ProgrammeVitam · marob · Jul 25, 2024 · Jul 23, 2024
diff --git a/...src/main/java/fr/gouv/vitamui/collect/external/server/rest/ProjectExternalController.java b/...src/main/java/fr/gouv/vitamui/collect/external/server/rest/ProjectExternalController.java
@@ -96,17 +96,14 @@ public PaginatedValuesDto<CollectProjectDto> getAllPaginated(
         @RequestParam(required = false) final Optional<String> orderBy,
         @RequestParam(required = false) final Optional<DirectionDto> direction
     ) throws PreconditionFailedException {
-        direction.ifPresent(directionDto -> {
-            SanityChecker.sanitizeCriteria(directionDto);
-        });
-        if (orderBy.isPresent()) {
-            SanityChecker.checkSecureParameter(orderBy.get());
-        }
+        direction.ifPresent(SanityChecker::sanitizeCriteria);
+        orderBy.ifPresent(SanityChecker::checkSecureParameter);
         SanityChecker.sanitizeCriteria(criteria);
         LOGGER.debug(
             "getPaginateEntities page={}, size={}, criteria={}, orderBy={}, ascendant={}",
             page,
             size,
+            criteria,
             orderBy,
             direction
         );
@@ -127,14 +124,13 @@ public PaginatedValuesDto<CollectTransactionDto> getTransactionsByProjectPaginat
         SanityChecker.checkSecureParameter(projectId);
         SanityChecker.sanitizeCriteria(direction);
         SanityChecker.sanitizeCriteria(criteria);
-        if (orderBy.isPresent()) {
-            SanityChecker.checkSecureParameter(orderBy.get());
-        }
+        orderBy.ifPresent(SanityChecker::checkSecureParameter);
 
         LOGGER.debug(
             "getPaginateEntities page={}, size={}, criteria={}, orderBy={}, ascendant={}",
             page,
             size,
+            criteria,
             orderBy,
             direction
         );

diff --git a/...n/java/fr/gouv/vitamui/collect/internal/server/config/ApiCollectInternalServerConfig.java b/...n/java/fr/gouv/vitamui/collect/internal/server/config/ApiCollectInternalServerConfig.java
@@ -30,6 +30,7 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import fr.gouv.vitamui.collect.internal.server.dao.SearchCriteriaHistoryRepository;
 import fr.gouv.vitamui.collect.internal.server.security.WebSecurityConfig;
+import fr.gouv.vitamui.collect.internal.server.service.ExternalParametersService;
 import fr.gouv.vitamui.collect.internal.server.service.ProjectInternalService;
 import fr.gouv.vitamui.collect.internal.server.service.ProjectObjectGroupInternalService;
 import fr.gouv.vitamui.collect.internal.server.service.SearchCriteriaHistoryInternalService;
@@ -114,9 +115,10 @@ public InternalSecurityService securityService() {
     @Bean
     public ProjectInternalService collectInternalService(
         final CollectService collectService,
-        ObjectMapper objectMapper
+        ObjectMapper objectMapper,
+        ExternalParametersService externalParametersService
     ) {
-        return new ProjectInternalService(collectService, objectMapper);
+        return new ProjectInternalService(collectService, objectMapper, externalParametersService);
     }
 
     @Bean

diff --git a/...src/main/java/fr/gouv/vitamui/collect/internal/server/rest/ProjectInternalController.java b/...src/main/java/fr/gouv/vitamui/collect/internal/server/rest/ProjectInternalController.java
@@ -84,6 +84,7 @@ public ProjectInternalController(
         this.externalParametersService = externalParametersService;
     }
 
+    // FIXME: page, size, orderBy and direction are not used!
     @GetMapping(params = { "page", "size" })
     public PaginatedValuesDto<CollectProjectDto> getAllProjectsPaginated(
         @RequestParam final Integer page,
@@ -212,6 +213,7 @@ public CollectTransactionDto findLastTransactionByProjectId(final @PathVariable(
         );
     }
 
+    // FIXME: page, size, orderBy and direction are not used!
     @ApiOperation(value = "Get transactions by project paginated")
     @GetMapping(params = { "page", "size" }, value = PATH_ID + TRANSACTIONS)
     public PaginatedValuesDto<CollectTransactionDto> getTransactionsByProjectPaginated(

diff --git a/...va/fr/gouv/vitamui/collect/internal/server/rest/ProjectObjectGroupInternalController.java b/...va/fr/gouv/vitamui/collect/internal/server/rest/ProjectObjectGroupInternalController.java
@@ -40,7 +40,6 @@
 import fr.gouv.vitamui.commons.api.ParameterChecker;
 import fr.gouv.vitamui.commons.api.exception.PreconditionFailedException;
 import fr.gouv.vitamui.commons.vitam.api.dto.ResultsDto;
-import fr.gouv.vitamui.iam.security.service.InternalSecurityService;
 import io.swagger.annotations.Api;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -71,17 +70,14 @@ public class ProjectObjectGroupInternalController {
     private final ProjectObjectGroupInternalService projectObjectGroupInternalService;
     private final ExternalParametersService externalParametersService;
 
