2018-12-17 14:55:43 +01:00
package org.gcube.data.access.storagehub.services ;
2021-03-16 00:04:54 +01:00
import static org.gcube.data.access.storagehub.Roles.INFRASTRUCTURE_MANAGER_ROLE ;
import static org.gcube.data.access.storagehub.Roles.VREMANAGER_ROLE ;
2020-04-14 19:48:28 +02:00
2020-01-22 16:41:12 +01:00
import java.security.Principal ;
2018-12-17 14:55:43 +01:00
import java.util.ArrayList ;
import java.util.Iterator ;
import java.util.List ;
2020-01-30 11:18:35 +01:00
import java.util.Objects ;
2018-12-17 14:55:43 +01:00
import javax.inject.Inject ;
2018-12-28 17:58:08 +01:00
import javax.jcr.Node ;
2019-10-09 10:35:23 +02:00
import javax.jcr.PathNotFoundException ;
2020-01-22 16:41:12 +01:00
import javax.jcr.RepositoryException ;
import javax.jcr.security.AccessControlEntry ;
2018-12-28 17:58:08 +01:00
import javax.jcr.security.AccessControlManager ;
import javax.jcr.security.Privilege ;
2018-12-17 14:55:43 +01:00
import javax.servlet.ServletContext ;
2019-04-11 18:30:43 +02:00
import javax.ws.rs.Consumes ;
2018-12-17 14:55:43 +01:00
import javax.ws.rs.DELETE ;
2019-04-11 18:30:43 +02:00
import javax.ws.rs.FormParam ;
2018-12-17 14:55:43 +01:00
import javax.ws.rs.GET ;
import javax.ws.rs.POST ;
import javax.ws.rs.PUT ;
import javax.ws.rs.Path ;
import javax.ws.rs.PathParam ;
2019-04-11 16:38:41 +02:00
import javax.ws.rs.Produces ;
2018-12-17 14:55:43 +01:00
import javax.ws.rs.core.Context ;
2019-04-11 16:38:41 +02:00
import javax.ws.rs.core.MediaType ;
2020-01-22 16:41:12 +01:00
import javax.ws.rs.core.Response ;
2018-12-17 14:55:43 +01:00
import org.apache.jackrabbit.api.JackrabbitSession ;
2018-12-28 17:58:08 +01:00
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList ;
2018-12-17 14:55:43 +01:00
import org.apache.jackrabbit.api.security.user.Authorizable ;
import org.apache.jackrabbit.api.security.user.Group ;
import org.apache.jackrabbit.api.security.user.Query ;
import org.apache.jackrabbit.api.security.user.QueryBuilder ;
import org.apache.jackrabbit.api.security.user.User ;
2018-12-28 17:58:08 +01:00
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils ;
2019-10-09 10:35:23 +02:00
import org.gcube.common.authorization.control.annotations.AuthorizationControl ;
2018-12-28 17:58:08 +01:00
import org.gcube.common.authorization.library.provider.AuthorizationProvider ;
2018-12-17 14:55:43 +01:00
import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse ;
2020-01-22 16:41:12 +01:00
import org.gcube.common.scope.api.ScopeProvider ;
2020-01-31 15:22:54 +01:00
import org.gcube.common.scope.impl.ScopeBean ;
import org.gcube.common.scope.impl.ScopeBean.Type ;
2020-01-22 16:41:12 +01:00
import org.gcube.common.storagehub.model.Excludes ;
2021-03-31 14:49:47 +02:00
import org.gcube.common.storagehub.model.Paths ;
2018-12-28 17:58:08 +01:00
import org.gcube.common.storagehub.model.acls.AccessType ;
2018-12-17 14:55:43 +01:00
import org.gcube.common.storagehub.model.exceptions.BackendGenericError ;
2020-01-22 16:41:12 +01:00
import org.gcube.common.storagehub.model.exceptions.InvalidCallParameters ;
import org.gcube.common.storagehub.model.exceptions.StorageHubException ;
import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException ;
2020-03-05 15:39:34 +01:00
import org.gcube.common.storagehub.model.items.Item ;
2018-12-28 17:58:08 +01:00
import org.gcube.common.storagehub.model.types.NodeProperty ;
import org.gcube.common.storagehub.model.types.PrimaryNodeType ;
2020-01-22 16:41:12 +01:00
import org.gcube.data.access.storagehub.AuthorizationChecker ;
2018-12-28 17:58:08 +01:00
import org.gcube.data.access.storagehub.Constants ;
2021-03-31 14:49:47 +02:00
