From 035b71be37df71243d4b167eb1f1b02d1d6c9669 Mon Sep 17 00:00:00 2001 From: "francesco.mangiacrapa" Date: Wed, 8 Sep 2021 15:59:29 +0200 Subject: [PATCH] working on #21976 --- CHANGELOG.md | 1 + README.md | 2 +- .../client/LayerManager.java | 8 -- .../GeoportalDataViewerServiceImpl.java | 76 +++++++++++++++- .../server/util/CheckAccessUtil.java | 87 +++++++++++++++++++ 5 files changed, 161 insertions(+), 13 deletions(-) create mode 100644 src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/util/CheckAccessUtil.java diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c5f138..1c56088 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm [#21890] Porting to ConcessioniManagerI and pass to mongoID [#20595] Porting and using the model view provided by geoportal-common [#21946] Show layers of a concessione automatically on map according to zoom level +[#21976] Access policies checked on server-side ## [v1.2.0-SNAPSHOT] - 2021-07-19 diff --git a/README.md b/README.md index 847a6d1..9012d74 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ The GeoPortal Data Viewer App is an application to access, discovery and navigat * [OpenJDK](https://openjdk.java.net/) - The JDK used * [Maven](https://maven.apache.org/) - Dependency Management -** Uses ** +**Uses** * [GWT-OL3](https://github.com/TDesjardins/gwt-ol) GWT-OpenLayers 3+ v.8.0.0-gwt2_9 * [OpenLayers](https://openlayers.org/) OpenLayers v.6.X diff --git a/src/main/java/org/gcube/portlets/user/geoportaldataviewer/client/LayerManager.java b/src/main/java/org/gcube/portlets/user/geoportaldataviewer/client/LayerManager.java index 3bc96e0..dbcd4e3 100644 --- a/src/main/java/org/gcube/portlets/user/geoportaldataviewer/client/LayerManager.java +++ b/src/main/java/org/gcube/portlets/user/geoportaldataviewer/client/LayerManager.java @@ -145,14 +145,6 @@ public class LayerManager { GWT.log("MAX_WFS_FEATURES is: " + GeoportalDataViewerConstants.MAX_WFS_FEATURES); // GeoportalDataViewerConstants.print("calling getDataResult"); -// List mapLayers = olMap.getLayers(); -//// List listLO = new ArrayList(mapLayers.size()); -// for (String layerName : mapLayers) { -//// LayerItem layerItem = new LayerItem(); -//// layerItem.setName(layerName); -//// listLO.add(new LayerObject("Concessione",layerItem)); -// GWT.log("Layer found: "+layerName); -// } List listLO = new ArrayList(); //for querying base layers diff --git a/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/GeoportalDataViewerServiceImpl.java b/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/GeoportalDataViewerServiceImpl.java index 4d57181..7403483 100644 --- a/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/GeoportalDataViewerServiceImpl.java +++ b/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/GeoportalDataViewerServiceImpl.java @@ -20,12 +20,17 @@ import org.gcube.application.geoportalcommon.shared.GeoNaItemRef; import org.gcube.application.geoportalcommon.shared.LayerItem; import org.gcube.application.geoportalcommon.shared.gis.BoundsMap; import org.gcube.application.geoportalcommon.shared.products.ConcessioneDV; +import org.gcube.application.geoportalcommon.shared.products.model.AbstractRelazioneScavoDV; import org.gcube.application.geoportalcommon.shared.products.model.LayerConcessioneDV; +import org.gcube.application.geoportalcommon.shared.products.model.RelazioneScavoDV; import org.gcube.application.geoportalcommon.shared.products.model.UploadedImageDV; import org.gcube.application.geoportalcommon.util.URLParserUtil; import org.gcube.portlets.user.geoportaldataviewer.client.GeoportalDataViewerService; +import org.gcube.portlets.user.geoportaldataviewer.client.ui.gallery.ImagesGallery; +import org.gcube.portlets.user.geoportaldataviewer.client.ui.products.concessioni.RelazioneScavoView; import org.gcube.portlets.user.geoportaldataviewer.server.gis.FeatureParser; import org.gcube.portlets.user.geoportaldataviewer.server.gis.WMSUrlValidator; +import org.gcube.portlets.user.geoportaldataviewer.server.util.CheckAccessUtil; import org.gcube.portlets.user.geoportaldataviewer.server.util.SessionUtil; import org.gcube.portlets.user.geoportaldataviewer.shared.GeoNaSpatialQueryResult; import org.gcube.portlets.user.geoportaldataviewer.shared.gis.LayerObject; @@ -147,11 +152,12 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme if (concessioneIds != null && concessioneIds.size() > 0) { String cId = concessioneIds.get(0); try { - UploadedImageDV uplImg = SessionUtil.getPreviewImageForConcessione(this.getThreadLocalRequest(), "Concessione", cId); - //List listUI = getUploadedImagesForId("Concessione", cId, 1); + UploadedImageDV uplImg = SessionUtil + .getPreviewImageForConcessione(this.getThreadLocalRequest(), "Concessione", cId); + // List listUI = getUploadedImagesForId("Concessione", cId, 1); Map> mapImages = new