From 26bc4c93ac22928c0e4ccab1e25fe5d396215bca Mon Sep 17 00:00:00 2001 From: lucio Date: Wed, 27 Mar 2024 22:23:30 +0100 Subject: [PATCH] Handler fro user and group extracted from managers --- docker-compose-standalone.yml | 4 +- .../storagehub/handlers/GroupHandler.java | 331 ++++++++++++++- .../storagehub/handlers/UserHandler.java | 392 +++++++++++++++++ .../storagehub/services/GroupManager.java | 324 ++------------ .../storagehub/services/UserManager.java | 397 ++---------------- 5 files changed, 793 insertions(+), 655 deletions(-) create mode 100644 src/main/java/org/gcube/data/access/storagehub/handlers/UserHandler.java diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml index d29b2e7..b013e5e 100644 --- a/docker-compose-standalone.yml +++ b/docker-compose-standalone.yml @@ -14,9 +14,9 @@ services: ports: - '5423:5432' volumes: - - ./postgres-data:/var/lib/postgresql/data + - /data/postgres-data:/var/lib/postgresql/data copy the sql script to create tables - - ./sql/create_tables.sql:/docker-entrypoint-initdb.d/create_tables.sql + - /data/sql/create_tables.sql:/docker-entrypoint-initdb.d/create_tables.sql storagehub: build: dockerfile: Dockerfile-standalone diff --git a/src/main/java/org/gcube/data/access/storagehub/handlers/GroupHandler.java b/src/main/java/org/gcube/data/access/storagehub/handlers/GroupHandler.java index 859a8d6..98224aa 100644 --- a/src/main/java/org/gcube/data/access/storagehub/handlers/GroupHandler.java +++ b/src/main/java/org/gcube/data/access/storagehub/handlers/GroupHandler.java @@ -1,7 +1,12 @@ package org.gcube.data.access.storagehub.handlers; -import jakarta.inject.Inject; -import jakarta.inject.Singleton; +import java.security.Principal; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Iterator; +import java.util.List; +import java.util.Objects; + import javax.jcr.ItemNotFoundException; import javax.jcr.Node; import javax.jcr.NodeIterator; @@ -9,21 +14,41 @@ import javax.jcr.PathNotFoundException; import javax.jcr.RepositoryException; import javax.jcr.security.AccessControlEntry; import javax.jcr.security.AccessControlManager; +import javax.jcr.security.Privilege; import org.apache.jackrabbit.api.JackrabbitSession; import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; +import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.Group; +import org.apache.jackrabbit.api.security.user.Query; +import org.apache.jackrabbit.api.security.user.QueryBuilder; import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils; +import org.gcube.common.security.ContextBean; +import org.gcube.common.security.ContextBean.Type; +import org.gcube.common.security.providers.SecretManagerProvider; +import org.gcube.common.storagehub.model.Excludes; +import org.gcube.common.storagehub.model.Paths; +import org.gcube.common.storagehub.model.acls.AccessType; import org.gcube.common.storagehub.model.exceptions.InvalidCallParameters; +import org.gcube.common.storagehub.model.exceptions.NotFoundException; import org.gcube.common.storagehub.model.exceptions.StorageHubException; +import org.gcube.common.storagehub.model.items.Item; import org.gcube.common.storagehub.model.types.NodeProperty; +import org.gcube.common.storagehub.model.types.PrimaryNodeType; import org.gcube.data.access.storagehub.Constants; import org.gcube.data.access.storagehub.PathUtil; +import org.gcube.data.access.storagehub.StorageHubAppllicationManager; +import org.gcube.data.access.storagehub.Utils; +import org.gcube.data.access.storagehub.handlers.items.builders.FolderCreationParameters; import org.gcube.data.access.storagehub.services.GroupManager; +import org.gcube.data.access.storagehub.services.RepositoryInitializer; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import jakarta.inject.Inject; +import jakarta.inject.Singleton; + @Singleton public class GroupHandler { @@ -32,35 +57,200 @@ public class GroupHandler { @Inject PathUtil pathUtil; - public boolean removeUserFromGroup(String groupId, String userId, JackrabbitSession session) throws StorageHubException, RepositoryException { + @Inject + TrashHandler trashHandler; + + RepositoryInitializer repository = StorageHubAppllicationManager.getRepository(); + + public List getGroups(JackrabbitSession session) throws RepositoryException { + List groups = new ArrayList<>(); + session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); + + Iterator result = session.getUserManager().findAuthorizables(new Query() { + @Override + public void build(QueryBuilder builder) { + builder.setSelector(Group.class); + } + }); + + while (result.hasNext()) { + Authorizable group = result.next(); + log.info("group {} found", group.getPrincipal().getName()); + groups.add(group.getPrincipal().getName()); + } + return groups; + + } + + public void createGroup(JackrabbitSession session, String groupId, AccessType accessType, String folderOwner, + boolean useDefaultStorage) throws StorageHubException, Throwable { + + log.info("create group called with groupid {} , accessType {} and folderOwner {}", groupId, accessType, + folderOwner); + org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); - Group group = (Group)usrManager.getAuthorizable(groupId); - User user = (User)usrManager.getAuthorizable(userId); + Group createdGroup = usrManager.createGroup(groupId); + + User user = (User) usrManager.getAuthorizable(folderOwner); + + createVreFolder(session, groupId, accessType != null ? accessType : AccessType.WRITE_OWNER, folderOwner, + useDefaultStorage); + + boolean success = this.internalAddUserToGroup(session, createdGroup, user); + + if (!success) + log.warn("the user have not been added to the group"); + else + log.debug("the user have been added to the group"); + + } + + public void deleteGroup(JackrabbitSession session, String group) throws RepositoryException { + org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); + Authorizable authorizable = usrManager.getAuthorizable(group); + if (authorizable != null && authorizable.isGroup()) + authorizable.remove(); + + try { + Node node = this.getFolderNodeRelatedToGroup(session, group); + List workspaceItems = Utils.getItemList(node, Excludes.GET_ONLY_CONTENT, null, true, null); + trashHandler.removeOnlyNodesContent(session, workspaceItems); + node.removeSharedSet(); + } catch (Exception e) { + log.warn("vreFolder {} not found, removing only the group", group); + } + + } + + public void addAdministratorToGroup(JackrabbitSession session, String groupId, String userId) + throws StorageHubException, Throwable { + Objects.nonNull(groupId); + Objects.nonNull(userId); + + Node vreFolder = this.getFolderNodeRelatedToGroup(session, groupId); + + org.apache.jackrabbit.api.security.user.UserManager usrManager = ((JackrabbitSession) session).getUserManager(); + + Group group = (Group) usrManager.getAuthorizable(groupId); + User authUser = (User) usrManager.getAuthorizable(userId); + + if (group == null) + throw new NotFoundException("group", groupId); + if (authUser == null) + throw new NotFoundException("user", userId); + if (!group.isMember(authUser)) + throw new InvalidCallParameters(String.format("user %s is not in the group %s", userId, groupId)); + + AccessControlManager acm = session.getAccessControlManager(); + JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, vreFolder.getPath()); + Privilege[] userPrivileges = new Privilege[] { acm.privilegeFromName(AccessType.ADMINISTRATOR.getValue()) }; + Principal principal = AccessControlUtils.getPrincipal(session, userId); + acls.addAccessControlEntry(principal, userPrivileges); + acm.setPolicy(vreFolder.getPath(), acls); + + } + + public void removeAdministratorFromGroup(JackrabbitSession session, String groupId, String userId) + throws StorageHubException, Throwable { + + Objects.nonNull(groupId); + Objects.nonNull(userId); + + if (!this.getGroupAdministators(session, groupId).contains(userId)) + throw new InvalidCallParameters(String.format("user %s is not admin of the group %s", userId, groupId)); + + Node vreFolder = this.getFolderNodeRelatedToGroup(session, groupId); + + org.apache.jackrabbit.api.security.user.UserManager usrManager = ((JackrabbitSession) session).getUserManager(); + + Group group = (Group) usrManager.getAuthorizable(groupId); + User authUser = (User) usrManager.getAuthorizable(userId); + + if (group == null) + throw new NotFoundException("group", groupId); + if (authUser == null) + throw new NotFoundException("user", userId); + + AccessControlManager acm = session.getAccessControlManager(); + JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, vreFolder.getPath()); + + AccessControlEntry toRemove = null; + for (AccessControlEntry acl : acls.getAccessControlEntries()) + if (acl.getPrincipal().getName().equals(userId)) { + toRemove = acl; + break; + } + + acls.removeAccessControlEntry(toRemove); + acm.setPolicy(vreFolder.getPath(), acls); + + } + + public List getGroupAdministators(JackrabbitSession session, String groupId) throws Throwable { + + List users = new ArrayList(); + Node node = getFolderNodeRelatedToGroup(session, groupId); + AccessControlManager acm = session.getAccessControlManager(); + + JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, node.getPath()); + + for (AccessControlEntry acl : acls.getAccessControlEntries()) + for (Privilege pr : acl.getPrivileges()) { + if (pr.getName().equals(AccessType.ADMINISTRATOR.getValue())) { + users.add(acl.getPrincipal().getName()); + } + + } + + return users; + } + + public void addUserToGroup(JackrabbitSession session, String userId, String groupId) throws StorageHubException, RepositoryException { + + org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); + + Group group = (Group) usrManager.getAuthorizable(groupId); + User user = (User) usrManager.getAuthorizable(userId); + + if (user == null) + throw new InvalidCallParameters("user " + userId + " not exists"); + + if (group.isMember(user)) + throw new InvalidCallParameters("user " + userId + " is already member of group " + groupId); + + this.internalAddUserToGroup(session, group, user); + + } + + public boolean removeUserFromGroup(JackrabbitSession session, String groupId, String userId) + throws StorageHubException, RepositoryException { + org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); + + Group group = (Group) usrManager.getAuthorizable(groupId); + User user = (User) usrManager.getAuthorizable(userId); if (!group.isMember(user)) - throw new InvalidCallParameters("user "+userId+" is not member of group "+groupId); + throw new InvalidCallParameters(String.format("user %s is not in the group %s", userId, groupId)); - //delete folder on user - String folderName = group.getPrincipal().getName(); + // delete folder on user + String folderName = group.getPrincipal().getName(); Node folder = getFolderNodeRelatedToGroup(session, folderName); - - //Removing the ACL for the user + // Removing the ACL for the user AccessControlManager acm = session.getAccessControlManager(); JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, folder.getPath()); - AccessControlEntry entryToDelete= null; - for (AccessControlEntry ace :acls.getAccessControlEntries()) { + AccessControlEntry entryToDelete = null; + for (AccessControlEntry ace : acls.getAccessControlEntries()) { if (ace.getPrincipal().getName().equals(userId)) { entryToDelete = ace; break; } } - if (entryToDelete!=null) + if (entryToDelete != null) acls.removeAccessControlEntry(entryToDelete); - - + boolean found = false; NodeIterator ni = folder.getSharedSet(); while (ni.hasNext()) { @@ -72,35 +262,130 @@ public class GroupHandler { } } if (!found) - log.warn("sharing not removed for user {} ",userId); - + log.warn("sharing not removed for user {} ", userId); + return group.removeMember(user); + } + + public List getUsersBelongingToGroup(JackrabbitSession session, String groupId) + throws StorageHubException, RepositoryException { + List users = new ArrayList<>(); + + org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); + + Group group = (Group) usrManager.getAuthorizable(groupId); + + Iterator it = group.getMembers(); + + while (it.hasNext()) { + Authorizable user = it.next(); + users.add(user.getPrincipal().getName()); + } + return users; } - public Node getFolderNodeRelatedToGroup(JackrabbitSession session, String name) throws ItemNotFoundException, RepositoryException { + public Node getFolderNodeRelatedToGroup(JackrabbitSession session, String name) + throws ItemNotFoundException, RepositoryException { Node sharedRootNode = session.getNode(Constants.SHARED_FOLDER_PATH); Node vreFolder = null; try { vreFolder = sharedRootNode.getNode(name); - }catch (PathNotFoundException e) { + } catch (PathNotFoundException e) { log.debug("is an old HL VRE"); } - if (vreFolder==null) { + if (vreFolder == null) { NodeIterator nodes = sharedRootNode.getNodes(); while (nodes.hasNext()) { Node node = nodes.nextNode(); - if (node.hasProperty(NodeProperty.TITLE.toString()) && node.getProperty(NodeProperty.TITLE.toString()).getString().equals(name)) { - vreFolder= node; + if (node.hasProperty(NodeProperty.TITLE.toString()) + && node.getProperty(NodeProperty.TITLE.toString()).getString().equals(name)) { + vreFolder = node; break; } } } - if (vreFolder==null) throw new ItemNotFoundException("vre folder not found for group "+name); + if (vreFolder == null) + throw new ItemNotFoundException("vre folder not found for group " + name); return vreFolder; } + private void createVreFolder(JackrabbitSession session, String groupId, AccessType defaultAccessType, String owner, + boolean useDefaultStorage) throws Exception { + + Node sharedRootNode = session.getNode(Constants.SHARED_FOLDER_PATH); + + String name = groupId; + + String currentScope = SecretManagerProvider.get().getContext(); + ContextBean bean = new ContextBean(currentScope); + while (!bean.is(Type.INFRASTRUCTURE)) { + bean = bean.enclosingScope(); + } + String root = bean.toString().replaceAll("/", ""); + + String displayName = groupId.replaceAll(root + "-[^\\-]*\\-(.*)", "$1"); + + log.info("creating vreFolder with name {} and title {} and owner {} and default storage {}", name, displayName, + owner, useDefaultStorage); + + FolderCreationParameters folderParameters; + if (!useDefaultStorage) + folderParameters = FolderCreationParameters.builder().onRepository("gcube-minio") + .withParameters(Collections.singletonMap("bucketName", name + "-gcube-vre")).name(name) + .description("VREFolder for " + groupId).author(owner).on(sharedRootNode.getIdentifier()) + .with(session).build(); + else + folderParameters = FolderCreationParameters.builder().name(name).description("VREFolder for " + groupId) + .author(owner).on(sharedRootNode.getIdentifier()).with(session).build(); + + Node folder = Utils.createFolderInternally(folderParameters, null, useDefaultStorage); + folder.setPrimaryType(PrimaryNodeType.NT_WORKSPACE_SHARED_FOLDER); + folder.setProperty(NodeProperty.IS_VRE_FOLDER.toString(), true); + folder.setProperty(NodeProperty.TITLE.toString(), name); + folder.setProperty(NodeProperty.DISPLAY_NAME.toString(), displayName); + session.save(); + + AccessControlManager acm = session.getAccessControlManager(); + JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, folder.getPath()); + + /* + * Privilege[] adminPrivileges = new Privilege[] { + * acm.privilegeFromName(AccessType.ADMINISTRATOR.getValue()) }; + * acls.addAccessControlEntry(AccessControlUtils.getPrincipal(session, + * AuthorizationProvider.instance.get().getClient().getId()), adminPrivileges ); + */ + + Privilege[] usersPrivileges = new Privilege[] { acm.privilegeFromName(defaultAccessType.getValue()) }; + acls.addAccessControlEntry(AccessControlUtils.getPrincipal(session, groupId), usersPrivileges); + acm.setPolicy(folder.getPath(), acls); + + log.debug("vrefolder created with id {}", folder.getIdentifier()); + } + + private boolean internalAddUserToGroup(JackrabbitSession session, Group group, User user) + throws RepositoryException, StorageHubException { + boolean success = group.addMember(user); + session.save(); + String folderName = group.getPrincipal().getName(); + Node folder = this.getFolderNodeRelatedToGroup(session, folderName); + + String userPath = Paths.append(pathUtil.getVREsPath(user.getPrincipal().getName(), session), folderName) + .toPath(); + log.debug("creating folder in user path {} from {}", userPath, folder.getPath()); + session.getWorkspace().clone(session.getWorkspace().getName(), folder.getPath(), userPath, false); + + try { + session.getNode(userPath); + log.debug("the new folder exists ({}) ", userPath); + } catch (PathNotFoundException e) { + log.debug("the new folder doesn't exists ({}) ", userPath); + } + + return success; + } + } diff --git a/src/main/java/org/gcube/data/access/storagehub/handlers/UserHandler.java b/src/main/java/org/gcube/data/access/storagehub/handlers/UserHandler.java new file mode 100644 index 0000000..9d0c32f --- /dev/null +++ b/src/main/java/org/gcube/data/access/storagehub/handlers/UserHandler.java @@ -0,0 +1,392 @@ +package org.gcube.data.access.storagehub.handlers; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Set; +import java.util.function.Predicate; +import java.util.stream.Collectors; + +import javax.jcr.Node; +import javax.jcr.PathNotFoundException; +import javax.jcr.RepositoryException; + +import org.apache.jackrabbit.api.JackrabbitSession; +import org.apache.jackrabbit.api.security.user.Authorizable; +import org.apache.jackrabbit.api.security.user.Group; +import org.apache.jackrabbit.api.security.user.Query; +import org.apache.jackrabbit.api.security.user.QueryBuilder; +import org.apache.jackrabbit.api.security.user.User; +import org.apache.jackrabbit.core.security.principal.PrincipalImpl; +import org.gcube.common.storagehub.model.Excludes; +import org.gcube.common.storagehub.model.Paths; +import org.gcube.common.storagehub.model.exceptions.BackendGenericError; +import org.gcube.common.storagehub.model.exceptions.InvalidCallParameters; +import org.gcube.common.storagehub.model.exceptions.NotFoundException; +import org.gcube.common.storagehub.model.exceptions.StorageHubException; +import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException; +import org.gcube.common.storagehub.model.items.Item; +import org.gcube.common.storagehub.model.items.SharedFolder; +import