import org.gcube.data.access.storagehub.PathUtil ;
2020-03-16 16:55:26 +01:00
import org.gcube.data.access.storagehub.StorageHubAppllicationManager ;
2018-12-28 17:58:08 +01:00
import org.gcube.data.access.storagehub.Utils ;
2019-10-09 10:35:23 +02:00
import org.gcube.data.access.storagehub.exception.MyAuthException ;
2018-12-17 14:55:43 +01:00
import org.gcube.data.access.storagehub.handlers.CredentialHandler ;
2021-03-16 00:04:54 +01:00
import org.gcube.data.access.storagehub.handlers.GroupHandler ;
2020-03-05 15:39:34 +01:00
import org.gcube.data.access.storagehub.handlers.TrashHandler ;
2020-04-08 21:11:43 +02:00
import org.gcube.data.access.storagehub.handlers.items.Node2ItemConverter ;
2021-04-07 12:38:18 +02:00
import org.gcube.data.access.storagehub.handlers.items.builders.FolderCreationParameters ;
import org.gcube.data.access.storagehub.handlers.vres.VRE ;
import org.gcube.data.access.storagehub.handlers.vres.VREManager ;
2020-03-16 16:55:26 +01:00
import org.gcube.smartgears.annotations.ManagedBy ;
2020-01-22 16:41:12 +01:00
import org.gcube.smartgears.utils.InnerMethodName ;
import org.glassfish.jersey.media.multipart.FormDataParam ;
2018-12-17 14:55:43 +01:00
import org.slf4j.Logger ;
import org.slf4j.LoggerFactory ;
@Path ( " groups " )
2020-03-16 16:55:26 +01:00
@ManagedBy ( StorageHubAppllicationManager . class )
2018-12-17 14:55:43 +01:00
public class GroupManager {
2020-04-08 21:11:43 +02:00
2018-12-17 14:55:43 +01:00
@Context ServletContext context ;
2020-03-05 15:39:34 +01:00
@Inject
TrashHandler trashHandler ;
2020-04-14 19:48:28 +02:00
2018-12-17 14:55:43 +01:00
private static final Logger log = LoggerFactory . getLogger ( GroupManager . class ) ;
2019-04-11 16:38:41 +02:00
2020-03-16 16:55:26 +01:00
RepositoryInitializer repository = StorageHubAppllicationManager . repository ;
2019-04-11 16:38:41 +02:00
2020-01-22 16:41:12 +01:00
@Inject
VREManager vreManager ;
2021-03-16 00:04:54 +01:00
@Inject
GroupHandler groupHandler ;
2020-01-22 16:41:12 +01:00
@Inject
Node2ItemConverter node2Item ;
@Inject
2021-03-31 14:49:47 +02:00
PathUtil pathUtil ;
2021-04-07 12:38:18 +02:00
@Inject
2020-01-22 16:41:12 +01:00
AuthorizationChecker authChecker ;
2021-04-07 12:38:18 +02:00
2018-12-17 14:55:43 +01:00
@GET
@Path ( " " )
2019-05-06 18:56:22 +02:00
@Produces ( MediaType . APPLICATION_JSON )
2018-12-17 14:55:43 +01:00
public List < String > getGroups ( ) {
2020-01-22 16:41:12 +01:00
InnerMethodName . instance . set ( " getGroups " ) ;
2020-04-08 21:11:43 +02:00
2018-12-17 14:55:43 +01:00
JackrabbitSession session = null ;
List < String > groups = new ArrayList < > ( ) ;
try {
session = ( JackrabbitSession ) repository . getRepository ( ) . login ( CredentialHandler . getAdminCredentials ( context ) ) ;
Iterator < Authorizable > result = session . getUserManager ( ) . findAuthorizables ( new Query ( ) {
@Override
public < T > void build ( QueryBuilder < T > builder ) {
builder . setSelector ( Group . class ) ;
}
} ) ;
while ( result . hasNext ( ) ) {
Authorizable group = result . next ( ) ;
log . info ( " group {} found " , group . getPrincipal ( ) . getName ( ) ) ;
groups . add ( group . getPrincipal ( ) . getName ( ) ) ;
}
2020-01-22 16:41:12 +01:00
} catch ( RepositoryException re ) {
log . error ( " jcr error creating item " , re ) ;
GXOutboundErrorResponse . throwException ( new BackendGenericError ( " jcr error creating item " , re ) ) ;
2018-12-17 14:55:43 +01:00
} finally {
if ( session ! = null )
session . logout ( ) ;
}
return groups ;
}
@POST
@Path ( " " )
2020-01-22 16:41:12 +01:00
@Consumes ( MediaType . MULTIPART_FORM_DATA )
@AuthorizationControl ( allowedRoles = { INFRASTRUCTURE_MANAGER_ROLE } , exception = MyAuthException . class )
