Nochmals Hotfix für Access Check

ae53fdd5 · Michael Breu · e19a6a6f · ae53fdd5
Commit ae53fdd5 authored 10 months ago by Michael Breu
--- a/src/main/java/at/ac/uibk/gitsearch/web/rest/ExerciseResource.java
+++ b/src/main/java/at/ac/uibk/gitsearch/web/rest/ExerciseResource.java
@@ -23,6 +23,8 @@ import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
+import java.net.URLDecoder;
+import java.nio.charset.Charset;
 import java.nio.file.Files;
 import java.text.ParseException;
 import java.util.List;
@@ -48,6 +50,7 @@ import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.servlet.HandlerMapping;
@@ -396,14 +399,22 @@ public class ExerciseResource {
        return ResponseEntity.ok(new URL(baseUrl + "/import/" + exerciseImportService.getTokenFromUrl(exerciseUrl)).toURI());
    }
-    @GetMapping("/exercises/source-authorization/{id}")
+    @RequestMapping(value = "/exercises/source-authorization/**", method = RequestMethod.GET)
+    //    @GetMapping("/exercises/source-authorization/{id}")
    @SuppressWarnings("PMD.AvoidCatchingGenericException")
-    public ResponseEntity<SearchResultDTO> getMembers(@PathVariable("id") String exerciseId) {
+    public ResponseEntity<SearchResultDTO> getMembers(HttpServletRequest request) {
+        String exerciseId = "unknown";
        try {
            if (SecurityUtils.getCurrentUserLogin().isEmpty()) {
                ResponseEntity.status(HttpStatus.FORBIDDEN).build();
            }
+            exerciseId =
+                URLDecoder.decode(
+                    request.getRequestURL().toString().split("/exercises/source-authorization/")[1],
+                    Charset.defaultCharset()
+                );
            final Optional<SearchResultDTO> result = searchService.findExerciseById(ExerciseId.fromString(exerciseId));
            if (result.isEmpty()) {
                return ResponseEntity.notFound().build();