diff --git a/metis-core-common/src/main/java/eu/europeana/metis/core/workflow/plugins/DepublishPlugin.java b/metis-core-common/src/main/java/eu/europeana/metis/core/workflow/plugins/DepublishPlugin.java index 93090f2d..006e764e 100644 --- a/metis-core-common/src/main/java/eu/europeana/metis/core/workflow/plugins/DepublishPlugin.java +++ b/metis-core-common/src/main/java/eu/europeana/metis/core/workflow/plugins/DepublishPlugin.java @@ -47,8 +47,7 @@ public String getTopologyName() { } @Override - public DpsTask prepareDpsTask(String datasetId, - DpsTaskSettings dpsTaskSettings) { + public DpsTask prepareDpsTask(String datasetId, DpsTaskSettings dpsTaskSettings) { Map extraParameters = new HashMap<>(); extraParameters.put(PluginParameterKeys.METIS_DATASET_ID, datasetId); @@ -63,8 +62,8 @@ public DpsTask prepareDpsTask(String datasetId, extraParameters.put(PluginParameterKeys.RECORD_IDS_TO_DEPUBLISH, recordIdList); } } - //TODO: 2024-09-24 - Update below key with the PluginParameterKeys equivalent when it's available - extraParameters.put("DEPUBLICATION_REASON", getPluginMetadata().getDepublicationReason().name()); + + extraParameters.put(PluginParameterKeys.DEPUBLICATION_REASON, getPluginMetadata().getDepublicationReason().name()); DpsTask dpsTask = new DpsTask(); dpsTask.setParameters(extraParameters); return dpsTask; diff --git a/metis-core-rest/src/main/java/eu/europeana/metis/core/rest/controller/DatasetController.java b/metis-core-rest/src/main/java/eu/europeana/metis/core/rest/controller/DatasetController.java index 1f4abfe1..86824214 100644 --- a/metis-core-rest/src/main/java/eu/europeana/metis/core/rest/controller/DatasetController.java +++ b/metis-core-rest/src/main/java/eu/europeana/metis/core/rest/controller/DatasetController.java @@ -1,6 +1,7 @@ package eu.europeana.metis.core.rest.controller; import static eu.europeana.metis.utils.CommonStringValues.CRLF_PATTERN; +import static eu.europeana.metis.utils.CommonStringValues.sanitizeCRLF; import com.fasterxml.jackson.annotation.JsonProperty; import eu.europeana.metis.authentication.rest.client.AuthenticationClient; @@ -149,8 +150,9 @@ public void updateDataset(@RequestHeader("Authorization") String authorization, @DeleteMapping(value = RestEndpoints.DATASETS_DATASETID) @ResponseStatus(HttpStatus.NO_CONTENT) public void deleteDataset(@RequestHeader("Authorization") String authorization, - @PathVariable("datasetId") String datasetId) - throws GenericMetisException { + @PathVariable("datasetId") String datasetId) throws GenericMetisException { + authorization = sanitizeCRLF(authorization); + datasetId = sanitizeCRLF(datasetId); MetisUserView metisUserView = authenticationClient.getUserByAccessTokenInHeader(authorization); @@ -210,12 +212,15 @@ public Dataset getByDatasetId(@RequestHeader("Authorization") String authorizati @ResponseStatus(HttpStatus.OK) public DatasetXslt getDatasetXsltByDatasetId(@RequestHeader("Authorization") String authorization, @PathVariable("datasetId") String datasetId) throws GenericMetisException { + authorization = sanitizeCRLF(authorization); + datasetId = sanitizeCRLF(datasetId); MetisUserView metisUserView = authenticationClient.getUserByAccessTokenInHeader(authorization); DatasetXslt datasetXslt = datasetService.getDatasetXsltByDatasetId(metisUserView, datasetId); - LOGGER.info("Dataset XSLT with datasetId '{}' and xsltId: '{}' found", datasetId, - datasetXslt.getId()); + if (LOGGER.isInfoEnabled()) { + LOGGER.info("Dataset XSLT with datasetId '{}' and xsltId: '{}' found", sanitizeCRLF(datasetId), datasetXslt.getId()); + } return datasetXslt; } diff --git a/metis-core-rest/src/main/java/eu/europeana/metis/core/rest/controller/OrchestratorController.java b/metis-core-rest/src/main/java/eu/europeana/metis/core/rest/controller/OrchestratorController.java index 53a5a302..3c384eba 100644 --- a/metis-core-rest/src/main/java/eu/europeana/metis/core/rest/controller/OrchestratorController.java +++ b/metis-core-rest/src/main/java/eu/europeana/metis/core/rest/controller/OrchestratorController.java @@ -1,5 +1,7 @@ package