diff --git a/src/main/java/org/gcube/data/access/storagehub/services/GroupManager.java b/src/main/java/org/gcube/data/access/storagehub/services/GroupManager.java index 77da7af..cbee116 100644 --- a/src/main/java/org/gcube/data/access/storagehub/services/GroupManager.java +++ b/src/main/java/org/gcube/data/access/storagehub/services/GroupManager.java @@ -7,6 +7,7 @@ import java.util.List; import javax.inject.Inject; import javax.jcr.Node; import javax.jcr.NodeIterator; +import javax.jcr.PathNotFoundException; import javax.jcr.security.AccessControlManager; import javax.jcr.security.Privilege; import javax.servlet.ServletContext; @@ -30,14 +31,17 @@ import org.apache.jackrabbit.api.security.user.Query; import org.apache.jackrabbit.api.security.user.QueryBuilder; import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils; +import org.gcube.common.authorization.control.annotations.AuthorizationControl; import org.gcube.common.authorization.library.provider.AuthorizationProvider; import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse; import org.gcube.common.storagehub.model.acls.AccessType; import org.gcube.common.storagehub.model.exceptions.BackendGenericError; +import org.gcube.common.storagehub.model.exceptions.InvalidItemException; import org.gcube.common.storagehub.model.types.NodeProperty; import org.gcube.common.storagehub.model.types.PrimaryNodeType; import org.gcube.data.access.storagehub.Constants; import org.gcube.data.access.storagehub.Utils; +import org.gcube.data.access.storagehub.exception.MyAuthException; import org.gcube.data.access.storagehub.handlers.CredentialHandler; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -55,7 +59,7 @@ public class GroupManager { @GET @Path("") @Produces(MediaType.APPLICATION_JSON) - //@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) + @AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) public List getGroups(){ JackrabbitSession session = null; @@ -89,7 +93,7 @@ public class GroupManager { @POST @Path("") @Consumes(MediaType.APPLICATION_FORM_URLENCODED) - //@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) + @AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) public String createGroup(@FormParam("group") String group, @FormParam("accessType") AccessType accessType){ JackrabbitSession session = null; @@ -118,7 +122,7 @@ public class GroupManager { @DELETE @Path("{group}") - //@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) + @AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) public String deleteGroup(@PathParam("group") String group){ JackrabbitSession session = null; @@ -128,8 +132,7 @@ public class GroupManager { org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); try { - Node sharedRootNode = session.getNode(Constants.SHARED_FOLDER_PATH); - sharedRootNode.getNode(group).removeSharedSet(); + getVreFolderNode(session, group).removeSharedSet(); }catch (Exception e) { log.warn("vreFolder {} not found, removing only the group", group); } @@ -151,7 +154,7 @@ public class GroupManager { @PUT @Path("{id}") @Consumes(MediaType.APPLICATION_FORM_URLENCODED) - //@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) + @AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) public boolean addUserToGroup(@PathParam("id") String groupId, @FormParam("userId") String userId){ JackrabbitSession session = null; @@ -167,8 +170,7 @@ public class GroupManager { success = group.addMember(user); String folderName = group.getPrincipal().getName(); - Node sharedRootNode = session.getNode(Constants.SHARED_FOLDER_PATH); - Node folder = sharedRootNode.getNode(folderName); + Node folder = getVreFolderNode(session, folderName); String userPath = String.format("%s%s/%s",Utils.getWorkspacePath(user.getPrincipal().getName()).toPath(),Constants.VRE_FOLDER_PARENT_NAME, folderName); log.debug("creating folder in user path {}", userPath ); @@ -188,7 +190,7 @@ public class GroupManager { @DELETE @Path("{groupId}/users/{userId}") - //@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) + @AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) public boolean removeUserFromGroup(@PathParam("groupId") String groupId, @PathParam("userId") String userId){ JackrabbitSession session = null; @@ -203,8 +205,7 @@ public class GroupManager { //delete folder on user String folderName = group.getPrincipal().getName(); - Node sharedRootNode = session.getNode(Constants.SHARED_FOLDER_PATH); - Node folder = sharedRootNode.getNode(folderName); + Node folder = getVreFolderNode(session, folderName); NodeIterator ni = folder.getSharedSet(); while (ni.hasNext()) { @@ -232,7 +233,7 @@ public class GroupManager { @GET @Path("{groupId}/users") @Produces(MediaType.APPLICATION_JSON) - //@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) + @AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) public List getUsersOfGroup(@PathParam("groupId") String groupId){ JackrabbitSession session = null; @@ -288,5 +289,28 @@ public class GroupManager { acm.setPolicy(folder.getPath(), acls); } + + private Node getVreFolderNode(JackrabbitSession session, String name) throws InvalidItemException, Exception { + Node sharedRootNode = session.getNode(Constants.SHARED_FOLDER_PATH); + + Node vreFolder = null; + try { + vreFolder = sharedRootNode.getNode(name); + }catch (PathNotFoundException e) { + log.debug("is an old HL VRE"); + } + + NodeIterator nodes = sharedRootNode.getNodes(); + while (nodes.hasNext()) { + Node node = nodes.nextNode(); + if (node.getProperty(NodeProperty.TITLE.toString()).getString().equals(name)) { + vreFolder= node; + break; + } + } + + if (vreFolder==null) throw new InvalidItemException("vre folder not found"); + return vreFolder; + } } diff --git a/src/main/java/org/gcube/data/access/storagehub/services/UserManager.java b/src/main/java/org/gcube/data/access/storagehub/services/UserManager.java index 951f7cf..fddb7e1 100644 --- a/src/main/java/org/gcube/data/access/storagehub/services/UserManager.java +++ b/src/main/java/org/gcube/data/access/storagehub/services/UserManager.java @@ -27,13 +27,11 @@ import org.apache.jackrabbit.api.security.user.Query; import org.apache.jackrabbit.api.security.user.QueryBuilder; import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.core.security.principal.PrincipalImpl; -import org.gcube.common.authorization.control.annotations.AuthorizationControl; import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse; import org.gcube.common.storagehub.model.exceptions.BackendGenericError; import org.gcube.common.storagehub.model.types.NodeProperty; import org.gcube.data.access.storagehub.Constants; import org.gcube.data.access.storagehub.Utils; -import org.gcube.data.access.storagehub.exception.MyAuthException; import org.gcube.data.access.storagehub.handlers.CredentialHandler; import org.gcube.data.access.storagehub.handlers.UnshareHandler; import org.slf4j.Logger;