public String createGroup ( @FormDataParam ( " group " ) String group , @FormDataParam ( " accessType " ) AccessType accessType , @FormDataParam ( " folderOwner " ) String folderOwner ) {
InnerMethodName . instance . set ( " createGroup " ) ;
2018-12-17 14:55:43 +01:00
JackrabbitSession session = null ;
String groupId = null ;
try {
2020-01-22 16:41:12 +01:00
2020-01-29 15:25:24 +01:00
log . info ( " create group called with groupid {} , accessType {} and folderOwner {} " , group , accessType , folderOwner ) ;
2018-12-17 14:55:43 +01:00
session = ( JackrabbitSession ) repository . getRepository ( ) . login ( CredentialHandler . getAdminCredentials ( context ) ) ;
org . apache . jackrabbit . api . security . user . UserManager usrManager = session . getUserManager ( ) ;
Group createdGroup = usrManager . createGroup ( group ) ;
groupId = createdGroup . getID ( ) ;
2020-01-29 11:37:50 +01:00
User user = ( User ) usrManager . getAuthorizable ( folderOwner ) ;
2020-01-29 12:24:30 +01:00
2020-01-22 16:41:12 +01:00
createVreFolder ( groupId , session , accessType ! = null ? accessType : AccessType . WRITE_OWNER , folderOwner ) ;
2020-01-29 12:24:30 +01:00
2020-01-29 15:25:24 +01:00
boolean success = this . internalAddUserToGroup ( session , createdGroup , user ) ;
if ( ! success ) log . warn ( " the user have not been added to the group " ) ;
2020-01-29 17:14:44 +01:00
else log . debug ( " the user have been added to the group " ) ;
2018-12-17 14:55:43 +01:00
session . save ( ) ;
2020-01-29 15:25:24 +01:00
} catch ( StorageHubException se ) {
log . error ( " error creating group {} " , group , se ) ;
GXOutboundErrorResponse . throwException ( se ) ;
} catch ( Throwable e ) {
2018-12-17 14:55:43 +01:00
log . error ( " jcr error creating group {} " , group , e ) ;
GXOutboundErrorResponse . throwException ( new BackendGenericError ( e ) ) ;
} finally {
if ( session ! = null )
session . logout ( ) ;
}
2019-04-11 16:38:41 +02:00
2018-12-17 14:55:43 +01:00
return groupId ;
}
2019-04-11 16:38:41 +02:00
2018-12-17 14:55:43 +01:00
@DELETE
2019-04-11 16:38:41 +02:00
@Path ( " {group} " )
2020-01-22 16:41:12 +01:00
@AuthorizationControl ( allowedRoles = { INFRASTRUCTURE_MANAGER_ROLE } , exception = MyAuthException . class )
2019-04-11 16:38:41 +02:00
public String deleteGroup ( @PathParam ( " group " ) String group ) {
2018-12-17 14:55:43 +01:00
2020-01-22 16:41:12 +01:00
InnerMethodName . instance . set ( " deleteGroup " ) ;
2018-12-17 14:55:43 +01:00
JackrabbitSession session = null ;
try {
2020-01-22 16:41:12 +01:00
2018-12-17 14:55:43 +01:00
session = ( JackrabbitSession ) repository . getRepository ( ) . login ( CredentialHandler . getAdminCredentials ( context ) ) ;
org . apache . jackrabbit . api . security . user . UserManager usrManager = session . getUserManager ( ) ;
2020-01-29 17:14:44 +01:00
Authorizable authorizable = usrManager . getAuthorizable ( group ) ;
2021-10-06 10:37:14 +02:00
if ( authorizable ! = null & & authorizable . isGroup ( ) )
2020-01-29 17:14:44 +01:00
authorizable . remove ( ) ;
2019-04-11 16:38:41 +02:00
try {
2021-10-06 10:37:14 +02:00
Node node = groupHandler . getFolderNodeRelatedToGroup ( session , group ) ;
2020-03-05 15:39:34 +01:00
List < Item > workspaceItems = Utils . getItemList ( node , Excludes . GET_ONLY_CONTENT , null , true , null ) ;
2021-03-16 10:01:07 +01:00
trashHandler . removeOnlyNodesContent ( session , workspaceItems ) ;
2020-01-29 17:14:44 +01:00
node . removeSharedSet ( ) ;
2019-04-11 16:38:41 +02:00
} catch ( Exception e ) {
log . warn ( " vreFolder {} not found, removing only the group " , group ) ;
}
2020-01-29 17:14:44 +01:00
