Improved and fixed reading of Access Policy from the Document
This commit is contained in:
parent
f5a8e08b88
commit
4f799628e0
|
@ -11,6 +11,7 @@ import org.bson.Document;
|
||||||
import org.gcube.application.geoportal.client.utils.Serialization;
|
import org.gcube.application.geoportal.client.utils.Serialization;
|
||||||
import org.gcube.application.geoportal.common.model.document.access.Access;
|
import org.gcube.application.geoportal.common.model.document.access.Access;
|
||||||
import org.gcube.application.geoportal.common.model.document.access.AccessPolicy;
|
import org.gcube.application.geoportal.common.model.document.access.AccessPolicy;
|
||||||
|
import org.gcube.application.geoportalcommon.ConvertToDataServiceModel;
|
||||||
import org.gcube.application.geoportalcommon.ConvertToDataValueObjectModel;
|
import org.gcube.application.geoportalcommon.ConvertToDataValueObjectModel;
|
||||||
import org.gcube.application.geoportalcommon.geoportal.access.GeportalCheckAccessPolicy;
|
import org.gcube.application.geoportalcommon.geoportal.access.GeportalCheckAccessPolicy;
|
||||||
import org.gcube.application.geoportalcommon.geoportal.serdes.Payload;
|
import org.gcube.application.geoportalcommon.geoportal.serdes.Payload;
|
||||||
|
@ -39,6 +40,7 @@ import com.google.gson.Gson;
|
||||||
import com.google.gson.GsonBuilder;
|
import com.google.gson.GsonBuilder;
|
||||||
import com.google.gson.JsonObject;
|
import com.google.gson.JsonObject;
|
||||||
import com.google.gson.JsonParser;
|
import com.google.gson.JsonParser;
|
||||||
|
import com.jayway.jsonpath.Configuration;
|
||||||
import com.jayway.jsonpath.JsonPath;
|
import com.jayway.jsonpath.JsonPath;
|
||||||
import com.jayway.jsonpath.spi.json.JsonOrgJsonProvider;
|
import com.jayway.jsonpath.spi.json.JsonOrgJsonProvider;
|
||||||
|
|
||||||
|
@ -131,8 +133,8 @@ public class Geoportal_JSON_Mapper {
|
||||||
for (GcubeProfilesMetadataForUCD gcubeProfileMetaForUCD : listProfilesBean) {
|
for (GcubeProfilesMetadataForUCD gcubeProfileMetaForUCD : listProfilesBean) {
|
||||||
|
|
||||||
GcubeProfileDV gcubeProfileDV = gcubeProfileMetaForUCD.getGcubeProfile();
|
GcubeProfileDV gcubeProfileDV = gcubeProfileMetaForUCD.getGcubeProfile();
|
||||||
LOG.debug("\n\n##### Creating the section: " + gcubeProfileDV.getSectionTitle());
|
LOG.info("\n\n##### Creating the section: " + gcubeProfileDV.getSectionTitle());
|
||||||
LOG.debug("\n\nThe profile is: " + gcubeProfileDV);
|
LOG.info("\n\nThe profile is: " + gcubeProfileDV);
|
||||||
// Building JSON/section full PATH and section name
|
// Building JSON/section full PATH and section name
|
||||||
String sectionJSONPath = "";
|
String sectionJSONPath = "";
|
||||||
String parentPathFromProfile = gcubeProfileDV.getParentName() == null ? "" : gcubeProfileDV.getParentName();
|
String parentPathFromProfile = gcubeProfileDV.getParentName() == null ? "" : gcubeProfileDV.getParentName();
|
||||||
|
@ -195,7 +197,6 @@ public class Geoportal_JSON_Mapper {
|
||||||
theProfileBeanExt.setTitle(theProfileBean.getTitle());
|
theProfileBeanExt.setTitle(theProfileBean.getTitle());
|
||||||
theProfileBeanExt.setType(theProfileBean.getType());
|
theProfileBeanExt.setType(theProfileBean.getType());
|
||||||
theProfileBeanExt.setGcubeProfile(gcubeProfileDV);
|
