gCubeSystem
/
resource-registry
16
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixes #10435: Add support for hierarchical roles to support child context overview 

Task-Url: https://support.d4science.org/issues/10435

git-svn-id: https://svn.d4science.research-infrastructures.eu/gcube/trunk/information-system/resource-registry@160040 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
Luca Frosini 2017-12-05 09:10:34 +00:00
parent 1fcdccd7af
commit 263bcf07c9
8 changed files with 324 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/main/java/org/gcube/informationsystem/resourceregistry/context/ContextManagement.java
View File

@ -75,7 +75,7 @@ public class ContextManagement extends EntityManagement<Context> {
protected SecurityContext getWorkingContext() throws ResourceRegistryException {
if(workingContext == null) {
workingContext = ContextUtility.getInstace()
workingContext = ContextUtility.getInstance()
.getSecurityContextByUUID(DatabaseEnvironment.CONTEXT_SECURITY_CONTEXT_UUID);
}
return workingContext;
@ -192,6 +192,7 @@ public class ContextManagement extends EntityManagement<Context> {
@Override
protected Vertex reallyCreate() throws ERAlreadyPresentException, ResourceRegistryException {
SecurityContext securityContext = null;
SecurityContext parentSecurityContext = null;
try {
JsonNode isParentOfJsonNode = jsonNode.get(Context.PARENT_PROPERTY);
@ -199,10 +200,13 @@ public class ContextManagement extends EntityManagement<Context> {
if(isParentOfJsonNode != null && !(isParentOfJsonNode instanceof NullNode)) {
JsonNode parentJsonNode = isParentOfJsonNode.get(Relation.SOURCE_PROPERTY);
ContextManagement parentContext = new ContextManagement(orientGraph);
parentContext.setJSON(parentJsonNode);
ContextManagement parentContextManagement = new ContextManagement(orientGraph);
parentContextManagement.setJSON(parentJsonNode);
UUID parentUUID = parentContextManagement.uuid;
parentSecurityContext = ContextUtility.getInstance().getSecurityContextByUUID(parentUUID);
checkContext(parentContext);
checkContext(parentContextManagement);
if(uuid == null) {
uuid = UUID.randomUUID();
}
@ -211,7 +215,7 @@ public class ContextManagement extends EntityManagement<Context> {
IsParentOfManagement isParentOfManagement = new IsParentOfManagement(orientGraph);
isParentOfManagement.setJSON(isParentOfJsonNode);
isParentOfManagement.setSourceEntityManagement(parentContext);
isParentOfManagement.setSourceEntityManagement(parentContextManagement);
isParentOfManagement.setTargetEntityManagement(this);
isParentOfManagement.internalCreate();
@ -222,13 +226,20 @@ public class ContextManagement extends EntityManagement<Context> {
}
securityContext = new SecurityContext(uuid);
securityContext.setParentSecurityContext(parentSecurityContext);
securityContext.create(orientGraph);
ContextUtility.getInstance().addSecurityContext(securityContext);
return getElement();
} catch(Exception e) {
orientGraph.rollback();
if(securityContext != null) {
securityContext.delete(orientGraph);
if(parentSecurityContext!=null && securityContext!=null) {
parentSecurityContext.getChildren().remove(securityContext);
}
ContextUtility.getInstance().removeFromCache(uuid, false);
}
throw e;
}
@ -308,7 +319,7 @@ public class ContextManagement extends EntityManagement<Context> {
element = (Vertex) ERManagement.updateProperties(oClass, getElement(), jsonNode, ignoreKeys,
ignoreStartWithKeys);
ContextUtility.getInstace().removeFromCache(uuid);
ContextUtility.getInstance().removeFromCache(uuid, true);
return element;
}
@ -319,6 +330,8 @@ public class ContextManagement extends EntityManagement<Context> {
checkContext(newParentContextManagement);
}
SecurityContext newParentSecurityContext = null;
// Removing the old parent relationship if any
Iterable<Edge> edges = getElement().getEdges(Direction.IN, IsParentOf.NAME);
if(edges != null && edges.iterator().hasNext()) {
@ -341,8 +354,11 @@ public class ContextManagement extends EntityManagement<Context> {
isParentOfManagement.setSourceEntityManagement(newParentContextManagement);
isParentOfManagement.setTargetEntityManagement(this);
isParentOfManagement.internalCreate();
newParentSecurityContext = ContextUtility.getInstance().getSecurityContextByUUID(newParentContextManagement.uuid);
}
SecurityContext thisSecurityContext = ContextUtility.getInstance().getSecurityContextByUUID(uuid);
thisSecurityContext.changeParentSecurityContext(newParentSecurityContext, orientGraph);
}
@Override
@ -355,11 +371,11 @@ public class ContextManagement extends EntityManagement<Context> {
element.remove();
ContextUtility contextUtility = ContextUtility.getInstace();
ContextUtility contextUtility = ContextUtility.getInstance();
SecurityContext securityContext = contextUtility.getSecurityContextByUUID(uuid);
securityContext.delete(orientGraph);
contextUtility.removeFromCache(uuid);
contextUtility.removeFromCache(uuid, false);
return true;

