Commit e4ed6bfa authored by Jörg Richter's avatar Jörg Richter

Topicmaps fix: don't send add-to-map messages back to origin (#384)

parent b14439c7
Pipeline #10505 passed with stage
in 14 minutes and 19 seconds
......@@ -58,6 +58,9 @@ public class WebSocketServiceImpl implements WebSocketService {
@Override
public void sendToAllButOrigin(String message) {
// Note: basically copied to Messenger.java (module dmx-topicmaps), including clientId() helper
// TODO: DRY. Provide central factory for the predicate + cookie logic
//
// Note: the predicate is evaluated in another thread (SendMessageWorker). So to read out the client-id
// cookie -- which is stored thread-locally -- we call clientId() from *this* thread (instead from predicate)
// and hold the result in the predicate's closure.
......@@ -99,8 +102,8 @@ public class WebSocketServiceImpl implements WebSocketService {
if (pool != null) {
logger.info("### Stopping WebSocket service (httpService=" + CoreActivator.getHttpService() + ")");
// CoreActivator.getHttpService().unregister("/websocket"); // HTTP service already gone
pool.close();
worker.interrupt();
pool.close();
} else {
logger.info("Stopping WebSocket service SKIPPED -- it was not successfully started");
}
......
......@@ -3,6 +3,7 @@ package systems.dmx.topicmaps;
import systems.dmx.core.Topic;
import systems.dmx.core.model.topicmaps.ViewAssoc;
import systems.dmx.core.model.topicmaps.ViewTopic;
import systems.dmx.core.service.Cookies;
import systems.dmx.core.service.CoreService;
import systems.dmx.core.service.accesscontrol.Operation;
......@@ -130,10 +131,29 @@ class Messenger {
}
private void sendToAuthorized(JSONObject message, long objectId) {
// Note: the predicate is evaluated in another thread (WebSocketService's SendMessageWorker). So to read out
// the client-id cookie -- which is stored thread-locally -- we call clientId() from *this* thread (instead
// from predicate) and hold the result in the predicate's closure.
String clientId = clientId();
//
dmx.getWebSocketService().sendToSome(message.toString(), conn -> {
// don't send back to origin
boolean isOrigin = conn.getClientId().equals(clientId);
if (isOrigin) {
logger.info(conn.getClientId() + " " + conn.getUsername() + " (origin) -> " + false);
return false;
}
// only send if receiver is authorized
boolean isReadable = dmx.getPrivilegedAccess().hasPermission(conn.getUsername(), Operation.READ, objectId);
logger.info(conn.getClientId() + " " + conn.getUsername() + " -> " + isReadable);
return isReadable;
});
}
// ---
private String clientId() {
Cookies cookies = Cookies.get();
return cookies.has("dmx_client_id") ? cookies.get("dmx_client_id") : null;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment