From 2d9b27532554f836e97a0f58a6121db0285acf50 Mon Sep 17 00:00:00 2001 From: Vincenzo Mecca Date: Fri, 11 Oct 2024 18:23:13 +0200 Subject: [PATCH] [DSC-1963] Fixes potential cache issues with rest exposed props --- .../repository/ConfigurationRestRepository.java | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/ConfigurationRestRepository.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/ConfigurationRestRepository.java index db9ba8c67f25..a2af6a698334 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/ConfigurationRestRepository.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/ConfigurationRestRepository.java @@ -33,17 +33,21 @@ public class ConfigurationRestRepository extends DSpaceRestRepository exposedProperties; - private List adminRestrictedProperties; @Autowired public ConfigurationRestRepository(ConfigurationService configurationService) { this.configurationService = configurationService; - this.exposedProperties = Arrays.asList(configurationService.getArrayProperty("rest.properties.exposed")); - this.adminRestrictedProperties = - Arrays.asList(configurationService.getArrayProperty("admin.rest.properties.exposed")); } + protected String[] getExposedProperties() { + return configurationService.getArrayProperty("rest.properties.exposed"); + } + + protected String[] getAdminRestrictedProperties() { + return configurationService.getArrayProperty("admin.rest.properties.exposed"); + } + + /** * Gets the value of a configuration property if it is exposed via REST * @@ -62,6 +66,9 @@ public ConfigurationRestRepository(ConfigurationService configurationService) { @Override @PreAuthorize("permitAll()") public PropertyRest findOne(Context context, String property) { + List exposedProperties = Arrays.asList(getExposedProperties()); + List adminRestrictedProperties = Arrays.asList(getAdminRestrictedProperties()); + if (!configurationService.hasProperty(property) || (adminRestrictedProperties.contains(property) && !isCurrentUserAdmin(context)) || (!exposedProperties.contains(property) && !isCurrentUserAdmin(context))) {