From 263bcf07c9e400a1c1b163a2410187db177ccc56 Mon Sep 17 00:00:00 2001 From: "luca.frosini" Date: Tue, 5 Dec 2017 09:10:34 +0000 Subject: [PATCH] Fixes #10435: Add support for hierarchical roles to support child context overview Task-Url: https://support.d4science.org/issues/10435 git-svn-id: https://svn.d4science.research-infrastructures.eu/gcube/trunk/information-system/resource-registry@160040 82a268e6-3cf1-43bd-a215-b396298e98cf --- .../context/ContextManagement.java | 32 ++- .../context/ContextUtility.java | 16 +- .../context/IsParentOfManagement.java | 2 +- .../security/AdminSecurityContext.java | 1 + .../context/security/SecurityContext.java | 226 ++++++++++++------ .../dbinitialization/DatabaseEnvironment.java | 2 +- .../resourceregistry/er/ERManagement.java | 14 +- .../context/ContextManagementTest.java | 133 +++++++++-- 8 files changed, 324 insertions(+), 102 deletions(-) diff --git a/src/main/java/org/gcube/informationsystem/resourceregistry/context/ContextManagement.java b/src/main/java/org/gcube/informationsystem/resourceregistry/context/ContextManagement.java index c0b9082..4366c8e 100644 --- a/src/main/java/org/gcube/informationsystem/resourceregistry/context/ContextManagement.java +++ b/src/main/java/org/gcube/informationsystem/resourceregistry/context/ContextManagement.java @@ -75,7 +75,7 @@ public class ContextManagement extends EntityManagement { protected SecurityContext getWorkingContext() throws ResourceRegistryException { if(workingContext == null) { - workingContext = ContextUtility.getInstace() + workingContext = ContextUtility.getInstance() .getSecurityContextByUUID(DatabaseEnvironment.CONTEXT_SECURITY_CONTEXT_UUID); } return workingContext; @@ -192,6 +192,7 @@ public class ContextManagement extends EntityManagement { @Override protected Vertex reallyCreate() throws ERAlreadyPresentException, ResourceRegistryException { SecurityContext securityContext = null; + SecurityContext parentSecurityContext = null; try { JsonNode isParentOfJsonNode = jsonNode.get(Context.PARENT_PROPERTY); @@ -199,10 +200,13 @@ public class ContextManagement extends EntityManagement { if(isParentOfJsonNode != null && !(isParentOfJsonNode instanceof NullNode)) { JsonNode parentJsonNode = isParentOfJsonNode.get(Relation.SOURCE_PROPERTY); - ContextManagement parentContext = new ContextManagement(orientGraph); - parentContext.setJSON(parentJsonNode); + ContextManagement parentContextManagement = new ContextManagement(orientGraph); + parentContextManagement.setJSON(parentJsonNode); + UUID parentUUID = parentContextManagement.uuid; + parentSecurityContext = ContextUtility.getInstance().getSecurityContextByUUID(parentUUID); - checkContext(parentContext); + + checkContext(parentContextManagement); if(uuid == null) { uuid = UUID.randomUUID(); } @@ -211,7 +215,7 @@ public class ContextManagement extends EntityManagement { IsParentOfManagement isParentOfManagement = new IsParentOfManagement(orientGraph); isParentOfManagement.setJSON(isParentOfJsonNode); - isParentOfManagement.setSourceEntityManagement(parentContext); + isParentOfManagement.setSourceEntityManagement(parentContextManagement); isParentOfManagement.setTargetEntityManagement(this); isParentOfManagement.internalCreate(); @@ -222,13 +226,20 @@ public class ContextManagement extends EntityManagement { } securityContext = new SecurityContext(uuid); + securityContext.setParentSecurityContext(parentSecurityContext); securityContext.create(orientGraph); + ContextUtility.getInstance().addSecurityContext(securityContext); + return getElement(); } catch(Exception e) { orientGraph.rollback(); if(securityContext != null) { securityContext.delete(orientGraph); + if(parentSecurityContext!=null && securityContext!