16
src/main/java/org/gcube/informationsystem/resourceregistry/context/ContextUtility.java
View File

@ -40,7 +40,7 @@ public class ContextUtility {
private static ContextUtility contextUtility;
public static ContextUtility getInstace() {
public static ContextUtility getInstance() {
if(contextUtility == null) {
contextUtility = new ContextUtility();
}
@ -81,26 +81,32 @@ public class ContextUtility {
if(fullName == null) {
throw new ContextException("Null Token and Scope. Please set your token first.");
}
return ContextUtility.getInstace().getSecurityContextByFullName(fullName);
return ContextUtility.getInstance().getSecurityContextByFullName(fullName);
}
public static AdminSecurityContext getAdminSecurityContext() throws ResourceRegistryException {
AdminSecurityContext adminSecurityContext = (AdminSecurityContext) ContextUtility.getInstace()
AdminSecurityContext adminSecurityContext = (AdminSecurityContext) ContextUtility.getInstance()
.getSecurityContextByUUID(DatabaseEnvironment.ADMIN_SECURITY_CONTEXT_UUID);
return adminSecurityContext;
}
public synchronized void removeFromCache(UUID uuid) throws ResourceRegistryException {
public synchronized void removeFromCache(UUID uuid, boolean fullNameOnly) throws ResourceRegistryException {
for(String fullName : contextUUIDs.keySet()) {
UUID uuidKey = contextUUIDs.get(fullName);
if(uuidKey.compareTo(uuid) == 0) {
contextUUIDs.remove(fullName);
contexts.remove(uuid);
if(!fullNameOnly) {
contexts.remove(uuid);
}
return;
}
}
}
public synchronized void addSecurityContext(SecurityContext securityContext) {
contexts.put(securityContext.getUUID(), securityContext);
}
public synchronized void addSecurityContext(String fullname, SecurityContext securityContext) {
contextUUIDs.put(fullname, securityContext.getUUID());
contexts.put(securityContext.getUUID(), securityContext);

2
src/main/java/org/gcube/informationsystem/resourceregistry/context/IsParentOfManagement.java
View File

@ -42,7 +42,7 @@ public class IsParentOfManagement extends RelationManagement<IsParentOf,ContextM
@Override
protected SecurityContext getWorkingContext() throws ResourceRegistryException {
if(workingContext == null) {
workingContext = ContextUtility.getInstace()
workingContext = ContextUtility.getInstance()
.getSecurityContextByUUID(DatabaseEnvironment.CONTEXT_SECURITY_CONTEXT_UUID);
}
return workingContext;

1
src/main/java/org/gcube/informationsystem/resourceregistry/context/security/AdminSecurityContext.java
View File

@ -25,6 +25,7 @@ public class AdminSecurityContext extends SecurityContext {
throw new RuntimeException("Cannot use this method for Admin Context");
}
@Override
protected ORole getSuperRole(OSecurity oSecurity, PermissionMode permissionMode) {
return oSecurity.getRole(DatabaseEnvironment.DEFAULT_ADMIN_ROLE);
}