org.gcube.common.storagehub.model.types.SHUBUser; +import org.gcube.data.access.storagehub.AuthorizationChecker; +import org.gcube.data.access.storagehub.Constants; +import org.gcube.data.access.storagehub.PathUtil; +import org.gcube.data.access.storagehub.Utils; +import org.gcube.data.access.storagehub.handlers.items.builders.FolderCreationParameters; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import jakarta.inject.Inject; + +public class UserHandler { + + private static final Logger log = LoggerFactory.getLogger(UserHandler.class); + + @Inject + UnshareHandler unshareHandler; + + @Inject + AuthorizationChecker authChecker; + + @Inject + TrashHandler trashHandler; + + @Inject + GroupHandler groupHandler; + + @Inject + PathUtil pathUtil; + + public List getAllUsers(JackrabbitSession session) throws Throwable { + List users = null; + + Iterator result = session.getUserManager().findAuthorizables(new Query() { + + @Override + public void build(QueryBuilder builder) { + builder.setSelector(User.class); + } + }); + + Set usersSet = new HashSet<>(); + String adminUser = Constants.ADMIN_USER; + Node homeNode = session.getNode("/Home"); + + while (result.hasNext()) { + Authorizable user = result.next(); + log.debug("user {} found", user.getPrincipal().getName()); + if (user.getPrincipal().getName().equals(adminUser)) + continue; + + long homeVersion = -1; + try { + Node userHome = homeNode.getNode(user.getPrincipal().getName()); + if (userHome.hasProperty(Constants.HOME_VERSION_PROP)) + homeVersion = userHome.getProperty(Constants.HOME_VERSION_PROP).getLong(); + else + homeVersion = 0; + + usersSet.add(new SHUBUser(user.getPrincipal().getName(), homeVersion)); + + } catch (Exception e) { + log.warn("error retrieving user {} home", user.getPrincipal().getName()); + } + + } + + users = new ArrayList<>(usersSet); + Collections.sort(users); + + return users; + } + + public SHUBUser getUser(JackrabbitSession session, String userId) throws StorageHubException, RepositoryException { + + org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); + Authorizable authorizable = usrManager.getAuthorizable(userId); + + if (authorizable != null && !authorizable.isGroup()) { + long homeVersion = -1; + try { + Node homeNode = session.getNode("/Home"); + Node userHome = homeNode.getNode(authorizable.getPrincipal().getName()); + if (userHome.hasProperty(Constants.HOME_VERSION_PROP)) + homeVersion = userHome.getProperty(Constants.HOME_VERSION_PROP).getLong(); + else + homeVersion = 0; + } catch (Exception e) { + log.warn("error retrieving user {} home", authorizable.getPrincipal().getName(), e); + } + + return new SHUBUser(authorizable.getPrincipal().getName(), homeVersion); + } else + throw new NotFoundException("user", userId); + } + + public String createUser(JackrabbitSession session, String user, String password) + throws StorageHubException, RepositoryException { + + org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); + + User createdUser = usrManager.createUser(user, password); + + String userId = createdUser.getID(); + + Node homeNode = session.getNode("/Home"); + Node userHome = homeNode.addNode(user, "nthl:home"); + + userHome.setProperty(Constants.HOME_VERSION_PROP, 1l); + + // creating workspace folder + FolderCreationParameters wsFolderParameters = FolderCreationParameters.builder() + .name(Constants.WORKSPACE_ROOT_FOLDER_NAME).description("workspace of " + user).author(user) + .on(userHome.getIdentifier()).with(session).build(); + Utils.createFolderInternally(wsFolderParameters, null, true); + // creating thrash folder + FolderCreationParameters trashFolderParameters = FolderCreationParameters.builder() + .name(Constants.TRASH_ROOT_FOLDER_NAME).description("trash of " + user).author(user) + .on(userHome.getIdentifier()).with(session).build(); + Utils.createFolderInternally(trashFolderParameters, null, true); + // creating Vre container folder + FolderCreationParameters vreFolderParameters = FolderCreationParameters.builder() + .name(Constants.PERSONAL_VRES_FOLDER_PARENT_NAME).description("vre folder container of " + user) + .author(user).on(userHome.getIdentifier()).with(session).build(); + Utils.createFolderInternally(vreFolderParameters, null, true); + + // creating inbox folder + FolderCreationParameters inboxFolderParameters = FolderCreationParameters.builder() + .name(Constants.INBOX_FOLDER_NAME).description("inbox of " + user).author(user) + .on(userHome.getIdentifier()).with(session).build(); + Utils.createFolderInternally(inboxFolderParameters, null, true); + + // creating outbox folder + FolderCreationParameters outboxFolderParameters = FolderCreationParameters.builder() + .name(Constants.OUTBOX_FOLDER_NAME).description("outbox of " + user).author(user) + .on(userHome.getIdentifier()).with(session).build(); + Utils.createFolderInternally(outboxFolderParameters, null, true); + + return userId; + } + + public String updateHomeUserToLatestVersion(JackrabbitSession session, String user) + throws StorageHubException, RepositoryException { + + org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); + + Authorizable auth = usrManager.getAuthorizable(user); + if (auth == null || auth.isGroup()) + throw new InvalidCallParameters("invalid user passed"); + + Node homeNode = session.getNode("/Home"); + Node userHome = homeNode.getNode(user); + + if (userHome == null) + throw new BackendGenericError("home for user {} not found"); + + /* + * //creating workspace folder FolderCreationParameters wsFolderParameters = + * FolderCreationParameters.builder().name(Constants.WORKSPACE_ROOT_FOLDER_NAME) + * .description("workspace of "+user).author(user).on(userHome.getIdentifier()). + * with(session).build(); Utils.createFolderInternally(wsFolderParameters, null, + * true); + */ + + // updating thrash folder + if (!userHome.hasProperty(Constants.HOME_VERSION_PROP) + || userHome.getProperty(Constants.HOME_VERSION_PROP).getLong() < 1) { + org.gcube.common.storagehub.model.Path workspacePath = Paths.append(Paths.getPath(userHome.getPath()), + Constants.WORKSPACE_ROOT_FOLDER_NAME); + Boolean oldTrashExists = session + .nodeExists(Paths.append(workspacePath, Constants.TRASH_ROOT_FOLDER_NAME).toPath()); + if (oldTrashExists) + session.move(Paths.append(workspacePath, Constants.TRASH_ROOT_FOLDER_NAME).toPath(), + Paths.append(Paths.getPath(userHome.getPath()), Constants.TRASH_ROOT_FOLDER_NAME).toPath()); + else { + FolderCreationParameters trashFolderParameters = FolderCreationParameters.builder() + .name(Constants.TRASH_ROOT_FOLDER_NAME).description("trash of " + user).author(user) + .on(userHome.getIdentifier()).with(session).build(); + Utils.createFolderInternally(trashFolderParameters, null, true); + } + + Boolean oldVresExists = session + .nodeExists(Paths.append(workspacePath, Constants.OLD_VRE_FOLDER_PARENT_NAME).toPath()); + + if (oldVresExists) + session.move(Paths.append(workspacePath, Constants.OLD_VRE_FOLDER_PARENT_NAME).toPath(), + Paths.append(Paths.getPath(userHome.getPath()), Constants.PERSONAL_VRES_FOLDER_PARENT_NAME) + .toPath()); + else { + // creating Vre container folder + FolderCreationParameters vreFolderParameters = FolderCreationParameters.builder() + .name(Constants.PERSONAL_VRES_FOLDER_PARENT_NAME).description("vre folder container of " + user) + .author(user).on(userHome.getIdentifier()).with(session).build(); + Utils.createFolderInternally(vreFolderParameters, null, true); + } + } + + /* + * //creating inbox folder FolderCreationParameters inboxFolderParameters = + * FolderCreationParameters.builder().name(Constants.INBOX_FOLDER_NAME). + * description("inbox of "+user).author(user).on(userHome.getIdentifier()).with( + * session).build(); Utils.createFolderInternally(inboxFolderParameters, null, + * true); + * + * //creating outbox folder FolderCreationParameters outboxFolderParameters = + * FolderCreationParameters.builder().name(Constants.OUTBOX_FOLDER_NAME). + * description("outbox of "+user).author(user).on(userHome.getIdentifier()).with + * (session).build(); Utils.createFolderInternally(outboxFolderParameters, null, + * true); + */ + + userHome.setProperty(Constants.HOME_VERSION_PROP, 1l); + return user; + } + + public String deleteUser(JackrabbitSession session, String user) throws StorageHubException, RepositoryException { + + org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); + + User authorizable = (User) usrManager.getAuthorizable(new PrincipalImpl(user)); + + if (authorizable != null) + removeUserFromBelongingGroup(session, authorizable, usrManager); + else + log.warn("user was already deleted from jackrabbit, trying to delete folders"); + + unshareUsersFolders(session, user); + + removeUserHomeAndDeleteFiles(session, user); + + // FINALIZE user removal + if (authorizable != null && !authorizable.isGroup()) { + log.info("removing user {}", user); + authorizable.remove(); + } else + log.warn("the user {} was already deleted, it should never happen", user); + + + return user; + } + + public List getGroupsPerUser(JackrabbitSession session, String user) + throws RepositoryException { + + List groups = new