This is an automated email from the ASF dual-hosted git repository. riemer pushed a commit to branch fix-kiosk-dashboard in repository https://gitbox.apache.org/repos/asf/streampipes.git
commit 5363477b923e86c2f667a97ac696f8532055e6d4 Author: Dominik Riemer <[email protected]> AuthorDate: Tue Sep 9 15:55:40 2025 +0200 fix: Allow anonymous access to kiosk data resource --- .../impl/datalake/KioskDashboardDataLakeResource.java | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/streampipes-rest/src/main/java/org/apache/streampipes/rest/impl/datalake/KioskDashboardDataLakeResource.java b/streampipes-rest/src/main/java/org/apache/streampipes/rest/impl/datalake/KioskDashboardDataLakeResource.java index d6c0258620..75a872da13 100644 --- a/streampipes-rest/src/main/java/org/apache/streampipes/rest/impl/datalake/KioskDashboardDataLakeResource.java +++ b/streampipes-rest/src/main/java/org/apache/streampipes/rest/impl/datalake/KioskDashboardDataLakeResource.java @@ -29,6 +29,7 @@ import org.apache.streampipes.model.datalake.param.ProvidedRestQueryParams; import org.apache.streampipes.model.monitoring.SpLogMessage; import org.apache.streampipes.rest.core.base.impl.AbstractAuthGuardedRestResource; import org.apache.streampipes.storage.api.CRUDStorage; +import org.apache.streampipes.storage.api.IPermissionStorage; import org.apache.streampipes.storage.management.StorageDispatcher; import org.springframework.http.MediaType; @@ -52,6 +53,7 @@ public class KioskDashboardDataLakeResource extends AbstractAuthGuardedRestResou private final CRUDStorage<DashboardModel> dashboardStorage = StorageDispatcher.INSTANCE.getNoSqlStore().getDataExplorerDashboardStorage(); private final CRUDStorage<DataExplorerWidgetModel> dataExplorerWidgetStorage; + private final IPermissionStorage permissionStorage; public KioskDashboardDataLakeResource() { this.dataExplorerSchemaManagement = new DataExplorerDispatcher() @@ -63,12 +65,13 @@ public class KioskDashboardDataLakeResource extends AbstractAuthGuardedRestResou this.dataExplorerWidgetStorage = StorageDispatcher.INSTANCE .getNoSqlStore() .getDataExplorerWidgetStorage(); + this.permissionStorage = getNoSqlStorage().getPermissionStorage(); } @PostMapping(path = "/{dashboardId}/{widgetId}/data", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) - @PreAuthorize("this.hasReadAuthority() and hasPermission(#dashboardId, 'READ')") + @PreAuthorize("this.hasReadAuthorityOrAnonymous(#dashboardId) and hasPermission(#dashboardId, 'READ')") public ResponseEntity<?> getData(@PathVariable("dashboardId") String dashboardId, @PathVariable("widgetId") String widgetId, @RequestBody Map<String, String> queryParams) { @@ -113,4 +116,14 @@ public class KioskDashboardDataLakeResource extends AbstractAuthGuardedRestResou public boolean hasReadAuthority() { return isAdminOrHasAnyAuthority(DefaultPrivilege.Constants.PRIVILEGE_READ_DASHBOARD_VALUE); } + + public boolean hasReadAuthorityOrAnonymous(String dashboardId) { + return hasReadAuthority() + || hasAnonymousAccessAuthority(dashboardId); + } + + private boolean hasAnonymousAccessAuthority(String dashboardId) { + var perms = permissionStorage.getUserPermissionsForObject(dashboardId); + return !perms.isEmpty() && perms.get(0).isReadAnonymous(); + } }
