2018-05-28 12:01:01 +02:00
|
|
|
package org.gcube.data.access.storagehub.services;
|
|
|
|
|
2018-10-25 16:33:23 +02:00
|
|
|
import java.io.IOException;
|
2018-05-28 12:01:01 +02:00
|
|
|
import java.util.ArrayList;
|
|
|
|
import java.util.List;
|
|
|
|
|
|
|
|
import javax.enterprise.context.RequestScoped;
|
|
|
|
import javax.inject.Inject;
|
2018-10-25 16:33:23 +02:00
|
|
|
import javax.jcr.RepositoryException;
|
2018-05-28 12:01:01 +02:00
|
|
|
import javax.jcr.Session;
|
|
|
|
import javax.jcr.security.AccessControlEntry;
|
|
|
|
import javax.jcr.security.Privilege;
|
|
|
|
import javax.servlet.ServletContext;
|
|
|
|
import javax.ws.rs.GET;
|
|
|
|
import javax.ws.rs.Path;
|
|
|
|
import javax.ws.rs.PathParam;
|
|
|
|
import javax.ws.rs.Produces;
|
|
|
|
import javax.ws.rs.WebApplicationException;
|
|
|
|
import javax.ws.rs.core.Context;
|
|
|
|
import javax.ws.rs.core.MediaType;
|
|
|
|
|
2018-10-25 16:33:23 +02:00
|
|
|
import org.apache.commons.compress.archivers.ArchiveException;
|
2018-05-28 12:01:01 +02:00
|
|
|
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
|
|
|
|
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
|
2018-10-25 16:33:23 +02:00
|
|
|
import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse;
|
2018-05-28 12:01:01 +02:00
|
|
|
import org.gcube.common.storagehub.model.acls.ACL;
|
|
|
|
import org.gcube.common.storagehub.model.acls.AccessType;
|
2018-10-25 16:33:23 +02:00
|
|
|
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
|
|
|
|
import org.gcube.common.storagehub.model.exceptions.StorageHubException;
|
2018-05-28 12:01:01 +02:00
|
|
|
import org.gcube.common.storagehub.model.types.ACLList;
|
|
|
|
import org.gcube.data.access.storagehub.AuthorizationChecker;
|
2018-07-03 12:15:35 +02:00
|
|
|
import org.gcube.data.access.storagehub.handlers.CredentialHandler;
|
2018-07-05 16:26:08 +02:00
|
|
|
import org.gcube.smartgears.utils.InnerMethodName;
|
2018-05-28 12:01:01 +02:00
|
|
|
import org.slf4j.Logger;
|
|
|
|
import org.slf4j.LoggerFactory;
|
|
|
|
|
2018-06-29 16:59:24 +02:00
|
|
|
@Path("items")
|
2018-05-28 12:01:01 +02:00
|
|
|
public class ACLManager {
|
|
|
|
|
|
|
|
private static final Logger log = LoggerFactory.getLogger(ACLManager.class);
|
|
|
|
|
|
|
|
@Inject
|
|
|
|
RepositoryInitializer repository;
|
|
|
|
|
|
|
|
@RequestScoped
|
|
|
|
@PathParam("id")
|
|
|
|
String id;
|
|
|
|
|
|
|
|
@Context
|
|
|
|
ServletContext context;
|
|
|
|
|
|
|
|
@Inject
|
|
|
|
AuthorizationChecker authChecker;
|
2018-07-03 12:15:35 +02:00
|
|
|
|
2018-05-28 12:01:01 +02:00
|
|
|
@Produces(MediaType.APPLICATION_JSON)
|
|
|
|
@GET
|
|
|
|
@Path("{id}/acls")
|
|
|
|
public ACLList getACL() {
|
2018-07-05 16:26:08 +02:00
|
|
|
InnerMethodName.instance.set("getACLById");
|
2018-05-28 12:01:01 +02:00
|
|
|
Session ses = null;
|
|
|
|
List<ACL> acls = new ArrayList<>();
|
|
|
|
try{
|
2018-07-03 12:15:35 +02:00
|
|
|
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
2018-05-28 12:01:01 +02:00
|
|
|
authChecker.checkReadAuthorizationControl(ses, id);
|
2018-06-05 15:33:36 +02:00
|
|
|
String path = ses.getNodeByIdentifier(id).getPath();
|
|
|
|
log.info("checking acces for path {}",path);
|
|
|
|
JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(ses, path );
|
2018-05-28 12:01:01 +02:00
|
|
|
for (AccessControlEntry aclEntry : accessControlList.getAccessControlEntries()) {
|
|
|
|
ACL acl = new ACL();
|
|
|
|
acl.setPricipal(aclEntry.getPrincipal().getName());
|
|
|
|
List<AccessType> types = new ArrayList<>();
|
|
|
|
for (Privilege priv : aclEntry.getPrivileges())
|
|
|
|
try {
|
|
|
|
types.add(AccessType.fromValue(priv.getName()));
|
|
|
|
}catch (Exception e) {
|
|
|
|
log.warn(priv.getName()+" cannot be mapped to AccessTypes",e);
|
|
|
|
}
|
|
|
|
acl.setAccessTypes(types);
|
|
|
|
acls.add(acl);
|
|
|
|
}
|
2018-10-25 16:33:23 +02:00
|
|
|
|
|
|
|
}catch(RepositoryException re){
|
|
|
|
log.error("jcr error extracting archive", re);
|
|
|
|
GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error extracting archive", re));
|
|
|
|
}catch(StorageHubException she ){
|
|
|
|
log.error("error creating file item", she);
|
|
|
|
GXOutboundErrorResponse.throwException(she);
|
2018-05-28 12:01:01 +02:00
|
|
|
}finally{
|
|
|
|
if (ses!=null)
|
|
|
|
ses.logout();
|
|
|
|
}
|
2018-10-25 16:33:23 +02:00
|
|
|
return new ACLList(acls);
|
2018-05-28 12:01:01 +02:00
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|