Updated getExperiment so an experiment can be accessed in two cases: 1. If it...

Updated getExperiment so an experiment can be accessed in two cases: 1. If it is shared to everyone 2. If it is not shared only the owner can access it. If none of the above is the case it will return a UNAUTHORIZED Http Status.

Updated getExperiment so an experiment can be accessed in two cases: 1. If it...
Updated getExperiment so an experiment can be accessed in two cases: 1. If it is shared to everyone 2. If it is not shared only the owner can access it. If none of the above is the case it will return a UNAUTHORIZED Http Status.
1670a2e1 · kfilippopolitis · ded2e389 · 1670a2e1
Commit 1670a2e1 authored 4 years ago by kfilippopolitis
--- a/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
@@ -103,6 +103,11 @@ public class ExperimentApi {
            return new ResponseEntity<>("Not found", HttpStatus.NOT_FOUND);
        }

+        if (!experiment.isShared() && experiment.getCreatedBy().getUsername().compareTo(userInfo.getUser().getUsername()) != 0) {
+
+            return new ResponseEntity<>("You have no access to the experiment", HttpStatus.UNAUTHORIZED);
+        }
+
        UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Get an experiment ", " uuid : " + uuid);

        return new ResponseEntity<>(gsonOnlyExposed.toJson(experiment.jsonify()), HttpStatus.OK);