226
src/main/java/org/gcube/informationsystem/resourceregistry/context/security/SecurityContext.java
View File

@ -4,7 +4,9 @@
package org.gcube.informationsystem.resourceregistry.context.security;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutorService;
@ -15,6 +17,7 @@ import org.gcube.informationsystem.model.entity.Context;
import org.gcube.informationsystem.resourceregistry.api.exceptions.ResourceRegistryException;
import org.gcube.informationsystem.resourceregistry.context.ContextUtility;
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
import org.gcube.informationsystem.resourceregistry.utils.Utility;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -79,50 +82,127 @@ public class SecurityContext {
protected SecurityContext parentSecurityContext;
protected Set<SecurityContext> children;
protected boolean isHierarchicMode() {
return hierarchic && ContextUtility.getHierarchicMode().get();
}
public void setParentSecurityContext(SecurityContext parentSecurityContext) {
if(this.parentSecurityContext!=null) {
this.parentSecurityContext.getChildren().remove(this);
}
this.parentSecurityContext = parentSecurityContext;
if(parentSecurityContext!=null) {
this.parentSecurityContext.addChild(this);
}
}
public SecurityContext getParentSecurityContext() {
return parentSecurityContext;
}
/**
* Use to change the parent not to set the first time
*
* @param newParentSecurityContext
* @throws ResourceRegistryException
*/
public void changeParentSecurityContext(SecurityContext newParentSecurityContext) throws ResourceRegistryException {
OrientGraph orientGraph = getAdminOrientGraph();
changeParentSecurityContext(newParentSecurityContext, orientGraph);
private void addChild(SecurityContext child) {
this.children.add(child);
}
public Set<SecurityContext> getChildren(){
return this.children;
}
protected OrientGraph getAdminOrientGraph() throws ResourceRegistryException {
return ContextUtility.getAdminSecurityContext().getGraph(PermissionMode.WRITER);
}
/**
* @return a set containing all children and recursively
* all children.
*/
private Set<SecurityContext> getAllChildren(){
Set<SecurityContext> allChildren = new HashSet<>();
allChildren.add(this);
for(SecurityContext securityContext : getChildren()) {
allChildren.addAll(securityContext.getAllChildren());
}
return allChildren;
}
/**
* @return
*/
private Set<SecurityContext> getAllParents(){
Set<SecurityContext> allParents = new HashSet<>();
SecurityContext parent = getParentSecurityContext();
while(parent!=null) {
allParents.add(parent);
parent = parent.getParentSecurityContext();
}
return allParents;
}
/**
* Use to change the parent not to set the first time
*
* @param newParentSecurityContext
* @param orientGraph
* @throws ResourceRegistryException
*/
public void changeParentSecurityContext(SecurityContext newParentSecurityContext, OrientGraph orientGraph) {
// TODO Remove from old hierarchy
// TODO Add to new Hierarchy
// In both cases take in account the new and the old parent
public void changeParentSecurityContext(SecurityContext newParentSecurityContext, OrientGraph orientGraph) throws ResourceRegistryException {
if(!hierarchic) {
StringBuilder errorMessage = new StringBuilder();
errorMessage.append("Cannot change parent ");
errorMessage.append(SecurityContext.class.getSimpleName());
errorMessage.append(" to non hierarchic ");
errorMessage.append(SecurityContext.class.getSimpleName());
errorMessage.append(". ");
errorMessage.append(Utility.SHOULD_NOT_OCCUR_ERROR_MESSAGE);
final String error = errorMessage.toString();
logger.error(error);
throw new RuntimeException(error);
}
OSecurity oSecurity = getOSecurity(orientGraph);
Set<SecurityContext> allChildren = getAllChildren();
Set<SecurityContext> oldParents = getAllParents();
Set<SecurityContext> newParents = new HashSet<>();
if(newParentSecurityContext!=null) {
newParents = newParentSecurityContext.getAllParents();
}
/*
* From old parents I remove the new parents so that oldParents
* contains only the parents where I have to remove all
* HReaderRole-UUID e HWriterRole-UUID of allChildren by using
* removeHierarchicRoleFromParent() function
*
*/
oldParents.removeAll(newParents);
removeChildrenHRolesFromParents(oSecurity, oldParents, allChildren);
setParentSecurityContext(newParentSecurityContext);
if(newParentSecurityContext!=null){
for(PermissionMode permissionMode : PermissionMode.values()) {