2018-12-17 14:55:43 +01:00
session . save ( ) ;
2020-01-22 16:41:12 +01:00
} catch ( RepositoryException re ) {
log . error ( " jcr error creating item " , re ) ;
GXOutboundErrorResponse . throwException ( new BackendGenericError ( " jcr error creating item " , re ) ) ;
2018-12-17 14:55:43 +01:00
} finally {
if ( session ! = null )
session . logout ( ) ;
}
2019-04-11 16:38:41 +02:00
return group ;
2018-12-17 14:55:43 +01:00
}
2019-04-11 16:38:41 +02:00
2020-01-22 16:41:12 +01:00
public boolean isInfraManager ( ) { return AuthorizationProvider . instance . get ( ) . getClient ( ) . getRoles ( ) . contains ( INFRASTRUCTURE_MANAGER_ROLE ) ; }
2021-01-11 18:07:57 +01:00
public boolean isVREManager ( ) { return AuthorizationProvider . instance . get ( ) . getClient ( ) . getRoles ( ) . contains ( VREMANAGER_ROLE ) ; }
2020-01-22 16:41:12 +01:00
@PUT
@Path ( " {id}/admins " )
@Consumes ( MediaType . APPLICATION_FORM_URLENCODED )
public void addAdmin ( @PathParam ( " id " ) String groupId , @FormParam ( " userId " ) String userId ) {
2020-01-31 15:22:54 +01:00
InnerMethodName . instance . set ( " addAdmin " ) ;
2021-04-07 12:38:18 +02:00
2020-01-22 16:41:12 +01:00
JackrabbitSession session = null ;
try {
2020-01-30 11:18:35 +01:00
Objects . nonNull ( groupId ) ;
Objects . nonNull ( userId ) ;
2020-01-22 16:41:12 +01:00
session = ( JackrabbitSession ) repository . getRepository ( ) . login ( CredentialHandler . getAdminCredentials ( context ) ) ;
2021-10-06 10:37:14 +02:00
Node vreFolder = groupHandler . getFolderNodeRelatedToGroup ( session , groupId ) ;
2021-04-07 12:38:18 +02:00
String currentUser = AuthorizationProvider . instance . get ( ) . getClient ( ) . getId ( ) ;
2021-01-11 18:07:57 +01:00
if ( ! isInfraManager ( ) & & ! ( isVREManager ( ) & & isValidGroupForContext ( groupId ) ) )
2021-04-07 12:38:18 +02:00
authChecker . checkAdministratorControl ( session , currentUser , node2Item . getItem ( vreFolder , Excludes . ALL ) ) ;
2021-01-11 18:07:57 +01:00
2020-01-22 16:41:12 +01:00
org . apache . jackrabbit . api . security . user . UserManager usrManager = ( ( JackrabbitSession ) session ) . getUserManager ( ) ;
Group group = ( Group ) usrManager . getAuthorizable ( groupId ) ;
User authUser = ( User ) usrManager . getAuthorizable ( userId ) ;
2020-01-30 11:18:35 +01:00
if ( group = = null )
throw new InvalidCallParameters ( " invalid group " + groupId ) ;
if ( authUser = = null )
throw new InvalidCallParameters ( " invalid user " + userId ) ;
2020-01-22 16:41:12 +01:00
if ( ! group . isMember ( authUser ) )
throw new InvalidCallParameters ( " user " + userId + " is not in the group " + groupId ) ;
2021-01-11 18:07:57 +01:00
2020-01-22 16:41:12 +01:00
AccessControlManager acm = session . getAccessControlManager ( ) ;
JackrabbitAccessControlList acls = AccessControlUtils . getAccessControlList ( acm , vreFolder . getPath ( ) ) ;
Privilege [ ] userPrivileges = new Privilege [ ] { acm . privilegeFromName ( AccessType . ADMINISTRATOR . getValue ( ) ) } ;
Principal principal = AccessControlUtils . getPrincipal ( session , userId ) ;
acls . addAccessControlEntry ( principal , userPrivileges ) ;
acm . setPolicy ( vreFolder . getPath ( ) , acls ) ;
session . save ( ) ;
} catch ( StorageHubException she ) {
log . error ( she . getErrorMessage ( ) , she ) ;
GXOutboundErrorResponse . throwException ( she , Response . Status . fromStatusCode ( she . getStatus ( ) ) ) ;
2020-01-30 11:18:35 +01:00
} catch ( Throwable re ) {
2020-01-22 16:41:12 +01:00
log . error ( " adding admin to VREFolder " , re ) ;
GXOutboundErrorResponse . throwException ( new BackendGenericError ( " jcr error adding admin to VREFolder " , re ) ) ;
