working on #21976

2021-09-08 15:59:29 +02:00 · 2021-09-08 15:59:29 +02:00 · 035b71be37
parent 66d3bd0c0b
commit 035b71be37
5 changed files with 161 additions and 13 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -11,6 +11,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 [#21890] Porting to ConcessioniManagerI and pass to mongoID
 [#20595] Porting and using the model view provided by geoportal-common
 [#21946] Show layers of a concessione automatically on map according to zoom level
+[#21976] Access policies checked on server-side

 ## [v1.2.0-SNAPSHOT] - 2021-07-19

--- a/README.md
+++ b/README.md
@ -7,7 +7,7 @@ The GeoPortal Data Viewer App is an application to access, discovery and navigat
 * [OpenJDK](https://openjdk.java.net/) - The JDK used
 * [Maven](https://maven.apache.org/) - Dependency Management

-** Uses **
+**Uses**

 * [GWT-OL3](https://github.com/TDesjardins/gwt-ol) GWT-OpenLayers 3+ v.8.0.0-gwt2_9
 * [OpenLayers](https://openlayers.org/)  OpenLayers v.6.X
--- a/src/main/java/org/gcube/portlets/user/geoportaldataviewer/client/LayerManager.java
+++ b/src/main/java/org/gcube/portlets/user/geoportaldataviewer/client/LayerManager.java
@ -145,14 +145,6 @@ public class LayerManager {
 					GWT.log("MAX_WFS_FEATURES is: " + GeoportalDataViewerConstants.MAX_WFS_FEATURES);
 					// GeoportalDataViewerConstants.print("calling getDataResult");

-//					List<String> mapLayers = olMap.getLayers();
-////					List<LayerObject> listLO = new ArrayList<LayerObject>(mapLayers.size());
-//					for (String layerName : mapLayers) {
-////						LayerItem layerItem = new LayerItem();
-////						layerItem.setName(layerName);
-////						listLO.add(new LayerObject("Concessione",layerItem));
-//						GWT.log("Layer found: "+layerName);
-//					}
 					
 					List<LayerObject> listLO = new ArrayList<LayerObject>();
 					//for querying base layers
--- a/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/GeoportalDataViewerServiceImpl.java
+++ b/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/GeoportalDataViewerServiceImpl.java
@ -20,12 +20,17 @@ import org.gcube.application.geoportalcommon.shared.GeoNaItemRef;
 import org.gcube.application.geoportalcommon.shared.LayerItem;
 import org.gcube.application.geoportalcommon.shared.gis.BoundsMap;
 import org.gcube.application.geoportalcommon.shared.products.ConcessioneDV;
+import org.gcube.application.geoportalcommon.shared.products.model.AbstractRelazioneScavoDV;
 import org.gcube.application.geoportalcommon.shared.products.model.LayerConcessioneDV;
+import org.gcube.application.geoportalcommon.shared.products.model.RelazioneScavoDV;
 import org.gcube.application.geoportalcommon.shared.products.model.UploadedImageDV;
 import org.gcube.application.geoportalcommon.util.URLParserUtil;
 import org.gcube.portlets.user.geoportaldataviewer.client.GeoportalDataViewerService;
+import org.gcube.portlets.user.geoportaldataviewer.client.ui.gallery.ImagesGallery;
+import org.gcube.portlets.user.geoportaldataviewer.client.ui.products.concessioni.RelazioneScavoView;
 import org.gcube.portlets.user.geoportaldataviewer.server.gis.FeatureParser;
 import org.gcube.portlets.user.geoportaldataviewer.server.gis.WMSUrlValidator;
+import org.gcube.portlets.user.geoportaldataviewer.server.util.CheckAccessUtil;
 import org.gcube.portlets.user.geoportaldataviewer.server.util.SessionUtil;
 import org.gcube.portlets.user.geoportaldataviewer.shared.GeoNaSpatialQueryResult;
 import org.gcube.portlets.user.geoportaldataviewer.shared.gis.LayerObject;
@ -147,11 +152,12 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
 					if (concessioneIds != null && concessioneIds.size() > 0) {
 						String cId = concessioneIds.get(0);
 						try {
-							UploadedImageDV uplImg  = SessionUtil.getPreviewImageForConcessione(this.getThreadLocalRequest(), "Concessione", cId);
-							//List<UploadedImageDV> listUI = getUploadedImagesForId("Concessione", cId, 1);
+							UploadedImageDV uplImg = SessionUtil
+									.getPreviewImageForConcessione(this.getThreadLocalRequest(), "Concessione", cId);
+							// List<UploadedImageDV> listUI = getUploadedImagesForId("Concessione", cId, 1);
 							Map<String, List<UploadedImageDV>> mapImages = new LinkedHashMap<String, List<UploadedImageDV>>();
 							mapImages.put(cId, Arrays.asList(uplImg));
-							//mapImages.put(cId, listUI);
+							// mapImages.put(cId, listUI);
 							geoDAO.setMapImages(mapImages);
 						} catch (Exception e) {
 							LOG.warn("Error on loading uploaded images for concessione: " + cId, e);
@ -271,9 +277,71 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
 			// Obtain the client
 			ConcessioniManagerI manager = statefulMongoConcessioni().build();
 			Concessione concessione = manager.getById(mongoId);
-			LOG.info("Got concessione for mongoId " + mongoId);
+			LOG.info("Got concessione for mongoId: " + mongoId);
 			if (concessione != null) {
 				concessionDV = ConvertToDataViewModel.toConcessione(concessione);
+
+				GCubeUser user = SessionUtil.getCurrentUser(this.getThreadLocalRequest());
+				String userName = user == null ? null : user.getUsername();
+
+				//TODO THIS IS A WORKAROUND WAITING FOR USER ROLE.
+				//I CAN CHECK THE ACCCESS POLICIES ONLY IF THE USER IS NOT LOGGED IN. 
+				if (user != null) {
+
+					// CHECKING ACCESS POLICY
+					LOG.info("Applying access policies for concessione " + mongoId + " returned by service");
+					LayerConcessioneDV layerPosizionamento = concessionDV.getPosizionamentoScavo();
+					if (layerPosizionamento != null) {
+						if (!CheckAccessUtil.isAccessible(layerPosizionamento.getPolicy(), userName)) {
+							concessionDV.setPosizionamentoScavo(null);
+						}
+					}
+
+					List<LayerConcessioneDV> listLayersDV = concessionDV.getPianteFineScavo();
+					if (listLayersDV != null) {
+						List<LayerConcessioneDV> accessibleListLayersDV = new ArrayList<LayerConcessioneDV>();
+						for (LayerConcessioneDV layerDV : listLayersDV) {
+							if (CheckAccessUtil.isAccessible(layerDV.getPolicy(), userName)) {
+								accessibleListLayersDV.add(layerDV);
+							}
+						}
+						concessionDV.setPianteFineScavo(accessibleListLayersDV);
+					}
+
+					AbstractRelazioneScavoDV abstractRS = concessionDV.getAbstractRelazioneScavo();
+					if (abstractRS != null) {
+						if (!CheckAccessUtil.isAccessible(abstractRS.getPolicy(), userName)) {
+							concessionDV.setAbstractRelazioneScavo(null);
+						}
+					}
+
+					RelazioneScavoDV relazioneScavo = concessionDV.getRelazioneScavo();
+					if (relazioneScavo != null) {
+						if (!CheckAccessUtil.isAccessible(relazioneScavo.getPolicy(), userName)) {
+							concessionDV.setRelazioneScavo(null);
+						}
+					}
+
+					List<UploadedImageDV> immagini = concessionDV.getImmaginiRappresentative();
+					if (immagini != null && immagini.size() > 0) {
+						List<UploadedImageDV> accessibleListImages = new ArrayList<UploadedImageDV>();
+
+						// SHOWING ACESSIBLE IMAGES
+						for (UploadedImageDV uploadedImageDV : immagini) {
+
+							if (CheckAccessUtil.isAccessible(uploadedImageDV.getPolicy(), userName)) {
+								accessibleListImages.add(uploadedImageDV);
+							}
+
+						}
+						concessionDV.setImmaginiRappresentative(accessibleListImages);
+
+					}
+
+					// END CHECKING ACCESS POLICY
+					LOG.info("Access policies applied");
+				}
+
 			}

