xuang7 commented on code in PR #4117:
URL: https://github.com/apache/texera/pull/4117#discussion_r2666488848
##########
file-service/src/main/scala/org/apache/texera/service/resource/DatasetResource.scala:
##########
@@ -1742,4 +1747,106 @@ class DatasetResource {
Response.ok(Map("message" -> "Multipart upload aborted
successfully")).build()
}
}
+
+ /**
+ * Updates the cover image for a dataset.
+ *
+ * @param did Dataset ID
+ * @param request Cover image request containing the relative file path
+ * @param sessionUser Authenticated user session
+ * @return Response with updated cover image path
+ *
+ * Expected coverImage format: "version/folder/image.jpg" (relative to
dataset root)
+ */
+ @POST
+ @RolesAllowed(Array("REGULAR", "ADMIN"))
+ @Path("/{did}/update/cover")
+ @Consumes(Array(MediaType.APPLICATION_JSON))
+ def updateDatasetCoverImage(
+ @PathParam("did") did: Integer,
+ request: CoverImageRequest,
+ @Auth sessionUser: SessionUser
+ ): Response = {
+ withTransaction(context) { ctx =>
+ val uid = sessionUser.getUid
+ val dataset = getDatasetByID(ctx, did)
+ if (!userHasWriteAccess(ctx, did, uid)) {
+ throw new ForbiddenException(ERR_USER_HAS_NO_ACCESS_TO_DATASET_MESSAGE)
+ }
+
+ if (request == null || request.coverImage == null ||
request.coverImage.trim.isEmpty) {
+ throw new BadRequestException("Cover image path is required")
+ }
+
+ val normalized = Paths.get(request.coverImage).normalize().toString
+ if (normalized.startsWith("..") || normalized.startsWith("/")) {
Review Comment:
Fixed. Used FilenameUtils to validate the path.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