=null) { + parentSecurityContext.getChildren().remove(securityContext); + } + ContextUtility.getInstance().removeFromCache(uuid, false); } throw e; } @@ -308,7 +319,7 @@ public class ContextManagement extends EntityManagement { element = (Vertex) ERManagement.updateProperties(oClass, getElement(), jsonNode, ignoreKeys, ignoreStartWithKeys); - ContextUtility.getInstace().removeFromCache(uuid); + ContextUtility.getInstance().removeFromCache(uuid, true); return element; } @@ -319,6 +330,8 @@ public class ContextManagement extends EntityManagement { checkContext(newParentContextManagement); } + SecurityContext newParentSecurityContext = null; + // Removing the old parent relationship if any Iterable edges = getElement().getEdges(Direction.IN, IsParentOf.NAME); if(edges != null && edges.iterator().hasNext()) { @@ -341,8 +354,11 @@ public class ContextManagement extends EntityManagement { isParentOfManagement.setSourceEntityManagement(newParentContextManagement); isParentOfManagement.setTargetEntityManagement(this); isParentOfManagement.internalCreate(); + newParentSecurityContext = ContextUtility.getInstance().getSecurityContextByUUID(newParentContextManagement.uuid); } + SecurityContext thisSecurityContext = ContextUtility.getInstance().getSecurityContextByUUID(uuid); + thisSecurityContext.changeParentSecurityContext(newParentSecurityContext, orientGraph); } @Override @@ -355,11 +371,11 @@ public class ContextManagement extends EntityManagement { element.remove(); - ContextUtility contextUtility = ContextUtility.getInstace(); + ContextUtility contextUtility = ContextUtility.getInstance(); SecurityContext securityContext = contextUtility.getSecurityContextByUUID(uuid); securityContext.delete(orientGraph); - contextUtility.removeFromCache(uuid); + contextUtility.removeFromCache(uuid, false); return true; diff --git a/src/main/java/org/gcube/informationsystem/resourceregistry/context/ContextUtility.java b/src/main/java/org/gcube/informationsystem/resourceregistry/context/ContextUtility.java index baaef27..98c6fcb 100644 --- a/src/main/java/org/gcube/informationsystem/resourceregistry/context/ContextUtility.java +++ b/src/main/java/org/gcube/informationsystem/resourceregistry/context/ContextUtility.java @@ -40,7 +40,7 @@ public class ContextUtility { private static ContextUtility contextUtility; - public static ContextUtility getInstace() { + public static ContextUtility getInstance() { if(contextUtility == null) { contextUtility = new ContextUtility(); } @@ -81,26 +81,32 @@ public class ContextUtility { if(fullName == null) { throw new ContextException("Null Token and Scope. Please set your token first."); } - return ContextUtility.getInstace().getSecurityContextByFullName(fullName); + return ContextUtility.getInstance().getSecurityContextByFullName(fullName); } public static AdminSecurityContext getAdminSecurityContext() throws ResourceRegistryException { - AdminSecurityContext adminSecurityContext = (AdminSecurityContext) ContextUtility.getInstace() + AdminSecurityContext adminSecurityContext = (AdminSecurityContext) ContextUtility.getInstance() .getSecurityContextByUUID(DatabaseEnvironment.ADMIN_SECURITY_CONTEXT_UUID); return adminSecurityContext; } - public synchronized void removeFromCache(UUID uuid) throws ResourceRegistryException { + public synchronized void removeFromCache(UUID uuid, boolean fullNameOnly) throws ResourceRegistryException { for(String fullName : contextUUIDs.keySet()) { UUID uuidKey = contextUUIDs.get(fullName); if(uuidKey.compareTo(uuid) == 0) { contextUUIDs.remove(fullName); - contexts.remove(uuid); + if(!fullNameOnly) { + contexts.remove(uuid); + } return; } } } + public synchronized void addSecurityContext(SecurityContext securityContext) { + contexts.put(securityContext.getUUID(), securityContext); + } + public synchronized void addSecurityContext(String fullname, SecurityContext securityContext) { contextUUIDs.put(fullname, securityContext.getUUID()); contexts.put(securityContext.getUUID(), securityContext); diff --git a/src/main/java/org/gcube/informationsystem/resourceregistry/context/IsParentOfManagement.java