From dc6ed8385305b6372380f4856c620019af48e519 Mon Sep 17 00:00:00 2001 From: Jan Date: Mon, 10 Nov 2025 22:19:10 +0100 Subject: [PATCH] fixed upload right managment. Checking if the hs code is 10 - 12 chars long and numbers only --- .../de/avatic/lcc/service/bulk/BulkOperationService.java | 6 ++++-- .../lcc/service/excelMapper/MaterialFastExcelMapper.java | 3 +-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/main/java/de/avatic/lcc/service/bulk/BulkOperationService.java b/src/main/java/de/avatic/lcc/service/bulk/BulkOperationService.java index 7aaff8a..415117f 100644 --- a/src/main/java/de/avatic/lcc/service/bulk/BulkOperationService.java +++ b/src/main/java/de/avatic/lcc/service/bulk/BulkOperationService.java @@ -72,12 +72,14 @@ public class BulkOperationService { private void checkAuthorized(BulkFileType fileType) { - if( switch (fileType) { + var auth = switch (fileType) { case CONTAINER_RATE, COUNTRY_MATRIX -> authorizationService.hasAnyRole("SUPER", "FREIGHT"); case MATERIAL -> authorizationService.hasAnyRole("SUPER", "MATERIAL"); case PACKAGING -> authorizationService.hasAnyRole("SUPER", "PACKAGING"); case NODE -> authorizationService.hasAnyRole("SUPER"); - }) { + }; + + if(!auth) { throw new ForbiddenException("You are not authorized to perform this operation"); } diff --git a/src/main/java/de/avatic/lcc/service/excelMapper/MaterialFastExcelMapper.java b/src/main/java/de/avatic/lcc/service/excelMapper/MaterialFastExcelMapper.java index fbf1440..86a5c0c 100644 --- a/src/main/java/de/avatic/lcc/service/excelMapper/MaterialFastExcelMapper.java +++ b/src/main/java/de/avatic/lcc/service/excelMapper/MaterialFastExcelMapper.java @@ -248,7 +248,6 @@ public class MaterialFastExcelMapper { * Validates HS Code (placeholder for API validation) */ private boolean validateHsCode(String hsCode) { - //TODO check via api?! - return true; + return hsCode.length() >= 10 && hsCode.length() <= 12 && hsCode.matches("[0-9]+"); } } \ No newline at end of file