From eba361389ee0c4d253958087586cee4ba6c35bf4 Mon Sep 17 00:00:00 2001 From: "francesco.mangiacrapa" Date: Wed, 22 Sep 2021 12:18:58 +0200 Subject: [PATCH] #21976 Access Policies now are applied also on retrieving layers for id --- .../client/GeoportalDataViewer.java | 2 - .../client/gis/OpenLayerOSM.java | 6 +-- .../GeoportalDataViewerServiceImpl.java | 49 +++++++++++++------ .../server/util/CheckAccessPolicyUtil.java | 9 +++- 4 files changed, 43 insertions(+), 23 deletions(-) diff --git a/src/main/java/org/gcube/portlets/user/geoportaldataviewer/client/GeoportalDataViewer.java b/src/main/java/org/gcube/portlets/user/geoportaldataviewer/client/GeoportalDataViewer.java index 66f4cf2..65d862d 100644 --- a/src/main/java/org/gcube/portlets/user/geoportaldataviewer/client/GeoportalDataViewer.java +++ b/src/main/java/org/gcube/portlets/user/geoportaldataviewer/client/GeoportalDataViewer.java @@ -83,8 +83,6 @@ public class GeoportalDataViewer implements EntryPoint { int attempt = 0; - // https://data.d4science.org/gis-viewer-app/?wmsrequest=https%3A%2F%2Fgeona-proto.d4science.org%2Fgeoserver%2Fconcessioni_conf%2Fwms%3Fservice%3DWMS%26version%3D1.1.0%26request%3DGetMap%26layers%3Dconcessioni_conf%3Acentroids_concessioni%26styles%3D%26bbox%3D8.476%2C39.179%2C17.391%2C45.772%26width%3D768%26height%3D567%26srs%3DEPSG%3A4326%26format%3Dapplication%2Fopenlayers&zoom=6¢ermap=12.45%2C42.98 - /** * This is the entry point method. */ diff --git a/src/main/java/org/gcube/portlets/user/geoportaldataviewer/client/gis/OpenLayerOSM.java b/src/main/java/org/gcube/portlets/user/geoportaldataviewer/client/gis/OpenLayerOSM.java index 0232c01..b0e1a2c 100644 --- a/src/main/java/org/gcube/portlets/user/geoportaldataviewer/client/gis/OpenLayerOSM.java +++ b/src/main/java/org/gcube/portlets/user/geoportaldataviewer/client/gis/OpenLayerOSM.java @@ -150,14 +150,14 @@ public abstract class OpenLayerOSM { this.eventBus = eventBus; // create a OSM-layer - XyzOptions osmSourceOptions = OLFactory.createOptions(); + XyzOptions xyzOptions = OLFactory.createOptions(); // osmSourceOptions.setCrossOrigin("Anonymous"); // osmSourceOptions.setTileLoadFunction(null); - Osm osmSource = new Osm(osmSourceOptions); + Osm osmSource = new Osm(xyzOptions); LayerOptions osmLayerOptions = OLFactory.createOptions(); osmLayerOptions.setSource(osmSource); - + Tile osmLayer = new Tile(osmLayerOptions); // create a projection projectionOptions.setCode(MAP_PROJECTION.EPSG_3857.getName()); diff --git a/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/GeoportalDataViewerServiceImpl.java b/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/GeoportalDataViewerServiceImpl.java index 9be15df..e945088 100644 --- a/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/GeoportalDataViewerServiceImpl.java +++ b/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/GeoportalDataViewerServiceImpl.java @@ -213,6 +213,12 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme try { SessionUtil.getCurrentContext(this.getThreadLocalRequest(), true); + String userName = null; + try { + userName = SessionUtil.getCurrentUser(this.getThreadLocalRequest()).getUsername(); + }catch (Exception e) { + LOG.info("User not found in session, the userName for cecking policy will be null"); + } if (itemType.equalsIgnoreCase("concessione")) { @@ -227,15 +233,24 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme if (concessione.getPianteFineScavo() != null) { for (LayerConcessione lc : concessione.getPianteFineScavo()) { - listLayers.add(ConvertToDataViewModel.toLayerConcessione(lc, baseConcessione)); + if (CheckAccessPolicyUtil.isAccessible(lc.getPolicy().name(), userName)) { + listLayers.add(ConvertToDataViewModel.toLayerConcessione(lc, baseConcessione)); + } + } + + LayerConcessione