eu.europeana.metis.core.rest.controller; +import static eu.europeana.metis.utils.CommonStringValues.sanitizeCRLF; + import eu.europeana.metis.authentication.rest.client.AuthenticationClient; import eu.europeana.metis.authentication.user.MetisUserView; import eu.europeana.metis.core.common.DaoFieldNames; @@ -149,8 +151,11 @@ public void updateWorkflow( produces = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE}) @ResponseStatus(HttpStatus.NO_CONTENT) public void deleteWorkflow( - @RequestHeader("Authorization") String authorization, - @PathVariable("datasetId") String datasetId) throws GenericMetisException { + @RequestHeader("Authorization") String authorization, @PathVariable("datasetId") String datasetId) + throws GenericMetisException { + authorization = sanitizeCRLF(authorization); + datasetId = sanitizeCRLF(datasetId); + MetisUserView metisUserView = authenticationClient.getUserByAccessTokenInHeader(authorization); orchestratorService.deleteWorkflow(metisUserView, datasetId); if (LOGGER.isInfoEnabled()) { diff --git a/metis-core-rest/src/main/java/eu/europeana/metis/core/rest/controller/ScheduleWorkflowController.java b/metis-core-rest/src/main/java/eu/europeana/metis/core/rest/controller/ScheduleWorkflowController.java index 07026db5..a3b3181e 100644 --- a/metis-core-rest/src/main/java/eu/europeana/metis/core/rest/controller/ScheduleWorkflowController.java +++ b/metis-core-rest/src/main/java/eu/europeana/metis/core/rest/controller/ScheduleWorkflowController.java @@ -1,6 +1,7 @@ package eu.europeana.metis.core.rest.controller; import static eu.europeana.metis.utils.CommonStringValues.CRLF_PATTERN; +import static eu.europeana.metis.utils.CommonStringValues.sanitizeCRLF; import eu.europeana.metis.authentication.rest.client.AuthenticationClient; import eu.europeana.metis.authentication.user.MetisUserView; @@ -149,6 +150,9 @@ public void updateScheduledWorkflow(@RequestHeader("Authorization") String autho @ResponseStatus(HttpStatus.NO_CONTENT) public void deleteScheduledWorkflowExecution(@RequestHeader("Authorization") String authorization, @PathVariable("datasetId") String datasetId) throws GenericMetisException { + authorization = sanitizeCRLF(authorization); + datasetId = sanitizeCRLF(datasetId); + MetisUserView metisUserView = authenticationClient.getUserByAccessTokenInHeader(authorization); scheduleWorkflowService.deleteScheduledWorkflow(metisUserView, datasetId); if (LOGGER.isInfoEnabled()) { diff --git a/metis-core-service/src/main/java/eu/europeana/metis/core/service/DepublishRecordIdService.java b/metis-core-service/src/main/java/eu/europeana/metis/core/service/DepublishRecordIdService.java index a587a8f9..175f7be0 100644 --- a/metis-core-service/src/main/java/eu/europeana/metis/core/service/DepublishRecordIdService.java +++ b/metis-core-service/src/main/java/eu/europeana/metis/core/service/DepublishRecordIdService.java @@ -1,10 +1,13 @@ package eu.europeana.metis.core.service; +import static java.lang.String.format; + import eu.europeana.metis.authentication.user.MetisUserView; import eu.europeana.metis.core.dao.DepublishRecordIdDao; import eu.europeana.metis.core.dataset.DatasetExecutionInformation; import eu.europeana.metis.core.dataset.DatasetExecutionInformation.PublicationStatus; import eu.europeana.metis.core.exceptions.NoDatasetFoundException; +import eu.europeana.metis.core.exceptions.PluginExecutionNotAllowed; import eu.europeana.metis.core.rest.DepublishRecordIdView; import eu.europeana.metis.core.rest.ResponseListWrapper; import eu.europeana.metis.core.util.DepublishRecordIdSortField; @@ -186,6 +189,11 @@ public WorkflowExecution createAndAddInQueueDepublishWorkflowExecution( // Authorize. authorizer.authorizeReadExistingDatasetById(metisUserView, datasetId); + if (depublicationReason == DepublicationReason.UNKNOWN) { + throw new PluginExecutionNotAllowed( + format("Depublication reason %s, is not allowed", depublicationReason)); + } + //Prepare depublish workflow, do not save in the database. Only create workflow execution final Workflow workflow = new Workflow(); workflow.setDatasetId(datasetId);