} finally {
if ( session ! = null )
session . logout ( ) ;
}
}
@DELETE
@Path ( " {id}/admins/{userId} " )
@Consumes ( MediaType . APPLICATION_FORM_URLENCODED )
public void removeAdmin ( @PathParam ( " id " ) String groupId , @PathParam ( " userId " ) String userId ) {
InnerMethodName . instance . set ( " removeAdmin " ) ;
JackrabbitSession session = null ;
try {
2020-01-30 11:18:35 +01:00
Objects . nonNull ( groupId ) ;
Objects . nonNull ( userId ) ;
2020-01-22 16:41:12 +01:00
session = ( JackrabbitSession ) repository . getRepository ( ) . login ( CredentialHandler . getAdminCredentials ( context ) ) ;
2021-10-06 10:37:14 +02:00
Node vreFolder = groupHandler . getFolderNodeRelatedToGroup ( session , groupId ) ;
2021-04-07 12:38:18 +02:00
String currentUser = AuthorizationProvider . instance . get ( ) . getClient ( ) . getId ( ) ;
2021-01-11 18:07:57 +01:00
if ( ! isInfraManager ( ) & & ! ( isVREManager ( ) & & isValidGroupForContext ( groupId ) ) )
2021-04-07 12:38:18 +02:00
authChecker . checkAdministratorControl ( session , currentUser , node2Item . getItem ( vreFolder , Excludes . ALL ) ) ;
2021-01-11 18:07:57 +01:00
2020-01-22 16:41:12 +01:00
AccessControlManager acm = session . getAccessControlManager ( ) ;
JackrabbitAccessControlList acls = AccessControlUtils . getAccessControlList ( acm , vreFolder . getPath ( ) ) ;
AccessControlEntry toRemove = null ;
for ( AccessControlEntry acl : acls . getAccessControlEntries ( ) )
if ( acl . getPrincipal ( ) . getName ( ) . equals ( userId ) ) {
toRemove = acl ;
break ;
}
acls . removeAccessControlEntry ( toRemove ) ;
acm . setPolicy ( vreFolder . getPath ( ) , acls ) ;
session . save ( ) ;
} catch ( StorageHubException she ) {
log . error ( she . getErrorMessage ( ) , she ) ;
GXOutboundErrorResponse . throwException ( she , Response . Status . fromStatusCode ( she . getStatus ( ) ) ) ;
2020-01-30 11:18:35 +01:00
} catch ( Throwable re ) {
2020-01-22 16:41:12 +01:00
log . error ( " jcr error creating item " , re ) ;
2021-01-11 18:07:57 +01:00
GXOutboundErrorResponse . throwException ( new BackendGenericError ( " jcr error removing admin to VREFolder " , re ) ) ;
2020-01-22 16:41:12 +01:00
} finally {
if ( session ! = null )
session . logout ( ) ;
}
}
@GET
@Path ( " {groupId}/admins " )
@Produces ( MediaType . APPLICATION_JSON )
public List < String > getAdmins ( @PathParam ( " groupId " ) String groupId ) {
2021-03-31 14:49:47 +02:00
2020-01-22 16:41:12 +01:00
InnerMethodName . instance . set ( " getAdmins " ) ;
2021-03-31 14:49:47 +02:00
String login = AuthorizationProvider . instance . get ( ) . getClient ( ) . getId ( ) ;
2020-01-22 16:41:12 +01:00
JackrabbitSession session = null ;
List < String > users = new ArrayList < > ( ) ;
try {
session = ( JackrabbitSession ) repository . getRepository ( ) . login ( CredentialHandler . getAdminCredentials ( context ) ) ;
2021-04-07 12:38:18 +02:00
VRE vreFolder = vreManager . getVreFolderItemByGroupName ( session , groupId , login , Excludes . ALL ) ;
2020-01-22 16:41:12 +01:00
AccessControlManager acm = session . getAccessControlManager ( ) ;
//authChecker.checkAdministratorControl(session, (VreFolder)vreFolder.getVreFolder());
Node node = session . getNodeByIdentifier ( vreFolder . getVreFolder ( ) . getId ( ) ) ;
JackrabbitAccessControlList acls = AccessControlUtils . getAccessControlList ( acm , node . getPath ( ) ) ;
for ( AccessControlEntry acl : acls . getAccessControlEntries ( ) )
for ( Privilege pr : acl . getPrivileges ( ) ) {
if ( pr . getName ( ) . equals ( AccessType . ADMINISTRATOR . getValue ( ) ) ) {
users . add ( acl . getPrincipal ( ) . getName ( ) ) ;
}
}
} catch ( StorageHubException she ) {