b/src/main/java/org/gcube/informationsystem/resourceregistry/context/IsParentOfManagement.java index 9d1ffe1..e929b98 100644 --- a/src/main/java/org/gcube/informationsystem/resourceregistry/context/IsParentOfManagement.java +++ b/src/main/java/org/gcube/informationsystem/resourceregistry/context/IsParentOfManagement.java @@ -42,7 +42,7 @@ public class IsParentOfManagement extends RelationManagement children; + protected boolean isHierarchicMode() { return hierarchic && ContextUtility.getHierarchicMode().get(); } public void setParentSecurityContext(SecurityContext parentSecurityContext) { + if(this.parentSecurityContext!=null) { + this.parentSecurityContext.getChildren().remove(this); + } + this.parentSecurityContext = parentSecurityContext; + if(parentSecurityContext!=null) { + this.parentSecurityContext.addChild(this); + } } public SecurityContext getParentSecurityContext() { return parentSecurityContext; } - /** - * Use to change the parent not to set the first time - * - * @param newParentSecurityContext - * @throws ResourceRegistryException - */ - public void changeParentSecurityContext(SecurityContext newParentSecurityContext) throws ResourceRegistryException { - OrientGraph orientGraph = getAdminOrientGraph(); - changeParentSecurityContext(newParentSecurityContext, orientGraph); + private void addChild(SecurityContext child) { + this.children.add(child); + } + + public Set getChildren(){ + return this.children; } protected OrientGraph getAdminOrientGraph() throws ResourceRegistryException { return ContextUtility.getAdminSecurityContext().getGraph(PermissionMode.WRITER); } + /** + * @return a set containing all children and recursively + * all children. + */ + private Set getAllChildren(){ + Set allChildren = new HashSet<>(); + allChildren.add(this); + for(SecurityContext securityContext : getChildren()) { + allChildren.addAll(securityContext.getAllChildren()); + } + return allChildren; + } + + /** + * @return + */ + private Set getAllParents(){ + Set allParents = new HashSet<>(); + SecurityContext parent = getParentSecurityContext(); + while(parent!=null) { + allParents.add(parent); + parent = parent.getParentSecurityContext(); + } + return allParents; + } + + /** * Use to change the parent not to set the first time * * @param newParentSecurityContext * @param orientGraph + * @throws ResourceRegistryException */ - public void changeParentSecurityContext(SecurityContext newParentSecurityContext, OrientGraph orientGraph) { - // TODO Remove from old hierarchy - // TODO Add to new Hierarchy - // In both cases take in account the new and the old parent + public void changeParentSecurityContext(SecurityContext newParentSecurityContext, OrientGraph orientGraph) throws ResourceRegistryException { + if(!hierarchic) { + StringBuilder errorMessage = new StringBuilder(); + errorMessage.append("Cannot change parent "); + errorMessage.append(SecurityContext.class.getSimpleName()); + errorMessage.append(" to non hierarchic "); + errorMessage.append(SecurityContext.class.getSimpleName()); + errorMessage.append(". "); + errorMessage.append(Utility.SHOULD_NOT_OCCUR_ERROR_MESSAGE); + final String error = errorMessage.toString(); + logger.error(error); + throw new RuntimeException(error); + } + + OSecurity oSecurity = getOSecurity(orientGraph); + + Set allChildren = getAllChildren(); + + Set oldParents = getAllParents(); + + Set newParents = new HashSet<>(); + if(newParentSecurityContext!=null) { + newParents = newParentSecurityContext.getAllParents(); + } + + /* + * From old parents I remove the new parents so that oldParents + * contains only the parents where I have to remove all + * HReaderRole-UUID e HWriterRole-UUID of allChildren by using + * removeHierarchicRoleFromParent() function + * + */ + oldParents.removeAll(newParents); + removeChildrenHRolesFromParents(oSecurity, oldParents, allChildren); + setParentSecurityContext(newParentSecurityContext); + + if(newParentSecurityContext!=null){ + for(PermissionMode permissionMode : PermissionMode.values()) { + for(SecurityContext child : allChildren) { + String roleName = child.getSecurityRoleOrUserName(permissionMode, SecurityType.ROLE, true); + ORole role = oSecurity.getRole(roleName); + getParentSecurityContext().addHierarchicRoleToParent(oSecurity, permissionMode, role); + } + } + } + } protected SecurityContext(UUID context, boolean hierarchic) throws ResourceRegistryException { this.context = context; this.factoryMap = new HashMap<>(); this.hierarchic = hierarchic; + this.children = new HashSet<>(); } public SecurityContext(UUID context) throws ResourceRegistryException { @@ -176,19 +256,9 @@ public class SecurityContext { return stringBuilder.toString(); } - private ODatabaseDocumentTx getAdminODatabaseDocumentTx(OrientGraph orientGraph) { + private OSecurity getOSecurity(OrientGraph orientGraph) { ODatabaseDocumentTx oDatabaseDocumentTx = orientGraph.getRawGraph(); - return oDatabaseDocumentTx; - } - - private OSecurity getAdminOSecurity(ODatabaseDocumentTx oDatabaseDocumentTx) { - OSecurity oSecurity = oDatabaseDocumentTx.getMetadata().getSecurity(); - return oSecurity; - } - - private OSecurity getAdminOSecurity(OrientGraph orientGraph) { - ODatabaseDocumentTx oDatabaseDocumentTx = getAdminODatabaseDocumentTx(orientGraph); - return getAdminOSecurity(oDatabaseDocumentTx); + return oDatabaseDocumentTx.getMetadata().getSecurity(); } public void addElement(Element element) throws ResourceRegistryException { @@ -205,34 +275,22 @@ public class SecurityContext { public void addElement(Element element, OrientGraph orientGraph) { OrientElement orientElement = (OrientElement) element; ODocument oDocument = orientElement.getRecord(); - OSecurity oSecurity = getAdminOSecurity(orientGraph); + OSecurity oSecurity = getOSecurity(orientGraph); allow(oSecurity, oDocument, false); if(hierarchic) { allow(oSecurity, oDocument, true); - if(getParentSecurityContext() != null) { - getParentSecurityContext().addElementToHierarchy(oSecurity, oDocument); - } } oDocument.save(); orientElement.save(); } - protected void addElementToHierarchy(OSecurity oSecurity, ODocument oDocument) { - allow(oSecurity, oDocument, true); - if(getParentSecurityContext() != null) { - getParentSecurityContext().addElementToHierarchy(oSecurity, oDocument); - } - } - public void removeElement(Element element) throws ResourceRegistryException { removeElement(element, getAdminOrientGraph()); } protected void deny(OSecurity oSecurity, ODocument oDocument, boolean hierarchic) { - // The element could be created in such a context so the writerUser for the - // context is allowed by default - // because it was the creator + // context is allowed by default because it was the creator String writerUserName = getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.USER, hierarchic); oSecurity.denyUser(oDocument, ORestrictedOperation.ALLOW_ALL, writerUserName); String readerUserName = getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.USER, hierarchic); @@ -248,13 +306,10 @@ public class SecurityContext { public void removeElement(Element element, OrientGraph orientGraph) { OrientElement orientElement = (OrientElement) element; ODocument oDocument = orientElement.getRecord(); - OSecurity oSecurity = getAdminOSecurity(orientGraph); + OSecurity oSecurity = getOSecurity(orientGraph); deny(oSecurity, oDocument, false); if(hierarchic) { deny(oSecurity, oDocument, true); - if(getParentSecurityContext() != null) { - getParentSecurityContext().removeElementFromHierarchy(oSecurity, oDocument); - } } oDocument.save(); orientElement.save(); @@ -293,26 +348,6 @@ public class SecurityContext { } } - protected void removeElementFromHierarchy(OSecurity oSecurity, ODocument oDocument) { - // I don't have to deny the Hierarchic role if the element belong to context - String writerRoleName = getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.ROLE, false); - ORole