Fixes #10435: Add support for hierarchical roles to support child context overview
Task-Url: https://support.d4science.org/issues/10435 git-svn-id: https://svn.d4science.research-infrastructures.eu/gcube/trunk/information-system/resource-registry@160040 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
parent
1fcdccd7af
commit
263bcf07c9
|
@ -75,7 +75,7 @@ public class ContextManagement extends EntityManagement<Context> {
|
||||||
|
|
||||||
protected SecurityContext getWorkingContext() throws ResourceRegistryException {
|
protected SecurityContext getWorkingContext() throws ResourceRegistryException {
|
||||||
if(workingContext == null) {
|
if(workingContext == null) {
|
||||||
workingContext = ContextUtility.getInstace()
|
workingContext = ContextUtility.getInstance()
|
||||||
.getSecurityContextByUUID(DatabaseEnvironment.CONTEXT_SECURITY_CONTEXT_UUID);
|
.getSecurityContextByUUID(DatabaseEnvironment.CONTEXT_SECURITY_CONTEXT_UUID);
|
||||||
}
|
}
|
||||||
return workingContext;
|
return workingContext;
|
||||||
|
@ -192,6 +192,7 @@ public class ContextManagement extends EntityManagement<Context> {
|
||||||
@Override
|
@Override
|
||||||
protected Vertex reallyCreate() throws ERAlreadyPresentException, ResourceRegistryException {
|
protected Vertex reallyCreate() throws ERAlreadyPresentException, ResourceRegistryException {
|
||||||
SecurityContext securityContext = null;
|
SecurityContext securityContext = null;
|
||||||
|
SecurityContext parentSecurityContext = null;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
JsonNode isParentOfJsonNode = jsonNode.get(Context.PARENT_PROPERTY);
|
JsonNode isParentOfJsonNode = jsonNode.get(Context.PARENT_PROPERTY);
|
||||||
|
@ -199,10 +200,13 @@ public class ContextManagement extends EntityManagement<Context> {
|
||||||
if(isParentOfJsonNode != null && !(isParentOfJsonNode instanceof NullNode)) {
|
if(isParentOfJsonNode != null && !(isParentOfJsonNode instanceof NullNode)) {
|
||||||
|
|
||||||
JsonNode parentJsonNode = isParentOfJsonNode.get(Relation.SOURCE_PROPERTY);
|
JsonNode parentJsonNode = isParentOfJsonNode.get(Relation.SOURCE_PROPERTY);
|
||||||
ContextManagement parentContext = new ContextManagement(orientGraph);
|
ContextManagement parentContextManagement = new ContextManagement(orientGraph);
|
||||||
parentContext.setJSON(parentJsonNode);
|
parentContextManagement.setJSON(parentJsonNode);
|
||||||
|
UUID parentUUID = parentContextManagement.uuid;
|
||||||
|
parentSecurityContext = ContextUtility.getInstance().getSecurityContextByUUID(parentUUID);
|
||||||
|
|
||||||
checkContext(parentContext);
|
|
||||||
|
checkContext(parentContextManagement);
|
||||||
if(uuid == null) {
|
if(uuid == null) {
|
||||||
uuid = UUID.randomUUID();
|
uuid = UUID.randomUUID();
|
||||||
}
|
}
|
||||||
|
@ -211,7 +215,7 @@ public class ContextManagement extends EntityManagement<Context> {
|
||||||
|
|
||||||
IsParentOfManagement isParentOfManagement = new IsParentOfManagement(orientGraph);
|
IsParentOfManagement isParentOfManagement = new IsParentOfManagement(orientGraph);
|
||||||
isParentOfManagement.setJSON(isParentOfJsonNode);
|
isParentOfManagement.setJSON(isParentOfJsonNode);
|
||||||
isParentOfManagement.setSourceEntityManagement(parentContext);
|
isParentOfManagement.setSourceEntityManagement(parentContextManagement);
|
||||||
isParentOfManagement.setTargetEntityManagement(this);
|
isParentOfManagement.setTargetEntityManagement(this);
|
||||||
|
|
||||||
isParentOfManagement.internalCreate();
|
isParentOfManagement.internalCreate();
|
||||||
|
@ -222,13 +226,20 @@ public class ContextManagement extends EntityManagement<Context> {
|
||||||
}
|
}
|
||||||
|
|
||||||
securityContext = new SecurityContext(uuid);
|
securityContext = new SecurityContext(uuid);
|
||||||
|
securityContext.setParentSecurityContext(parentSecurityContext);
|
||||||
securityContext.create(orientGraph);
|
securityContext.create(orientGraph);
|
||||||
|
|
||||||
|
ContextUtility.getInstance().addSecurityContext(securityContext);
|
||||||
|
|
||||||
return getElement();
|
return getElement();
|
||||||
} catch(Exception e) {
|
} catch(Exception e) {
|
||||||
orientGraph.rollback();
|
orientGraph.rollback();
|
||||||
if(securityContext != null) {
|
if(securityContext != null) {
|
||||||
securityContext.delete(orientGraph);
|
securityContext.delete(orientGraph);
|
||||||
|
if(parentSecurityContext!=null && securityContext!=null) {
|
||||||
|
parentSecurityContext.getChildren().remove(securityContext);
|
||||||
|
}
|
||||||
|
ContextUtility.getInstance().removeFromCache(uuid, false);
|
||||||
}
|
}
|
||||||
throw e;
|
throw e;
|
||||||
}
|
}
|
||||||
|
@ -308,7 +319,7 @@ public class ContextManagement extends EntityManagement<Context> {
|
||||||
element = (Vertex) ERManagement.updateProperties(oClass, getElement(), jsonNode, ignoreKeys,
|
element = (Vertex) ERManagement.updateProperties(oClass, getElement(), jsonNode, ignoreKeys,
|
||||||
ignoreStartWithKeys);
|
ignoreStartWithKeys);
|
||||||
|
|
||||||
ContextUtility.getInstace().removeFromCache(uuid);
|
ContextUtility.getInstance().removeFromCache(uuid, true);
|
||||||
|
|
||||||
return element;
|
return element;
|
||||||
}
|
}
|
||||||
|
@ -319,6 +330,8 @@ public class ContextManagement extends EntityManagement<Context> {
|
||||||
checkContext(newParentContextManagement);
|
checkContext(newParentContextManagement);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
SecurityContext newParentSecurityContext = null;
|
||||||
|
|
||||||
// Removing the old parent relationship if any
|
// Removing the old parent relationship if any
|
||||||
Iterable<Edge> edges = getElement().getEdges(Direction.IN, IsParentOf.NAME);
|
Iterable<Edge> edges = getElement().getEdges(Direction.IN, IsParentOf.NAME);
|
||||||
if(edges != null && edges.iterator().hasNext()) {
|
if(edges != null && edges.iterator().hasNext()) {
|
||||||
|
@ -341,8 +354,11 @@ public class ContextManagement extends EntityManagement<Context> {
|
||||||