LinkedHashMap>(); mapImages.put(cId, Arrays.asList(uplImg)); - //mapImages.put(cId, listUI); + // mapImages.put(cId, listUI); geoDAO.setMapImages(mapImages); } catch (Exception e) { LOG.warn("Error on loading uploaded images for concessione: " + cId, e); @@ -271,9 +277,71 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme // Obtain the client ConcessioniManagerI manager = statefulMongoConcessioni().build(); Concessione concessione = manager.getById(mongoId); - LOG.info("Got concessione for mongoId " + mongoId); + LOG.info("Got concessione for mongoId: " + mongoId); if (concessione != null) { concessionDV = ConvertToDataViewModel.toConcessione(concessione); + + GCubeUser user = SessionUtil.getCurrentUser(this.getThreadLocalRequest()); + String userName = user == null ? null : user.getUsername(); + + //TODO THIS IS A WORKAROUND WAITING FOR USER ROLE. + //I CAN CHECK THE ACCCESS POLICIES ONLY IF THE USER IS NOT LOGGED IN. + if (user != null) { + + // CHECKING ACCESS POLICY + LOG.info("Applying access policies for concessione " + mongoId + " returned by service"); + LayerConcessioneDV layerPosizionamento = concessionDV.getPosizionamentoScavo(); + if (layerPosizionamento != null) { + if (!CheckAccessUtil.isAccessible(layerPosizionamento.getPolicy(), userName)) { + concessionDV.setPosizionamentoScavo(null); + } + } + + List listLayersDV = concessionDV.getPianteFineScavo(); + if (listLayersDV != null) { + List accessibleListLayersDV = new ArrayList(); + for (LayerConcessioneDV layerDV : listLayersDV) { + if (CheckAccessUtil.isAccessible(layerDV.getPolicy(), userName)) { + accessibleListLayersDV.add(layerDV); + } + } + concessionDV.setPianteFineScavo(accessibleListLayersDV); + } + + AbstractRelazioneScavoDV abstractRS = concessionDV.getAbstractRelazioneScavo(); + if (abstractRS != null) { + if (!CheckAccessUtil.isAccessible(abstractRS.getPolicy(), userName)) { + concessionDV.setAbstractRelazioneScavo(null); + } + } + + RelazioneScavoDV relazioneScavo = concessionDV.getRelazioneScavo(); + if (relazioneScavo != null) { + if (!CheckAccessUtil.isAccessible(relazioneScavo.getPolicy(), userName)) { + concessionDV.setRelazioneScavo(null); + } + } + + List immagini = concessionDV.getImmaginiRappresentative(); + if (immagini != null && immagini.size() > 0) { + List accessibleListImages = new ArrayList(); + + // SHOWING ACESSIBLE IMAGES + for (UploadedImageDV uploadedImageDV : immagini) { + + if (CheckAccessUtil.isAccessible(uploadedImageDV.getPolicy(), userName)) { + accessibleListImages.add(uploadedImageDV); + } + + } + concessionDV.setImmaginiRappresentative(accessibleListImages); + + } + + // END CHECKING ACCESS POLICY + LOG.info("Access policies applied"); + } + } if (concessionDV == null) diff --git a/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/util/CheckAccessUtil.java b/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/util/CheckAccessUtil.java new file mode 100644 index 0000000..545528c --- /dev/null +++ b/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/util/CheckAccessUtil.java @@ -0,0 +1,87 @@ +package org.gcube.portlets.user.geoportaldataviewer.server.util; + +/** + * The Class CheckAccessUtil. + * + * @author Francesco Mangiacrapa at ISTI-CNR (francesco.mangiacrapa@isti.cnr.it) + * + * Sep 8, 2021 + */ +public class CheckAccessUtil { + + /** + * The Enum ACCESS_POLICY. + * + * @author Francesco Mangiacrapa at ISTI-CNR (francesco.mangiacrapa@isti.cnr.it) + * + * Sep 8, 2021 + */ + public static enum ACCESS_POLICY { + OPEN, RESTICTED + } + + /** + * Checks if is open access. + * + * @param policy the policy + * @return true, if is open access + */ + private static boolean isOpenAccess(String policy) { + if (policy == null || policy.equalsIgnoreCase(ACCESS_POLICY.OPEN.name())) { + return true; + } + + return false; + + } + + /** + * Checks if is restricted access. + * + * @param policy the policy + * @return true, if is restricted access + */ + private static boolean isRestrictedAccess(String policy) { + if (policy == null || policy.equalsIgnoreCase(ACCESS_POLICY.RESTICTED.name())) { + return true; + } + + return false; + + } + + /** + * Checks if is accessible. + * + * @param policy the policy + * @param myLogin the my login + * @return true, if is accessible + */ + public static boolean isAccessible(String policy, String myLogin) { + + boolean bool = isOpenAccess(policy); + + if (bool) { + // is open access + return true; + } + + if (myLogin == null || myLogin.isEmpty()) { + // is not open and the user is not authenticated + return false; + } + + // Here the login is not null, so checking if the access to item is RESTICTED + bool = isRestrictedAccess(policy); + + if (bool) { + // is restricted access + return true; + } + + // Here the user is authenticated, but the policy is not managed, so returning + // true + return true; + } + +}