log . error ( she . getErrorMessage ( ) , she ) ;
GXOutboundErrorResponse . throwException ( she , Response . Status . fromStatusCode ( she . getStatus ( ) ) ) ;
2020-01-29 15:25:24 +01:00
} catch ( Exception re ) {
2020-01-22 16:41:12 +01:00
log . error ( " jcr error creating item " , re ) ;
GXOutboundErrorResponse . throwException ( new BackendGenericError ( " jcr error creating item " , re ) ) ;
} finally {
if ( session ! = null )
session . logout ( ) ;
}
return users ;
}
2018-12-17 14:55:43 +01:00
@PUT
2020-01-22 16:41:12 +01:00
@Path ( " {id}/users " )
2019-04-11 18:30:43 +02:00
@Consumes ( MediaType . APPLICATION_FORM_URLENCODED )
2020-01-22 16:41:12 +01:00
@AuthorizationControl ( allowedRoles = { VREMANAGER_ROLE , INFRASTRUCTURE_MANAGER_ROLE } , exception = MyAuthException . class )
2019-04-11 18:30:43 +02:00
public boolean addUserToGroup ( @PathParam ( " id " ) String groupId , @FormParam ( " userId " ) String userId ) {
2018-12-17 14:55:43 +01:00
2020-01-22 16:41:12 +01:00
InnerMethodName . instance . set ( " addUserToGroup " ) ;
2018-12-17 14:55:43 +01:00
JackrabbitSession session = null ;
boolean success = false ;
try {
2020-01-22 16:41:12 +01:00
2021-01-11 18:07:57 +01:00
if ( ! isInfraManager ( ) & & ! isValidGroupForContext ( groupId ) )
2020-01-22 16:41:12 +01:00
throw new UserNotAuthorizedException ( " only VREManager of the selected VRE can execute this operation " ) ;
2018-12-17 14:55:43 +01:00
session = ( JackrabbitSession ) repository . getRepository ( ) . login ( CredentialHandler . getAdminCredentials ( context ) ) ;
org . apache . jackrabbit . api . security . user . UserManager usrManager = session . getUserManager ( ) ;
Group group = ( Group ) usrManager . getAuthorizable ( groupId ) ;
User user = ( User ) usrManager . getAuthorizable ( userId ) ;
2019-04-11 16:38:41 +02:00
2021-02-08 12:30:58 +01:00
if ( user = = null )
throw new InvalidCallParameters ( " user " + userId + " not exists " ) ;
2020-01-22 16:41:12 +01:00
if ( group . isMember ( user ) )
throw new InvalidCallParameters ( " user " + userId + " is already member of group " + groupId ) ;
2020-01-29 12:24:30 +01:00
this . internalAddUserToGroup ( session , group , user ) ;
2019-04-11 16:38:41 +02:00
2018-12-17 14:55:43 +01:00
session . save ( ) ;
2020-01-22 16:41:12 +01:00
} catch ( StorageHubException she ) {
log . error ( she . getErrorMessage ( ) , she ) ;
GXOutboundErrorResponse . throwException ( she , Response . Status . fromStatusCode ( she . getStatus ( ) ) ) ;
} catch ( RepositoryException re ) {
log . error ( " jcr error creating item " , re ) ;
GXOutboundErrorResponse . throwException ( new BackendGenericError ( " jcr error creating item " , re ) ) ;
} finally {
2018-12-17 14:55:43 +01:00
if ( session ! = null )
session . logout ( ) ;
}
2019-04-11 16:38:41 +02:00
2018-12-17 14:55:43 +01:00
return success ;
}
2019-04-11 16:38:41 +02:00
2020-01-29 12:24:30 +01:00
private boolean internalAddUserToGroup ( JackrabbitSession session , Group group , User user ) throws RepositoryException , StorageHubException {
boolean success = group . addMember ( user ) ;
2020-01-29 17:14:44 +01:00
session . save ( ) ;
2020-01-29 12:24:30 +01:00
String folderName = group . getPrincipal ( ) . getName ( ) ;
2021-10-06 10:37:14 +02:00
Node folder = groupHandler . getFolderNodeRelatedToGroup ( session , folderName ) ;
2020-01-29 12:24:30 +01:00
2021-04-07 12:38:18 +02:00
String userPath = Paths . append ( pathUtil . getVREsPath ( user . getPrincipal ( ) . getName ( ) , session ) , folderName ) . toPath ( ) ;
2020-01-29 17:14:44 +01:00
log . debug ( " creating folder in user path {} from {} " , userPath , folder . getPath ( ) ) ;