writerRole = oSecurity.getRole(writerRoleName); - - /* - * This check if the writerRole (not hierarchic) has the right to operate on the - * document. In such a case don't have to deny the hierarchy - */ - boolean allowed = allowed(writerRole, oDocument); - - // If allowed not denying the hierarchy and continuing to parents - if(!allowed) { - deny(oSecurity, oDocument, true); - if(getParentSecurityContext() != null) { - getParentSecurityContext().removeElementFromHierarchy(oSecurity, oDocument); - } - } - } - public void create() throws ResourceRegistryException { OrientGraph orientGraph = getAdminOrientGraph(); create(orientGraph); @@ -325,7 +360,19 @@ public class SecurityContext { } protected ORole getSuperRole(OSecurity oSecurity, PermissionMode permissionMode) { - return oSecurity.getRole(permissionMode.name().toLowerCase()); + String superRoleName = permissionMode.name().toLowerCase(); + return oSecurity.getRole(superRoleName); + } + + protected void addHierarchicRoleToParent(OSecurity oSecurity, PermissionMode permissionMode, ORole role) { + String userName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, true); + OUser user = oSecurity.getUser(userName); + user.addRole(role); + user.save(); + + if(getParentSecurityContext() != null) { + getParentSecurityContext().addHierarchicRoleToParent(oSecurity, permissionMode, role); + } } protected void createRolesAndUsers(OSecurity oSecurity) { @@ -346,6 +393,10 @@ public class SecurityContext { role.save(); logger.trace("{} created", role); + if(hierarchic && getParentSecurityContext() != null) { + getParentSecurityContext().addHierarchicRoleToParent(oSecurity, permissionMode, role); + } + String userName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, hierarchic); OUser user = oSecurity.createUser(userName, DatabaseEnvironment.DEFAULT_PASSWORDS.get(permissionMode), role); @@ -353,11 +404,11 @@ public class SecurityContext { logger.trace("{} created", user); } } + } public void create(OrientGraph orientGraph) { - ODatabaseDocumentTx oDatabaseDocumentTx = getAdminODatabaseDocumentTx(orientGraph); - OSecurity oSecurity = getAdminOSecurity(oDatabaseDocumentTx); + OSecurity oSecurity = getOSecurity(orientGraph); createRolesAndUsers(oSecurity); @@ -392,6 +443,42 @@ public class SecurityContext { orientGraph.shutdown(); } + protected void removeChildrenHRolesFromParents(OSecurity oSecurity) { + Set parents = getAllParents(); + Set allChildren = getAllChildren(); + removeChildrenHRolesFromParents(oSecurity, parents, allChildren); + } + + protected void removeChildrenHRolesFromParents(OSecurity oSecurity, Set parents, Set children) { + for(SecurityContext parent : parents) { + parent.removeChildrenHRolesFromMyHUsers(oSecurity, children); + } + } + + protected void removeChildrenHRolesFromMyHUsers(OSecurity oSecurity, Set children) { + for(PermissionMode permissionMode : PermissionMode.values()) { + String userName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, true); + OUser user = oSecurity.getUser(userName); + for(SecurityContext child : children) { + String roleName = child.getSecurityRoleOrUserName(permissionMode, SecurityType.ROLE, true); + logger.debug("Going to remove {} from {}", roleName, userName); + boolean removed = user.removeRole(roleName); + logger.trace("{} {} removed from {}", roleName, removed ? "successfully" : "NOT", userName); + } + user.save(); + } + + } + + protected void removeHierarchicRoleFromMyHUser(OSecurity oSecurity, PermissionMode permissionMode, String roleName) { + String userName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, true); + OUser user = oSecurity.getUser(userName); + logger.debug("Going to remove {} from {}", roleName, userName); + boolean removed = user.removeRole(roleName); + logger.trace("{} {} removed from {}", roleName, removed ? "successfully" : "NOT", userName); + user.save(); + } + protected void deleteRolesAndUsers(OSecurity oSecurity) { boolean[] booleanArray; if(hierarchic) { @@ -400,6 +487,9 @@ public class SecurityContext { booleanArray = new boolean[] {false}; } for(boolean hierarchic : booleanArray) { + if(hierarchic) { + removeChildrenHRolesFromParents(oSecurity); + } for(PermissionMode permissionMode : PermissionMode.values()) { for(SecurityType securityType : SecurityType.values()) { String name = getSecurityRoleOrUserName(permissionMode, securityType, hierarchic); @@ -410,14 +500,14 @@ public class SecurityContext { } public void delete(OrientGraph orientGraph) { - ODatabaseDocumentTx oDatabaseDocumentTx = getAdminODatabaseDocumentTx(orientGraph); - OSecurity oSecurity = getAdminOSecurity(oDatabaseDocumentTx); + OSecurity oSecurity = getOSecurity(orientGraph); logger.trace("Going to remove Security Context (roles and users) with UUID {}", context.toString()); deleteRolesAndUsers(oSecurity); logger.trace("Security Context (roles and users) with UUID {} successfully removed", context.toString()); + } public OrientGraph getGraph(PermissionMode permissionMode) { diff --git a/src/main/java/org/gcube/informationsystem/resourceregistry/dbinitialization/DatabaseEnvironment.java b/src/main/java/org/gcube/informationsystem/resourceregistry/dbinitialization/DatabaseEnvironment.java index 3570e63..ce192bb 100644 --- a/src/main/java/org/gcube/informationsystem/resourceregistry/dbinitialization/DatabaseEnvironment.java +++ b/src/main/java/org/gcube/informationsystem/resourceregistry/dbinitialization/DatabaseEnvironment.java @@ -175,7 +175,7 @@ public class DatabaseEnvironment { try { boolean created = initGraphDB(); - ContextUtility contextUtility = ContextUtility.getInstace(); + ContextUtility contextUtility = ContextUtility.getInstance(); AdminSecurityContext adminSecurityContext = new AdminSecurityContext(); contextUtility.addSecurityContext(adminSecurityContext.getUUID().toString(), adminSecurityContext); diff --git a/src/main/java/org/gcube/informationsystem/resourceregistry/er/ERManagement.java b/src/main/java/org/gcube/informationsystem/resourceregistry/er/ERManagement.java index b24e838..115d5be 100644 --- a/src/main/java/org/gcube/informationsystem/resourceregistry/er/ERManagement.java +++ b/src/main/java/org/gcube/informationsystem/resourceregistry/er/ERManagement.java @@ -255,7 +255,7 @@ public abstract class ERManagement { } catch(ResourceRegistryException e) { throw e; } catch(Exception e) { - throw new ResourceRegistryException("Error Creating " + erType + " with " + jsonNode, e.getCause()); + throw new ResourceRegistryException("Error Creating " + erType + " with " + jsonNode, e); } } @@ -273,7 +273,7 @@ public abstract class ERManagement { } catch(ResourceRegistryException e) { throw e; } catch(Exception e) { - throw new ResourceRegistryException("Error Updating " + erType + " with " + jsonNode, e.getCause()); + throw new ResourceRegistryException("Error Updating " + erType + " with " + jsonNode, e); } } @@ -438,6 +438,8 @@ public abstract class ERManagement { try { orientGraph = getWorkingContext().getGraph(PermissionMode.WRITER); + orientGraph.setAutoStartTx(false); + orientGraph.begin(); element = internalCreate(); @@ -489,6 +491,8 @@ public abstract class ERManagement { public String update() throws ERNotFoundException, ERAvailableInAnotherContextException, ResourceRegistryException { try { orientGraph = getWorkingContext().getGraph(PermissionMode.WRITER); + orientGraph.setAutoStartTx(false); + orientGraph.begin(); element = internalUpdate(); @@ -526,6 +530,8 @@ public abstract class ERManagement { try { orientGraph = ContextUtility.getAdminSecurityContext().getGraph(PermissionMode.WRITER); + orientGraph.setAutoStartTx(false); + orientGraph.begin(); boolean deleted = reallyDelete(); @@ -564,6 +570,8 @@ public abstract class ERManagement { try { orientGraph = ContextUtility.getAdminSecurityContext().getGraph(PermissionMode.WRITER); + orientGraph.setAutoStartTx(false); + orientGraph.begin(); boolean