fix condition for retrieving files for job attachments. (#3595)

eduardojst10 · web-flow · commit bce32ff0e837 · 2026-02-20T08:57:12.000Z
diff --git a/roda-ui/roda-wui/src/main/java/org/roda/wui/api/v2/services/JobService.java b/roda-ui/roda-wui/src/main/java/org/roda/wui/api/v2/services/JobService.java
@@ -246,7 +246,7 @@ public JobUserDetails buildJobUserDetails(User user) {
   public StreamResponse retrieveJobAttachment(String jobId, String attachmentId) throws NotFoundException, GenericException {
     Path filePath = RodaCoreFactory.getJobAttachmentsDirectoryPath().resolve(jobId).resolve(attachmentId);
 
-    if (!RodaCoreFactory.getJobAttachmentsDirectoryPath().startsWith(filePath)) {
+    if (!filePath.startsWith(RodaCoreFactory.getJobAttachmentsDirectoryPath())) {
       throw new GenericException("Attempt to retrieve files outside the permitted scope");
     }
 

Original file line number	Diff line number	Diff line change
`@@ -246,7 +246,7 @@ public JobUserDetails buildJobUserDetails(User user) {`
`246`	`246`	`public StreamResponse retrieveJobAttachment(String jobId, String attachmentId) throws NotFoundException, GenericException {`
`247`	`247`	`Path filePath = RodaCoreFactory.getJobAttachmentsDirectoryPath().resolve(jobId).resolve(attachmentId);`
`248`	`248`
`249`		`- if (!RodaCoreFactory.getJobAttachmentsDirectoryPath().startsWith(filePath)) {`
	`249`	`+ if (!filePath.startsWith(RodaCoreFactory.getJobAttachmentsDirectoryPath())) {`
`250`	`250`	`throw new GenericException("Attempt to retrieve files outside the permitted scope");`
`251`	`251`	`}`
`252`	`252`