for(SecurityContext child : allChildren) {
String roleName = child.getSecurityRoleOrUserName(permissionMode, SecurityType.ROLE, true);
ORole role = oSecurity.getRole(roleName);
getParentSecurityContext().addHierarchicRoleToParent(oSecurity, permissionMode, role);
}
}
}
}
protected SecurityContext(UUID context, boolean hierarchic) throws ResourceRegistryException {
this.context = context;
this.factoryMap = new HashMap<>();
this.hierarchic = hierarchic;
this.children = new HashSet<>();
}
public SecurityContext(UUID context) throws ResourceRegistryException {
@ -176,19 +256,9 @@ public class SecurityContext {
return stringBuilder.toString();
}
private ODatabaseDocumentTx getAdminODatabaseDocumentTx(OrientGraph orientGraph) {
private OSecurity getOSecurity(OrientGraph orientGraph) {
ODatabaseDocumentTx oDatabaseDocumentTx = orientGraph.getRawGraph();
return oDatabaseDocumentTx;
}
private OSecurity getAdminOSecurity(ODatabaseDocumentTx oDatabaseDocumentTx) {
OSecurity oSecurity = oDatabaseDocumentTx.getMetadata().getSecurity();
return oSecurity;
}
private OSecurity getAdminOSecurity(OrientGraph orientGraph) {
ODatabaseDocumentTx oDatabaseDocumentTx = getAdminODatabaseDocumentTx(orientGraph);
return getAdminOSecurity(oDatabaseDocumentTx);
return oDatabaseDocumentTx.getMetadata().getSecurity();
}
public void addElement(Element element) throws ResourceRegistryException {
@ -205,34 +275,22 @@ public class SecurityContext {
public void addElement(Element element, OrientGraph orientGraph) {
OrientElement orientElement = (OrientElement) element;
ODocument oDocument = orientElement.getRecord();
OSecurity oSecurity = getAdminOSecurity(orientGraph);
OSecurity oSecurity = getOSecurity(orientGraph);
allow(oSecurity, oDocument, false);
if(hierarchic) {
allow(oSecurity, oDocument, true);
if(getParentSecurityContext() != null) {
getParentSecurityContext().addElementToHierarchy(oSecurity, oDocument);
}
}
oDocument.save();
orientElement.save();
}
protected void addElementToHierarchy(OSecurity oSecurity, ODocument oDocument) {
allow(oSecurity, oDocument, true);
if(getParentSecurityContext() != null) {
getParentSecurityContext().addElementToHierarchy(oSecurity, oDocument);
}
}
public void removeElement(Element element) throws ResourceRegistryException {
removeElement(element, getAdminOrientGraph());
}
protected void deny(OSecurity oSecurity, ODocument oDocument, boolean hierarchic) {
// The element could be created in such a context so the writerUser for the
// context is allowed by default
// because it was the creator
// context is allowed by default because it was the creator
String writerUserName = getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.USER, hierarchic);
oSecurity.denyUser(oDocument, ORestrictedOperation.ALLOW_ALL, writerUserName);
String readerUserName = getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.USER, hierarchic);
@ -248,13 +306,10 @@ public class SecurityContext {
public void removeElement(Element element, OrientGraph orientGraph) {
OrientElement orientElement = (OrientElement) element;
ODocument oDocument = orientElement.getRecord();
OSecurity oSecurity = getAdminOSecurity(orientGraph);
OSecurity oSecurity = getOSecurity(orientGraph);
deny(oSecurity, oDocument, false);
if(hierarchic) {
deny(oSecurity, oDocument, true);
if(getParentSecurityContext() != null) {
getParentSecurityContext().removeElementFromHierarchy(oSecurity, oDocument);
}
}
oDocument.save();
orientElement.save();
@ -293,26 +348,6 @@ public class SecurityContext {
}
}
protected void removeElementFromHierarchy(OSecurity oSecurity, ODocument oDocument) {
// I don't have to deny the Hierarchic role if the element belong to context
String writerRoleName = getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.ROLE, false);
ORole writerRole = oSecurity.getRole(writerRoleName);
/*
* This check if the writerRole (not hierarchic) has the right to operate on the
* document. In such a case don't have to deny the hierarchy
*/
boolean allowed = allowed(writerRole, oDocument);
// If allowed not denying the hierarchy and continuing to parents
if(!allowed) {
deny(oSecurity, oDocument, true);
if(getParentSecurityContext() != null) {
getParentSecurityContext().removeElementFromHierarchy(oSecurity, oDocument);
}
}
}
public void create() throws ResourceRegistryException {