theProfileBeanExt.setGcubeProfile(gcubeProfileDV);
|
||||||
|
|
||||||
Document fromSectionDoc = listBSONDocument.get(i);
|
Document fromSectionDoc = listBSONDocument.get(i);
|
||||||
LOG.debug("\n\nNew section DOC for index " + i + " is: "
|
LOG.debug("\n\nNew section DOC for index " + i + " is: "
|
||||||
+ new JSONObject(fromSectionDoc.toJson()).toString(2));
|
+ new JSONObject(fromSectionDoc.toJson()).toString(2));
|
||||||
|
@ -203,17 +204,16 @@ public class Geoportal_JSON_Mapper {
|
||||||
|
|
||||||
// Reading policy and license statically
|
// Reading policy and license statically
|
||||||
// eg. "_access":{"_policy":"OPEN","_license":"CC0-1.0"}}
|
// eg. "_access":{"_policy":"OPEN","_license":"CC0-1.0"}}
|
||||||
Document docAccess = null;
|
|
||||||
Access access = null;
|
Access access = null;
|
||||||
try {
|
try {
|
||||||
docAccess = fromSectionDoc.get("_access", Document.class);
|
|
||||||
LOG.trace("docAccess is: " + docAccess);
|
List<FilePathDV> fileSetPaths = gcubeProfileDV.getFilePaths();
|
||||||
access = new Access();
|
if (fileSetPaths != null && fileSetPaths.size() > 0) {
|
||||||
access.setPolicy(AccessPolicy.valueOf(docAccess.getString("_policy")));
|
FilePathDV firstOne = fileSetPaths.get(0);
|
||||||
access.setLicense(docAccess.getString("_license"));
|
access = getAccessPolicyObject(fromSectionDoc.toJson(),
|
||||||
// Access. access.get("_policy");
|
JSON_$_POINTER + "." + firstOne.getFieldName());
|
||||||
// access.get("_license");
|
|
||||||
System.out.println("access is: " + access);
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
LOG.warn("No " + AccessPolicy.class.getSimpleName() + " found in the section "
|
LOG.warn("No " + AccessPolicy.class.getSimpleName() + " found in the section "
|
||||||
+ fromSectionDoc.toJson());
|
+ fromSectionDoc.toJson());
|
||||||
|
@ -233,9 +233,11 @@ public class Geoportal_JSON_Mapper {
|
||||||
if (access != null) {
|
if (access != null) {
|
||||||
if (theFieldName.equalsIgnoreCase("policy")) {
|
if (theFieldName.equalsIgnoreCase("policy")) {
|
||||||
metadataField.setCurrentValue(access.getPolicy().name());
|
metadataField.setCurrentValue(access.getPolicy().name());
|
||||||
|
duplicatedList.add(metadataField);
|
||||||
continue;
|
continue;
|
||||||
} else if (theFieldName.equalsIgnoreCase("licenseID")) {
|
} else if (theFieldName.equalsIgnoreCase("licenseID")) {
|
||||||
metadataField.setCurrentValue(access.getLicense());
|
metadataField.setCurrentValue(access.getLicense());
|
||||||
|
duplicatedList.add(metadataField);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -243,7 +245,8 @@ public class Geoportal_JSON_Mapper {
|
||||||
Object theOBJFieldValue = fromSectionDoc.get(theFieldName);
|
Object theOBJFieldValue = fromSectionDoc.get(theFieldName);
|
||||||
|
|
||||||
if (theOBJFieldValue != null) {
|
if (theOBJFieldValue != null) {
|
||||||
//Converting multiple values stored as array (e.g. [a,b,c]) in multiple MetadataFieldWrapper
|
// Converting multiple values stored as array (e.g. [a,b,c]) in multiple
|
||||||
|
// MetadataFieldWrapper
|
||||||
// repeatable fields
|
// repeatable fields
|
||||||
LOG.debug("value " + theOBJFieldValue + " is instanceof Array");
|
LOG.debug("value " + theOBJFieldValue + " is instanceof Array");
|
||||||
try {
|
try {
|
||||||
