ public String handleRemoveContentLabelRequest( videoDao.update(video); VideoContributionEvent videoContributionEvent = new VideoContributionEvent(); - videoContributionEvent.setContributor((Contributor) session.getAttribute("contributor")); + videoContributionEvent.setContributor(contributor); videoContributionEvent.setTimestamp(Calendar.getInstance()); videoContributionEvent.setVideo(video); videoContributionEvent.setRevisionNumber(video.getRevisionNumber()); @@ -336,7 +352,7 @@ public String handleRemoveContentLabelRequest( videoDao.update(video); VideoContributionEvent videoContributionEvent = new VideoContributionEvent(); - videoContributionEvent.setContributor((Contributor) session.getAttribute("contributor")); + videoContributionEvent.setContributor(contributor); videoContributionEvent.setTimestamp(Calendar.getInstance()); videoContributionEvent.setVideo(video); videoContributionEvent.setRevisionNumber(video.getRevisionNumber());