ArrayList<>(); + + org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); + User authUser = (User) usrManager.getAuthorizable(new PrincipalImpl(user)); + + Iterator groupsAuth = authUser.memberOf(); + while (groupsAuth.hasNext()) { + Authorizable group = groupsAuth.next(); + groups.add(group.getPrincipal().getName()); + + } + return groups; + } + + private void removeUserFromBelongingGroup(JackrabbitSession session, User authorizable, + org.apache.jackrabbit.api.security.user.UserManager usrManager) + throws RepositoryException, StorageHubException { + Iterator groups = session.getUserManager().findAuthorizables(new Query() { + + @Override + public void build(QueryBuilder builder) { + builder.setSelector(Group.class); + } + }); + + String user = authorizable.getPrincipal().getName(); + while (groups.hasNext()) { + Authorizable group = groups.next(); + log.info("group found {}", group.getPrincipal().getName()); + if (group.isGroup() && ((Group) group).isMember(authorizable)) { + + boolean success = groupHandler.removeUserFromGroup(session, group.getPrincipal().getName(), user); + log.warn("user {} {} removed from vre {}", user, success ? "" : "not", group.getPrincipal().getName()); + } + } + } + + private void unshareUsersFolders(JackrabbitSession session, String user) { + try { + + Node sharedFolderNode = session.getNode(Constants.SHARED_FOLDER_PATH); + + Predicate sharedWithUserChecker = new Predicate() { + + @Override + public boolean test(Node t) { + try { + authChecker.checkReadAuthorizationControl(t.getSession(), user, t.getIdentifier()); + return true; + } catch (UserNotAuthorizedException | BackendGenericError | RepositoryException e) { + return false; + } + } + }; + + List items = Utils.getItemList(sharedWithUserChecker, sharedFolderNode, Excludes.ALL, null, + false, SharedFolder.class); + + log.debug(" Shared folder to unshare found are {}", items.size()); + + for (SharedFolder item : items) { + String title = item.getTitle(); + log.debug("in list folder name {} with title {} and path {} ", item.getName(), title, item.getPath()); + if (item.isPublicItem() && !item.getUsers().getMap().containsKey(user)) + continue; + if (item.isVreFolder()) + continue; + + log.info("removing sharing for folder name {} with title {} and path {} ", item.getName(), title, + item.getPath()); + String owner = item.getOwner(); + + Set usersToUnshare = owner.equals(user) ? Collections.emptySet() : Collections.singleton(user); + + try { + unshareHandler.unshareForRemoval(session, usersToUnshare, session.getNodeByIdentifier(item.getId()), + user); + } catch (Throwable e) { + log.warn("error unsharing folder with title '{}' and id {} ", title, item.getId(), e); + } + } + } catch (Throwable t) { + log.warn("error getting folder shared with {}", user, t); + } + } + + private void removeUserHomeAndDeleteFiles(JackrabbitSession session, String user) + throws RepositoryException, StorageHubException { + org.gcube.common.storagehub.model.Path homePath = pathUtil.getHome(user); + org.gcube.common.storagehub.model.Path workspacePath = pathUtil.getWorkspacePath(user); + + try { + Node workspaceNode = session.getNode(workspacePath.toPath()); + List workspaceItems = Utils.getItemList(workspaceNode, Excludes.GET_ONLY_CONTENT, null, true, null) + .stream().filter(i -> !i.isShared()).collect(Collectors.toList()); + trashHandler.removeOnlyNodesContent(session, workspaceItems); + } catch (PathNotFoundException e) { + log.warn("{} workspace dir {} was already deleted", user, homePath.toPath()); + } + + try { + org.gcube.common.storagehub.model.Path trashPath = pathUtil.getTrashPath(user, session); + Node trashNode = session.getNode(trashPath.toPath()); + List trashItems = Utils.getItemList(trashNode, Excludes.ALL, null, true, null); + trashHandler.removeOnlyNodesContent(session, trashItems); + } catch (PathNotFoundException e) { + log.warn("{} trash dir {} was already deleted", user, homePath.toPath()); + } + + try { + Node homeNode = session.getNode(homePath.toPath()); + homeNode.remove(); + } catch (PathNotFoundException e) { + log.warn("{} home dir {} was already deleted", user, homePath.toPath()); + } + } +} diff --git a/src/main/java/org/gcube/data/access/storagehub/services/GroupManager.java b/src/main/java/org/gcube/data/access/storagehub/services/GroupManager.java index c924e63..c60eab4 100644 --- a/src/main/java/org/gcube/data/access/storagehub/services/GroupManager.java +++ b/src/main/java/org/gcube/data/access/storagehub/services/GroupManager.java @@ -3,54 +3,24 @@ package org.gcube.data.access.storagehub.services; import static org.gcube.data.access.storagehub.Roles.INFRASTRUCTURE_MANAGER_ROLE; import static org.gcube.data.access.storagehub.Roles.VREMANAGER_ROLE; -import java.security.Principal; import java.util.ArrayList; -import java.util.Collections; -import java.util.Iterator; import java.util.List; import java.util.Objects; -import javax.jcr.Node; -import javax.jcr.PathNotFoundException; import javax.jcr.RepositoryException; -import javax.jcr.security.AccessControlEntry; -import javax.jcr.security.AccessControlManager; -import javax.jcr.security.Privilege; import org.apache.jackrabbit.api.JackrabbitSession; -import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; -import org.apache.jackrabbit.api.security.user.Authorizable; -import org.apache.jackrabbit.api.security.user.Group; -import org.apache.jackrabbit.api.security.user.Query; -import org.apache.jackrabbit.api.security.user.QueryBuilder; -import org.apache.jackrabbit.api.security.user.User; -import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils; import org.gcube.common.authorization.control.annotations.AuthorizationControl; import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse; -import org.gcube.common.security.ContextBean; -import org.gcube.common.security.ContextBean.Type; import org.gcube.common.security.providers.SecretManagerProvider; -import org.gcube.common.storagehub.model.Excludes; -import org.gcube.common.storagehub.model.Paths; import org.gcube.common.storagehub.model.acls.AccessType; import org.gcube.common.storagehub.model.exceptions.BackendGenericError; -import org.gcube.common.storagehub.model.exceptions.InvalidCallParameters; import org.gcube.common.storagehub.model.exceptions.StorageHubException; import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException; -import org.gcube.common.storagehub.model.items.Item; -import org.gcube.common.storagehub.model.types.NodeProperty; -import org.gcube.common.storagehub.model.types.PrimaryNodeType; -import org.gcube.data.access.storagehub.AuthorizationChecker; import org.gcube.data.access.storagehub.Constants; import org.gcube.data.access.storagehub.PathUtil; import org.gcube.data.access.storagehub.StorageHubAppllicationManager; -import org.gcube.data.access.storagehub.Utils; import org.gcube.data.access.storagehub.handlers.GroupHandler; -import org.gcube.data.access.storagehub.handlers.TrashHandler; -import org.gcube.data.access.storagehub.handlers.items.Node2ItemConverter; -import org.gcube.data.access.storagehub.handlers.items.builders.FolderCreationParameters; -import org.gcube.data.access.storagehub.handlers.vres.VRE; -import org.gcube.data.access.storagehub.handlers.vres.VREManager; import org.gcube.smartgears.annotations.ManagedBy; import org.gcube.smartgears.utils.InnerMethodName; import org.glassfish.jersey.media.multipart.FormDataParam; @@ -62,7 +32,6 @@ import com.webcohesion.enunciate.metadata.rs.RequestHeaders; import jakarta.inject.Inject; import jakarta.inject.Singleton; -import jakarta.servlet.ServletContext; import jakarta.ws.rs.Consumes; import jakarta.ws.rs.DELETE; import jakarta.ws.rs.DefaultValue; @@ -73,7 +42,6 @@ import jakarta.ws.rs.PUT; import jakarta.ws.rs.Path; import jakarta.ws.rs.PathParam; import jakarta.ws.rs.Produces; -import jakarta.ws.rs.core.Context; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; @@ -84,34 +52,18 @@ import jakarta.ws.rs.core.Response; @RequestHeader( name = "Authorization", description = "Bearer token, see https://dev.d4science.org/how-to-access-resources"), }) public class GroupManager { - - @Context - ServletContext context; - - @Inject - TrashHandler trashHandler; - private static final Logger log = LoggerFactory.getLogger(GroupManager.class); RepositoryInitializer repository = StorageHubAppllicationManager.getRepository(); - - @Inject - VREManager vreManager; - + @Inject GroupHandler groupHandler; - - @Inject - Node2ItemConverter node2Item; @Inject PathUtil pathUtil; - @Inject - AuthorizationChecker authChecker; - @GET @Path("") @@ -119,25 +71,11 @@ public class GroupManager { public List getGroups(){ InnerMethodName.set("getGroups"); - JackrabbitSession session = null; List groups= new ArrayList<>(); try { session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); - - Iterator result = session.getUserManager().findAuthorizables(new Query() { - - @Override - public void build(QueryBuilder builder) { - builder.setSelector(Group.class); - } - }); - - while (result.hasNext()) { - Authorizable group = result.next(); - log.info("group {} found",group.getPrincipal().getName()); - groups.add(group.getPrincipal().getName()); - } + groups = groupHandler.getGroups(session); }catch(RepositoryException re ){ log.error("jcr error creating item", re); GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error creating item", re)); @@ -155,28 +93,10 @@ public class GroupManager { public String createGroup(@FormDataParam("group") String group, @FormDataParam("accessType") AccessType accessType, @FormDataParam("folderOwner") String folderOwner, @FormDataParam("useDefaultStorage") @DefaultValue("true") boolean useDefaultStorage){ InnerMethodName.set("createGroup"); - JackrabbitSession session = null; - String groupId = null; try { - - log.info("create group called with groupid {} , accessType {} and folderOwner {}",group, accessType, folderOwner); - session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); - - org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); - - Group createdGroup = usrManager.createGroup(group); - groupId = createdGroup.getID(); - - User user = (User)usrManager.getAuthorizable(folderOwner); - - createVreFolder(groupId, session, accessType!