gCubeSystem
/
storagehub
16
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

git-svn-id: https://svn.d4science-ii.research-infrastructures.eu/gcube/branches/data-access/storagehub-webapp/1.0@179019 82a268e6-3cf1-43bd-a215-b396298e98cf

This commit is contained in:
Lucio Lelii 2019-04-12 14:35:33 +00:00
parent e39371b8aa
commit 44767cfa41
2 changed files with 41 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/main/java/org/gcube/data/access/storagehub/AuthorizationChecker.java
View File

@ -1,5 +1,7 @@
package org.gcube.data.access.storagehub;
import java.security.acl.Group;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.jcr.Node;
@ -8,7 +10,9 @@ import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.storagehub.model.Excludes;
@ -41,10 +45,14 @@ public class AuthorizationChecker {
//CHECKING ACL FOR VREFOLDER AND SHARED FOLDER
JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentShared.getPath());
AccessControlEntry[] entries = accessControlList.getAccessControlEntries();
for (AccessControlEntry entry: entries)
if (entry.getPrincipal().getName().equals(login) || (parentShared.isVreFolder() && entry.getPrincipal().getName().equals(parentShared.getTitle())))
return;
for (AccessControlEntry entry: entries) {
Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(id);
if (!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) return;
if (authorizable.isGroup() && ((Group) authorizable).isMember(entry.getPrincipal())) return;
}
throw new UserNotAuthorizedException("Insufficent Provileges for user "+login+" to read node with id "+id);
} else if (item.getOwner()==null || !item.getOwner().equals(login))
throw new UserNotAuthorizedException("Insufficent Provileges for user "+login+" to read node with id "+id);
@ -75,9 +83,9 @@ public class AuthorizationChecker {
JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentSharedNode.getPath());
AccessControlEntry[] entries = accessControlList.getAccessControlEntries();
//put it in a different method
SharedFolder parentShared = node2Item.getItem(parentSharedNode, Excludes.EXCLUDE_ACCOUNTING);
for (AccessControlEntry entry: entries) {
if (entry.getPrincipal().getName().equals(login) || (parentShared.isVreFolder() && entry.getPrincipal().getName().equals(parentShared.getTitle()))) {
Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(id);
if ((!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) || (authorizable.isGroup() && ((Group) authorizable).isMember(entry.getPrincipal()))){
for (Privilege privilege : entry.getPrivileges()){
AccessType access = AccessType.fromValue(privilege.getName());
if (isNewItem && access!=AccessType.READ_ONLY)
@ -88,18 +96,16 @@ public class AuthorizationChecker {
return;
}
}
}
throw new UserNotAuthorizedException("Insufficent Provileges for user "+login+" to write into node with id "+id);
}
}
} else
if(item.getOwner().equals(login))
return;
throw new UserNotAuthorizedException("Insufficent Provileges for user "+login+" to write into node with id "+id);
}
public void checkMoveOpsForProtectedFolders(Session session, String id) throws InvalidCallParameters, BackendGenericError, RepositoryException {
Node node = session.getNodeByIdentifier(id);
Item item = node2Item.getItem(node, Excludes.ALL);

2
src/main/webapp/WEB-INF/README
View File

@ -25,7 +25,7 @@ no. 654119), SoBigData (grant no. 654024), AGINFRA PLUS (grant no. 731001).
Version
--------------------------------------------------
1.0.5-SNAPSHOT (2019-04-09)
1.0.5-SNAPSHOT (2019-04-11)
Please see the file named "changelog.xml" in this directory for the release notes.