[GeoNetwork-devel] [GeoNetwork opensource Developer website] #1166: download links on a search result shows timing out 'download files' window for non-connected users

#1166: download links on a search result shows timing out 'download files' window
for non-connected users
---------------------+------------------------------------------------------
Reporter: landry | Owner: geonetwork-devel@…
     Type: defect | Status: new
Priority: major | Milestone: v2.9.0
Component: General | Version: v2.8.0RC2
Keywords: |
---------------------+------------------------------------------------------
Using 2.8.0rc2, the search result window shows 'download file' links to
non-connected users for attached file resources, even if the privileges to
download the files are not granted to non-connected users. This wasnt the
case with geosource 2.7.0, so dunno what changed since then.

Clicking those links when non connected brings a 'download files' extjs
widget, but it timeouts since in the backend file.prepare.download is
called, and this raises an OperationNotAllowedEx exception which is not
propagated correctly to the UI. When connected and the rights are granted,
it correctly shows a list of downloadable files to select.

{{{
2012-11-26 10:00:06,689 INFO [jeeves.service] - Dispatching :
prepare.file.download
2012-11-26 10:00:06,692 ERROR [jeeves.service] - Exception when executing
service
2012-11-26 10:00:06,692 ERROR [jeeves.service] - (C) Exc :
OperationNotAllowedEx : Operation not allowed
2012-11-26 10:00:06,693 DEBUG [jeeves.service] - Raised exception while
executing service
<error id="operation-not-allowed">
   <message>Operation not allowed</message>
   <class>OperationNotAllowedEx</class>
   <stack>
     <at class="org.fao.geonet.lib.ResourceLib" file="ResourceLib.java"
line="131" method="checkPrivilege" />
     <at class="org.fao.geonet.services.metadata.PrepareFileDownload"
file="PrepareFileDownload.java" line="94" method="exec" />
     <at class="jeeves.server.dispatchers.ServiceInfo"
file="ServiceInfo.java" line="230" method="execService" />
     <at class="jeeves.server.dispatchers.ServiceInfo"
file="ServiceInfo.java" line="139" method="execServices" />
     <at class="jeeves.server.dispatchers.ServiceManager"
file="ServiceManager.java" line="420" method="dispatch" />
     <at class="jeeves.server.JeevesEngine" file="JeevesEngine.java"
line="747" method="dispatch" />
     <at class="jeeves.server.sources.http.JeevesServlet"
file="JeevesServlet.java" line="208" method="execute" />
     <at class="jeeves.server.sources.http.JeevesServlet"
file="JeevesServlet.java" line="109" method="doGet" />
     <at class="javax.servlet.http.HttpServlet" file="HttpServlet.java"
line="617" method="service" />
     <at class="javax.servlet.http.HttpServlet" file="HttpServlet.java"
line="717" method="service" />
     <skip>...</skip>
     <at class="org.fao.geonet.monitor.webapp.WebappMetricsFilter"
file="WebappMetricsFilter.java" line="96" method="doFilter" />
     <skip>...</skip>
     <at
class="org.fao.geonet.monitor.webapp.MetricsRegistryInitializerFilter"
file="MetricsRegistryInitializerFilter.java" line="31" method="doFilter"
/>
     <skip>...</skip>
   </stack>
   <request>
     <language>fre</language>
     <service>prepare.file.download</service>
   </request>
</error>
}}}

So, two things:
- why are the download links shown at all to non-connected users ? smth
changed in the config ? In both cases i'm using resources.get for file
access
- can the exception be properly shown to the user instead of leaving the
user with a timing-out widget ?

(and of course, anyone can reproduce it ?)

--
Ticket URL: <http://trac.osgeo.org/geonetwork/ticket/1166&gt;
GeoNetwork opensource Developer website <http://sourceforge.net/projects/geonetwork/&gt;
GeoNetwork opensource is a standards based, Free and Open Source catalog application to manage spatially referenced resources through the web. It provides powerful metadata editing and search functions as well as an embedded interactive web map viewer. This website contains information related to the development of the software.

