From b4c836f7ed87c84a5194900139717db2502d4f7f Mon Sep 17 00:00:00 2001
From: Paul-Christian Volkmer <volkmer_p@ukw.de>
Date: Tue, 9 May 2023 14:06:57 +0200
Subject: [PATCH] Issue #28: Fange Zugriffsfehler bei fehlender Berechtigung

---
 .../java/DNPM/analyzer/EinzelempfehlungAnalyzer.java | 12 +++++++++++-
 .../OsMolekulargenetikFormService.java               |  2 --
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/main/java/DNPM/analyzer/EinzelempfehlungAnalyzer.java b/src/main/java/DNPM/analyzer/EinzelempfehlungAnalyzer.java
index 101f28b..efcc0a7 100644
--- a/src/main/java/DNPM/analyzer/EinzelempfehlungAnalyzer.java
+++ b/src/main/java/DNPM/analyzer/EinzelempfehlungAnalyzer.java
@@ -2,6 +2,7 @@ package DNPM.analyzer;
 
 import DNPM.dto.Variant;
 import DNPM.security.DelegatingDataBasedPermissionEvaluator;
+import DNPM.security.IllegalSecuredObjectAccessException;
 import DNPM.services.molekulargenetik.MolekulargenetikFormService;
 import de.itc.onkostar.api.Disease;
 import de.itc.onkostar.api.IOnkostarApi;
@@ -9,6 +10,8 @@ import de.itc.onkostar.api.Procedure;
 import de.itc.onkostar.api.analysis.AnalyzerRequirement;
 import de.itc.onkostar.api.analysis.IProcedureAnalyzer;
 import de.itc.onkostar.api.analysis.OnkostarPluginType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Component;
 
 import java.util.List;
@@ -22,6 +25,8 @@ import java.util.Map;
 @Component
 public class EinzelempfehlungAnalyzer implements IProcedureAnalyzer {
 
+    private final static Logger logger = LoggerFactory.getLogger(EinzelempfehlungAnalyzer.class);
+
     private final IOnkostarApi onkostarApi;
 
     private final MolekulargenetikFormService molekulargenetikFormService;
@@ -98,7 +103,12 @@ public class EinzelempfehlungAnalyzer implements IProcedureAnalyzer {
             return List.of();
         }
 
-        return molekulargenetikFormService.getVariants(procedure);
+        try {
+            return molekulargenetikFormService.getVariants(procedure);
+        } catch (IllegalSecuredObjectAccessException e) {
+            logger.error("Security", e);
+            return List.of();
+        }
     }
 
 }
diff --git a/src/main/java/DNPM/services/molekulargenetik/OsMolekulargenetikFormService.java b/src/main/java/DNPM/services/molekulargenetik/OsMolekulargenetikFormService.java
index 03017ad..8e673d7 100644
--- a/src/main/java/DNPM/services/molekulargenetik/OsMolekulargenetikFormService.java
+++ b/src/main/java/DNPM/services/molekulargenetik/OsMolekulargenetikFormService.java
@@ -1,7 +1,6 @@
 package DNPM.services.molekulargenetik;
 
 import DNPM.dto.Variant;
-import DNPM.security.FormSecured;
 import DNPM.security.PersonPoolSecured;
 import de.itc.onkostar.api.Procedure;
 
@@ -12,7 +11,6 @@ import java.util.stream.Collectors;
 public class OsMolekulargenetikFormService implements MolekulargenetikFormService {
 
     @Override
-    @FormSecured
     @PersonPoolSecured
     public List<Variant> getVariants(Procedure procedure) {
         if (! "OS.Molekulargenetik".equals(procedure.getFormName())) {