Skip to content

Commit

Permalink
Add permission check for displaying content pack uninstall details (#…
Browse files Browse the repository at this point in the history 
…18177)
  • Loading branch information
@thll
thll authored Feb 6, 2024
1 parent 8132032 commit c8adb0b
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 17 deletions.
4 changes: 4 additions & 0 deletions changelog/unreleased/pr-18177.toml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
type = "fixed"
message = "Add permission check for displaying content pack uninstall details."

pulls = ["18177"]
33 changes: 16 additions & 17 deletions ...er/src/main/java/org/graylog2/rest/resources/system/contentpacks/ContentPackResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,20 @@
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import jakarta.inject.Inject;
import jakarta.validation.Valid;
import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.bson.types.ObjectId;
import org.graylog2.audit.AuditEventTypes;
Expand Down Expand Up @@ -51,23 +65,6 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import jakarta.inject.Inject;

import jakarta.validation.Valid;
import jakarta.validation.constraints.NotNull;

import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;

import java.net.URI;
import java.util.Map;
import java.util.Set;
Expand Down Expand Up @@ -334,6 +331,8 @@ public ContentPackUninstallDetails uninstallDetails(
@PathParam("contentPackId") ModelId id,
@ApiParam(name = "installationId", value = "Installation ID", required = true)
@PathParam("installationId") String installationId) {
checkPermission(RestPermissions.CONTENT_PACK_READ, id.toString());

final ContentPackInstallation installation = contentPackInstallationPersistenceService.findById(new ObjectId(installationId))
.orElseThrow(() -> new NotFoundException("Couldn't find installation " + installationId));

Expand Down

0 comments on commit c8adb0b

Please sign in to comment.