#1166: download links on a search result shows timing out 'download files' window
for non-connected users
---------------------+------------------------------------------------------
Reporter: landry | Owner: geonetwork-devel@…
     Type: defect | Status: new
Priority: major | Milestone: v2.9.0
Component: General | Version: v2.8.0RC2
Keywords: |
---------------------+------------------------------------------------------

Comment(by landry):

prepare.file.download calls services/metadata/PrepareFileDownload.java
which in turns calls Lib.resource.checkPrivilege() which requires
credentials - Guest cant call that so the 'downloadLinks' should be hidden
to unauthenticated users.

Furthermore, it only returns the links to authenticated users so far, i
havent been able to get the real download links for my catalog - it seems
processDownloadLinks fails to find all the files. I'm considering
disabling it completely, since all download links are available separately
outside of the 'downloadLinks' window.

--
Ticket URL: <http://trac.osgeo.org/geonetwork/ticket/1166#comment:1&gt;
GeoNetwork opensource Developer website <http://sourceforge.net/projects/geonetwork/&gt;
GeoNetwork opensource is a standards based, Free and Open Source catalog application to manage spatially referenced resources through the web. It provides powerful metadata editing and search functions as well as an embedded interactive web map viewer. This website contains information related to the development of the software.

#1166: download links on a search result shows timing out 'download files' window
for non-connected users
---------------------+------------------------------------------------------
Reporter: landry | Owner: geonetwork-devel@…
     Type: defect | Status: new
Priority: major | Milestone: v2.9.0
Component: General | Version: v2.8.0RC2
Keywords: |
---------------------+------------------------------------------------------

Comment(by simonp):

Not sure what is going on? I can't seem to reproduce this in GeoNetwork
2.8.0RC2:

- classic interface or new widgets interface: With resources.get or
file.disclaimer service I do not see download links to files that I don't
have download access rights on in search results window

- in widgets interface though, when I open the record up in the viewer, I
am shown the download link but clicking on the link brings up
OperationNotAllowedEx which is ok I guess (probably shouldn't show the
link at all I suppose).

--
Ticket URL: <http://trac.osgeo.org/geonetwork/ticket/1166#comment:2&gt;
GeoNetwork opensource Developer website <http://sourceforge.net/projects/geonetwork/&gt;
GeoNetwork opensource is a standards based, Free and Open Source catalog application to manage spatially referenced resources through the web. It provides powerful metadata editing and search functions as well as an embedded interactive web map viewer. This website contains information related to the development of the software.

#1166: download links on a search result shows timing out 'download files' window
for non-connected users
---------------------+------------------------------------------------------
Reporter: landry | Owner: geonetwork-devel@…
     Type: defect | Status: new
Priority: major | Milestone: v2.9.0
Component: General | Version: v2.8.0RC2
Keywords: |
---------------------+------------------------------------------------------

Comment(by landry):

Replying to [comment:2 simonp]:
> Not sure what is going on? I can't seem to reproduce this in GeoNetwork
2.8.0RC2:
>
> - classic interface or new widgets interface: With resources.get or
file.disclaimer service I do not see download links to files that I don't
have download access rights on in search results window

Here in the search results interface, when clicking on the 'download
files' link the extjs panel loads forever/timeouts. In the log i get the
OperationNotAllowed message, but it seems the error is not properly
propagated to the extjs ui... though i get :

{{
2013-02-22 14:24:50,931 INFO [jeeves.service] - -> dispatching to
error for : prepare.file.download
2013-02-22 14:24:50,949 INFO [jeeves.service] - -> transforming with
stylesheet : /var/lib/tomcat-georchestra/webapps/geocat/xsl/error.xsl
2013-02-22 14:24:51,200 INFO [jeeves.service] - -> end error
transformation for : prepare.file.download
2013-02-22 14:24:51,200 INFO [jeeves.service] - -> error ended for :
prepare.file.download
}}

But yes the prepare.file.download link should be displayed to non-
connected users. Note that here i've backported
http://trac.osgeo.org/geonetwork/ticket/1107 from master to my local 2.8.x
to fix a bug where download links were duplicated for each download.