|
@ -382,6 +385,7 @@ public class Geoportal_JSON_Mapper {
|
||||||
.get(scope);
|
.get(scope);
|
||||||
|
|
||||||
// NO UCD defined, applying default
|
// NO UCD defined, applying default
|
||||||
|
//Never checked. It coluld be buggy
|
||||||
if (linkedMap_UCDId_gCubeProfiles.size() == 0) {
|
if (linkedMap_UCDId_gCubeProfiles.size() == 0) {
|
||||||
LOG.warn("No " + GEOPORTAL_CONFIGURATION_TYPE.gcube_profiles + " found in the UCD");
|
LOG.warn("No " + GEOPORTAL_CONFIGURATION_TYPE.gcube_profiles + " found in the UCD");
|
||||||
LOG.info("Applying default business logic to display the project");
|
LOG.info("Applying default business logic to display the project");
|
||||||
|
@ -477,6 +481,15 @@ public class Geoportal_JSON_Mapper {
|
||||||
LOG.debug("Data is instace of: " + data.getClass());
|
LOG.debug("Data is instace of: " + data.getClass());
|
||||||
LOG.debug("data to string: " + data.toString());
|
LOG.debug("data to string: " + data.toString());
|
||||||
|
|
||||||
|
List<FilePathDV> fileSetPaths = gcubeProfileDV.getFilePaths();
|
||||||
|
String filesetPath = JSON_$_POINTER;
|
||||||
|
if (fileSetPaths != null && fileSetPaths.size() > 0) {
|
||||||
|
//Reading the first fieldName that defines the name of the "fileset" field
|
||||||
|
FilePathDV firstOne = fileSetPaths.get(0);
|
||||||
|
filesetPath +="."+firstOne.getFieldName();
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
// Splitting the General Document in bson.Document according to list of
|
// Splitting the General Document in bson.Document according to list of
|
||||||
// GcubeProfiles
|
// GcubeProfiles
|
||||||
List<Document> listBSONDocument = new ArrayList<Document>();
|
List<Document> listBSONDocument = new ArrayList<Document>();
|
||||||
|
@ -484,7 +497,7 @@ public class Geoportal_JSON_Mapper {
|
||||||
String jsonString = data.toString();
|
String jsonString = data.toString();
|
||||||
LOG.debug("the JSON to string: " + jsonString);
|
LOG.debug("the JSON to string: " + jsonString);
|
||||||
Document sectionDoc = Document.parse(jsonString);
|
Document sectionDoc = Document.parse(jsonString);
|
||||||
boolean isAccessibleSection = isAccessibleSectionAccordingToPolicy(sectionDoc, sectionJSONPath,
|
boolean isAccessibleSection = isAccessibleSectionAccordingToPolicy(sectionDoc, filesetPath,
|
||||||
username);
|
username);
|
||||||
if (isAccessibleSection) {
|
if (isAccessibleSection) {
|
||||||
listBSONDocument.add(sectionDoc);
|
listBSONDocument.add(sectionDoc);
|
||||||
|
@ -745,7 +758,7 @@ public class Geoportal_JSON_Mapper {
|
||||||
} else if (objectJSON instanceof JSONObject) {
|
} else if (objectJSON instanceof JSONObject) {
|
||||||
JSONObject theJsonObject = (JSONObject) objectJSON;
|
JSONObject theJsonObject = (JSONObject) objectJSON;
|
||||||
LOG.trace("theJSONObject: " + theJsonObject.toString(3));
|
LOG.trace("theJSONObject: " + theJsonObject.toString(3));
|
||||||
GCubeSDIViewerLayerDV gsdiLayer = converLayer(config, theJsonObject);
|
GCubeSDIViewerLayerDV gsdiLayer = convertLayer(config, theJsonObject);
|
||||||
listSDILayers.add(gsdiLayer);
|
listSDILayers.add(gsdiLayer);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -794,14 +807,14 @@ public class Geoportal_JSON_Mapper {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Conver layer.