2020-01-29 12:24:30 +01:00
session . getWorkspace ( ) . clone ( session . getWorkspace ( ) . getName ( ) , folder . getPath ( ) , userPath , false ) ;
2020-01-29 17:14:44 +01:00
try {
session . getNode ( userPath ) ;
log . debug ( " the new folder exists ({}) " , userPath ) ;
} catch ( PathNotFoundException e ) {
log . debug ( " the new folder doesn't exists ({}) " , userPath ) ;
}
2020-01-29 12:24:30 +01:00
return success ;
}
2018-12-17 14:55:43 +01:00
@DELETE
@Path ( " {groupId}/users/{userId} " )
2020-01-22 16:41:12 +01:00
@AuthorizationControl ( allowedRoles = { VREMANAGER_ROLE , INFRASTRUCTURE_MANAGER_ROLE } , exception = MyAuthException . class )
2018-12-17 14:55:43 +01:00
public boolean removeUserFromGroup ( @PathParam ( " groupId " ) String groupId , @PathParam ( " userId " ) String userId ) {
2020-01-22 16:41:12 +01:00
InnerMethodName . instance . set ( " removeUserFromGroup " ) ;
2018-12-17 14:55:43 +01:00
JackrabbitSession session = null ;
boolean success = false ;
try {
2020-01-22 16:41:12 +01:00
if ( ! isValidGroupForContext ( groupId ) & & ! isInfraManager ( ) )
throw new UserNotAuthorizedException ( " only VREManager of the selected VRE can execute this operation " ) ;
2018-12-17 14:55:43 +01:00
session = ( JackrabbitSession ) repository . getRepository ( ) . login ( CredentialHandler . getAdminCredentials ( context ) ) ;
2021-03-16 00:04:54 +01:00
success = groupHandler . removeUserFromGroup ( groupId , userId , session ) ;
2018-12-17 14:55:43 +01:00
session . save ( ) ;
2020-01-22 16:41:12 +01:00
} catch ( StorageHubException she ) {
log . error ( she . getErrorMessage ( ) , she ) ;
GXOutboundErrorResponse . throwException ( she , Response . Status . fromStatusCode ( she . getStatus ( ) ) ) ;
} catch ( RepositoryException re ) {
log . error ( " jcr error creating item " , re ) ;
GXOutboundErrorResponse . throwException ( new BackendGenericError ( " jcr error creating item " , re ) ) ;
2018-12-17 14:55:43 +01:00
} finally {
if ( session ! = null )
session . logout ( ) ;
}
2019-04-11 16:38:41 +02:00
2018-12-17 14:55:43 +01:00
return success ;
}
2019-04-11 16:38:41 +02:00
2018-12-17 14:55:43 +01:00
@GET
@Path ( " {groupId}/users " )
2019-04-11 16:38:41 +02:00
@Produces ( MediaType . APPLICATION_JSON )
2020-01-29 15:25:24 +01:00
@AuthorizationControl ( allowedRoles = { VREMANAGER_ROLE , INFRASTRUCTURE_MANAGER_ROLE } , exception = MyAuthException . class )
2018-12-17 14:55:43 +01:00
public List < String > getUsersOfGroup ( @PathParam ( " groupId " ) String groupId ) {
2020-01-22 16:41:12 +01:00
InnerMethodName . instance . set ( " getUsersOfGroup " ) ;
2018-12-17 14:55:43 +01:00
JackrabbitSession session = null ;
List < String > users = new ArrayList < > ( ) ;
try {
2020-01-22 16:41:12 +01:00
2020-01-29 15:25:24 +01:00
if ( ! isValidGroupForContext ( groupId ) & & ! isInfraManager ( ) )
2020-01-22 16:41:12 +01:00
throw new UserNotAuthorizedException ( " only VREManager of the selected VRE can execute this operation " ) ;
2018-12-17 14:55:43 +01:00
session = ( JackrabbitSession ) repository . getRepository ( ) . login ( CredentialHandler . getAdminCredentials ( context ) ) ;
org . apache . jackrabbit . api . security . user . UserManager usrManager = session . getUserManager ( ) ;
Group group = ( Group ) usrManager . getAuthorizable ( groupId ) ;
2019-04-11 16:38:41 +02:00
2018-12-17 14:55:43 +01:00
Iterator < Authorizable > it = group . getMembers ( ) ;
2019-04-11 16:38:41 +02:00
2018-12-17 14:55:43 +01:00
while ( it . hasNext ( ) ) {
Authorizable user = it . next ( ) ;
users . add ( user . getPrincipal ( ) . getName ( ) ) ;
}
2019-04-11 16:38:41 +02:00
2020-01-22 16:41:12 +01:00
