Fixes #658

oharsta · oharsta · commit 3049bb7d2faa · 2025-02-07T11:05:38.000+01:00
diff --git a/dashboard-gui/src/javascripts/pages/about_service.jsx b/dashboard-gui/src/javascripts/pages/about_service.jsx
@@ -8,7 +8,7 @@ import { ReactComponent as EulaIcon } from '../../images/common-file-text-check.
 import { ReactComponent as RegistrationPolicyIcon } from '../../images/common-file-text-edit.svg'
 import { ReactComponent as PrivacyStatementIcon } from '../../images/single-neutral-actions-text.svg'
 
-export default function AboutService({ app, type }) {
+export default function AboutService({ app, type, currentUser }) {
   const [institutions, setInstitutions] = useState(null)
 
   if (!app) {
@@ -22,7 +22,10 @@ export default function AboutService({ app, type }) {
   }
 
   useEffect(() => {
-    fetchInstitutions()
+    if (!currentUser.guest) {
+      fetchInstitutions()
+    }
+
   }, [])
 
   return (
@@ -106,9 +109,10 @@ export default function AboutService({ app, type }) {
           )}
         </div>
       </div>
-      {app.entityType !== 'single_tenant_template' && <div className="institutions">
-        <InstitutionTable institutions={institutions} />
-      </div>}
+      {(app.entityType !== 'single_tenant_template' && institutions) &&
+          <div className="institutions">
+            <InstitutionTable institutions={institutions} />
+          </div>}
     </div>
   )
 }
diff --git a/dashboard-gui/src/javascripts/pages/service_detail.jsx b/dashboard-gui/src/javascripts/pages/service_detail.jsx
@@ -129,7 +129,7 @@ export default function ServiceDetail() {
             </Route>
           )}
           <Route>
-            <AboutService app={app} type={type} />
+            <AboutService app={app} type={type} currentUser={currentUser}/>
           </Route>
         </Switch>
       </div>
diff --git a/dashboard-server/src/main/java/dashboard/control/ServicesController.java b/dashboard-server/src/main/java/dashboard/control/ServicesController.java
@@ -14,6 +14,7 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AuthorizationServiceException;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.*;
@@ -101,9 +102,12 @@ public RestResponse<List<Service>> byEnntityIds(@RequestBody List<String> entity
 
     @RequestMapping(value = "/idps")
     public RestResponse<List<InstitutionIdentityProvider>> getConnectedIdps(
-            @RequestHeader(HTTP_X_IDP_ENTITY_ID) String idpEntityId,
             @RequestParam String spEntityId,
             @RequestParam String type) {
+        CoinUser currentUser = SpringSecurity.getCurrentUser();
+        if (currentUser.isGuest()) {
+            throw new AuthorizationServiceException("/idps not allowed for guest)");
+        }
         ServiceProvider serviceProvider = manage.getServiceProvider(spEntityId, EntityType.valueOf(type), false)
                 .orElseThrow(IllegalArgumentException::new);
         List<InstitutionIdentityProvider> idps;
@@ -179,20 +183,12 @@ public ResponseEntity<RestResponse<Service>> get(@RequestHeader(HTTP_X_IDP_ENTIT
         Optional<Service> serviceByEntityId = services.getServiceById(idpEntityId, spId, EntityType
                 .valueOf(entityType), locale);
         CoinUser currentUser = SpringSecurity.getCurrentUser();
-        boolean eraseMails = currentUser.isGuest() || currentUser.isDashboardMember();
-
         return serviceByEntityId
-                .map(service -> eraseMails ? eraseMailsFromService(service) : service)
+                .map(service -> service.sanitize(currentUser))
                 .map(service -> ResponseEntity.ok(createRestResponse(service)))
                 .orElse(new ResponseEntity<>(HttpStatus.NOT_FOUND));
     }
 
-    public static Service eraseMailsFromService(Service service) {
-        service.setSupportMail(null);
-        service.setContactPersons(Collections.emptyList());
-        return service;
-    }
-
     @PreAuthorize("hasAnyRole('DASHBOARD_ADMIN','DASHBOARD_VIEWER','DASHBOARD_SUPER_USER')")
     @RequestMapping(value = "/connect", method = RequestMethod.POST)
     public ResponseEntity<RestResponse<Action>> connect(@RequestHeader(HTTP_X_IDP_ENTITY_ID) String idpEntityId,
diff --git a/dashboard-server/src/main/java/dashboard/control/UsersController.java b/dashboard-server/src/main/java/dashboard/control/UsersController.java
@@ -283,13 +283,11 @@ public ResponseEntity<RestResponse<Map<String, List<?>>>> idps() {
 