OrientGraph orientGraph = getAdminOrientGraph();
create(orientGraph);
@ -325,7 +360,19 @@ public class SecurityContext {
}
protected ORole getSuperRole(OSecurity oSecurity, PermissionMode permissionMode) {
return oSecurity.getRole(permissionMode.name().toLowerCase());
String superRoleName = permissionMode.name().toLowerCase();
return oSecurity.getRole(superRoleName);
}
protected void addHierarchicRoleToParent(OSecurity oSecurity, PermissionMode permissionMode, ORole role) {
String userName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, true);
OUser user = oSecurity.getUser(userName);
user.addRole(role);
user.save();
if(getParentSecurityContext() != null) {
getParentSecurityContext().addHierarchicRoleToParent(oSecurity, permissionMode, role);
}
}
protected void createRolesAndUsers(OSecurity oSecurity) {
@ -346,6 +393,10 @@ public class SecurityContext {
role.save();
logger.trace("{} created", role);
if(hierarchic && getParentSecurityContext() != null) {
getParentSecurityContext().addHierarchicRoleToParent(oSecurity, permissionMode, role);
}
String userName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, hierarchic);
OUser user = oSecurity.createUser(userName, DatabaseEnvironment.DEFAULT_PASSWORDS.get(permissionMode),
role);
@ -353,11 +404,11 @@ public class SecurityContext {
logger.trace("{} created", user);
}
}
}
public void create(OrientGraph orientGraph) {
ODatabaseDocumentTx oDatabaseDocumentTx = getAdminODatabaseDocumentTx(orientGraph);
OSecurity oSecurity = getAdminOSecurity(oDatabaseDocumentTx);
OSecurity oSecurity = getOSecurity(orientGraph);
createRolesAndUsers(oSecurity);
@ -392,6 +443,42 @@ public class SecurityContext {
orientGraph.shutdown();
}
protected void removeChildrenHRolesFromParents(OSecurity oSecurity) {
Set<SecurityContext> parents = getAllParents();
Set<SecurityContext> allChildren = getAllChildren();
removeChildrenHRolesFromParents(oSecurity, parents, allChildren);
}
protected void removeChildrenHRolesFromParents(OSecurity oSecurity, Set<SecurityContext> parents, Set<SecurityContext> children) {
for(SecurityContext parent : parents) {
parent.removeChildrenHRolesFromMyHUsers(oSecurity, children);
}
}
protected void removeChildrenHRolesFromMyHUsers(OSecurity oSecurity, Set<SecurityContext> children) {
for(PermissionMode permissionMode : PermissionMode.values()) {
String userName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, true);
OUser user = oSecurity.getUser(userName);
for(SecurityContext child : children) {
String roleName = child.getSecurityRoleOrUserName(permissionMode, SecurityType.ROLE, true);
logger.debug("Going to remove {} from {}", roleName, userName);
boolean removed = user.removeRole(roleName);
logger.trace("{} {} removed from {}", roleName, removed ? "successfully" : "NOT", userName);
}
user.save();
}
}
protected void removeHierarchicRoleFromMyHUser(OSecurity oSecurity, PermissionMode permissionMode, String roleName) {
String userName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, true);
OUser user = oSecurity.getUser(userName);
logger.debug("Going to remove {} from {}", roleName, userName);
boolean removed = user.removeRole(roleName);
logger.trace("{} {} removed from {}", roleName, removed ? "successfully" : "NOT", userName);
user.save();
}
protected void deleteRolesAndUsers(OSecurity oSecurity) {
boolean[] booleanArray;
if(hierarchic) {
@ -400,6 +487,9 @@ public class SecurityContext {
booleanArray = new boolean[] {false};
}
for(boolean hierarchic : booleanArray) {
if(hierarchic) {
removeChildrenHRolesFromParents(oSecurity);
}
for(PermissionMode permissionMode : PermissionMode.values()) {
for(SecurityType securityType : SecurityType.values()) {
String name = getSecurityRoleOrUserName(permissionMode, securityType, hierarchic);
@ -410,14 +500,14 @@ public class SecurityContext {
}
public void delete(OrientGraph orientGraph) {
ODatabaseDocumentTx oDatabaseDocumentTx = getAdminODatabaseDocumentTx(orientGraph);
OSecurity oSecurity = getAdminOSecurity(oDatabaseDocumentTx);
OSecurity oSecurity = getOSecurity(orientGraph);
logger.trace("Going to remove Security Context (roles and users) with UUID {}", context.toString());
deleteRolesAndUsers(oSecurity);
logger.trace("Security Context (roles and users) with UUID {} successfully removed", context.toString());
}
public OrientGraph getGraph(PermissionMode permissionMode) {

