#21976 Access Policies now are applied also on retrieving layers for id
This commit is contained in:
parent
97ab51e415
commit
eba361389e
|
@ -83,8 +83,6 @@ public class GeoportalDataViewer implements EntryPoint {
|
||||||
|
|
||||||
int attempt = 0;
|
int attempt = 0;
|
||||||
|
|
||||||
// https://data.d4science.org/gis-viewer-app/?wmsrequest=https%3A%2F%2Fgeona-proto.d4science.org%2Fgeoserver%2Fconcessioni_conf%2Fwms%3Fservice%3DWMS%26version%3D1.1.0%26request%3DGetMap%26layers%3Dconcessioni_conf%3Acentroids_concessioni%26styles%3D%26bbox%3D8.476%2C39.179%2C17.391%2C45.772%26width%3D768%26height%3D567%26srs%3DEPSG%3A4326%26format%3Dapplication%2Fopenlayers&zoom=6¢ermap=12.45%2C42.98
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This is the entry point method.
|
* This is the entry point method.
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -150,14 +150,14 @@ public abstract class OpenLayerOSM {
|
||||||
this.eventBus = eventBus;
|
this.eventBus = eventBus;
|
||||||
|
|
||||||
// create a OSM-layer
|
// create a OSM-layer
|
||||||
XyzOptions osmSourceOptions = OLFactory.createOptions();
|
XyzOptions xyzOptions = OLFactory.createOptions();
|
||||||
// osmSourceOptions.setCrossOrigin("Anonymous");
|
// osmSourceOptions.setCrossOrigin("Anonymous");
|
||||||
// osmSourceOptions.setTileLoadFunction(null);
|
// osmSourceOptions.setTileLoadFunction(null);
|
||||||
|
|
||||||
Osm osmSource = new Osm(osmSourceOptions);
|
Osm osmSource = new Osm(xyzOptions);
|
||||||
LayerOptions osmLayerOptions = OLFactory.createOptions();
|
LayerOptions osmLayerOptions = OLFactory.createOptions();
|
||||||
osmLayerOptions.setSource(osmSource);
|
osmLayerOptions.setSource(osmSource);
|
||||||
|
|
||||||
Tile osmLayer = new Tile(osmLayerOptions);
|
Tile osmLayer = new Tile(osmLayerOptions);
|
||||||
// create a projection
|
// create a projection
|
||||||
projectionOptions.setCode(MAP_PROJECTION.EPSG_3857.getName());
|
projectionOptions.setCode(MAP_PROJECTION.EPSG_3857.getName());
|
||||||
|
|
|
@ -213,6 +213,12 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
|
||||||
try {
|
try {
|
||||||
|
|
||||||
SessionUtil.getCurrentContext(this.getThreadLocalRequest(), true);
|
SessionUtil.getCurrentContext(this.getThreadLocalRequest(), true);
|
||||||
|
String userName = null;
|
||||||
|
try {
|
||||||
|
userName = SessionUtil.getCurrentUser(this.getThreadLocalRequest()).getUsername();
|
||||||
|
}catch (Exception e) {
|
||||||
|
LOG.info("User not found in session, the userName for cecking policy will be null");
|
||||||
|
}
|
||||||
|
|
||||||
if (itemType.equalsIgnoreCase("concessione")) {
|
if (itemType.equalsIgnoreCase("concessione")) {
|
||||||
|
|
||||||
|
@ -227,15 +233,24 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
|
||||||
if (concessione.getPianteFineScavo() != null) {
|
if (concessione.getPianteFineScavo() != null) {
|
||||||
|
|
||||||
for (LayerConcessione lc : concessione.getPianteFineScavo()) {
|
for (LayerConcessione lc : concessione.getPianteFineScavo()) {
|
||||||
listLayers.add(ConvertToDataViewModel.toLayerConcessione(lc, baseConcessione));
|
if (CheckAccessPolicyUtil.isAccessible(lc.getPolicy().name(), userName)) {
|
||||||
|
listLayers.add(ConvertToDataViewModel.toLayerConcessione(lc, baseConcessione));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
LayerConcessione lcPosizionamento = concessione.getPosizionamentoScavo();
|
||||||
|
|
||||||
|
if (lcPosizionamento != null) {
|
||||||
|
|
||||||
|
if (CheckAccessPolicyUtil.isAccessible(lcPosizionamento.getPolicy().name(), userName)) {
|
||||||
|
|
||||||
|
LayerConcessioneDV thePosizScavo = ConvertToDataViewModel
|
||||||
|
.toLayerConcessione(lcPosizionamento, baseConcessione);
|
||||||
|
if (thePosizScavo != null)
|
||||||
|
listLayers.add(thePosizScavo);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if (concessione.getPosizionamentoScavo() != null) {
|
|
||||||
LayerConcessioneDV thePosizScavo = ConvertToDataViewModel
|
|
||||||
.toLayerConcessione(concessione.getPosizionamentoScavo(), baseConcessione);
|
|
||||||
if (thePosizScavo != null)
|
|
||||||