> - in widgets interface though, when I open the record up in the viewer,
I am shown the download link but clicking on the link brings up
OperationNotAllowedEx which is ok I guess (probably shouldn't show the
link at all I suppose).

I have the same behaviour here if i view the record, clicking on the
download link brings OperationNotAllowedEx. So it shouldnt be shown here
either.

--
Ticket URL: <http://trac.osgeo.org/geonetwork/ticket/1166#comment:3&gt;
GeoNetwork opensource Developer website <http://sourceforge.net/projects/geonetwork/&gt;
GeoNetwork opensource is a standards based, Free and Open Source catalog application to manage spatially referenced resources through the web. It provides powerful metadata editing and search functions as well as an embedded interactive web map viewer. This website contains information related to the development of the software.

#1166: download links on a search result shows timing out 'download files' window
for non-connected users
---------------------+------------------------------------------------------
Reporter: landry | Owner: geonetwork-devel@…
     Type: defect | Status: new
Priority: major | Milestone: v2.9.0
Component: General | Version: v2.8.0RC2
Keywords: |
---------------------+------------------------------------------------------

Comment(by landry):

Just for reference, i found out why prepare.file.download showed nothing
in my case :

For some unknown reason the file download doesnt have the filename
directly in the <gmd:name> tag but inside MimeFileType - no idea how it
went this way.
{{{
<gmd:name>

<gmx:MimeFileType xmlns:gmx="http://www.isotc211.org/2005/gmx&quot;
type="application/pdf">Carte_AMII.pdf</gmx:MimeFileType>

</gmd:name>
}}}

Thus 'name' attribute is not set when getting the minimized xml :

{{{
<link title="Cartographie : R?ponses ? l?AMII - Programme National Tr?s
Haut D?bit" href="http://ids-
dev.craig.fr/geocat/srv/eng/resources.get?id=152&amp;fname=Carte_AMII.pdf&amp;access=private"
name="" protocol="WWW:DOWNLOAD-1.0-http--download" type="application/pdf"
/>
<link type="download">http://ids-
dev.craig.fr/geocat/srv/eng/resources.get?id=152&amp;fname=Carte_AMII.pdf&amp;access=private</link>
}}}

and the xpath request in PrepareFileDownload.java doesnt catch it. (note
that it doesnt select the 'type=download' links, while it could use them
and parse the URL)

A workaround is to get the name from the href link, and additionally check
if it is not empty as an additional check. I admit it's not the best fix,
but at least it sorta fixes the issue for me.

{{{
diff --git
a/web/src/main/java/org/fao/geonet/services/metadata/PrepareFileDownload.java
b/web/src/main/java/org/fao/geonet/services/metadata/PrepareFileDownload.java
index af24b64..2baa7c0 100644
---
a/web/src/main/java/org/fao/geonet/services/metadata/PrepareFileDownload.java
+++
b/web/src/main/java/org/fao/geonet/services/metadata/PrepareFileDownload.java
@@ -112,7 +112,7 @@ public class PrepareFileDownload implements Service
                 //--- process links to a file (have name field not blank)
                 //--- if they are a reference to a downloadable local file
then get size
                 //--- and date modified, if not then set local to false
- xp = XPath.newInstance ("link[starts-
with(@protocol,'WWW:DOWNLOAD') and @name!='']");
+ xp = XPath.newInstance ("link[starts-
with(@protocol,'WWW:DOWNLOAD')]");
                 elems = xp.selectNodes(elBrief);
                 response = processDownloadLinks(context, id,
dm.getSiteURL(), elems, response);