2
src/main/java/org/gcube/informationsystem/resourceregistry/dbinitialization/DatabaseEnvironment.java
View File

@ -175,7 +175,7 @@ public class DatabaseEnvironment {
try {
boolean created = initGraphDB();
ContextUtility contextUtility = ContextUtility.getInstace();
ContextUtility contextUtility = ContextUtility.getInstance();
AdminSecurityContext adminSecurityContext = new AdminSecurityContext();
contextUtility.addSecurityContext(adminSecurityContext.getUUID().toString(), adminSecurityContext);

14
src/main/java/org/gcube/informationsystem/resourceregistry/er/ERManagement.java
View File

@ -255,7 +255,7 @@ public abstract class ERManagement<ERType extends ER, El extends Element> {
} catch(ResourceRegistryException e) {
throw e;
} catch(Exception e) {
throw new ResourceRegistryException("Error Creating " + erType + " with " + jsonNode, e.getCause());
throw new ResourceRegistryException("Error Creating " + erType + " with " + jsonNode, e);
}
}
@ -273,7 +273,7 @@ public abstract class ERManagement<ERType extends ER, El extends Element> {
} catch(ResourceRegistryException e) {
throw e;
} catch(Exception e) {
throw new ResourceRegistryException("Error Updating " + erType + " with " + jsonNode, e.getCause());
throw new ResourceRegistryException("Error Updating " + erType + " with " + jsonNode, e);
}
}
@ -438,6 +438,8 @@ public abstract class ERManagement<ERType extends ER, El extends Element> {
try {
orientGraph = getWorkingContext().getGraph(PermissionMode.WRITER);
orientGraph.setAutoStartTx(false);
orientGraph.begin();
element = internalCreate();
@ -489,6 +491,8 @@ public abstract class ERManagement<ERType extends ER, El extends Element> {
public String update() throws ERNotFoundException, ERAvailableInAnotherContextException, ResourceRegistryException {
try {
orientGraph = getWorkingContext().getGraph(PermissionMode.WRITER);
orientGraph.setAutoStartTx(false);
orientGraph.begin();
element = internalUpdate();
@ -526,6 +530,8 @@ public abstract class ERManagement<ERType extends ER, El extends Element> {
try {
orientGraph = ContextUtility.getAdminSecurityContext().getGraph(PermissionMode.WRITER);
orientGraph.setAutoStartTx(false);
orientGraph.begin();
boolean deleted = reallyDelete();
@ -564,6 +570,8 @@ public abstract class ERManagement<ERType extends ER, El extends Element> {
try {
orientGraph = ContextUtility.getAdminSecurityContext().getGraph(PermissionMode.WRITER);
orientGraph.setAutoStartTx(false);
orientGraph.begin();
boolean added = internalAddToContext();
@ -596,6 +604,8 @@ public abstract class ERManagement<ERType extends ER, El extends Element> {
try {
orientGraph = ContextUtility.getAdminSecurityContext().getGraph(PermissionMode.WRITER);
orientGraph.setAutoStartTx(false);
orientGraph.begin();
boolean removed = internalRemoveFromContext();

