ebad6ae0e7c8192dc9aed2bc1b8b0939f3ed36bd,src/modules/rest/extjs/src/main/java/it/geosolutions/geostore/services/rest/impl/RESTExtJsServiceImpl.java,RESTExtJsServiceImpl,getExtResourcesList,#SecurityContext#number#number#boolean#boolean#SearchFilter#,269
Before Change
}
if (LOGGER.isDebugEnabled())
LOGGER.debug("getResourcesList(start=" + start + ", limit=" + limit
+ ", includeAttributes=" + includeAttributes);
User authUser = null;
try{
authUser = extractAuthUser(sc);
}catch (InternalErrorWebEx ie){
// serch without user information
}
Integer page = null;
if (start != null) {
page = start / limit;
}
try {
List<Resource> resources = getResourcesAllowed(resourceService.getResources(filter, page, limit,
includeAttributes, includeData, authUser), authUser);
// Here the Read permission on each resource must be checked due to will be returned the full Resource not just a ShortResource
// N.B. This is a bad method to check the permissions on each requested resource, it can perform 2 database access for each resource.
// Possible optimization -> When retrieving the resources, add to "filter" also another part to load only the allowed resources.
long count = 0;
if (resources != null && resources.size() > 0)
count = resourceService.getCountByFilterAndUser(filter, authUser);
ExtResourceList list = new ExtResourceList(count, resources);
return list;
} catch (InternalErrorServiceEx e) {
if (LOGGER.isEnabledFor(Level.ERROR))
LOGGER.error(e.getMessage());
return null;
} catch (BadRequestServiceEx e) {
After Change
}
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("getResourcesList(start=" + start + ", limit=" + limit
+ ", includeAttributes=" + includeAttributes);
}
User authUser = null;
try {
authUser = extractAuthUser(sc);
} catch (InternalErrorWebEx ie) {
// serch without user information
LOGGER.warn("Error in validating user (this action should probably be aborted)", ie); // why is this exception caught?
}
Integer page = null;
if (start != null) {
page = start / limit;
}
try {
List<Resource> resources = getResourcesAllowed(resourceService.getResources(filter, page, limit,
includeAttributes, includeData, authUser), authUser);
// Here the Read permission on each resource must be checked due to will be returned the full Resource not just a ShortResource
// N.B. This is a bad method to check the permissions on each requested resource, it can perform 2 database access for each resource.
// Possible optimization -> When retrieving the resources, add to "filter" also another part to load only the allowed resources.
long count = 0;
if (resources != null && resources.size() > 0) {
count = resourceService.getCountByFilterAndUser(filter, authUser);
}
ExtResourceList list = new ExtResourceList(count, resources);
return list;
} catch (InternalErrorServiceEx e) {
LOGGER.warn(e.getMessage(), e);
return null;
} catch (BadRequestServiceEx e) {