isParentOfManagement.setSourceEntityManagement(newParentContextManagement);
|
isParentOfManagement.setSourceEntityManagement(newParentContextManagement);
|
||||||
isParentOfManagement.setTargetEntityManagement(this);
|
isParentOfManagement.setTargetEntityManagement(this);
|
||||||
isParentOfManagement.internalCreate();
|
isParentOfManagement.internalCreate();
|
||||||
|
newParentSecurityContext = ContextUtility.getInstance().getSecurityContextByUUID(newParentContextManagement.uuid);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
SecurityContext thisSecurityContext = ContextUtility.getInstance().getSecurityContextByUUID(uuid);
|
||||||
|
thisSecurityContext.changeParentSecurityContext(newParentSecurityContext, orientGraph);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -355,11 +371,11 @@ public class ContextManagement extends EntityManagement<Context> {
|
||||||
|
|
||||||
element.remove();
|
element.remove();
|
||||||
|
|
||||||
ContextUtility contextUtility = ContextUtility.getInstace();
|
ContextUtility contextUtility = ContextUtility.getInstance();
|
||||||
SecurityContext securityContext = contextUtility.getSecurityContextByUUID(uuid);
|
SecurityContext securityContext = contextUtility.getSecurityContextByUUID(uuid);
|
||||||
securityContext.delete(orientGraph);
|
securityContext.delete(orientGraph);
|
||||||
|
|
||||||
contextUtility.removeFromCache(uuid);
|
contextUtility.removeFromCache(uuid, false);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
|
|
|
@ -40,7 +40,7 @@ public class ContextUtility {
|
||||||
|
|
||||||
private static ContextUtility contextUtility;
|
private static ContextUtility contextUtility;
|
||||||
|
|
||||||
public static ContextUtility getInstace() {
|
public static ContextUtility getInstance() {
|
||||||
if(contextUtility == null) {
|
if(contextUtility == null) {
|
||||||
contextUtility = new ContextUtility();
|
contextUtility = new ContextUtility();
|
||||||
}
|
}
|
||||||
|
@ -81,26 +81,32 @@ public class ContextUtility {
|
||||||
if(fullName == null) {
|
if(fullName == null) {
|
||||||
throw new ContextException("Null Token and Scope. Please set your token first.");
|
throw new ContextException("Null Token and Scope. Please set your token first.");
|
||||||
}
|
}
|
||||||
return ContextUtility.getInstace().getSecurityContextByFullName(fullName);
|
return ContextUtility.getInstance().getSecurityContextByFullName(fullName);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static AdminSecurityContext getAdminSecurityContext() throws ResourceRegistryException {
|
public static AdminSecurityContext getAdminSecurityContext() throws ResourceRegistryException {
|
||||||
AdminSecurityContext adminSecurityContext = (AdminSecurityContext) ContextUtility.getInstace()
|
AdminSecurityContext adminSecurityContext = (AdminSecurityContext) ContextUtility.getInstance()
|
||||||
.getSecurityContextByUUID(DatabaseEnvironment.ADMIN_SECURITY_CONTEXT_UUID);
|
.getSecurityContextByUUID(DatabaseEnvironment.ADMIN_SECURITY_CONTEXT_UUID);
|
||||||
return adminSecurityContext;
|
return adminSecurityContext;
|
||||||
}
|
}
|
||||||
|
|
||||||
public synchronized void removeFromCache(UUID uuid) throws ResourceRegistryException {
|
public synchronized void removeFromCache(UUID uuid, boolean fullNameOnly) throws ResourceRegistryException {
|
||||||
for(String fullName : contextUUIDs.keySet()) {
|
for(String fullName : contextUUIDs.keySet()) {
|
||||||
UUID uuidKey = contextUUIDs.get(fullName);
|
UUID uuidKey = contextUUIDs.get(fullName);
|
||||||
if(uuidKey.compareTo(uuid) == 0) {
|
if(uuidKey.compareTo(uuid) == 0) {
|
||||||
contextUUIDs.remove(fullName);
|
contextUUIDs.remove(fullName);
|
||||||
|
if(!fullNameOnly) {
|
||||||
contexts.remove(uuid);
|
contexts.remove(uuid);
|
||||||
|
}
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public synchronized void addSecurityContext(SecurityContext securityContext) {
|
||||||
|
contexts.put(securityContext.getUUID(), securityContext);
|
||||||
|
}
|
||||||
|
|
||||||
public synchronized void addSecurityContext(String fullname, SecurityContext securityContext) {
|
public synchronized void addSecurityContext(String fullname, SecurityContext securityContext) {
|
||||||
contextUUIDs.put(fullname, securityContext.getUUID());
|
contextUUIDs.put(fullname, securityContext.getUUID());
|
||||||
contexts.put(securityContext.getUUID(), securityContext);
|
contexts.put(securityContext.getUUID(), securityContext);
|
||||||
|
|
|
@ -42,7 +42,7 @@ public class IsParentOfManagement extends RelationManagement<IsParentOf,ContextM
|
||||||
@Override
|
@Override
|
||||||
protected SecurityContext getWorkingContext() throws ResourceRegistryException {
|
protected SecurityContext getWorkingContext() throws ResourceRegistryException {
|
||||||
if(workingContext == null) {
|
if(workingContext == null) {
|
||||||
workingContext = ContextUtility.getInstace()
|
workingContext = ContextUtility.getInstance()
|
||||||
.getSecurityContextByUUID(DatabaseEnvironment.CONTEXT_SECURITY_CONTEXT_UUID);
|
.getSecurityContextByUUID(DatabaseEnvironment.CONTEXT_SECURITY_CONTEXT_UUID);
|
||||||
}
|
}
|
||||||
return workingContext;
|
return workingContext;
|
||||||
|
|
|
@ -25,6 +25,7 @@ public class AdminSecurityContext extends SecurityContext {
|
||||||
throw new RuntimeException("Cannot use this method for Admin Context");
|
throw new RuntimeException("Cannot use this method for Admin Context");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
protected ORole getSuperRole(OSecurity oSecurity, PermissionMode permissionMode) {
|
protected ORole getSuperRole(OSecurity oSecurity, PermissionMode permissionMode) {
|
||||||
return oSecurity.getRole(DatabaseEnvironment.DEFAULT_ADMIN_ROLE);
|
return oSecurity.getRole(DatabaseEnvironment.DEFAULT_ADMIN_ROLE);
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,7 +4,9 @@
|
||||||
package org.gcube.informationsystem.resourceregistry.context.security;
|
package org.gcube.informationsystem.resourceregistry.context.security;
|
||||||
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
import java.util.HashSet;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
import java.util.Set;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
import java.util.concurrent.Callable;
|
import java.util.concurrent.Callable;
|
||||||
import java.util.concurrent.ExecutorService;
|
import java.util.concurrent.ExecutorService;
|
||||||
|
@ -15,6 +17,7 @@ import org.gcube.informationsystem.model.entity.Context;
|
||||||
import org.gcube.informationsystem.resourceregistry.api.exceptions.ResourceRegistryException;
|
import org.gcube.informationsystem.resourceregistry.api.exceptions.ResourceRegistryException;
|
||||||
import org.gcube.informationsystem.resourceregistry.context.ContextUtility;
|
import org.gcube.informationsystem.resourceregistry.context.ContextUtility;
|
||||||
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
|
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
|
||||||
|
import org.gcube.informationsystem.resourceregistry.utils.Utility;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
@ -79,50 +82,127 @@ public class SecurityContext {
|
||||||
|
|
||||||
protected SecurityContext parentSecurityContext;
|
protected SecurityContext parentSecurityContext;
|
||||||
|
|
||||||
|
protected Set<SecurityContext> children;
|
||||||
|
|
||||||
protected boolean isHierarchicMode() {
|
protected boolean isHierarchicMode() {
|
||||||
return hierarchic && ContextUtility.getHierarchicMode().get();
|
return hierarchic && ContextUtility.getHierarchicMode().get();
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setParentSecurityContext(SecurityContext parentSecurityContext) {
|
public void setParentSecurityContext(SecurityContext parentSecurityContext) {
|
||||||
|
if(this.parentSecurityContext!=null) {
|
||||||
|
this.parentSecurityContext.getChildren().remove(this);
|
||||||
|
}
|
||||||
|
|
||||||
this.parentSecurityContext = parentSecurityContext;
|
this.parentSecurityContext = parentSecurityContext;
|
||||||
|
if(parentSecurityContext!=null) {
|
||||||
|
this.parentSecurityContext.addChild(this);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public SecurityContext getParentSecurityContext() {
|
public SecurityContext getParentSecurityContext() {
|
||||||
return parentSecurityContext;
|
return parentSecurityContext;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
private void addChild(SecurityContext child) {
|
||||||
* Use to change the parent not to set the first time
|
this.children.add(child);
|
||||||
*
|
}
|
||||||
* @param newParentSecurityContext
|
|
||||||
* @throws ResourceRegistryException
|
public Set<SecurityContext> getChildren(){
|
||||||
*/
|
return this.children;
|
||||||
public void changeParentSecurityContext(SecurityContext newParentSecurityContext) throws ResourceRegistryException {
|
|
||||||
OrientGraph orientGraph = getAdminOrientGraph();
|
|
||||||
changeParentSecurityContext(newParentSecurityContext, orientGraph);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected OrientGraph getAdminOrientGraph() throws ResourceRegistryException {
|
protected OrientGraph getAdminOrientGraph() throws ResourceRegistryException {
|
||||||
return ContextUtility.getAdminSecurityContext().getGraph(PermissionMode.WRITER);
|
return ContextUtility.getAdminSecurityContext().getGraph(PermissionMode.WRITER);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return a set containing all children and recursively
|
||||||
|
* all children.
|
||||||
|
*/
|
||||||
|
private Set<SecurityContext> getAllChildren(){
|
||||||
|
Set<SecurityContext> allChildren = new HashSet<>();
|
||||||
|
allChildren.add(this);
|
||||||
|
for(SecurityContext securityContext : getChildren()) {
|
||||||
|
allChildren.addAll(securityContext.getAllChildren());
|
||||||
|
}
|
||||||
|
return allChildren;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
private Set<SecurityContext> getAllParents(){
|
||||||
|
Set<SecurityContext> allParents = new HashSet<>();
|
||||||
|
SecurityContext parent = getParentSecurityContext();
|
||||||
|
while(parent!=null) {
|
||||||
|
allParents.add(parent);
|
||||||
|
parent = parent.getParentSecurityContext();
|
||||||
|
}
|
||||||
|
return allParents;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Use to change the parent not to set the first time
|
* Use to change the parent not to set the first time
|
||||||
*
|
*
|
||||||
* @param newParentSecurityContext
|
* @param newParentSecurityContext
|
||||||
* @param orientGraph
|
* @param orientGraph
|
||||||
|
* @throws ResourceRegistryException
|
||||||
*/
|
*/
|
||||||
public void changeParentSecurityContext(SecurityContext newParentSecurityContext, OrientGraph orientGraph) {
|
public void changeParentSecurityContext(SecurityContext newParentSecurityContext, OrientGraph orientGraph) throws ResourceRegistryException {
|
||||||
// TODO Remove from old hierarchy
|
if(!hierarchic) {
|
||||||
// TODO Add to new Hierarchy
|
StringBuilder errorMessage = new StringBuilder();
|
||||||
// In both cases take in account the new and the old parent
|
errorMessage.append("Cannot change parent ");
|
||||||
|
errorMessage.append(SecurityContext.class.getSimpleName());
|
||||||
|
errorMessage.append(" to non hierarchic ");
|
||||||
|
errorMessage.append(SecurityContext.class.getSimpleName());
|
||||||
|
errorMessage.append(". ");
|
||||||
|
errorMessage.append(Utility.SHOULD_NOT_OCCUR_ERROR_MESSAGE);
|
||||||
|
final String error = errorMessage.toString();
|
||||||
|
logger.error(error);
|
||||||
|
throw new RuntimeException(error);
|
||||||
|
}
|
||||||
|
|
||||||
|
OSecurity oSecurity = getOSecurity(orientGraph);
|
||||||
|
|
||||||
|
Set<SecurityContext> allChildren = getAllChildren();
|
||||||
|
|
||||||
|
Set<SecurityContext> oldParents = getAllParents();
|
||||||
|
|
||||||
|
Set<SecurityContext> newParents = new HashSet<>();
|
||||||
|
if(newParentSecurityContext!=null) {
|
||||||
|
newParents = newParentSecurityContext.getAllParents();
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* From old parents I remove the new parents so that oldParents
|
||||||
|
* contains only the parents where I have to remove all
|
||||||
|
* HReaderRole-UUID e HWriterRole-UUID of allChildren by using
|
||||||
|
* removeHierarchicRoleFromParent() function
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
oldParents.removeAll(newParents);
|
||||||
|
removeChildrenHRolesFromParents(oSecurity, oldParents, allChildren);
|
||||||
|
|
||||||
setParentSecurityContext(newParentSecurityContext);
|
setParentSecurityContext(newParentSecurityContext);
|
||||||
|
|
||||||
|
if(newParentSecurityContext!=null){
|
||||||
|
for(PermissionMode permissionMode : PermissionMode.values()) {
|
||||||
|
for(SecurityContext child : allChildren) {
|
||||||
|
String roleName = child.getSecurityRoleOrUserName(permissionMode, SecurityType.ROLE, true);
|
||||||
|
ORole role = oSecurity.getRole(roleName);
|
||||||
|
getParentSecurityContext().addHierarchicRoleToParent(oSecurity, permissionMode, role);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected SecurityContext(UUID context, boolean hierarchic) throws ResourceRegistryException {
|
protected SecurityContext(UUID context, boolean hierarchic) throws ResourceRegistryException {
|
||||||
this.context = context;
|
this.context = context;
|
||||||
this.factoryMap = new HashMap<>();
|
this.factoryMap = new HashMap<>();
|
||||||
this.hierarchic = hierarchic;
|
this.hierarchic = hierarchic;
|
||||||
|
this.children = new HashSet<>();
|
||||||
}
|
}
|
||||||
|
|
||||||
public SecurityContext(UUID context) throws ResourceRegistryException {
|
public SecurityContext(UUID context) throws ResourceRegistryException {
|
||||||
|
@ -176,19 +256,9 @@ public class SecurityContext {
|
||||||
return stringBuilder.toString();
|
return stringBuilder.toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
private ODatabaseDocumentTx getAdminODatabaseDocumentTx(OrientGraph orientGraph) {
|
private OSecurity getOSecurity(OrientGraph orientGraph) {
|
||||||
ODatabaseDocumentTx oDatabaseDocumentTx = orientGraph.getRawGraph();
|
ODatabaseDocumentTx oDatabaseDocumentTx = orientGraph.getRawGraph();
|
||||||
return oDatabaseDocumentTx;
|
return oDatabaseDocumentTx.getMetadata().getSecurity();
|
||||||
}
|
|
||||||
|
|
||||||
private OSecurity getAdminOSecurity(ODatabaseDocumentTx oDatabaseDocumentTx) {
|
|
||||||
OSecurity oSecurity = oDatabaseDocumentTx.getMetadata().getSecurity();
|
|
||||||
return oSecurity;
|
|
||||||
}
|
|
||||||
|
|
||||||
private OSecurity getAdminOSecurity(OrientGraph orientGraph) {
|
|
||||||
ODatabaseDocumentTx oDatabaseDocumentTx = getAdminODatabaseDocumentTx(orientGraph);
|
|
||||||
return getAdminOSecurity(oDatabaseDocumentTx);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public void addElement(Element element) throws ResourceRegistryException {
|
public void addElement(Element element) throws ResourceRegistryException {
|
||||||
|
@ -205,34 +275,22 @@ public class SecurityContext {
|
||||||
public void addElement(Element element, OrientGraph orientGraph) {
|
public void addElement(Element element, OrientGraph orientGraph) {
|
||||||
OrientElement orientElement = (OrientElement) element;
|
OrientElement orientElement = (OrientElement) element;
|
||||||
ODocument oDocument = orientElement.getRecord();
|
ODocument oDocument = orientElement.getRecord();
|
||||||
OSecurity oSecurity = getAdminOSecurity(orientGraph);
|
OSecurity oSecurity = getOSecurity(orientGraph);
|
||||||
allow(oSecurity, oDocument, false);
|
allow(oSecurity, oDocument, false);
|
||||||
if(hierarchic) {
|
if(hierarchic) {
|
||||||
allow(oSecurity, oDocument, true);
|
allow(oSecurity, oDocument, true);
|
||||||
if(getParentSecurityContext() != null) {
|
|
||||||
getParentSecurityContext().addElementToHierarchy(oSecurity, oDocument);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
oDocument.save();
|
oDocument.save();
|
||||||
orientElement.save();
|
orientElement.save();
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void addElementToHierarchy(OSecurity oSecurity, ODocument oDocument) {
|
|
||||||
allow(oSecurity, oDocument, true);
|
|
||||||
if(getParentSecurityContext() != null) {
|
|
||||||
getParentSecurityContext().addElementToHierarchy(oSecurity, oDocument);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public void removeElement(Element element) throws ResourceRegistryException {
|
public void removeElement(Element element) throws ResourceRegistryException {
|
||||||
removeElement(element, getAdminOrientGraph());
|
removeElement(element, getAdminOrientGraph());
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void deny(OSecurity oSecurity, ODocument oDocument, boolean hierarchic) {
|
protected void deny(OSecurity oSecurity, ODocument oDocument, boolean hierarchic) {
|
||||||
|
|
||||||
// The element could be created in such a context so the writerUser for the
|
// The element could be created in such a context so the writerUser for the
|
||||||
// context is allowed by default
|
// context is allowed by default because it was the creator
|
||||||
// because it was the creator
|
|
||||||
String writerUserName = getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.USER, hierarchic);
|
String writerUserName = getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.USER, hierarchic);
|
||||||
oSecurity.denyUser(oDocument, ORestrictedOperation.ALLOW_ALL, writerUserName);
|
oSecurity.denyUser(oDocument, ORestrictedOperation.ALLOW_ALL, writerUserName);
|
||||||
String readerUserName = getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.USER, hierarchic);
|
String readerUserName = getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.USER, hierarchic);
|
||||||
|
@ -248,13 +306,10 @@ public class SecurityContext {
|
||||||
public void removeElement(Element element, OrientGraph orientGraph) {
|
public void removeElement(Element element, OrientGraph orientGraph) {
|
||||||
OrientElement orientElement = (OrientElement) element;
|
OrientElement orientElement = (OrientElement) element;
|
||||||
ODocument oDocument = orientElement.getRecord();
|
ODocument oDocument = orientElement.getRecord();
|
||||||
OSecurity oSecurity = getAdminOSecurity(orientGraph);
|
OSecurity oSecurity = getOSecurity(orientGraph);
|
||||||
deny(oSecurity, oDocument, false);
|
deny(oSecurity, oDocument, false);
|
||||||
if(hierarchic) {
|
if(hierarchic) {
|
||||||
deny(oSecurity, oDocument, true);
|
deny(oSecurity, oDocument, true);
|
||||||
if(getParentSecurityContext() != null) {
|
|
||||||
getParentSecurityContext().removeElementFromHierarchy(oSecurity, oDocument);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
oDocument.save();
|
oDocument.save();
|
||||||
orientElement.save();
|
orientElement.save();
|
||||||
|
@ -293,26 +348,6 @@ public class SecurityContext {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void removeElementFromHierarchy(OSecurity oSecurity, ODocument oDocument) {
|
|
||||||
// I don't have to deny the Hierarchic role if the element belong to context
|
|
||||||
String writerRoleName = getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.ROLE, false);
|
|
||||||
ORole writerRole = oSecurity.getRole(writerRoleName);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* This check if the writerRole (not hierarchic) has the right to operate on the
|
|
||||||
* document. In such a case don't have to deny the hierarchy
|
|
||||||
*/
|
|
||||||
boolean allowed = allowed(writerRole, oDocument);
|
|
||||||
|
|
||||||
// If allowed not denying the hierarchy and continuing to parents
|
|
||||||
if(!allowed) {
|
|
||||||
deny(oSecurity, oDocument, true);
|
|
||||||
if(getParentSecurityContext() != null) {
|
|
||||||
getParentSecurityContext().removeElementFromHierarchy(oSecurity, oDocument);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public void create() throws ResourceRegistryException {
|
public void create() throws ResourceRegistryException {
|
||||||
OrientGraph orientGraph = getAdminOrientGraph();
|
OrientGraph orientGraph = getAdminOrientGraph();
|
||||||
create(orientGraph);
|
create(orientGraph);
|
||||||
|
@ -325,7 +360,19 @@ public class SecurityContext {
|
||||||
}
|
}
|
||||||
|
|
||||||
protected ORole getSuperRole(OSecurity oSecurity, PermissionMode permissionMode) {
|
protected ORole getSuperRole(OSecurity oSecurity, PermissionMode permissionMode) {
|
||||||
return oSecurity.getRole(permissionMode.name().toLowerCase());
|
String superRoleName = permissionMode.name().toLowerCase();
|
||||||
|
return oSecurity.getRole(superRoleName);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void addHierarchicRoleToParent(OSecurity oSecurity, PermissionMode permissionMode, ORole role) {
|
||||||
|
String userName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, true);
|
||||||
|
OUser user = oSecurity.getUser(userName);
|
||||||
|
user.addRole(role);
|
||||||
|
user.save();
|
||||||
|
|
||||||
|
if(getParentSecurityContext() != null) {
|
||||||
|
getParentSecurityContext().addHierarchicRoleToParent(oSecurity, permissionMode, role);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void createRolesAndUsers(OSecurity oSecurity) {
|
protected void createRolesAndUsers(OSecurity oSecurity) {
|
||||||
|
@ -346,6 +393,10 @@ public class SecurityContext {
|
||||||
role.save();
|
role.save();
|
||||||
logger.trace("{} created", role);
|
logger.trace("{} created", role);
|
||||||
|
|
||||||
|
if(hierarchic && getParentSecurityContext() != null) {
|
||||||
|
getParentSecurityContext().addHierarchicRoleToParent(oSecurity, permissionMode, role);
|
||||||
|
}
|
||||||
|
|
||||||
String userName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, hierarchic);
|
String userName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, hierarchic);
|
||||||
OUser user = oSecurity.createUser(userName, DatabaseEnvironment.DEFAULT_PASSWORDS.get(permissionMode),
|
OUser user = oSecurity.createUser(userName, DatabaseEnvironment.DEFAULT_PASSWORDS.get(permissionMode),
|
||||||
role);
|
role);
|
||||||
|
@ -353,11 +404,11 @@ public class SecurityContext {
|
||||||
logger.trace("{} created", user);
|
logger.trace("{} created", user);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public void create(OrientGraph orientGraph) {
|
public void create(OrientGraph orientGraph) {
|
||||||
ODatabaseDocumentTx oDatabaseDocumentTx = getAdminODatabaseDocumentTx(orientGraph);
|
OSecurity oSecurity = getOSecurity(orientGraph);
|
||||||
OSecurity oSecurity = getAdminOSecurity(oDatabaseDocumentTx);
|
|
||||||
|
|
||||||
createRolesAndUsers(oSecurity);
|
createRolesAndUsers(oSecurity);
|
||||||
|
|
||||||
|
@ -392,6 +443,42 @@ public class SecurityContext {
|
||||||
orientGraph.shutdown();
|
orientGraph.shutdown();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected void removeChildrenHRolesFromParents(OSecurity oSecurity) {
|
||||||
|
Set<SecurityContext> parents = getAllParents();
|
||||||
|
Set<SecurityContext> allChildren = getAllChildren();
|
||||||
|
removeChildrenHRolesFromParents(oSecurity, parents, allChildren);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void removeChildrenHRolesFromParents(OSecurity oSecurity, Set<SecurityContext> parents, Set<SecurityContext> children) {
|
||||||
|
for(SecurityContext parent : parents) {
|
||||||
|
parent.removeChildrenHRolesFromMyHUsers(oSecurity, children);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void removeChildrenHRolesFromMyHUsers(OSecurity oSecurity, Set<SecurityContext> children) {
|
||||||
|
for(PermissionMode permissionMode : PermissionMode.values()) {
|
||||||
|
String userName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, true);
|
||||||
|
OUser user = oSecurity.getUser(userName);
|
||||||
|
for(SecurityContext child : children) {
|
||||||
|
String roleName = child.getSecurityRoleOrUserName(permissionMode, SecurityType.ROLE, true);
|
||||||
|
logger.debug("Going to remove {} from {}", roleName, userName);
|
||||||
|
