#21976 Access Policies now are applied also on retrieving layers for id

This commit is contained in:
Francesco Mangiacrapa 2021-09-22 12:18:58 +02:00
parent 97ab51e415
commit eba361389e
4 changed files with 43 additions and 23 deletions

View File

@ -83,8 +83,6 @@ public class GeoportalDataViewer implements EntryPoint {
int attempt = 0; int attempt = 0;
// https://data.d4science.org/gis-viewer-app/?wmsrequest=https%3A%2F%2Fgeona-proto.d4science.org%2Fgeoserver%2Fconcessioni_conf%2Fwms%3Fservice%3DWMS%26version%3D1.1.0%26request%3DGetMap%26layers%3Dconcessioni_conf%3Acentroids_concessioni%26styles%3D%26bbox%3D8.476%2C39.179%2C17.391%2C45.772%26width%3D768%26height%3D567%26srs%3DEPSG%3A4326%26format%3Dapplication%2Fopenlayers&zoom=6&centermap=12.45%2C42.98
/** /**
* This is the entry point method. * This is the entry point method.
*/ */

View File

@ -150,11 +150,11 @@ public abstract class OpenLayerOSM {
this.eventBus = eventBus; this.eventBus = eventBus;
// create a OSM-layer // create a OSM-layer
XyzOptions osmSourceOptions = OLFactory.createOptions(); XyzOptions xyzOptions = OLFactory.createOptions();
// osmSourceOptions.setCrossOrigin("Anonymous"); // osmSourceOptions.setCrossOrigin("Anonymous");
// osmSourceOptions.setTileLoadFunction(null); // osmSourceOptions.setTileLoadFunction(null);
Osm osmSource = new Osm(osmSourceOptions); Osm osmSource = new Osm(xyzOptions);
LayerOptions osmLayerOptions = OLFactory.createOptions(); LayerOptions osmLayerOptions = OLFactory.createOptions();
osmLayerOptions.setSource(osmSource); osmLayerOptions.setSource(osmSource);

