#21976 Access Policies now are applied also on retrieving layers for id

This commit is contained in:
Francesco Mangiacrapa 2021-09-22 12:18:58 +02:00
parent 97ab51e415
commit eba361389e
4 changed files with 43 additions and 23 deletions

View File

@ -83,8 +83,6 @@ public class GeoportalDataViewer implements EntryPoint {
int attempt = 0;
// https://data.d4science.org/gis-viewer-app/?wmsrequest=https%3A%2F%2Fgeona-proto.d4science.org%2Fgeoserver%2Fconcessioni_conf%2Fwms%3Fservice%3DWMS%26version%3D1.1.0%26request%3DGetMap%26layers%3Dconcessioni_conf%3Acentroids_concessioni%26styles%3D%26bbox%3D8.476%2C39.179%2C17.391%2C45.772%26width%3D768%26height%3D567%26srs%3DEPSG%3A4326%26format%3Dapplication%2Fopenlayers&zoom=6&centermap=12.45%2C42.98
/**
* This is the entry point method.
*/

View File

@ -150,14 +150,14 @@ public abstract class OpenLayerOSM {
this.eventBus = eventBus;
// create a OSM-layer
XyzOptions osmSourceOptions = OLFactory.createOptions();
XyzOptions xyzOptions = OLFactory.createOptions();
// osmSourceOptions.setCrossOrigin("Anonymous");
// osmSourceOptions.setTileLoadFunction(null);
Osm osmSource = new Osm(osmSourceOptions);
Osm osmSource = new Osm(xyzOptions);
LayerOptions osmLayerOptions = OLFactory.createOptions();
osmLayerOptions.setSource(osmSource);
Tile osmLayer = new Tile(osmLayerOptions);
// create a projection
projectionOptions.setCode(MAP_PROJECTION.EPSG_3857.getName());

View File

@ -213,6 +213,12 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
try {
SessionUtil.getCurrentContext(this.getThreadLocalRequest(), true);
String userName = null;
try {
userName = SessionUtil.getCurrentUser(this.getThreadLocalRequest()).getUsername();
}catch (Exception e) {
LOG.info("User not found in session, the userName for cecking policy will be null");
}
if (itemType.equalsIgnoreCase("concessione")) {
@ -227,15 +233,24 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
if (concessione.getPianteFineScavo() != null) {
for (LayerConcessione lc : concessione.getPianteFineScavo()) {
listLayers.add(ConvertToDataViewModel.toLayerConcessione(lc, baseConcessione));
if (CheckAccessPolicyUtil.isAccessible(lc.getPolicy().name(), userName)) {
listLayers.add(ConvertToDataViewModel.toLayerConcessione(lc, baseConcessione));
}
}
LayerConcessione lcPosizionamento = concessione.getPosizionamentoScavo();
if (lcPosizionamento != null) {
if (CheckAccessPolicyUtil.isAccessible(lcPosizionamento.getPolicy().name(), userName)) {
LayerConcessioneDV thePosizScavo = ConvertToDataViewModel
.toLayerConcessione(lcPosizionamento, baseConcessione);
if (thePosizScavo != null)
listLayers.add(thePosizScavo);
}
}
}
if (concessione.getPosizionamentoScavo() != null) {
LayerConcessioneDV thePosizScavo = ConvertToDataViewModel
.toLayerConcessione(concessione.getPosizionamentoScavo(), baseConcessione);
if (thePosizScavo != null)
listLayers.add(thePosizScavo);
}
} else
@ -270,11 +285,6 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
try {
LOG.info("Trying to get record for id " + mongoId);
// SessionUtil.getCurrentContext(this.getThreadLocalRequest(), true);
// SessionUtil.getCurrentToken(this.getThreadLocalRequest(), true);
// // Obtain the client
// ConcessioniManagerI manager = statefulMongoConcessioni().build();
// Concessione concessione = manager.getById(mongoId);
ConcessioniMongoService cms = new ConcessioniMongoService();
Concessione concessione = cms.getItemById(this.getThreadLocalRequest(), mongoId);
@ -283,12 +293,17 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
if (concessione != null) {
concessionDV = ConvertToDataViewModel.toConcessione(concessione);
GCubeUser user = SessionUtil.getCurrentUser(this.getThreadLocalRequest());
String userName = user == null ? null : user.getUsername();
String userName = null;
try {
userName = SessionUtil.getCurrentUser(this.getThreadLocalRequest()).getUsername();
// TODO THIS IS A WORKAROUND WAITING FOR USER ROLE.
}catch (Exception e) {
LOG.info("User not found in session, so going to apply the acess policies");
}
// TODO THIS IS A WORKAROUND WAITING FOR ADOPTING OF USER ROLES. AT THE MOMENT, A USER AUTHENTICATED CAN ACCESS EVERYTHING
// I CAN CHECK THE ACCCESS POLICIES IF AND ONLY IF THE USER IS NOT LOGGED IN.
if (user == null) {
if (userName == null) {
// CHECKING ACCESS POLICY
LOG.info("Applying access policies for concessione " + mongoId + " returned by service");
@ -296,6 +311,8 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
if (layerPosizionamento != null) {
if (!CheckAccessPolicyUtil.isAccessible(layerPosizionamento.getPolicy(), userName)) {
concessionDV.setPosizionamentoScavo(null);
}else {
LOG.info("Posizionamento di Scavo is not accessible by current user");
}
}

View File

@ -1,5 +1,7 @@
package org.gcube.portlets.user.geoportaldataviewer.server.util;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* The Class CheckAccessPolicyUtil.
@ -9,7 +11,8 @@ package org.gcube.portlets.user.geoportaldataviewer.server.util;
* Sep 9, 2021
*/
public class CheckAccessPolicyUtil {
private static final Logger LOG = LoggerFactory.getLogger(CheckAccessPolicyUtil.class);
/**
* The Enum ACCESS_POLICY.
*
@ -67,8 +70,10 @@ public class CheckAccessPolicyUtil {
return true;
}
//From here managing is NOT OPEN access
if (myLogin == null || myLogin.isEmpty()) {
// is not open and the user is not authenticated
// here is not open and the user is not authenticated
return false;
}