|
* Convert layer.
|
||||||
*
|
*
|
||||||
* @param config the config
|
* @param config the config
|
||||||
* @param thJsonObject the th json object
|
* @param thJsonObject the th json object
|
||||||
* @return the g cube SDI viewer layer DV
|
* @return the g cube SDI viewer layer DV
|
||||||
*/
|
*/
|
||||||
// TODO THIS PART SHOULD BE REVISITED/OPTIMIZED
|
// TODO THIS PART SHOULD BE REVISITED/OPTIMIZED
|
||||||
private static GCubeSDIViewerLayerDV converLayer(com.jayway.jsonpath.Configuration config,
|
private static GCubeSDIViewerLayerDV convertLayer(com.jayway.jsonpath.Configuration config,
|
||||||
JSONObject thJsonObject) {
|
JSONObject thJsonObject) {
|
||||||
LOG.debug("converLayer called for " + thJsonObject);
|
LOG.debug("converLayer called for " + thJsonObject);
|
||||||
|
|
||||||
|
@ -850,6 +863,7 @@ public class Geoportal_JSON_Mapper {
|
||||||
return gsdiLayer;
|
return gsdiLayer;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Checks if is accessible section according to policy.
|
* Checks if is accessible section according to policy.
|
||||||
*
|
*
|
||||||
|
@ -858,76 +872,81 @@ public class Geoportal_JSON_Mapper {
|
||||||
* @param myLogin the my login
|
* @param myLogin the my login
|
||||||
* @return true, if is accessible section according to policy
|
* @return true, if is accessible section according to policy
|
||||||
*/
|
*/
|
||||||
private static boolean isAccessibleSectionAccordingToPolicy(Document section, String sectionJSONPath,
|
private static boolean isAccessibleSectionAccordingToPolicy(Document section, String filesetPath,
|
||||||
String myLogin) {
|
String myLogin) {
|
||||||
LOG.debug("isAccessibleSectionAccordingToPolicy called");
|
LOG.debug("isAccessibleSectionAccordingToPolicy called");
|
||||||
boolean isAccessible = true;
|
boolean isAccessible = true;
|
||||||
|
|
||||||
// Skipping the root, going to check the access_policy of subsections
|
// Skipping the root, going to check the access_policy of subsections
|
||||||
if (sectionJSONPath.compareTo(JSON_$_POINTER) != 0) {
|
//if (sectionJSONPath.compareTo(JSON_$_POINTER) != 0) {
|
||||||
isAccessible = checkAccessPolicy(section.toJson(), myLogin);
|
isAccessible = checkAccessPolicy(section.toJson(), filesetPath, myLogin);
|
||||||
}
|
//}
|
||||||
|
|
||||||
return isAccessible;
|
return isAccessible;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check access policy.
|
* Check access policy.
|
||||||
*
|
*
|
||||||
* @param sectionDocumentJSON the section document JSON
|
* @param sectionDocumentJSON the section document JSON
|
||||||
|
* @param filesetPath the fileset path. eg. $.filest | $.filesetIta | $.filesetEng, etc.