@@ -158,11 +158,14 @@ public class PrepareFileDownload implements Service
                                                                 if
(lp.startsWith("access=")) {
access = lp.substring(lp.indexOf('=')+1);
                                                                 }
+ if
(lp.startsWith("fname=")) {
+
fname = lp.substring(lp.indexOf('=')+1);
+ }
                                                         }

                                                         File dir = new
File(Lib.resource.getDir(context, access, id));
                                                         File file= new
File(dir, fname);
- if (file.exists())
{
+ if (fname != "" &&
file.exists()) {
                                                                 size =
file.length();
                                                                 Date date
= new Date(file.lastModified());
dateModified = sdf.format(date);
@@ -175,7 +178,8 @@ public class PrepareFileDownload implements Service
elem.setAttribute("found",found+"");
elem.setAttribute("local",local+"");
elem.setAttribute("download","true");
- response.addContent(elem);
+ if (found)
+ response.addContent(elem);
                                 } else {
                                         context.info("Unknown download
link: "+Xml.getString(elem));
                                 }
}}}

--
Ticket URL: <http://trac.osgeo.org/geonetwork/ticket/1166#comment:4&gt;
GeoNetwork opensource Developer website <http://sourceforge.net/projects/geonetwork/&gt;
GeoNetwork opensource is a standards based, Free and Open Source catalog application to manage spatially referenced resources through the web. It provides powerful metadata editing and search functions as well as an embedded interactive web map viewer. This website contains information related to the development of the software.

#1166: download links on a search result shows timing out 'download files' window
for non-connected users
---------------------+------------------------------------------------------
Reporter: landry | Owner: geonetwork-devel@…
     Type: defect | Status: new
Priority: major | Milestone: v2.9.0
Component: General | Version: v2.8.0RC2
Keywords: |
---------------------+------------------------------------------------------

Comment(by simonp):

{{ ..... INFO [jeeves.service] - -> transforming with stylesheet :
/var/lib/tomcat-georchestra/webapps/geocat/xsl/error.xsl .... }}

Are you running GeoNetwork 2.8.x RC2? Perhaps you are running some other
version of GeoNetwork (geocat?, geosource?)

--
Ticket URL: <http://trac.osgeo.org/geonetwork/ticket/1166#comment:5&gt;
GeoNetwork opensource Developer website <http://sourceforge.net/projects/geonetwork/&gt;
GeoNetwork opensource is a standards based, Free and Open Source catalog application to manage spatially referenced resources through the web. It provides powerful metadata editing and search functions as well as an embedded interactive web map viewer. This website contains information related to the development of the software.

#1166: download links on a search result shows timing out 'download files' window
for non-connected users
---------------------+------------------------------------------------------
Reporter: landry | Owner: geonetwork-devel@…
     Type: defect | Status: new
Priority: major | Milestone: v2.9.0
Component: General | Version: v2.8.0RC2
Keywords: |
---------------------+------------------------------------------------------

Comment(by landry):

Replying to [comment:5 simonp]:
>
>
> {{ ..... INFO [jeeves.service] - -> transforming with stylesheet :
/var/lib/tomcat-georchestra/webapps/geocat/xsl/error.xsl .... }}
>
> Are you running GeoNetwork 2.8.x RC2? Perhaps you are running some other
version of GeoNetwork (geocat?, geosource?)

I'm running tip of regular geonetwork 2.8.x github branch, with some
commits backported (mainly #1107 but also fixes for #1226, #1227 & #1228
among others) and some parts from geosource on top of it. 'geocat' is the
name of the war when i deploy it, but it's geonetwork with extjs gui.

--
Ticket URL: <http://trac.osgeo.org/geonetwork/ticket/1166#comment:6&gt;
GeoNetwork opensource Developer website <http://sourceforge.net/projects/geonetwork/&gt;
GeoNetwork opensource is a standards based, Free and Open Source catalog application to manage spatially referenced resources through the web. It provides powerful metadata editing and search functions as well as an embedded interactive web map viewer. This website contains information related to the development of the software.