 			if (concessionDV == null)
--- a/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/util/CheckAccessUtil.java
+++ b/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/util/CheckAccessUtil.java
@ -0,0 +1,87 @@
+package org.gcube.portlets.user.geoportaldataviewer.server.util;
+
+/**
+ * The Class CheckAccessUtil.
+ *
+ * @author Francesco Mangiacrapa at ISTI-CNR (francesco.mangiacrapa@isti.cnr.it)
+ * 
+ *         Sep 8, 2021
+ */
+public class CheckAccessUtil {
+
+	/**
+	 * The Enum ACCESS_POLICY.
+	 *
+	 * @author Francesco Mangiacrapa at ISTI-CNR (francesco.mangiacrapa@isti.cnr.it)
+	 * 
+	 *         Sep 8, 2021
+	 */
+	public static enum ACCESS_POLICY {
+		OPEN, RESTICTED
+	}
+
+	/**
+	 * Checks if is open access.
+	 *
+	 * @param policy the policy
+	 * @return true, if is open access
+	 */
+	private static boolean isOpenAccess(String policy) {
+		if (policy == null || policy.equalsIgnoreCase(ACCESS_POLICY.OPEN.name())) {
+			return true;
+		}
+
+		return false;
+
+	}
+
+	/**
+	 * Checks if is restricted access.
+	 *
+	 * @param policy the policy
+	 * @return true, if is restricted access
+	 */
+	private static boolean isRestrictedAccess(String policy) {
+		if (policy == null || policy.equalsIgnoreCase(ACCESS_POLICY.RESTICTED.name())) {
+			return true;
+		}
+
+		return false;
+
+	}
+
+	/**
+	 * Checks if is accessible.
+	 *
+	 * @param policy  the policy
+	 * @param myLogin the my login
+	 * @return true, if is accessible
+	 */
+	public static boolean isAccessible(String policy, String myLogin) {
+
+		boolean bool = isOpenAccess(policy);
+
+		if (bool) {
+			// is open access
+			return true;
+		}
+
+		if (myLogin == null || myLogin.isEmpty()) {
+			// is not open and the user is not authenticated
+			return false;
+		}
+
+		// Here the login is not null, so checking if the access to item is RESTICTED
+		bool = isRestrictedAccess(policy);
+
+		if (bool) {
+			// is restricted access
+			return true;
+		}
+
+		// Here the user is authenticated, but the policy is not managed, so returning
+		// true
+		return true;
+	}
+
+}