|
||||||
* @param myLogin the my login
|
* @param myLogin the my login
|
||||||
* @return true, if successful
|
* @return true, if successful
|
||||||
*/
|
*/
|
||||||
private static boolean checkAccessPolicy(String sectionDocumentJSON, String myLogin) {
|
private static boolean checkAccessPolicy(String sectionDocumentJSON, String filesetPath, String myLogin) {
|
||||||
LOG.info("checkAccessPolicy called");
|
LOG.debug("checkAccessPolicy called");
|
||||||
// CHECKING THE POLICY
|
// CHECKING THE POLICY
|
||||||
// see ticket #24390
|
// see ticket #24390
|
||||||
// First reading the access policy from the fileset
|
// First reading the access policy from the fileset*
|
||||||
String accessPolicyPath = JSON_$_POINTER + ".fileset._access._policy";
|
//String _policy = getAccessPolicy(sectionDocumentJSON);
|
||||||
|
Access _access = getAccessPolicyObject(sectionDocumentJSON, filesetPath);
|
||||||
boolean isAccessible = true;
|
boolean isAccessible = true;
|
||||||
try {
|
try {
|
||||||
com.jayway.jsonpath.Configuration configuration = com.jayway.jsonpath.Configuration.builder()
|
String _policy= _access!=null? _access.getPolicy().name():null;
|
||||||
.jsonProvider(new JsonOrgJsonProvider()).build();
|
|
||||||
|
|
||||||
LOG.debug("Reading access policy at {} into section document {}", accessPolicyPath, sectionDocumentJSON);
|
|
||||||
String _policy = null;
|
|
||||||
try {
|
|
||||||
JsonPath theSectionPolycJsonPath = JsonPath.compile(accessPolicyPath);
|
|
||||||
_policy = theSectionPolycJsonPath.read(sectionDocumentJSON, configuration).toString();
|
|
||||||
|
|
||||||
if (_policy == null)
|
|
||||||
throw new Exception("Policy is null");
|
|
||||||
|
|
||||||
} catch (Exception e) {
|
|
||||||
LOG.debug("Access policy not found in: " + accessPolicyPath);
|
|
||||||
}
|
|
||||||
|
|
||||||
// If policy does not exist into fileset, reading from the parent section
|
|
||||||
if (_policy == null) {
|
|
||||||
accessPolicyPath = JSON_$_POINTER + "._access._policy";
|
|
||||||
LOG.debug("Reading access policy at {} into section document {}", accessPolicyPath,
|
|
||||||
sectionDocumentJSON);
|
|
||||||
try {
|
|
||||||
JsonPath theSectionPolycJsonPath = JsonPath.compile(accessPolicyPath);
|
|
||||||
_policy = theSectionPolycJsonPath.read(sectionDocumentJSON, configuration).toString();
|
|
||||||
|
|
||||||
if (_policy == null)
|
|
||||||
throw new Exception("Policy is null");
|
|
||||||
|
|
||||||
} catch (Exception e) {
|
|
||||||
LOG.debug("Access policy not found in: " + accessPolicyPath);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
LOG.debug("The section {} has policy {}", accessPolicyPath, _policy);
|
|
||||||
isAccessible = GeportalCheckAccessPolicy.isAccessible(_policy, myLogin);
|
isAccessible = GeportalCheckAccessPolicy.isAccessible(_policy, myLogin);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
LOG.error(accessPolicyPath + " not found. Check OK");
|
LOG.error("AccessPolicy not found. Check OK");
|
||||||
}
|
}
|
||||||
LOG.info("It is {} accessible the section {} accessible? {}", isAccessible, sectionDocumentJSON);
|
LOG.info("It is {} accessible the section {}", isAccessible, sectionDocumentJSON);
|
||||||
return isAccessible;
|
return isAccessible;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gets the access policy object.
|
||||||
|
*
|
||||||
|
* @param theSectionDoc the the section doc
|
||||||
|
* @param filesetPath the fileset path
|
||||||
|
* @return the access policy object
|
||||||
|
*/
|
||||||
|
private static Access getAccessPolicyObject(String theSectionDoc, String filesetPath) {
|
||||||
|
LOG.debug("getAccessPolicyObject called");
|
||||||
|
// CHECKING THE POLICY
|
||||||
|
// see ticket #24390
|
||||||
|
|
||||||
|
// First reading the access policy from the fileset*
|
||||||
|
Configuration configuration = Configuration.builder().jsonProvider(new JsonOrgJsonProvider()).build();
|
||||||
|
|
||||||
|
// Searching the _access under the fileset field...
|
||||||
|
String accessPolicyPath = filesetPath + "._access";
|
||||||
|
Access _access = readSectionObject(configuration, theSectionDoc, accessPolicyPath, Access.class);
|
||||||
|
|
||||||
|
// If policy does not exist under the fileset field, searching it at first level
|
||||||
|
if (_access == null) {
|
||||||
|
accessPolicyPath = JSON_$_POINTER + "._access";
|
||||||
|
LOG.info(accessPolicyPath + " not found trying to read from: " + accessPolicyPath);
|
||||||
|
_access = readSectionObject(configuration, theSectionDoc, accessPolicyPath, Access.class);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (_access == null) {
|
||||||
|
LOG.info(accessPolicyPath + " not found trying to read from metadata: " + JSON_$_POINTER);
|
||||||
|
_access = ConvertToDataServiceModel.getAccessFromDocumentSection(theSectionDoc, JSON_$_POINTER);
|
||||||
|
}
|
||||||
|
|
||||||
|
LOG.info("The _access is {} for the filesetPath {}", _access, filesetPath);
|
||||||
|
return _access;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sanitize document value.
|
* Sanitize document value.
|
||||||
*
|
*
|
||||||
|
@ -964,6 +983,38 @@ public class Geoportal_JSON_Mapper {
|
||||||
return toDoc;
|
return toDoc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Read section object.
|
||||||
|
*
|
||||||
|
* @param <T> the generic type
|
||||||
|
* @param configuration the configuration
|
||||||
|
* @param sectionDocumentJSON the section document JSON
|
||||||
|
* @param accessPolicyPath the access policy path
|
||||||
|
* @param theClass the the class
|
||||||
|
* @return the t
|
||||||
|
*/
|
||||||
|
private static <T> T readSectionObject(com.jayway.jsonpath.Configuration configuration, String sectionDocumentJSON,
|
||||||
|
String accessPolicyPath, Class<T> theClass) {
|
||||||
|
|
||||||
|
T _theObject = null;
|
||||||
|
|
||||||
|
LOG.debug("Reading access at {} into section document {}", accessPolicyPath, sectionDocumentJSON);
|
||||||
|
try {
|
||||||
|
JsonPath theSectionPolycJsonPath = JsonPath.compile(accessPolicyPath);
|
||||||
|
String _objectString = theSectionPolycJsonPath.read(sectionDocumentJSON, configuration).toString();
|
||||||
|
LOG.info("Read at {} the _objectString {}", accessPolicyPath, _objectString);
|
||||||
|
if (_objectString != null) {
|
||||||
|
_theObject = Serialization.read(_objectString, theClass);
|
||||||
|
}
|
||||||
|
|
||||||
|
} catch (Exception e) {
|
||||||
|
LOG.warn("Access policy not found in: " + accessPolicyPath);
|
||||||
|
}
|
||||||
|
|
||||||
|
return _theObject;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pretty print JSON.
|
* Pretty print JSON.
|
||||||
*
|
*
|
||||||
|
|
|
@ -40,7 +40,7 @@ public class Geoportal_DataMapper_Tests {
|
||||||
private ProjectsCaller clientProjects;
|
private ProjectsCaller clientProjects;
|
||||||
|
|
||||||
private static String PROFILE_ID = "profiledConcessioni";
|
private static String PROFILE_ID = "profiledConcessioni";
|
||||||
private static String PROJECT_ID = "6384aaac308f5c28c5ee0888";
|
private static String PROJECT_ID = "642d4c6bc2133270c058eca8"; //63d011c4dcac4551b9a6b930
|
||||||
|
|
||||||
private static String USERNAME = "francesco.mangiacrapa";
|
private static String USERNAME = "francesco.mangiacrapa";
|
||||||
|
|
||||||
|
@ -85,7 +85,7 @@ public class Geoportal_DataMapper_Tests {
|
||||||
/**
|
/**
|
||||||
* Test read project edit.
|
* Test read project edit.
|
||||||
*/
|
*/
|
||||||
@Test
|
//@Test
|
||||||
public void testReadProjectEdit() {
|
public void testReadProjectEdit() {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
|
@ -1 +1,2 @@
|
||||||
/gcube_config.properties
|
/gcube_config.properties
|
||||||
|
/log4j.properties
|
||||||
|
|
Loading…
Reference in New Issue