listLayers.add(thePosizScavo);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
} else
|
} else
|
||||||
|
@ -270,11 +285,6 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
|
||||||
|
|
||||||
try {
|
try {
|
||||||
LOG.info("Trying to get record for id " + mongoId);
|
LOG.info("Trying to get record for id " + mongoId);
|
||||||
// SessionUtil.getCurrentContext(this.getThreadLocalRequest(), true);
|
|
||||||
// SessionUtil.getCurrentToken(this.getThreadLocalRequest(), true);
|
|
||||||
// // Obtain the client
|
|
||||||
// ConcessioniManagerI manager = statefulMongoConcessioni().build();
|
|
||||||
// Concessione concessione = manager.getById(mongoId);
|
|
||||||
|
|
||||||
ConcessioniMongoService cms = new ConcessioniMongoService();
|
ConcessioniMongoService cms = new ConcessioniMongoService();
|
||||||
Concessione concessione = cms.getItemById(this.getThreadLocalRequest(), mongoId);
|
Concessione concessione = cms.getItemById(this.getThreadLocalRequest(), mongoId);
|
||||||
|
@ -283,12 +293,17 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
|
||||||
if (concessione != null) {
|
if (concessione != null) {
|
||||||
concessionDV = ConvertToDataViewModel.toConcessione(concessione);
|
concessionDV = ConvertToDataViewModel.toConcessione(concessione);
|
||||||
|
|
||||||
GCubeUser user = SessionUtil.getCurrentUser(this.getThreadLocalRequest());
|
String userName = null;
|
||||||
String userName = user == null ? null : user.getUsername();
|
try {
|
||||||
|
userName = SessionUtil.getCurrentUser(this.getThreadLocalRequest()).getUsername();
|
||||||
|
|
||||||
// TODO THIS IS A WORKAROUND WAITING FOR USER ROLE.
|
}catch (Exception e) {
|
||||||
|
LOG.info("User not found in session, so going to apply the acess policies");
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO THIS IS A WORKAROUND WAITING FOR ADOPTING OF USER ROLES. AT THE MOMENT, A USER AUTHENTICATED CAN ACCESS EVERYTHING
|
||||||
// I CAN CHECK THE ACCCESS POLICIES IF AND ONLY IF THE USER IS NOT LOGGED IN.
|
// I CAN CHECK THE ACCCESS POLICIES IF AND ONLY IF THE USER IS NOT LOGGED IN.
|
||||||
if (user == null) {
|
if (userName == null) {
|
||||||
|
|
||||||
// CHECKING ACCESS POLICY
|
// CHECKING ACCESS POLICY
|
||||||
LOG.info("Applying access policies for concessione " + mongoId + " returned by service");
|
LOG.info("Applying access policies for concessione " + mongoId + " returned by service");
|
||||||
|
@ -296,6 +311,8 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
|
||||||
if (layerPosizionamento != null) {
|
if (layerPosizionamento != null) {
|
||||||
if (!CheckAccessPolicyUtil.isAccessible(layerPosizionamento.getPolicy(), userName)) {
|
if (!CheckAccessPolicyUtil.isAccessible(layerPosizionamento.getPolicy(), userName)) {
|
||||||
concessionDV.setPosizionamentoScavo(null);
|
concessionDV.setPosizionamentoScavo(null);
|
||||||
|
}else {
|
||||||
|
LOG.info("Posizionamento di Scavo is not accessible by current user");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
package org.gcube.portlets.user.geoportaldataviewer.server.util;
|
package org.gcube.portlets.user.geoportaldataviewer.server.util;
|
||||||
|
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The Class CheckAccessPolicyUtil.
|
* The Class CheckAccessPolicyUtil.
|
||||||
|
@ -9,7 +11,8 @@ package org.gcube.portlets.user.geoportaldataviewer.server.util;
|
||||||
* Sep 9, 2021
|
* Sep 9, 2021
|
||||||
*/
|
*/
|
||||||
public class CheckAccessPolicyUtil {
|
public class CheckAccessPolicyUtil {
|
||||||
|
|
||||||
|
private static final Logger LOG = LoggerFactory.getLogger(CheckAccessPolicyUtil.class);
|
||||||
/**
|
/**
|
||||||
* The Enum ACCESS_POLICY.
|
* The Enum ACCESS_POLICY.
|
||||||
*
|
*
|
||||||
|
@ -67,8 +70,10 @@ public class CheckAccessPolicyUtil {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//From here managing is NOT OPEN access
|
||||||
|
|
||||||
if (myLogin == null || myLogin.isEmpty()) {
|
if (myLogin == null || myLogin.isEmpty()) {
|
||||||
// is not open and the user is not authenticated
|
// here is not open and the user is not authenticated
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue