Fix Dashboard Alert and view Files

JadnK · JadnK · commit 85d6cba17b45 · 2025-09-16T12:53:50.000+02:00
diff --git a/src/main/java/de/jadenk/springcloud/controller/DashboardController.java b/src/main/java/de/jadenk/springcloud/controller/DashboardController.java
@@ -139,11 +139,13 @@ public String dashboard(@RequestParam(value = "error", required = false) String
             }
         }
 
-        // Fehlermeldungen beim Upload
+        // Fehlermeldungen
         if ("uploadError".equals(error)) {
             model.addAttribute("error", "There was an Error while Uploading. Try again later.");
         } else if ("uploadInProgress".equals(error)) {
             model.addAttribute("error", "There is an current Upload in Progress.");
+        } else if ("NoAccess".equals(error)) {
+            model.addAttribute("error", "You aren't Allowed to see this.");
         } else if (error != null) {
             model.addAttribute("error", "An Error occurred.");
         }
@@ -287,9 +289,18 @@ public ResponseEntity<ByteArrayResource> downloadFile(@PathVariable Long id) {
      */
     @GetMapping("/file/{fileId}")
     public ResponseEntity<Resource> getFile(@PathVariable Long fileId) {
+        UserDetails currentUserDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
+        User currentUser = userRepository.findByUsername(currentUserDetails.getUsername()).orElseThrow();
+
         UploadedFile file = uploadedFileRepository.findById(fileId)
                 .orElseThrow(() -> new ResourceNotFoundException("File not found"));
 
+        // Berechtigungsprüfung
+        if (!file.getFileOwner().getId().equals(currentUser.getId())
+                && !fileAuthorizationService.isUserAuthorized(fileId, currentUser.getId())) {
+            throw new ResourceNotFoundException("File not found"); // oder AccessDeniedException
+        }
+
         return ResponseEntity.ok()
                 .contentType(MediaType.parseMediaType(file.getFileType()))
                 .body(new ByteArrayResource(file.getFileData()));
diff --git a/src/main/java/de/jadenk/springcloud/exception/GlobalExceptionHandler.java b/src/main/java/de/jadenk/springcloud/exception/GlobalExceptionHandler.java
@@ -17,4 +17,8 @@ public void handleCustomRuntimeException(CustomRuntimeException ex) {
         webhookService.triggerWebhookEvent(WebhookEvent.ERROR_THROWN, ex.getMessage(), 0L);
     }
 
+    @ExceptionHandler(ResourceNotFoundException.class)
+    public String handleResourceNotFound() {
+        return "redirect:/dashboard?error=NoAccess";
+    }
 }
diff --git a/src/main/resources/templates/dashboard.html b/src/main/resources/templates/dashboard.html
@@ -10,7 +10,7 @@
 <!--    <script th:src="@{/js/dashboard.js}"></script>-->
 </head>
 <body class="bg-[var(--color-bg)] text-[var(--color-text)] font-sans min-h-screen">
-
+<div th:replace="~{fragments/alert}"></div>
 <nav class="sticky top-0 z-50 w-full flex justify-between items-center flex-wrap
             bg-gradient-to-r from-[var(--color-bg)] to-[var(--color-bg-alt)]
             px-8 py-3 shadow-lg border-b-4 border-[var(--color-primary)] font-sans">

Original file line number	Diff line number	Diff line change
`@@ -17,4 +17,8 @@ public void handleCustomRuntimeException(CustomRuntimeException ex) {`
`17`	`17`	`webhookService.triggerWebhookEvent(WebhookEvent.ERROR_THROWN, ex.getMessage(), 0L);`
`18`	`18`	`}`
`19`	`19`
	`20`	`+ @ExceptionHandler(ResourceNotFoundException.class)`
	`21`	`+ public String handleResourceNotFound() {`
	`22`	`+ return "redirect:/dashboard?error=NoAccess";`
	`23`	`+ }`
`20`	`24`	`}`