-    private final InternalSecurityService securityService;
     private static final String IDENTIFIER_MANDATORY = "The identifier is mandatory parameter: ";
 
     public ProjectObjectGroupInternalController(
         ProjectObjectGroupInternalService projectObjectGroupInternalService,
-        final ExternalParametersService externalParametersService,
-        InternalSecurityService securityService
+        final ExternalParametersService externalParametersService
     ) {
         this.projectObjectGroupInternalService = projectObjectGroupInternalService;
         this.externalParametersService = externalParametersService;
-        this.securityService = securityService;
     }
 
     @GetMapping(
@@ -97,9 +93,7 @@ public Mono<ResponseEntity<Resource>> downloadObjectFromUnit(
         SanityChecker.checkSecureParameter(id, usage);
         LOGGER.debug("Download Archive Unit Object with id {}", id);
 
-        VitamContext vitamContext = new VitamContext(securityService.getTenantIdentifier())
-            .setAccessContract(externalParametersService.retrieveAccessContractFromExternalParam())
-            .setApplicationSessionId(securityService.getApplicationId());
+        VitamContext vitamContext = externalParametersService.buildVitamContextFromExternalParam();
 
         return Mono.<Resource>fromCallable(() -> {
             Response response = projectObjectGroupInternalService.downloadObjectFromUnit(

diff --git a/.../main/java/fr/gouv/vitamui/collect/internal/server/service/ExternalParametersService.java b/.../main/java/fr/gouv/vitamui/collect/internal/server/service/ExternalParametersService.java
@@ -27,15 +27,23 @@
 
 package fr.gouv.vitamui.collect.internal.server.service;
 
+import com.fasterxml.jackson.core.JsonProcessingException;
 import fr.gouv.vitam.common.client.VitamContext;
+import fr.gouv.vitam.common.exception.VitamClientException;
+import fr.gouv.vitam.common.model.RequestResponse;
+import fr.gouv.vitam.common.model.RequestResponseOK;
+import fr.gouv.vitam.common.model.administration.AccessContractModel;
 import fr.gouv.vitamui.commons.api.domain.ExternalParametersDto;
 import fr.gouv.vitamui.commons.api.domain.ParameterDto;
+import fr.gouv.vitamui.commons.vitam.api.administration.AccessContractService;
 import fr.gouv.vitamui.iam.internal.client.ExternalParametersInternalRestClient;
 import fr.gouv.vitamui.iam.security.service.InternalSecurityService;
 import org.apache.commons.collections4.CollectionUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 import java.util.Objects;
 
 /**
@@ -48,22 +56,25 @@ public class ExternalParametersService {
 
     private final ExternalParametersInternalRestClient externalParametersInternalRestClient;
     private final InternalSecurityService securityService;
+    private final AccessContractService accessContractService;
 
     @Autowired
     public ExternalParametersService(
         final ExternalParametersInternalRestClient externalParametersInternalRestClient,
-        final InternalSecurityService securityService
+        final InternalSecurityService securityService,
+        AccessContractService accessContractService
     ) {
         this.externalParametersInternalRestClient = externalParametersInternalRestClient;
         this.securityService = securityService;
+        this.accessContractService = accessContractService;
     }
 
     /**
      * Service to return the access contract defined on profil using external parameters
      *
      * @return access contract throws IllegalArgumentException
      */
-    public String retrieveAccessContractFromExternalParam() {
+    private @Nonnull String retrieveAccessContractFromExternalParam() {
         ExternalParametersDto myExternalParameter = externalParametersInternalRestClient.getMyExternalParameters(
             securityService.getHttpContext()
         );
@@ -83,6 +94,20 @@ public String retrieveAccessContractFromExternalParam() {
         return parameterAccessContract.getValue();
     }
 
+    public @Nullable AccessContractModel retrieveAccessContract() throws VitamClientException, JsonProcessingException {
+        final RequestResponse<AccessContractModel> response = accessContractService.findAccessContractById(
+            buildVitamContextFromExternalParam(),
+            retrieveAccessContractFromExternalParam()
+        );
+        return (
+                response != null &&
+                response.isOk() &&
+                CollectionUtils.isNotEmpty(((RequestResponseOK<?>) response).getResults())
+            )
+            ? (AccessContractModel) ((RequestResponseOK<?>) response).getResults().get(0)
+            : null;
+    }
+
     /**
      * This function create a VitamContext
      *