=null?accessType:AccessType.WRITE_OWNER, folderOwner, useDefaultStorage); - - boolean success = this.internalAddUserToGroup(session, createdGroup, user); - - if (!success) log.warn("the user have not been added to the group"); - else log.debug("the user have been added to the group"); + groupHandler.createGroup(session, group, accessType, folderOwner, useDefaultStorage); session.save(); }catch(StorageHubException se) { log.error("error creating group {}", group, se); @@ -188,8 +108,7 @@ public class GroupManager { if (session!=null) session.logout(); } - - return groupId; + return group; } @DELETE @@ -198,27 +117,10 @@ public class GroupManager { public String deleteGroup(@PathParam("group") String group){ InnerMethodName.set("deleteGroup"); - JackrabbitSession session = null; try { - session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); - - org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); - - Authorizable authorizable = usrManager.getAuthorizable(group); - if (authorizable!=null && authorizable.isGroup()) - authorizable.remove(); - - try { - Node node = groupHandler.getFolderNodeRelatedToGroup(session, group); - List workspaceItems = Utils.getItemList(node, Excludes.GET_ONLY_CONTENT, null, true, null); - trashHandler.removeOnlyNodesContent(session, workspaceItems); - node.removeSharedSet(); - }catch (Exception e) { - log.warn("vreFolder {} not found, removing only the group", group); - } - + groupHandler.deleteGroup(session, group); session.save(); }catch(RepositoryException re ){ log.error("jcr error creating item", re); @@ -245,39 +147,18 @@ public class GroupManager { JackrabbitSession session = null; try { Objects.nonNull(groupId); - Objects.nonNull(userId); - - session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); - - Node vreFolder = groupHandler.getFolderNodeRelatedToGroup(session, groupId); - + Objects.nonNull(userId); String currentUser = SecretManagerProvider.get().getOwner().getId(); - if (!isInfraManager() && !(isVREManager() && isValidGroupForContext(groupId) )) - authChecker.checkAdministratorControl(session, currentUser, node2Item.getItem(vreFolder, Excludes.ALL)); - - org.apache.jackrabbit.api.security.user.UserManager usrManager = ((JackrabbitSession)session).getUserManager(); - - Group group = (Group)usrManager.getAuthorizable(groupId); - User authUser = (User)usrManager.getAuthorizable(userId); - - if (group ==null) - throw new InvalidCallParameters("invalid group "+groupId); - if (authUser ==null) - throw new InvalidCallParameters("invalid user "+userId); + if (!isInfraManager() && !(isVREManager() && isValidGroupForContext(groupId)) && + !groupHandler.getGroupAdministators(session, groupId).contains(currentUser)) + throw new UserNotAuthorizedException(); - if (!group.isMember(authUser)) - throw new InvalidCallParameters("user "+userId+" is not in the group "+groupId); - + session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); + + groupHandler.addAdministratorToGroup(session, groupId, userId); - AccessControlManager acm = session.getAccessControlManager(); - JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, vreFolder.getPath()); - Privilege[] userPrivileges = new Privilege[] { acm.privilegeFromName(AccessType.ADMINISTRATOR.getValue()) }; - Principal principal = AccessControlUtils.getPrincipal(session, userId); - acls.addAccessControlEntry(principal, userPrivileges); - acm.setPolicy(vreFolder.getPath(), acls); - session.save(); }catch(StorageHubException she ){ log.error(she.getErrorMessage(), she); @@ -289,6 +170,8 @@ public class GroupManager { if (session!=null) session.logout(); } + + } @DELETE @@ -297,34 +180,22 @@ public class GroupManager { public void removeAdmin(@PathParam("id") String groupId, @PathParam("userId") String userId){ InnerMethodName.set("removeAdmin"); - - JackrabbitSession session = null; + JackrabbitSession session = null; try { Objects.nonNull(groupId); Objects.nonNull(userId); - session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); - Node vreFolder = groupHandler.getFolderNodeRelatedToGroup(session, groupId); String currentUser = SecretManagerProvider.get().getOwner().getId(); - if (!isInfraManager() && !(isVREManager() && isValidGroupForContext(groupId) )) - authChecker.checkAdministratorControl(session, currentUser, node2Item.getItem(vreFolder, Excludes.ALL)); - + if (!isInfraManager() && !(isVREManager() && isValidGroupForContext(groupId)) && + !groupHandler.getGroupAdministators(session, groupId).contains(currentUser)) + throw new UserNotAuthorizedException(); + session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); + + groupHandler.removeAdministratorFromGroup(session, groupId, userId); - AccessControlManager acm = session.getAccessControlManager(); - JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, vreFolder.getPath()); - - AccessControlEntry toRemove = null; - for (AccessControlEntry acl: acls.getAccessControlEntries()) - if (acl.getPrincipal().getName().equals(userId)) { - toRemove = acl; - break; - } - - acls.removeAccessControlEntry(toRemove); - acm.setPolicy(vreFolder.getPath(), acls); session.save(); }catch(StorageHubException she ){ log.error(she.getErrorMessage(), she); @@ -332,7 +203,7 @@ public class GroupManager { }catch(Throwable re ){ log.error("jcr error creating item", re); GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error removing admin to VREFolder", re)); - }finally { + } finally { if (session!=null) session.logout(); } @@ -343,37 +214,19 @@ public class GroupManager { @Produces(MediaType.APPLICATION_JSON) public List getAdmins(@PathParam("groupId") String groupId){ - InnerMethodName.set("getAdmins"); - String login = SecretManagerProvider.get().getOwner().getId(); - - JackrabbitSession session = null; + InnerMethodName.set("getAdmins"); List users = new ArrayList<>(); + JackrabbitSession session = null; try { - session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); - - VRE vreFolder = vreManager.getVreFolderItemByGroupName(session, groupId, login, Excludes.ALL); - AccessControlManager acm = session.getAccessControlManager(); - //authChecker.checkAdministratorControl(session, (VreFolder)vreFolder.getVreFolder()); - Node node = session.getNodeByIdentifier(vreFolder.getVreFolder().getId()); - - JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, node.getPath()); - - for (AccessControlEntry acl: acls.getAccessControlEntries()) - for (Privilege pr: acl.getPrivileges()) { - if (pr.getName().equals(AccessType.ADMINISTRATOR.getValue())){ - users.add(acl.getPrincipal().getName()); - } - - } - + users = groupHandler.getGroupAdministators(session, groupId); }catch(StorageHubException she ){ log.error(she.getErrorMessage(), she); GXOutboundErrorResponse.throwException(she, Response.Status.fromStatusCode(she.getStatus())); - }catch(Exception re ){ - log.error("jcr error creating item", re); - GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error creating item", re)); - }finally { + }catch(Throwable re ){ + log.error("jcr error getting admins", re); + GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error getting admins", re)); + } finally { if (session!=null) session.logout(); } @@ -389,38 +242,25 @@ public class GroupManager { public boolean addUserToGroup(@PathParam("id") String groupId, @FormParam("userId") String userId){ InnerMethodName.set("addUserToGroup"); - JackrabbitSession session = null; boolean success = false; try { - if (!isInfraManager() && !isValidGroupForContext(groupId)) + if (!isInfraManager() && !(isVREManager() && isValidGroupForContext(groupId))) throw new UserNotAuthorizedException("only VREManager of the selected VRE can execute this operation"); - - session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); - - org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); - - Group group = (Group)usrManager.getAuthorizable(groupId); - User user = (User)usrManager.getAuthorizable(userId); - - if (user==null) - throw new InvalidCallParameters("user "+userId+" not exists"); - if (group.isMember(user)) - throw new InvalidCallParameters("user "+userId+" is already member of group "+groupId); - - this.internalAddUserToGroup(session, group, user); - - session.save(); + session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); + groupHandler.addUserToGroup(session, userId, groupId); + success = true; + session.save(); }catch(StorageHubException she ){ log.error(she.getErrorMessage(), she); GXOutboundErrorResponse.throwException(she, Response.Status.fromStatusCode(she.getStatus())); }catch(RepositoryException re ){ - log.error("jcr error creating item", re); - GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error creating item", re)); - }finally { + log.error("jcr error adding user to group", re); + GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error adding user to group", re)); + } finally { if (session!=null) session.logout(); } @@ -428,25 +268,7 @@ public class GroupManager { return success; } - private boolean internalAddUserToGroup(JackrabbitSession session, Group group, User user) throws RepositoryException, StorageHubException { - boolean success = group.addMember(user); - session.save(); - String folderName = group.getPrincipal().getName(); - Node folder = groupHandler.getFolderNodeRelatedToGroup(session, folderName); - - String userPath = Paths.append(pathUtil.getVREsPath(user.getPrincipal().getName(), session), folderName).toPath(); - log.debug("creating folder in user path {} from {}", userPath, folder.getPath() ); - session.getWorkspace().clone(session.getWorkspace().getName(), folder.getPath(),userPath , false); - - try { - session.getNode(userPath); - log.debug("the new folder exists ({}) ", userPath ); - }catch (PathNotFoundException e) { - log.debug("the new folder doesn't exists ({}) ", userPath ); - } - - return success; - } + @DELETE @Path("{groupId}/users/{userId}") @@ -459,12 +281,12 @@ public class GroupManager { boolean success = false; try { - if (!isValidGroupForContext(groupId) && !isInfraManager()) + if (!isInfraManager() && !(isVREManager() && isValidGroupForContext(groupId))) throw new UserNotAuthorizedException("only VREManager of the selected VRE can execute this operation"); session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); - success = groupHandler.removeUserFromGroup(groupId, userId, session); + success = groupHandler.removeUserFromGroup(session, groupId, userId); session.save(); }catch(StorageHubException she ){ @@ -486,35 +308,23 @@ public class GroupManager { @Produces(MediaType.APPLICATION_JSON) @AuthorizationControl(allowedRoles={VREMANAGER_ROLE, INFRASTRUCTURE_MANAGER_ROLE}) public List getUsersOfGroup(@PathParam("groupId") String groupId){ - InnerMethodName.set("getUsersOfGroup"); - JackrabbitSession session = null; List users = new ArrayList<>(); try { - - if (!isValidGroupForContext(groupId) && !isInfraManager()) + + if (!isInfraManager() && !(isVREManager() && isValidGroupForContext(groupId))) throw new UserNotAuthorizedException("only VREManager of the selected VRE can execute this operation"); session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); - - org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); - - Group group = (Group)usrManager.getAuthorizable(groupId); - - Iterator it = group.getMembers(); - - while (it.hasNext()) { - Authorizable user = it.next(); - users.add(user.getPrincipal().getName()); - } + users = groupHandler.getUsersBelongingToGroup(session, groupId); }catch (StorageHubException e) { log.error("error getting users", e); GXOutboundErrorResponse.throwException(e); }catch(RepositoryException re ){ log.error("jcr error getting users", re); GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error getting users", re)); - }finally { + } finally { if (session!=null) session.logout(); } @@ -522,51 +332,7 @@ public class GroupManager { return users; } - private void createVreFolder(String groupId, JackrabbitSession session, AccessType defaultAccessType, String owner, boolean useDefaultStorage ) throws Exception{ - - Node sharedRootNode = session.getNode(Constants.SHARED_FOLDER_PATH); - - String name = groupId; - - String currentScope = SecretManagerProvider.get().getContext(); - ContextBean bean = new ContextBean(currentScope); - while (!bean.is(Type.INFRASTRUCTURE)) { - bean = bean.enclosingScope(); - } - String root = bean.toString().replaceAll("/", ""); - - String displayName = groupId.replaceAll(root+"-[^\\-]*\\-(.*)", "$1"); - - log.info("creating vreFolder with name {} and title {} and owner {} and default storage {}", name, displayName, owner, useDefaultStorage); - - FolderCreationParameters folderParameters; - if (!useDefaultStorage) - folderParameters = FolderCreationParameters.builder().onRepository("gcube-minio").withParameters(Collections.singletonMap("bucketName", name+"-gcube-vre")).name(name).description( "VREFolder for "+groupId).author(owner).on(sharedRootNode.getIdentifier()).with(session).build(); - else - folderParameters = FolderCreationParameters.builder().name(name).description( "VREFolder for "+groupId).author(owner).on(sharedRootNode.getIdentifier()).with(session).build(); - - Node folder= Utils.createFolderInternally(folderParameters, null, useDefaultStorage); - folder.setPrimaryType(PrimaryNodeType.NT_WORKSPACE_SHARED_FOLDER); - folder.setProperty(NodeProperty.IS_VRE_FOLDER.toString(), true); - folder.setProperty(NodeProperty.TITLE.toString(), name); - folder.setProperty(NodeProperty.DISPLAY_NAME.toString(), displayName); - session.save(); - - AccessControlManager acm = session.getAccessControlManager(); - JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, folder.getPath()); - - - /*Privilege[] adminPrivileges = new Privilege[] { acm.privilegeFromName(AccessType.ADMINISTRATOR.getValue()) }; - acls.addAccessControlEntry(AccessControlUtils.getPrincipal(session, AuthorizationProvider.instance.get().getClient().getId()), adminPrivileges ); - */ - - - Privilege[] usersPrivileges = new Privilege[] { acm.privilegeFromName(defaultAccessType.getValue()) }; - acls.addAccessControlEntry(AccessControlUtils.getPrincipal(session,groupId), usersPrivileges ); - acm.setPolicy(folder.getPath(), acls); - - log.debug("vrefolder created with id {}",folder.getIdentifier()); - } + private boolean isValidGroupForContext(String group){ diff --git a/src/main/java/org/gcube/data/access/storagehub/services/UserManager.java b/src/main/java/org/gcube/data/access/storagehub/services/UserManager.java index 83b2de1..e56aacc 100644 --- a/src/main/java/org/gcube/data/access/storagehub/services/UserManager.java +++ b/src/main/java/org/gcube/data/access/storagehub/services/UserManager.java @@ -1,46 +1,20 @@ package org.gcube.data.access.storagehub.services; import java.util.ArrayList; -import java.util.Collections; -import java.util.HashSet; -import java.util.Iterator; import java.util.List; -import java.util.Set; -import java.util.function.Predicate; -import java.util.stream.Collectors; -import javax.jcr.Node; -import javax.jcr.PathNotFoundException; import javax.jcr.RepositoryException; import org.apache.jackrabbit.api.JackrabbitSession; -import org.apache.jackrabbit.api.security.user.Authorizable; -import org.apache.jackrabbit.api.security.user.Group; -import org.apache.jackrabbit.api.security.user.Query; -import org.apache.jackrabbit.api.security.user.QueryBuilder; -import org.apache.jackrabbit.api.security.user.User; -import org.apache.jackrabbit.core.security.principal.PrincipalImpl; import org.gcube.common.authorization.control.annotations.AuthorizationControl; import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse; -import org.gcube.common.storagehub.model.Excludes; -import org.gcube.common.storagehub.model.Paths; import org.gcube.common.storagehub.model.exceptions.BackendGenericError; import org.gcube.common.storagehub.model.exceptions.IdNotFoundException; -import org.gcube.common.storagehub.model.exceptions.InvalidCallParameters; import org.gcube.common.storagehub.model.exceptions.StorageHubException; -import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException; -import org.gcube.common.storagehub.model.items.Item; -import org.gcube.common.storagehub.model.items.SharedFolder; import org.gcube.common.storagehub.model.types.SHUBUser; -import org.gcube.data.access.storagehub.AuthorizationChecker; import org.gcube.data.access.storagehub.Constants; -import org.gcube.data.access.storagehub.PathUtil; import org.gcube.data.access.storagehub.StorageHubAppllicationManager; -import org.gcube.data.access.storagehub.Utils; -import org.gcube.data.access.storagehub.handlers.GroupHandler; -import org.gcube.data.access.storagehub.handlers.TrashHandler; -import org.gcube.data.access.storagehub.handlers.UnshareHandler; -import org.gcube.data.access.storagehub.handlers.items.builders.FolderCreationParameters; +import org.gcube.data.access.storagehub.handlers.UserHandler; import org.gcube.smartgears.annotations.ManagedBy; import org.gcube.smartgears.utils.InnerMethodName; import org.slf4j.Logger; @@ -50,7 +24,6 @@ import com.webcohesion.enunciate.metadata.rs.RequestHeader; import com.webcohesion.enunciate.metadata.rs.RequestHeaders; import jakarta.inject.Inject; -import jakarta.servlet.ServletContext; import jakarta.ws.rs.Consumes; import jakarta.ws.rs.DELETE; import jakarta.ws.rs.FormParam; @@ -60,140 +33,61 @@ import jakarta.ws.rs.PUT; import jakarta.ws.rs.Path; import jakarta.ws.rs.PathParam; import jakarta.ws.rs.Produces; -import jakarta.ws.rs.core.Context; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; @Path("users") @ManagedBy(StorageHubAppllicationManager.class) @RequestHeaders({ - @RequestHeader( name = "Authorization", description = "Bearer token, see https://dev.d4science.org/how-to-access-resources"), - }) + @RequestHeader(name = "Authorization", description = "Bearer token, see https://dev.d4science.org/how-to-access-resources"), }) public class UserManager { private static final String INFRASTRUCTURE_MANAGER_ROLE = "Infrastructure-Manager"; - @Context ServletContext context; - private static final Logger log = LoggerFactory.getLogger(UserManager.class); RepositoryInitializer repository = StorageHubAppllicationManager.getRepository(); @Inject - UnshareHandler unshareHandler; + UserHandler userHandler; - @Inject - AuthorizationChecker authChecker; - - @Inject - TrashHandler trashHandler; - - @Inject - GroupHandler groupHandler; - - @Inject - PathUtil pathUtil; - - private List retrieveUsers() throws Throwable{ - JackrabbitSession session = null; - List users = null; - try { - session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); - - Iterator result = session.getUserManager().findAuthorizables(new Query() { - - @Override - public void build(QueryBuilder builder) { - builder.setSelector(User.class); - } - }); - - Set usersSet= new HashSet<>(); - String adminUser = Constants.ADMIN_USER; - Node homeNode = session.getNode("/Home"); - - while (result.hasNext()) { - Authorizable user = result.next(); - log.debug("user {} found",user.getPrincipal().getName()); - if (user.getPrincipal().getName().equals(adminUser)) continue; - - long homeVersion = -1; - try { - Node userHome = homeNode.getNode(user.getPrincipal().getName()); - if(userHome.hasProperty(Constants.HOME_VERSION_PROP)) - homeVersion = userHome.getProperty(Constants.HOME_VERSION_PROP).getLong(); - else homeVersion = 0; - - usersSet.add(new SHUBUser(user.getPrincipal().getName(), homeVersion)); - - }catch (Exception e) { - log.warn("error retrieving user {} home", user.getPrincipal().getName()); - } - - } - - users = new ArrayList<>(usersSet); - Collections.sort(users); - - } finally { - if (session!=null) - session.logout(); - } - return users; - } - - @GET @Path("") @Produces(MediaType.APPLICATION_JSON) - public List getUsers(){ - + public List getUsers() { InnerMethodName.set("getUsers"); + JackrabbitSession session = null; try { - return retrieveUsers(); - }catch (Throwable e) { + session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); + return userHandler.getAllUsers(null); + } catch (Throwable e) { log.error("jcr error getting users", e); GXOutboundErrorResponse.throwException(new BackendGenericError(e)); + } finally { + if (session != null) + session.logout(); } return null; } - - @GET @Path("{user}") - public SHUBUser getUser(@PathParam("user") String user){ + public SHUBUser getUser(@PathParam("user") String user) { InnerMethodName.set("getUser"); JackrabbitSession session = null; try { session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); - - org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); - Authorizable authorizable = usrManager.getAuthorizable(user); - - if (authorizable != null && !authorizable.isGroup()) { - long homeVersion = -1; - try { - Node homeNode = session.getNode("/Home"); - Node userHome = homeNode.getNode(authorizable.getPrincipal().getName()); - if(userHome.hasProperty(Constants.HOME_VERSION_PROP)) - homeVersion = userHome.getProperty(Constants.HOME_VERSION_PROP).getLong(); - else homeVersion = 0; - }catch (Exception e) { - log.warn("error retrieving user {} home", authorizable.getPrincipal().getName(), e ); - } - - return new SHUBUser(authorizable.getPrincipal().getName(), homeVersion); - } - log.debug("user {} not found", user); - - }catch(Exception e) { + userHandler.getUser(session, user); + } catch (StorageHubException se) { + log.error("error getting user", se); + GXOutboundErrorResponse.throwException(se); + } catch (Exception e) { log.error("jcr error getting user", e); GXOutboundErrorResponse.throwException(new BackendGenericError(e)); } finally { - if (session!=null) + if (session != null) session.logout(); } @@ -205,8 +99,8 @@ public class UserManager { @POST @Path("") @Consumes(MediaType.APPLICATION_FORM_URLENCODED) - @AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}) - public String createUser(@FormParam("user") String user, @FormParam("password") String password){ + @AuthorizationControl(allowedRoles = { INFRASTRUCTURE_MANAGER_ROLE }) + public String createUser(@FormParam("user") String user, @FormParam("password") String password) { InnerMethodName.set("createUser"); @@ -215,45 +109,17 @@ public class UserManager { try { session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); - - org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); - - User createdUser = usrManager.createUser(user, password); - - userId = createdUser.getID(); - - Node homeNode = session.getNode("/Home"); - Node userHome = homeNode.addNode(user, "nthl:home"); - - userHome.setProperty(Constants.HOME_VERSION_PROP, 1l); - - //creating workspace folder - FolderCreationParameters wsFolderParameters = FolderCreationParameters.builder().name(Constants.WORKSPACE_ROOT_FOLDER_NAME).description("workspace of "+user).author(user).on(userHome.getIdentifier()).with(session).build(); - Utils.createFolderInternally(wsFolderParameters, null, true); - //creating thrash folder - FolderCreationParameters trashFolderParameters = FolderCreationParameters.builder().name(Constants.TRASH_ROOT_FOLDER_NAME).description("trash of "+user).author(user).on(userHome.getIdentifier()).with(session).build(); - Utils.createFolderInternally(trashFolderParameters, null, true); - //creating Vre container folder - FolderCreationParameters vreFolderParameters = FolderCreationParameters.builder().name(Constants.PERSONAL_VRES_FOLDER_PARENT_NAME).description("vre folder container of "+user).author(user).on(userHome.getIdentifier()).with(session).build(); - Utils.createFolderInternally(vreFolderParameters, null, true); - - //creating inbox folder - FolderCreationParameters inboxFolderParameters = FolderCreationParameters.builder().name(Constants.INBOX_FOLDER_NAME).description("inbox of "+user).author(user).on(userHome.getIdentifier()).with(session).build(); - Utils.createFolderInternally(inboxFolderParameters, null, true); - - //creating outbox folder - FolderCreationParameters outboxFolderParameters = FolderCreationParameters.builder().name(Constants.OUTBOX_FOLDER_NAME).description("outbox of "+user).author(user).on(userHome.getIdentifier()).with(session).build(); - Utils.createFolderInternally(outboxFolderParameters, null, true); + userId = userHandler.createUser(session, user, password); session.save(); - }catch(StorageHubException she ){ + } catch (StorageHubException she) { log.error(she.getErrorMessage(), she); GXOutboundErrorResponse.throwException(she, Response.Status.fromStatusCode(she.getStatus())); - }catch(RepositoryException re ){ + } catch (RepositoryException re) { log.error("jcr error creating item", re); GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error creating item", re)); } finally { - if (session!=null) + if (session != null) session.logout(); } @@ -263,8 +129,8 @@ public class UserManager { @PUT @Path("{user}") @Consumes(MediaType.APPLICATION_FORM_URLENCODED) - @AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}) - public String updateHomeUserToLatestVersion(@PathParam("user") String user){ + @AuthorizationControl(allowedRoles = { INFRASTRUCTURE_MANAGER_ROLE }) + public String updateHomeUserToLatestVersion(@PathParam("user") String user) { InnerMethodName.set("updateHomeUserToLatestVersion"); @@ -273,78 +139,27 @@ public class UserManager { try { session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); - - org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); - - Authorizable auth = usrManager.getAuthorizable(user); - if( auth==null || auth.isGroup()) - throw new InvalidCallParameters("invalid user passed"); - - Node homeNode = session.getNode("/Home"); - Node userHome = homeNode.getNode(user); - - if (userHome == null) - throw new BackendGenericError("home for user {} not found"); - - /* - //creating workspace folder - FolderCreationParameters wsFolderParameters = FolderCreationParameters.builder().name(Constants.WORKSPACE_ROOT_FOLDER_NAME).description("workspace of "+user).author(user).on(userHome.getIdentifier()).with(session).build(); - Utils.createFolderInternally(wsFolderParameters, null, true); - */ - - //updating thrash folder - if (!userHome.hasProperty(Constants.HOME_VERSION_PROP) || userHome.getProperty(Constants.HOME_VERSION_PROP).getLong()<1) { - org.gcube.common.storagehub.model.Path workspacePath = Paths.append(Paths.getPath(userHome.getPath()),Constants.WORKSPACE_ROOT_FOLDER_NAME); - Boolean