boolean removed = user.removeRole(roleName);
|
||||||
|
logger.trace("{} {} removed from {}", roleName, removed ? "successfully" : "NOT", userName);
|
||||||
|
}
|
||||||
|
user.save();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void removeHierarchicRoleFromMyHUser(OSecurity oSecurity, PermissionMode permissionMode, String roleName) {
|
||||||
|
String userName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, true);
|
||||||
|
OUser user = oSecurity.getUser(userName);
|
||||||
|
logger.debug("Going to remove {} from {}", roleName, userName);
|
||||||
|
boolean removed = user.removeRole(roleName);
|
||||||
|
logger.trace("{} {} removed from {}", roleName, removed ? "successfully" : "NOT", userName);
|
||||||
|
user.save();
|
||||||
|
}
|
||||||
|
|
||||||
protected void deleteRolesAndUsers(OSecurity oSecurity) {
|
protected void deleteRolesAndUsers(OSecurity oSecurity) {
|
||||||
boolean[] booleanArray;
|
boolean[] booleanArray;
|
||||||
if(hierarchic) {
|
if(hierarchic) {
|
||||||
|
@ -400,6 +487,9 @@ public class SecurityContext {
|
||||||
booleanArray = new boolean[] {false};
|
booleanArray = new boolean[] {false};
|
||||||
}
|
}
|
||||||
for(boolean hierarchic : booleanArray) {
|
for(boolean hierarchic : booleanArray) {
|
||||||
|
if(hierarchic) {
|
||||||
|
removeChildrenHRolesFromParents(oSecurity);
|
||||||
|
}
|
||||||
for(PermissionMode permissionMode : PermissionMode.values()) {
|
for(PermissionMode permissionMode : PermissionMode.values()) {
|
||||||
for(SecurityType securityType : SecurityType.values()) {
|
for(SecurityType securityType : SecurityType.values()) {
|
||||||
String name = getSecurityRoleOrUserName(permissionMode, securityType, hierarchic);
|
String name = getSecurityRoleOrUserName(permissionMode, securityType, hierarchic);
|
||||||
|
@ -410,14 +500,14 @@ public class SecurityContext {
|
||||||
}
|
}
|
||||||
|
|
||||||
public void delete(OrientGraph orientGraph) {
|
public void delete(OrientGraph orientGraph) {
|
||||||
ODatabaseDocumentTx oDatabaseDocumentTx = getAdminODatabaseDocumentTx(orientGraph);
|
OSecurity oSecurity = getOSecurity(orientGraph);
|
||||||
OSecurity oSecurity = getAdminOSecurity(oDatabaseDocumentTx);
|
|
||||||
|
|
||||||
logger.trace("Going to remove Security Context (roles and users) with UUID {}", context.toString());
|
logger.trace("Going to remove Security Context (roles and users) with UUID {}", context.toString());
|
||||||
|
|
||||||
deleteRolesAndUsers(oSecurity);
|
deleteRolesAndUsers(oSecurity);
|
||||||
|
|
||||||
logger.trace("Security Context (roles and users) with UUID {} successfully removed", context.toString());
|
logger.trace("Security Context (roles and users) with UUID {} successfully removed", context.toString());
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public OrientGraph getGraph(PermissionMode permissionMode) {
|
public OrientGraph getGraph(PermissionMode permissionMode) {
|
||||||
|
|
|
@ -175,7 +175,7 @@ public class DatabaseEnvironment {
|
||||||
try {
|
try {
|
||||||
boolean created = initGraphDB();
|
boolean created = initGraphDB();
|
||||||
|
|
||||||
ContextUtility contextUtility = ContextUtility.getInstace();
|
ContextUtility contextUtility = ContextUtility.getInstance();
|
||||||
|
|
||||||
AdminSecurityContext adminSecurityContext = new AdminSecurityContext();
|
AdminSecurityContext adminSecurityContext = new AdminSecurityContext();
|
||||||
contextUtility.addSecurityContext(adminSecurityContext.getUUID().toString(), adminSecurityContext);
|
contextUtility.addSecurityContext(adminSecurityContext.getUUID().toString(), adminSecurityContext);
|
||||||
|
|
|
@ -255,7 +255,7 @@ public abstract class ERManagement<ERType extends ER, El extends Element> {
|
||||||
} catch(ResourceRegistryException e) {
|
} catch(ResourceRegistryException e) {
|
||||||
throw e;
|
throw e;
|
||||||
} catch(Exception e) {
|
} catch(Exception e) {
|
||||||
throw new ResourceRegistryException("Error Creating " + erType + " with " + jsonNode, e.getCause());
|
throw new ResourceRegistryException("Error Creating " + erType + " with " + jsonNode, e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -273,7 +273,7 @@ public abstract class ERManagement<ERType extends ER, El extends Element> {
|
||||||
} catch(ResourceRegistryException e) {
|
} catch(ResourceRegistryException e) {
|
||||||
throw e;
|
throw e;
|
||||||
} catch(Exception e) {
|
} catch(Exception e) {
|
||||||
throw new ResourceRegistryException("Error Updating " + erType + " with " + jsonNode, e.getCause());
|
throw new ResourceRegistryException("Error Updating " + erType + " with " + jsonNode, e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -438,6 +438,8 @@ public abstract class ERManagement<ERType extends ER, El extends Element> {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
orientGraph = getWorkingContext().getGraph(PermissionMode.WRITER);
|
orientGraph = getWorkingContext().getGraph(PermissionMode.WRITER);
|
||||||
|
orientGraph.setAutoStartTx(false);
|
||||||
|
orientGraph.begin();
|
||||||
|
|
||||||
element = internalCreate();
|
element = internalCreate();
|
||||||
|
|
||||||
|
@ -489,6 +491,8 @@ public abstract class ERManagement<ERType extends ER, El extends Element> {
|
||||||
public String update() throws ERNotFoundException, ERAvailableInAnotherContextException, ResourceRegistryException {
|
public String update() throws ERNotFoundException, ERAvailableInAnotherContextException, ResourceRegistryException {
|
||||||
try {
|
try {
|
||||||
orientGraph = getWorkingContext().getGraph(PermissionMode.WRITER);
|
orientGraph = getWorkingContext().getGraph(PermissionMode.WRITER);
|
||||||
|
orientGraph.setAutoStartTx(false);
|
||||||
|
orientGraph.begin();
|
||||||
|
|
||||||
element = internalUpdate();
|
element = internalUpdate();
|
||||||
|
|
||||||
|
@ -526,6 +530,8 @@ public abstract class ERManagement<ERType extends ER, El extends Element> {
|
||||||
try {
|
try {
|
||||||
|
|
||||||
orientGraph = ContextUtility.getAdminSecurityContext().getGraph(PermissionMode.WRITER);
