gCubeSystem
/
storagehub
14
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

control on invalid group id and user added on addAdmin

This commit is contained in:
lucio 2020-01-30 11:18:35 +01:00
parent b9d62994f9
commit 0711d8a702
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/main/java/org/gcube/data/access/storagehub/services/GroupManager.java
View File

@ -4,6 +4,7 @@ import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.inject.Inject;
import javax.jcr.Node;
@ -211,7 +212,8 @@ public class GroupManager {
JackrabbitSession session = null;
try {
Objects.nonNull(groupId);
Objects.nonNull(userId);
if (!isInfraManager() && !isValidGroupForContext(groupId) )
throw new UserNotAuthorizedException("only VREManager of the selected VRE can execute this operation");
@ -224,6 +226,11 @@ public class GroupManager {
Group group = (Group)usrManager.getAuthorizable(groupId);
User authUser = (User)usrManager.getAuthorizable(userId);
if (group ==null)
throw new InvalidCallParameters("invalid group "+groupId);
if (authUser ==null)
throw new InvalidCallParameters("invalid user "+userId);
if (!group.isMember(authUser))
throw new InvalidCallParameters("user "+userId+" is not in the group "+groupId);
@ -239,7 +246,7 @@ public class GroupManager {
}catch(StorageHubException she ){
log.error(she.getErrorMessage(), she);
GXOutboundErrorResponse.throwException(she, Response.Status.fromStatusCode(she.getStatus()));
}catch(RepositoryException re ){
}catch(Throwable re ){
log.error("adding admin to VREFolder", re);
GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error adding admin to VREFolder", re));
} finally {
@ -259,10 +266,12 @@ public class GroupManager {
JackrabbitSession session = null;
try {
Objects.nonNull(groupId);
Objects.nonNull(userId);
if (!isValidGroupForContext(groupId) && !isInfraManager())
throw new UserNotAuthorizedException("only VREManager of the selected VRE can execute this operation");
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
@ -283,7 +292,7 @@ public class GroupManager {
}catch(StorageHubException she ){
log.error(she.getErrorMessage(), she);
GXOutboundErrorResponse.throwException(she, Response.Status.fromStatusCode(she.getStatus()));
}catch(RepositoryException re ){
}catch(Throwable re ){
log.error("jcr error creating item", re);
GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error creating item", re));
}finally {