oldTrashExists = session.nodeExists(Paths.append(workspacePath, Constants.TRASH_ROOT_FOLDER_NAME).toPath()); - if (oldTrashExists) - session.move(Paths.append(workspacePath, Constants.TRASH_ROOT_FOLDER_NAME).toPath(), Paths.append(Paths.getPath(userHome.getPath()), Constants.TRASH_ROOT_FOLDER_NAME).toPath()); - else { - FolderCreationParameters trashFolderParameters = FolderCreationParameters.builder().name(Constants.TRASH_ROOT_FOLDER_NAME).description("trash of "+user).author(user).on(userHome.getIdentifier()).with(session).build(); - Utils.createFolderInternally(trashFolderParameters, null, true); - } - - Boolean oldVresExists = session.nodeExists(Paths.append(workspacePath, Constants.OLD_VRE_FOLDER_PARENT_NAME).toPath()); - - if (oldVresExists) - session.move(Paths.append(workspacePath, Constants.OLD_VRE_FOLDER_PARENT_NAME).toPath(), Paths.append(Paths.getPath(userHome.getPath()), Constants.PERSONAL_VRES_FOLDER_PARENT_NAME).toPath()); - else { - //creating Vre container folder - FolderCreationParameters vreFolderParameters = FolderCreationParameters.builder().name(Constants.PERSONAL_VRES_FOLDER_PARENT_NAME).description("vre folder container of "+user).author(user).on(userHome.getIdentifier()).with(session).build(); - Utils.createFolderInternally(vreFolderParameters, null, true); - } - } - - /* - //creating inbox folder - FolderCreationParameters inboxFolderParameters = FolderCreationParameters.builder().name(Constants.INBOX_FOLDER_NAME).description("inbox of "+user).author(user).on(userHome.getIdentifier()).with(session).build(); - Utils.createFolderInternally(inboxFolderParameters, null, true); - - //creating outbox folder - FolderCreationParameters outboxFolderParameters = FolderCreationParameters.builder().name(Constants.OUTBOX_FOLDER_NAME).description("outbox of "+user).author(user).on(userHome.getIdentifier()).with(session).build(); - Utils.createFolderInternally(outboxFolderParameters, null, true); - */ - - userHome.setProperty(Constants.HOME_VERSION_PROP, 1l); + userId = userHandler.updateHomeUserToLatestVersion(session, userId); + session.save(); - }catch(StorageHubException she ){ + } catch (StorageHubException she) { log.error(she.getErrorMessage(), she); GXOutboundErrorResponse.throwException(she, Response.Status.fromStatusCode(she.getStatus())); - }catch(RepositoryException re ){ + } catch (RepositoryException re) { log.error("jcr error creating item", re); GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error creating item", re)); } finally { - if (session!=null) + if (session != null) session.logout(); } return userId; } - @DELETE @Path("{user}") - @AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}) - public String deleteUser(@PathParam("user") final String user){ + @AuthorizationControl(allowedRoles = { INFRASTRUCTURE_MANAGER_ROLE }) + public String deleteUser(@PathParam("user") final String user) { InnerMethodName.set("deleteUser"); @@ -353,33 +168,17 @@ public class UserManager { session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); - org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); - - User authorizable = (User) usrManager.getAuthorizable(new PrincipalImpl(user)); - - if (authorizable!=null) - removeUserFromBelongingGroup(session, authorizable, usrManager); - else log.warn("user was already deleted from jackrabbit, trying to delete folders"); - - unshareUsersFolders(session, user); - - removeUserHomeAndDeleteFiles(session, user); - - //FINALIZE user removal - if (authorizable!=null && !authorizable.isGroup()) { - log.info("removing user {}", user); - authorizable.remove(); - } else log.warn("the user {} was already deleted, it should never happen", user); - + userHandler.deleteUser(session, user); + session.save(); - }catch(StorageHubException she ){ + } catch (StorageHubException she) { log.error(she.getErrorMessage(), she); GXOutboundErrorResponse.throwException(she, Response.Status.fromStatusCode(she.getStatus())); - }catch(RepositoryException re ){ + } catch (RepositoryException re) { log.error("jcr error creating item", re); GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error creating item", re)); } finally { - if (session!=null) + if (session != null) session.logout(); } @@ -389,129 +188,25 @@ public class UserManager { @GET @Path("{user}/groups") @Produces(MediaType.APPLICATION_JSON) - public List getGroupsPerUser(@PathParam("user") final String user){ + public List getGroupsPerUser(@PathParam("user") final String user) { InnerMethodName.set("getGroupsPerUser"); - + JackrabbitSession session = null; - List groups= new ArrayList<>(); + List groups = new ArrayList<>(); try { session = (JackrabbitSession) repository.getRepository().login(Constants.JCR_CREDENTIALS); - - org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); - User authUser = (User) usrManager.getAuthorizable(new PrincipalImpl(user)); - - Iterator groupsAuth =authUser.memberOf(); - while (groupsAuth.hasNext()) { - Authorizable group = groupsAuth.next(); - groups.add(group.getPrincipal().getName()); - - } - }catch(RepositoryException re ){ + + userHandler.getGroupsPerUser(session, user); + } catch (RepositoryException re) { log.error("jcr error creating item", re); GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error creating item", re)); } finally { - if (session!=null) + if (session != null) session.logout(); } return groups; } + - private void removeUserFromBelongingGroup(JackrabbitSession session, User authorizable, org.apache.jackrabbit.api.security.user.UserManager usrManager) throws RepositoryException, StorageHubException { - Iterator groups = session.getUserManager().findAuthorizables(new Query() { - - @Override - public void build(QueryBuilder builder) { - builder.setSelector(Group.class); - } - }); - - - - String user = authorizable.getPrincipal().getName(); - while(groups.hasNext()) { - Authorizable group = groups.next(); - log.info("group found {}", group.getPrincipal().getName() ); - if (group.isGroup() && ((Group)group).isMember(authorizable)) { - - boolean success = groupHandler.removeUserFromGroup(group.getPrincipal().getName(), user, session); - log.warn("user {} {} removed from vre {}",user,success?"":"not" ,group.getPrincipal().getName()); - } - } - } - - private void unshareUsersFolders(JackrabbitSession session, String user){ - try { - - Node sharedFolderNode = session.getNode(Constants.SHARED_FOLDER_PATH); - - Predicate sharedWithUserChecker = new Predicate() { - - @Override - public boolean test(Node t) { - try { - authChecker.checkReadAuthorizationControl(t.getSession(), user, t.getIdentifier()); - return true; - } catch (UserNotAuthorizedException | BackendGenericError | RepositoryException e) { - return false; - } - } - }; - - List items = Utils.getItemList(sharedWithUserChecker, sharedFolderNode, Excludes.ALL, null, false, SharedFolder.class); - - log.debug(" Shared folder to unshare found are {}", items.size()); - - for (SharedFolder item: items) { - String title = item.getTitle(); - log.debug("in list folder name {} with title {} and path {} ",item.getName(), title, item.getPath()); - if (item.isPublicItem() && !item.getUsers().getMap().containsKey(user)) continue; - if (item.isVreFolder()) continue; - - log.info("removing sharing for folder name {} with title {} and path {} ",item.getName(), title, item.getPath()); - String owner = item.getOwner(); - - Set usersToUnshare= owner.equals(user)? Collections.emptySet():Collections.singleton(user); - - try { - unshareHandler.unshareForRemoval(session, usersToUnshare, session.getNodeByIdentifier(item.getId()), user); - }catch (Throwable e) { - log.warn("error unsharing folder with title '{}' and id {} ", title, item.getId(), e); - } - } - } catch (Throwable t) { - log.warn("error getting folder shared with {}",user, t); - } - } - - private void removeUserHomeAndDeleteFiles(JackrabbitSession session, String user) throws RepositoryException, StorageHubException { - org.gcube.common.storagehub.model.Path homePath = pathUtil.getHome(user); - org.gcube.common.storagehub.model.Path workspacePath = pathUtil.getWorkspacePath(user); - - - try { - Node workspaceNode = session.getNode(workspacePath.toPath()); - List workspaceItems = Utils.getItemList(workspaceNode, Excludes.GET_ONLY_CONTENT, null, true, null).stream().filter(i -> !i.isShared()).collect(Collectors.toList()); - trashHandler.removeOnlyNodesContent(session, workspaceItems); - } catch (PathNotFoundException e) { - log.warn("{} workspace dir {} was already deleted", user, homePath.toPath()); - } - - try { - org.gcube.common.storagehub.model.Path trashPath = pathUtil.getTrashPath(user, session); - Node trashNode = session.getNode(trashPath.toPath()); - List trashItems = Utils.getItemList(trashNode, Excludes.ALL, null, true, null); - trashHandler.removeOnlyNodesContent(session, trashItems); - } catch (PathNotFoundException e) { - log.warn("{} trash dir {} was already deleted", user, homePath.toPath()); - } - - try { - Node homeNode = session.getNode(homePath.toPath()); - homeNode.remove(); - } catch (PathNotFoundException e) { - log.warn("{} home dir {} was already deleted", user, homePath.toPath()); - } - } - }