added = internalAddToContext(); @@ -596,6 +604,8 @@ public abstract class ERManagement { try { orientGraph = ContextUtility.getAdminSecurityContext().getGraph(PermissionMode.WRITER); + orientGraph.setAutoStartTx(false); + orientGraph.begin(); boolean removed = internalRemoveFromContext(); diff --git a/src/test/java/org/gcube/informationsystem/resourceregistry/context/ContextManagementTest.java b/src/test/java/org/gcube/informationsystem/resourceregistry/context/ContextManagementTest.java index 2b22afb..3a86728 100644 --- a/src/test/java/org/gcube/informationsystem/resourceregistry/context/ContextManagementTest.java +++ b/src/test/java/org/gcube/informationsystem/resourceregistry/context/ContextManagementTest.java @@ -90,16 +90,21 @@ public class ContextManagementTest extends ScopedTest { } - protected void roleUserAssertions(UUID uuid, boolean deleted) throws ResourceRegistryException { + protected void roleUserAssertions(UUID uuid, UUID oldParentUUID, boolean deleted) throws ResourceRegistryException { ContextSecurityContext contextSecurityContext = new ContextSecurityContext(); - ContextUtility.getInstace().addSecurityContext(contextSecurityContext.getUUID().toString(), + ContextUtility.getInstance().addSecurityContext(contextSecurityContext.getUUID().toString(), contextSecurityContext); OrientGraph orientGraph = contextSecurityContext.getGraph(PermissionMode.READER); ODatabaseDocumentTx oDatabaseDocumentTx = orientGraph.getRawGraph(); OSecurity oSecurity = oDatabaseDocumentTx.getMetadata().getSecurity(); - - SecurityContext securityContext = new SecurityContext(uuid); + + SecurityContext securityContext = null; + if(deleted) { + securityContext = new SecurityContext(uuid); + } else { + securityContext = ContextUtility.getInstance().getSecurityContextByUUID(uuid); + } boolean[] booleanArray = new boolean[] { false, true }; for (boolean hierarchic : booleanArray) { @@ -111,7 +116,27 @@ public class ContextManagementTest extends ScopedTest { String user = securityContext.getSecurityRoleOrUserName(permissionMode, SecurityType.USER, hierarchic); OUser oUser = oSecurity.getUser(user); Assert.assertEquals(oUser == null, deleted); - + if(oUser!=null) { + Assert.assertTrue(oUser.hasRole(oRole.getName(), false)); + } + + if(hierarchic) { + SecurityContext parent = null; + if(deleted){ + if(oldParentUUID!=null) { + parent = ContextUtility.getInstance().getSecurityContextByUUID(oldParentUUID); + } + } + parent = securityContext.getParentSecurityContext(); + while(parent!=null) { + String parentUser = parent.getSecurityRoleOrUserName(permissionMode, SecurityType.USER, hierarchic); + OUser parentOUser = oSecurity.getUser(parentUser); + Assert.assertTrue(parentOUser != null); + Assert.assertEquals(parentOUser.hasRole(oRole.getName(), false), !deleted); + parent = parent.getParentSecurityContext(); + } + } + } } } @@ -121,7 +146,7 @@ public class ContextManagementTest extends ScopedTest { contextManagement.setUUID(uuid); String contextString = contextManagement.read(); logger.debug("Read {}", contextString); - roleUserAssertions(uuid, false); + roleUserAssertions(uuid, null, false); return ISMapper.unmarshal(Context.class, contextString); } @@ -132,7 +157,7 @@ public class ContextManagementTest extends ScopedTest { logger.debug("Created {}", contextString); Context c = ISMapper.unmarshal(Context.class, contextString); assertions(context, c, true, true); - roleUserAssertions(c.getHeader().getUUID(), false); + roleUserAssertions(c.getHeader().getUUID(), null, false); return c; } @@ -143,16 +168,24 @@ public class ContextManagementTest extends ScopedTest { logger.debug("Updated {}", contextString); Context c = ISMapper.unmarshal(Context.class, contextString); assertions(context, c, true, false); - roleUserAssertions(c.getHeader().getUUID(), false); + roleUserAssertions(c.getHeader().getUUID(), null, false); return c; } protected boolean delete(UUID uuid) throws ResourceRegistryException { ContextManagement contextManagement = new ContextManagement(); contextManagement.setUUID(uuid); + + SecurityContext securityContext = ContextUtility.getInstance().getSecurityContextByUUID(uuid); + + UUID oldParentUUID = null; + if(securityContext.getParentSecurityContext()!