From a45c5c04be0c2c89b775bf3ca2191c33b330faa0 Mon Sep 17 00:00:00 2001 From: "luca.frosini" Date: Thu, 27 Oct 2016 16:50:52 +0000 Subject: [PATCH] Added missing commit git-svn-id: https://svn.d4science.research-infrastructures.eu/gcube/trunk/information-system/resource-registry@133679 82a268e6-3cf1-43bd-a215-b396298e98cf --- .../context/SecurityContext.java | 77 +++++++++++-------- 1 file changed, 44 insertions(+), 33 deletions(-) diff --git a/src/main/java/org/gcube/informationsystem/resourceregistry/context/SecurityContext.java b/src/main/java/org/gcube/informationsystem/resourceregistry/context/SecurityContext.java index d7c8b5e..ace136f 100644 --- a/src/main/java/org/gcube/informationsystem/resourceregistry/context/SecurityContext.java +++ b/src/main/java/org/gcube/informationsystem/resourceregistry/context/SecurityContext.java @@ -15,6 +15,7 @@ import com.orientechnologies.orient.core.metadata.security.ORestrictedOperation; import com.orientechnologies.orient.core.metadata.security.ORole; import com.orientechnologies.orient.core.metadata.security.OSecurity; import com.orientechnologies.orient.core.metadata.security.OSecurityRole.ALLOW_MODES; +import com.orientechnologies.orient.core.metadata.security.OUser; import com.orientechnologies.orient.core.record.impl.ODocument; import com.tinkerpop.blueprints.Direction; import com.tinkerpop.blueprints.Edge; @@ -100,30 +101,44 @@ public class SecurityContext { ORole writer = oSecurity.getRole(DEFAULT_WRITER_ROLE); ORole reader = oSecurity.getRole(DEFAULT_READER_ROLE); - ORole writerRole = oSecurity.createRole(SecurityContextMapper - .getSecurityRoleOrUserName( - SecurityContextMapper.PermissionMode.WRITER, - SecurityContextMapper.SecurityType.ROLE, context), + String writeRoleName = SecurityContextMapper.getSecurityRoleOrUserName( + SecurityContextMapper.PermissionMode.WRITER, + SecurityContextMapper.SecurityType.ROLE, context); + ORole writerRole = oSecurity.createRole(writeRoleName, writer, ALLOW_MODES.DENY_ALL_BUT); - - ORole readerRole = oSecurity.createRole(SecurityContextMapper - .getSecurityRoleOrUserName( - SecurityContextMapper.PermissionMode.READER, - SecurityContextMapper.SecurityType.ROLE, context), + writerRole.save(); + logger.trace("{} created", writerRole); + + + String readerRoleName = SecurityContextMapper.getSecurityRoleOrUserName( + SecurityContextMapper.PermissionMode.READER, + SecurityContextMapper.SecurityType.ROLE, context); + ORole readerRole = oSecurity.createRole(readerRoleName, reader, ALLOW_MODES.DENY_ALL_BUT); + readerRole.save(); + logger.trace("{} created", readerRole); - oSecurity.createUser(SecurityContextMapper.getSecurityRoleOrUserName( + + String writerUserName = SecurityContextMapper.getSecurityRoleOrUserName( SecurityContextMapper.PermissionMode.WRITER, - SecurityContextMapper.SecurityType.USER, context), + SecurityContextMapper.SecurityType.USER, context); + OUser writerUser = oSecurity.createUser(writerUserName, DatabaseEnvironment.DEFAULT_PASSWORDS - .get(SecurityContextMapper.PermissionMode.WRITER), + .get(SecurityContextMapper.PermissionMode.WRITER), writerRole); - oSecurity.createUser(SecurityContextMapper.getSecurityRoleOrUserName( + writerUser.save(); + logger.trace("{} created", writerUser); + + + String readerUserName = SecurityContextMapper.getSecurityRoleOrUserName( SecurityContextMapper.PermissionMode.READER, - SecurityContextMapper.SecurityType.USER, context), + SecurityContextMapper.SecurityType.USER, context); + OUser readerUser = oSecurity.createUser(readerUserName, DatabaseEnvironment.DEFAULT_PASSWORDS - .get(SecurityContextMapper.PermissionMode.READER), + .get(SecurityContextMapper.PermissionMode.READER), readerRole); + readerUser.save(); + logger.trace("{} created", readerUser); oDatabaseDocumentTx.commit(); @@ -131,8 +146,7 @@ public class SecurityContext { "Security Context (roles and users) with UUID {} successfully created", context.toString()); } - - + public static void deleteSecurityContext(OrientGraph orientGraph, UUID context, boolean commit) { @@ -146,47 +160,44 @@ public class SecurityContext { SecurityContextMapper.PermissionMode.READER, SecurityContextMapper.SecurityType.USER, context); boolean dropped = oSecurity.dropUser(user); - if(dropped){ + if (dropped) { logger.trace("{} successfully dropped", user); - }else{ + } else { logger.error("{} was not dropped successfully", user); } - - + user = SecurityContextMapper.getSecurityRoleOrUserName( SecurityContextMapper.PermissionMode.WRITER, SecurityContextMapper.SecurityType.USER, context); dropped = oSecurity.dropUser(user); - if(dropped){ + if (dropped) { logger.trace("{} successfully dropped", user); - }else{ + } else { logger.error("{} was not dropped successfully", user); } - - + String role = SecurityContextMapper.getSecurityRoleOrUserName( SecurityContextMapper.PermissionMode.READER, SecurityContextMapper.SecurityType.ROLE, context); dropped = oSecurity.dropRole(role); - if(dropped){ + if (dropped) { logger.trace("{} successfully dropped", role); - }else{ + } else { logger.error("{} was not dropped successfully", role); } - - + role = SecurityContextMapper.getSecurityRoleOrUserName( SecurityContextMapper.PermissionMode.WRITER, SecurityContextMapper.SecurityType.ROLE, context); dropped = oSecurity.dropRole(role); - if(dropped){ + if (dropped) { logger.trace("{} successfully dropped", role); - }else{ + } else { logger.error("{} was not dropped successfully", role); } - + oDatabaseDocumentTx.commit(); - + logger.trace( "Security Context (roles and users) with UUID {} successfully removed", context.toString());