|
orientGraph = ContextUtility.getAdminSecurityContext().getGraph(PermissionMode.WRITER);
|
||||||
|
orientGraph.setAutoStartTx(false);
|
||||||
|
orientGraph.begin();
|
||||||
|
|
||||||
boolean deleted = reallyDelete();
|
boolean deleted = reallyDelete();
|
||||||
|
|
||||||
|
@ -564,6 +570,8 @@ public abstract class ERManagement<ERType extends ER, El extends Element> {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
orientGraph = ContextUtility.getAdminSecurityContext().getGraph(PermissionMode.WRITER);
|
orientGraph = ContextUtility.getAdminSecurityContext().getGraph(PermissionMode.WRITER);
|
||||||
|
orientGraph.setAutoStartTx(false);
|
||||||
|
orientGraph.begin();
|
||||||
|
|
||||||
boolean added = internalAddToContext();
|
boolean added = internalAddToContext();
|
||||||
|
|
||||||
|
@ -596,6 +604,8 @@ public abstract class ERManagement<ERType extends ER, El extends Element> {
|
||||||
try {
|
try {
|
||||||
|
|
||||||
orientGraph = ContextUtility.getAdminSecurityContext().getGraph(PermissionMode.WRITER);
|
orientGraph = ContextUtility.getAdminSecurityContext().getGraph(PermissionMode.WRITER);
|
||||||
|
orientGraph.setAutoStartTx(false);
|
||||||
|
orientGraph.begin();
|
||||||
|
|
||||||
boolean removed = internalRemoveFromContext();
|
boolean removed = internalRemoveFromContext();
|
||||||
|
|
||||||
|
|
|
@ -90,16 +90,21 @@ public class ContextManagementTest extends ScopedTest {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void roleUserAssertions(UUID uuid, boolean deleted) throws ResourceRegistryException {
|
protected void roleUserAssertions(UUID uuid, UUID oldParentUUID, boolean deleted) throws ResourceRegistryException {
|
||||||
ContextSecurityContext contextSecurityContext = new ContextSecurityContext();
|
ContextSecurityContext contextSecurityContext = new ContextSecurityContext();
|
||||||
ContextUtility.getInstace().addSecurityContext(contextSecurityContext.getUUID().toString(),
|
ContextUtility.getInstance().addSecurityContext(contextSecurityContext.getUUID().toString(),
|
||||||
contextSecurityContext);
|
contextSecurityContext);
|
||||||
|
|
||||||
OrientGraph orientGraph = contextSecurityContext.getGraph(PermissionMode.READER);
|
OrientGraph orientGraph = contextSecurityContext.getGraph(PermissionMode.READER);
|
||||||
ODatabaseDocumentTx oDatabaseDocumentTx = orientGraph.getRawGraph();
|
ODatabaseDocumentTx oDatabaseDocumentTx = orientGraph.getRawGraph();
|
||||||
OSecurity oSecurity = oDatabaseDocumentTx.getMetadata().getSecurity();
|
OSecurity oSecurity = oDatabaseDocumentTx.getMetadata().getSecurity();
|
||||||
|
|
||||||
SecurityContext securityContext = new SecurityContext(uuid);
|
SecurityContext securityContext = null;
|
||||||
|
if(deleted) {
|
||||||
|
securityContext = new SecurityContext(uuid);
|
||||||
|
} else {
|
||||||
|
securityContext = ContextUtility.getInstance().getSecurityContextByUUID(uuid);
|
||||||
|
}
|
||||||
|
|
||||||
boolean[] booleanArray = new boolean[] { false, true };
|
boolean[] booleanArray = new boolean[] { false, true };
|
||||||
for (boolean hierarchic : booleanArray) {
|
for (boolean hierarchic : booleanArray) {
|
||||||
|
@ -111,6 +116,26 @@ public class ContextManagementTest extends ScopedTest {
|
||||||
String user = securityContext.getSecurityRoleOrUserName(permissionMode, SecurityType.USER, hierarchic);
|
String user = securityContext.getSecurityRoleOrUserName(permissionMode, SecurityType.USER, hierarchic);
|
||||||
OUser oUser = oSecurity.getUser(user);
|
OUser oUser = oSecurity.getUser(user);
|
||||||
Assert.assertEquals(oUser == null, deleted);
|
Assert.assertEquals(oUser == null, deleted);
|
||||||
|
if(oUser!=null) {
|
||||||
|
Assert.assertTrue(oUser.hasRole(oRole.getName(), false));
|
||||||
|
}
|
||||||
|
|
||||||
|
if(hierarchic) {
|
||||||
|
SecurityContext parent = null;
|
||||||
|
if(deleted){
|
||||||
|
if(oldParentUUID!=null) {
|
||||||
|
parent = ContextUtility.getInstance().getSecurityContextByUUID(oldParentUUID);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
parent = securityContext.getParentSecurityContext();
|
||||||
|
while(parent!=null) {
|
||||||
|
String parentUser = parent.getSecurityRoleOrUserName(permissionMode, SecurityType.USER, hierarchic);
|
||||||
|
OUser parentOUser = oSecurity.getUser(parentUser);
|
||||||
|
Assert.assertTrue(parentOUser != null);
|
||||||
|
Assert.assertEquals(parentOUser.hasRole(oRole.getName(), false), !deleted);
|
||||||
|
parent = parent.getParentSecurityContext();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -121,7 +146,7 @@ public class ContextManagementTest extends ScopedTest {
|
||||||
contextManagement.setUUID(uuid);
|
contextManagement.setUUID(uuid);
|
||||||
String contextString = contextManagement.read();
|
String contextString = contextManagement.read();
|
||||||
logger.debug("Read {}", contextString);
|
logger.debug("Read {}", contextString);
|
||||||
roleUserAssertions(uuid, false);
|
roleUserAssertions(uuid, null, false);
|
||||||
return ISMapper.unmarshal(Context.class, contextString);
|
return ISMapper.unmarshal(Context.class, contextString);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -132,7 +157,7 @@ public class ContextManagementTest extends ScopedTest {
|
||||||
logger.debug("Created {}", contextString);
|
logger.debug("Created {}", contextString);
|
||||||
Context c = ISMapper.unmarshal(Context.class, contextString);
|
Context c = ISMapper.unmarshal(Context.class, contextString);
|
||||||
assertions(context, c, true, true);
|
assertions(context, c, true, true);
|
||||||
roleUserAssertions(c.getHeader().getUUID(), false);
|
roleUserAssertions(c.getHeader().getUUID(), null, false);
|
||||||
return c;
|
return c;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -143,16 +168,24 @@ public class ContextManagementTest extends ScopedTest {
|
||||||
logger.debug("Updated {}", contextString);
|
logger.debug("Updated {}", contextString);
|
||||||
Context c = ISMapper.unmarshal(Context.class, contextString);