133
src/test/java/org/gcube/informationsystem/resourceregistry/context/ContextManagementTest.java
View File

@ -90,16 +90,21 @@ public class ContextManagementTest extends ScopedTest {
}
protected void roleUserAssertions(UUID uuid, boolean deleted) throws ResourceRegistryException {
protected void roleUserAssertions(UUID uuid, UUID oldParentUUID, boolean deleted) throws ResourceRegistryException {
ContextSecurityContext contextSecurityContext = new ContextSecurityContext();
ContextUtility.getInstace().addSecurityContext(contextSecurityContext.getUUID().toString(),
ContextUtility.getInstance().addSecurityContext(contextSecurityContext.getUUID().toString(),
contextSecurityContext);
OrientGraph orientGraph = contextSecurityContext.getGraph(PermissionMode.READER);
ODatabaseDocumentTx oDatabaseDocumentTx = orientGraph.getRawGraph();
OSecurity oSecurity = oDatabaseDocumentTx.getMetadata().getSecurity();
SecurityContext securityContext = new SecurityContext(uuid);
SecurityContext securityContext = null;
if(deleted) {
securityContext = new SecurityContext(uuid);
} else {
securityContext = ContextUtility.getInstance().getSecurityContextByUUID(uuid);
}
boolean[] booleanArray = new boolean[] { false, true };
for (boolean hierarchic : booleanArray) {
@ -111,7 +116,27 @@ public class ContextManagementTest extends ScopedTest {
String user = securityContext.getSecurityRoleOrUserName(permissionMode, SecurityType.USER, hierarchic);
OUser oUser = oSecurity.getUser(user);
Assert.assertEquals(oUser == null, deleted);
if(oUser!=null) {
Assert.assertTrue(oUser.hasRole(oRole.getName(), false));
}
if(hierarchic) {
SecurityContext parent = null;
if(deleted){
if(oldParentUUID!=null) {
parent = ContextUtility.getInstance().getSecurityContextByUUID(oldParentUUID);
}
}
parent = securityContext.getParentSecurityContext();
while(parent!=null) {
String parentUser = parent.getSecurityRoleOrUserName(permissionMode, SecurityType.USER, hierarchic);
OUser parentOUser = oSecurity.getUser(parentUser);
Assert.assertTrue(parentOUser != null);
Assert.assertEquals(parentOUser.hasRole(oRole.getName(), false), !deleted);
parent = parent.getParentSecurityContext();
}
}
}
}
}
@ -121,7 +146,7 @@ public class ContextManagementTest extends ScopedTest {
contextManagement.setUUID(uuid);
String contextString = contextManagement.read();
logger.debug("Read {}", contextString);
roleUserAssertions(uuid, false);
roleUserAssertions(uuid, null, false);
return ISMapper.unmarshal(Context.class, contextString);
}
@ -132,7 +157,7 @@ public class ContextManagementTest extends ScopedTest {
logger.debug("Created {}", contextString);
Context c = ISMapper.unmarshal(Context.class, contextString);
assertions(context, c, true, true);
roleUserAssertions(c.getHeader().getUUID(), false);
roleUserAssertions(c.getHeader().getUUID(), null, false);
return c;
}
@ -143,16 +168,24 @@ public class ContextManagementTest extends ScopedTest {
logger.debug("Updated {}", contextString);
Context c = ISMapper.unmarshal(Context.class, contextString);
assertions(context, c, true, false);
roleUserAssertions(c.getHeader().getUUID(), false);
roleUserAssertions(c.getHeader().getUUID(), null, false);
return c;
}
protected boolean delete(UUID uuid) throws ResourceRegistryException {
ContextManagement contextManagement = new ContextManagement();
contextManagement.setUUID(uuid);
SecurityContext securityContext = ContextUtility.getInstance().getSecurityContextByUUID(uuid);
UUID oldParentUUID = null;
if(securityContext.getParentSecurityContext()!=null) {