=null) { + oldParentUUID = securityContext.getParentSecurityContext().getUUID(); + } + boolean deleted = contextManagement.delete(); Assert.assertTrue(deleted); - roleUserAssertions(uuid, true); + roleUserAssertions(uuid, oldParentUUID, true); logger.debug("Deleted {} with UUID {}", Context.NAME, uuid); return deleted; } @@ -188,7 +221,7 @@ public class ContextManagementTest extends ScopedTest { logger.debug("As expected {} cannot be deleted.", contextString); } } - + @Test public void completeTest() throws Exception { Context contextA1 = new ContextImpl(CTX_NAME_A); @@ -335,6 +368,44 @@ public class ContextManagementTest extends ScopedTest { // ________A1________ // ___A2_______B4____ // B3______________A5 + + /* + // This updates (move) has been made to test HRoles and HUsers + + contextA2.setParent(contextA5); + update(contextA2); + // __A1______________ + // _____B4___________ + // ________A5________ + // ___________A2_____ + // ______________B3__ + + + contextA5.setParent(contextA1); + update(contextA5); + // _________A1________ + // ______A5_____B4____ + // ___A2______________ + // B3_________________ + + + contextA5.setParent(contextB4); + update(contextA5); + // __A1______________ + // _____B4___________ + // ________A5________ + // ___________A2_____ + // ______________B3__ + + + + contextA2.setParent(contextA1); + update(contextA2); + // ________A1________ + // ___A2_______B4____ + // B3______________A5 + */ + // The following delete are not allowed because they are not child contexts invalidDelete(contextA1); @@ -371,13 +442,34 @@ public class ContextManagementTest extends ScopedTest { delete(contextA1); logger.debug("The DB should be now clean"); } - + + private List getAll() throws Exception{ + ContextManagement contextManagement = new ContextManagement(); + String allString = contextManagement.all(false); + logger.trace(allString); + List all = ISMapper.unmarshalList(Context.class, allString); + return all; + } + + + // @Test + public void deleteAll() throws Exception { + List all = getAll(); + while(all.size()>0) { + for (Context context : all) { + logger.trace(ISMapper.marshal(context)); + List> children = context.getChildren(); + if(children==null || children.size()==0) { + // delete(context); + } + } + // all = getAll(); + } + } + @Test public void testGetAll() throws Exception { - ContextManagement contextManagement = new ContextManagement(); - String all = contextManagement.all(false); - logger.trace(all); - List contexts = ISMapper.unmarshalList(Context.class, all); + List contexts = getAll(); for (Context context : contexts) { logger.trace(ISMapper.marshal(context)); List> children = context.getChildren(); @@ -386,10 +478,17 @@ public class ContextManagementTest extends ScopedTest { Context childContext = child.getTarget(); Assert.assertTrue(childContext.getParent().getSource() == context); } - roleUserAssertions(context.getHeader().getUUID(), false); + roleUserAssertions(context.getHeader().getUUID(), null, false); } } + // @Test + public void readContext() throws ResourceRegistryException, IOException { + Context context = read(UUID.fromString("")); + logger.debug("{}", context); + } + + // @Test public void deleteContext() throws ResourceRegistryException, IOException { Context context = read(UUID.fromString("")); @@ -408,7 +507,7 @@ public class ContextManagementTest extends ScopedTest { Context devVRE = new ContextImpl("devVRE"); devVRE.setParent(devsec); devVRE = create(devVRE); - + Context devNext = new ContextImpl("devNext"); devNext.setParent(gcube); devNext = create(devNext);