|
Context c = ISMapper.unmarshal(Context.class, contextString);
|
||||||
assertions(context, c, true, false);
|
assertions(context, c, true, false);
|
||||||
roleUserAssertions(c.getHeader().getUUID(), false);
|
roleUserAssertions(c.getHeader().getUUID(), null, false);
|
||||||
return c;
|
return c;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected boolean delete(UUID uuid) throws ResourceRegistryException {
|
protected boolean delete(UUID uuid) throws ResourceRegistryException {
|
||||||
ContextManagement contextManagement = new ContextManagement();
|
ContextManagement contextManagement = new ContextManagement();
|
||||||
contextManagement.setUUID(uuid);
|
contextManagement.setUUID(uuid);
|
||||||
|
|
||||||
|
SecurityContext securityContext = ContextUtility.getInstance().getSecurityContextByUUID(uuid);
|
||||||
|
|
||||||
|
UUID oldParentUUID = null;
|
||||||
|
if(securityContext.getParentSecurityContext()!=null) {
|
||||||
|
oldParentUUID = securityContext.getParentSecurityContext().getUUID();
|
||||||
|
}
|
||||||
|
|
||||||
boolean deleted = contextManagement.delete();
|
boolean deleted = contextManagement.delete();
|
||||||
Assert.assertTrue(deleted);
|
Assert.assertTrue(deleted);
|
||||||
roleUserAssertions(uuid, true);
|
roleUserAssertions(uuid, oldParentUUID, true);
|
||||||
logger.debug("Deleted {} with UUID {}", Context.NAME, uuid);
|
logger.debug("Deleted {} with UUID {}", Context.NAME, uuid);
|
||||||
return deleted;
|
return deleted;
|
||||||
}
|
}
|
||||||
|
@ -336,6 +369,44 @@ public class ContextManagementTest extends ScopedTest {
|
||||||
// ___A2_______B4____
|
// ___A2_______B4____
|
||||||
// B3______________A5
|
// B3______________A5
|
||||||
|
|
||||||
|
/*
|
||||||
|
// This updates (move) has been made to test HRoles and HUsers
|
||||||
|
|
||||||
|
contextA2.setParent(contextA5);
|
||||||
|
update(contextA2);
|
||||||
|
// __A1______________
|
||||||
|
// _____B4___________
|
||||||
|
// ________A5________
|
||||||
|
// ___________A2_____
|
||||||
|
// ______________B3__
|
||||||
|
|
||||||
|
|
||||||
|
contextA5.setParent(contextA1);
|
||||||
|
update(contextA5);
|
||||||
|
// _________A1________
|
||||||
|
// ______A5_____B4____
|
||||||
|
// ___A2______________
|
||||||
|
// B3_________________
|
||||||
|
|
||||||
|
|
||||||
|
contextA5.setParent(contextB4);
|
||||||
|
update(contextA5);
|
||||||
|
// __A1______________
|
||||||
|
// _____B4___________
|
||||||
|
// ________A5________
|
||||||
|
// ___________A2_____
|
||||||
|
// ______________B3__
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
contextA2.setParent(contextA1);
|
||||||
|
update(contextA2);
|
||||||
|
// ________A1________
|
||||||
|
// ___A2_______B4____
|
||||||
|
// B3______________A5
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
// The following delete are not allowed because they are not child contexts
|
// The following delete are not allowed because they are not child contexts
|
||||||
invalidDelete(contextA1);
|
invalidDelete(contextA1);
|
||||||
invalidDelete(contextA2);
|
invalidDelete(contextA2);
|
||||||
|
@ -372,12 +443,33 @@ public class ContextManagementTest extends ScopedTest {
|
||||||
logger.debug("The DB should be now clean");
|
logger.debug("The DB should be now clean");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private List<Context> getAll() throws Exception{
|
||||||
|
ContextManagement contextManagement = new ContextManagement();
|
||||||
|
String allString = contextManagement.all(false);
|
||||||
|
logger.trace(allString);
|
||||||
|
List<Context> all = ISMapper.unmarshalList(Context.class, allString);
|
||||||
|
return all;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// @Test
|
||||||
|
public void deleteAll() throws Exception {
|
||||||
|
List<Context> all = getAll();
|
||||||
|
while(all.size()>0) {
|
||||||
|
for (Context context : all) {
|
||||||
|
logger.trace(ISMapper.marshal(context));
|
||||||
|
List<IsParentOf<Context, Context>> children = context.getChildren();
|
||||||
|
if(children==null || children.size()==0) {
|
||||||
|
// delete(context);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// all = getAll();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testGetAll() throws Exception {
|
public void testGetAll() throws Exception {
|
||||||
ContextManagement contextManagement = new ContextManagement();
|
List<Context> contexts = getAll();
|
||||||
String all = contextManagement.all(false);
|
|
||||||
logger.trace(all);
|
|
||||||
List<Context> contexts = ISMapper.unmarshalList(Context.class, all);
|
|
||||||
for (Context context : contexts) {
|
for (Context context : contexts) {
|
||||||
logger.trace(ISMapper.marshal(context));
|
logger.trace(ISMapper.marshal(context));
|
||||||
List<IsParentOf<Context, Context>> children = context.getChildren();
|
List<IsParentOf<Context, Context>> children = context.getChildren();
|
||||||
|
@ -386,10 +478,17 @@ public class ContextManagementTest extends ScopedTest {
|
||||||
Context childContext = child.getTarget();
|
Context childContext = child.getTarget();
|
||||||
Assert.assertTrue(childContext.getParent().getSource() == context);
|
Assert.assertTrue(childContext.getParent().getSource() == context);
|
||||||
}
|
}
|
||||||
roleUserAssertions(context.getHeader().getUUID(), false);
|
roleUserAssertions(context.getHeader().getUUID(), null, false);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// @Test
|
||||||
|
public void readContext() throws ResourceRegistryException, IOException {
|
||||||
|
Context context = read(UUID.fromString(""));
|
||||||
|
logger.debug("{}", context);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
// @Test
|
// @Test
|
||||||
public void deleteContext() throws ResourceRegistryException, IOException {
|
public void deleteContext() throws ResourceRegistryException, IOException {
|
||||||
Context context = read(UUID.fromString(""));
|
Context context = read(UUID.fromString(""));
|
||||||
|
|
Loading…
Reference in New Issue