lcPosizionamento = concessione.getPosizionamentoScavo(); + + if (lcPosizionamento != null) { + + if (CheckAccessPolicyUtil.isAccessible(lcPosizionamento.getPolicy().name(), userName)) { + + LayerConcessioneDV thePosizScavo = ConvertToDataViewModel + .toLayerConcessione(lcPosizionamento, baseConcessione); + if (thePosizScavo != null) + listLayers.add(thePosizScavo); + } } - } - if (concessione.getPosizionamentoScavo() != null) { - LayerConcessioneDV thePosizScavo = ConvertToDataViewModel - .toLayerConcessione(concessione.getPosizionamentoScavo(), baseConcessione); - if (thePosizScavo != null) - listLayers.add(thePosizScavo); } } else @@ -270,11 +285,6 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme try { LOG.info("Trying to get record for id " + mongoId); -// SessionUtil.getCurrentContext(this.getThreadLocalRequest(), true); -// SessionUtil.getCurrentToken(this.getThreadLocalRequest(), true); -// // Obtain the client -// ConcessioniManagerI manager = statefulMongoConcessioni().build(); -// Concessione concessione = manager.getById(mongoId); ConcessioniMongoService cms = new ConcessioniMongoService(); Concessione concessione = cms.getItemById(this.getThreadLocalRequest(), mongoId); @@ -283,12 +293,17 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme if (concessione != null) { concessionDV = ConvertToDataViewModel.toConcessione(concessione); - GCubeUser user = SessionUtil.getCurrentUser(this.getThreadLocalRequest()); - String userName = user == null ? null : user.getUsername(); + String userName = null; + try { + userName = SessionUtil.getCurrentUser(this.getThreadLocalRequest()).getUsername(); - // TODO THIS IS A WORKAROUND WAITING FOR USER ROLE. + }catch (Exception e) { + LOG.info("User not found in session, so going to apply the acess policies"); + } + + // TODO THIS IS A WORKAROUND WAITING FOR ADOPTING OF USER ROLES. AT THE MOMENT, A USER AUTHENTICATED CAN ACCESS EVERYTHING // I CAN CHECK THE ACCCESS POLICIES IF AND ONLY IF THE USER IS NOT LOGGED IN. - if (user == null) { + if (userName == null) { // CHECKING ACCESS POLICY LOG.info("Applying access policies for concessione " + mongoId + " returned by service"); @@ -296,6 +311,8 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme if (layerPosizionamento != null) { if (!CheckAccessPolicyUtil.isAccessible(layerPosizionamento.getPolicy(), userName)) { concessionDV.setPosizionamentoScavo(null); + }else { + LOG.info("Posizionamento di Scavo is not accessible by current user"); } } diff --git a/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/util/CheckAccessPolicyUtil.java b/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/util/CheckAccessPolicyUtil.java index f4416d5..0be6c5b 100644 --- a/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/util/CheckAccessPolicyUtil.java +++ b/src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/util/CheckAccessPolicyUtil.java @@ -1,5 +1,7 @@ package org.gcube.portlets.user.geoportaldataviewer.server.util; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * The Class CheckAccessPolicyUtil. @@ -9,7 +11,8 @@ package org.gcube.portlets.user.geoportaldataviewer.server.util; * Sep 9, 2021 */ public class CheckAccessPolicyUtil { - + + private static final Logger LOG = LoggerFactory.getLogger(CheckAccessPolicyUtil.class); /** * The Enum ACCESS_POLICY. * @@ -67,8 +70,10 @@ public class CheckAccessPolicyUtil { return true; } + //From here managing is NOT OPEN access + if (myLogin == null || myLogin.isEmpty()) { - // is not open and the user is not authenticated + // here is not open and the user is not authenticated return false; }