     @RequestMapping(value = "/me/serviceproviders", method = RequestMethod.GET)
     public RestResponse<List<Service>> serviceProviders(Locale locale) throws IOException {
-        List<Service> usersServices = getServiceProvidersForCurrentUser(locale);
-
         CoinUser currentUser = SpringSecurity.getCurrentUser();
-        boolean eraseMails = currentUser.isGuest() || currentUser.isDashboardMember();
-        if (eraseMails) {
-            usersServices = usersServices.stream().map(service -> ServicesController.eraseMailsFromService(service)).collect(toList());
-        }
+        List<Service> usersServices = getServiceProvidersForCurrentUser(locale).stream()
+                .map(service -> service.sanitize(currentUser))
+                .toList();
+
         return createRestResponse(usersServices);
     }
 
diff --git a/dashboard-server/src/main/java/dashboard/domain/Service.java b/dashboard-server/src/main/java/dashboard/domain/Service.java
@@ -92,7 +92,6 @@ public class Service implements Comparable<Service>, Serializable {
 
     private ARP arp;
 
-    private List<ContactPerson> contactPersons;
     private List<String> nameIds;
     private String minimalLoaLevel;
     private EntityType entityType;
@@ -432,14 +431,6 @@ public void setNoConsentRequired(boolean noConsentRequired) {
         this.noConsentRequired = noConsentRequired;
     }
 
-    public List<ContactPerson> getContactPersons() {
-        return contactPersons;
-    }
-
-    public void setContactPersons(List<ContactPerson> contactPersons) {
-        this.contactPersons = contactPersons;
-    }
-
     public PrivacyInfo getPrivacyInfo() {
         return privacyInfo;
     }
@@ -627,4 +618,11 @@ public String getOrganisation() {
     public void setOrganisation(String organisation) {
         this.organisation = organisation;
     }
+
+    public Service sanitize(CoinUser currentUser) {
+        if (currentUser.isGuest() || currentUser.isDashboardViewer()) {
+            this.setSupportMail(null);
+        }
+        return this;
+    }
 }
diff --git a/dashboard-server/src/main/java/dashboard/service/impl/ServicesImpl.java b/dashboard-server/src/main/java/dashboard/service/impl/ServicesImpl.java
@@ -108,12 +108,10 @@ private List<Service> buildApiServices(List<ServiceProvider> services, String la
     }
 
     private Service buildApiService(ServiceProvider serviceProvider, String locale) {
-
         Service service = new Service();
         plainProperties(serviceProvider, service);
         languageSpecificProperties(serviceProvider, locale, service);
         categories(serviceProvider, service, locale);
-        contactPersons(serviceProvider, service);
         return service;
     }
 
@@ -236,8 +234,4 @@ private void categories(ServiceProvider sp, Service service, String locale) {
         service.setCategories(Collections.singletonList(category));
     }
 
-    private void contactPersons(ServiceProvider sp, Service service) {
-        service.setContactPersons(sp.getContactPersons());
-    }
-
 }

Original file line number	Diff line number	Diff line change
`@@ -108,12 +108,10 @@ private List<Service> buildApiServices(List<ServiceProvider> services, String la`
`108`	`108`	`}`
`109`	`109`
`110`	`110`	`private Service buildApiService(ServiceProvider serviceProvider, String locale) {`
`111`		`-`
`112`	`111`	`Service service = new Service();`
`113`	`112`	`plainProperties(serviceProvider, service);`
`114`	`113`	`languageSpecificProperties(serviceProvider, locale, service);`
`115`	`114`	`categories(serviceProvider, service, locale);`
`116`		`- contactPersons(serviceProvider, service);`
`117`	`115`	`return service;`
`118`	`116`	`}`
`119`	`117`
`@@ -236,8 +234,4 @@ private void categories(ServiceProvider sp, Service service, String locale) {`
`236`	`234`	`service.setCategories(Collections.singletonList(category));`
`237`	`235`	`}`
`238`	`236`
`239`		`- private void contactPersons(ServiceProvider sp, Service service) {`
`240`		`- service.setContactPersons(sp.getContactPersons());`
`241`		`- }`
`242`		`-`
`243`	`237`	`}`