} catch ( StorageHubException she ) {
log . error ( she . getErrorMessage ( ) , she ) ;
GXOutboundErrorResponse . throwException ( she , Response . Status . fromStatusCode ( she . getStatus ( ) ) ) ;
} catch ( RepositoryException re ) {
log . error ( " jcr error creating item " , re ) ;
GXOutboundErrorResponse . throwException ( new BackendGenericError ( " jcr error creating item " , re ) ) ;
} finally {
2018-12-17 14:55:43 +01:00
if ( session ! = null )
session . logout ( ) ;
}
2019-04-11 16:38:41 +02:00
2018-12-17 14:55:43 +01:00
return users ;
}
2018-12-28 17:58:08 +01:00
2020-01-22 16:41:12 +01:00
private void createVreFolder ( String groupId , JackrabbitSession session , AccessType defaultAccessType , String owner ) throws Exception {
2018-12-28 17:58:08 +01:00
2019-04-11 16:38:41 +02:00
Node sharedRootNode = session . getNode ( Constants . SHARED_FOLDER_PATH ) ;
2020-01-29 12:24:30 +01:00
2019-04-11 16:38:41 +02:00
String name = groupId ;
2020-01-31 15:22:54 +01:00
String currentScope = ScopeProvider . instance . get ( ) ;
ScopeBean bean = new ScopeBean ( currentScope ) ;
while ( ! bean . is ( Type . INFRASTRUCTURE ) ) {
bean = bean . enclosingScope ( ) ;
}
String root = bean . toString ( ) . replaceAll ( " / " , " " ) ;
String displayName = groupId . replaceAll ( root + " -[^ \\ -]* \\ -(.*) " , " $1 " ) ;
2020-01-29 12:24:30 +01:00
2020-01-30 16:13:23 +01:00
log . info ( " creating vreFolder with name {} and title {} and owner {} " , name , displayName , owner ) ;
2020-01-29 12:24:30 +01:00
2021-04-07 12:38:18 +02:00
FolderCreationParameters folderParameters = FolderCreationParameters . builder ( ) . name ( name ) . description ( " VREFolder for " + groupId ) . author ( owner ) . on ( sharedRootNode . getIdentifier ( ) ) . with ( session ) . build ( ) ;
Node folder = Utils . createFolderInternally ( folderParameters , null ) ;
2019-04-11 16:38:41 +02:00
folder . setPrimaryType ( PrimaryNodeType . NT_WORKSPACE_SHARED_FOLDER ) ;
folder . setProperty ( NodeProperty . IS_VRE_FOLDER . toString ( ) , true ) ;
folder . setProperty ( NodeProperty . TITLE . toString ( ) , name ) ;
2020-01-30 16:13:23 +01:00
folder . setProperty ( NodeProperty . DISPLAY_NAME . toString ( ) , displayName ) ;
2019-04-11 16:38:41 +02:00
session . save ( ) ;
AccessControlManager acm = session . getAccessControlManager ( ) ;
JackrabbitAccessControlList acls = AccessControlUtils . getAccessControlList ( acm , folder . getPath ( ) ) ;
2020-01-22 16:41:12 +01:00
/ * Privilege [ ] adminPrivileges = new Privilege [ ] { acm . privilegeFromName ( AccessType . ADMINISTRATOR . getValue ( ) ) } ;
2019-04-11 16:38:41 +02:00
acls . addAccessControlEntry ( AccessControlUtils . getPrincipal ( session , AuthorizationProvider . instance . get ( ) . getClient ( ) . getId ( ) ) , adminPrivileges ) ;
2020-01-22 16:41:12 +01:00
* /
2018-12-28 17:58:08 +01:00
2019-04-12 16:47:39 +02:00
Privilege [ ] usersPrivileges = new Privilege [ ] { acm . privilegeFromName ( defaultAccessType . getValue ( ) ) } ;
acls . addAccessControlEntry ( AccessControlUtils . getPrincipal ( session , groupId ) , usersPrivileges ) ;
acm . setPolicy ( folder . getPath ( ) , acls ) ;
2020-01-29 15:25:24 +01:00
log . debug ( " vrefolder created with id {} " , folder . getIdentifier ( ) ) ;
2018-12-28 17:58:08 +01:00
}
2020-01-22 16:41:12 +01:00
2021-03-16 00:04:54 +01:00
2020-01-22 16:41:12 +01:00
private boolean isValidGroupForContext ( String group ) {
String currentContext = ScopeProvider . instance . get ( ) ;
String expectedGroupId = currentContext . replace ( " / " , " - " ) . substring ( 1 ) ;
return group . equals ( expectedGroupId ) ;
}
2018-12-17 14:55:43 +01:00
}