View File

@ -213,6 +213,12 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
try { try {
SessionUtil.getCurrentContext(this.getThreadLocalRequest(), true); SessionUtil.getCurrentContext(this.getThreadLocalRequest(), true);
String userName = null;
try {
userName = SessionUtil.getCurrentUser(this.getThreadLocalRequest()).getUsername();
}catch (Exception e) {
LOG.info("User not found in session, the userName for cecking policy will be null");
}
if (itemType.equalsIgnoreCase("concessione")) { if (itemType.equalsIgnoreCase("concessione")) {
@ -227,16 +233,25 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
if (concessione.getPianteFineScavo() != null) { if (concessione.getPianteFineScavo() != null) {
for (LayerConcessione lc : concessione.getPianteFineScavo()) { for (LayerConcessione lc : concessione.getPianteFineScavo()) {
if (CheckAccessPolicyUtil.isAccessible(lc.getPolicy().name(), userName)) {
listLayers.add(ConvertToDataViewModel.toLayerConcessione(lc, baseConcessione)); listLayers.add(ConvertToDataViewModel.toLayerConcessione(lc, baseConcessione));
} }
} }
if (concessione.getPosizionamentoScavo() != null) { LayerConcessione lcPosizionamento = concessione.getPosizionamentoScavo();
if (lcPosizionamento != null) {
if (CheckAccessPolicyUtil.isAccessible(lcPosizionamento.getPolicy().name(), userName)) {
LayerConcessioneDV thePosizScavo = ConvertToDataViewModel LayerConcessioneDV thePosizScavo = ConvertToDataViewModel
.toLayerConcessione(concessione.getPosizionamentoScavo(), baseConcessione); .toLayerConcessione(lcPosizionamento, baseConcessione);
if (thePosizScavo != null) if (thePosizScavo != null)
listLayers.add(thePosizScavo); listLayers.add(thePosizScavo);
} }
}
}
} else } else
throw new Exception("Concessione with id '" + itemId + "' not available"); throw new Exception("Concessione with id '" + itemId + "' not available");
@ -270,11 +285,6 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
try { try {
LOG.info("Trying to get record for id " + mongoId); LOG.info("Trying to get record for id " + mongoId);
// SessionUtil.getCurrentContext(this.getThreadLocalRequest(), true);
// SessionUtil.getCurrentToken(this.getThreadLocalRequest(), true);
// // Obtain the client
// ConcessioniManagerI manager = statefulMongoConcessioni().build();
// Concessione concessione = manager.getById(mongoId);
ConcessioniMongoService cms = new ConcessioniMongoService(); ConcessioniMongoService cms = new ConcessioniMongoService();
Concessione concessione = cms.getItemById(this.getThreadLocalRequest(), mongoId); Concessione concessione = cms.getItemById(this.getThreadLocalRequest(), mongoId);
@ -283,12 +293,17 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
if (concessione != null) { if (concessione != null) {
concessionDV = ConvertToDataViewModel.toConcessione(concessione); concessionDV = ConvertToDataViewModel.toConcessione(concessione);
GCubeUser user = SessionUtil.getCurrentUser(this.getThreadLocalRequest()); String userName = null;
String userName = user == null ? null : user.getUsername(); try {
userName = SessionUtil.getCurrentUser(this.getThreadLocalRequest()).getUsername();
// TODO THIS IS A WORKAROUND WAITING FOR USER ROLE. }catch (Exception e) {
LOG.info("User not found in session, so going to apply the acess policies");
}
// TODO THIS IS A WORKAROUND WAITING FOR ADOPTING OF USER ROLES. AT THE MOMENT, A USER AUTHENTICATED CAN ACCESS EVERYTHING
// I CAN CHECK THE ACCCESS POLICIES IF AND ONLY IF THE USER IS NOT LOGGED IN. // I CAN CHECK THE ACCCESS POLICIES IF AND ONLY IF THE USER IS NOT LOGGED IN.
if (user == null) { if (userName == null) {
// CHECKING ACCESS POLICY // CHECKING ACCESS POLICY
LOG.info("Applying access policies for concessione " + mongoId + " returned by service"); LOG.info("Applying access policies for concessione " + mongoId + " returned by service");
@ -296,6 +311,8 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
if (layerPosizionamento != null) { if (layerPosizionamento != null) {
if (!CheckAccessPolicyUtil.isAccessible(layerPosizionamento.getPolicy(), userName)) { if (!CheckAccessPolicyUtil.isAccessible(layerPosizionamento.getPolicy(), userName)) {
concessionDV.setPosizionamentoScavo(null); concessionDV.setPosizionamentoScavo(null);
}else {
LOG.info("Posizionamento di Scavo is not accessible by current user");
} }
} }

View File

@ -1,5 +1,7 @@
package org.gcube.portlets.user.geoportaldataviewer.server.util; package org.gcube.portlets.user.geoportaldataviewer.server.util;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/** /**
* The Class CheckAccessPolicyUtil. * The Class CheckAccessPolicyUtil.
@ -10,6 +12,7 @@ package org.gcube.portlets.user.geoportaldataviewer.server.util;
*/ */
public class CheckAccessPolicyUtil { public class CheckAccessPolicyUtil {
private static final Logger LOG = LoggerFactory.getLogger(CheckAccessPolicyUtil.class);
/** /**
* The Enum ACCESS_POLICY. * The Enum ACCESS_POLICY.
* *
@ -67,8 +70,10 @@ public class CheckAccessPolicyUtil {
return true; return true;
} }
//From here managing is NOT OPEN access
if (myLogin == null || myLogin.isEmpty()) { if (myLogin == null || myLogin.isEmpty()) {
// is not open and the user is not authenticated // here is not open and the user is not authenticated
return false; return false;
} }