oldParentUUID = securityContext.getParentSecurityContext().getUUID();
}
boolean deleted = contextManagement.delete();
Assert.assertTrue(deleted);
roleUserAssertions(uuid, true);
roleUserAssertions(uuid, oldParentUUID, true);
logger.debug("Deleted {} with UUID {}", Context.NAME, uuid);
return deleted;
}
@ -188,7 +221,7 @@ public class ContextManagementTest extends ScopedTest {
logger.debug("As expected {} cannot be deleted.", contextString);
}
}
@Test
public void completeTest() throws Exception {
Context contextA1 = new ContextImpl(CTX_NAME_A);
@ -335,6 +368,44 @@ public class ContextManagementTest extends ScopedTest {
// ________A1________
// ___A2_______B4____
// B3______________A5
/*
// This updates (move) has been made to test HRoles and HUsers
contextA2.setParent(contextA5);
update(contextA2);
// __A1______________
// _____B4___________
// ________A5________
// ___________A2_____
// ______________B3__
contextA5.setParent(contextA1);
update(contextA5);
// _________A1________
// ______A5_____B4____
// ___A2______________
// B3_________________
contextA5.setParent(contextB4);
update(contextA5);
// __A1______________
// _____B4___________
// ________A5________
// ___________A2_____
// ______________B3__
contextA2.setParent(contextA1);
update(contextA2);
// ________A1________
// ___A2_______B4____
// B3______________A5
*/
// The following delete are not allowed because they are not child contexts
invalidDelete(contextA1);
@ -371,13 +442,34 @@ public class ContextManagementTest extends ScopedTest {
delete(contextA1);
logger.debug("The DB should be now clean");
}
private List<Context> getAll() throws Exception{
ContextManagement contextManagement = new ContextManagement();
String allString = contextManagement.all(false);
logger.trace(allString);
List<Context> all = ISMapper.unmarshalList(Context.class, allString);
return all;
}
// @Test
public void deleteAll() throws Exception {
List<Context> all = getAll();
while(all.size()>0) {
for (Context context : all) {
logger.trace(ISMapper.marshal(context));
List<IsParentOf<Context, Context>> children = context.getChildren();
if(children==null || children.size()==0) {
// delete(context);
}
}
// all = getAll();
}
}
@Test
public void testGetAll() throws Exception {
ContextManagement contextManagement = new ContextManagement();
String all = contextManagement.all(false);
logger.trace(all);
List<Context> contexts = ISMapper.unmarshalList(Context.class, all);
List<Context> contexts = getAll();
for (Context context : contexts) {
logger.trace(ISMapper.marshal(context));
List<IsParentOf<Context, Context>> children = context.getChildren();
@ -386,10 +478,17 @@ public class ContextManagementTest extends ScopedTest {
Context childContext = child.getTarget();
Assert.assertTrue(childContext.getParent().getSource() == context);
}
roleUserAssertions(context.getHeader().getUUID(), false);
roleUserAssertions(context.getHeader().getUUID(), null, false);
}
}
// @Test
public void readContext() throws ResourceRegistryException, IOException {
Context context = read(UUID.fromString(""));
logger.debug("{}", context);
}
// @Test
public void deleteContext() throws ResourceRegistryException, IOException {
Context context = read(UUID.fromString(""));
@ -408,7 +507,7 @@ public class ContextManagementTest extends ScopedTest {
Context devVRE = new ContextImpl("devVRE");
devVRE.setParent(devsec);
devVRE = create(devVRE);
Context devNext = new ContextImpl("devNext");
devNext.setParent(gcube);
devNext = create(devNext);