From 6e69de91d0a407f54c23f898957d1827dc7f8462 Mon Sep 17 00:00:00 2001 From: lucio Date: Sun, 5 Apr 2020 11:37:15 +0200 Subject: [PATCH] solved an error on authorization for deleted user --- .../storagehub/AuthorizationChecker.java | 27 ++++++++++++------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/src/main/java/org/gcube/data/access/storagehub/AuthorizationChecker.java b/src/main/java/org/gcube/data/access/storagehub/AuthorizationChecker.java index 016be27..392ccfd 100644 --- a/src/main/java/org/gcube/data/access/storagehub/AuthorizationChecker.java +++ b/src/main/java/org/gcube/data/access/storagehub/AuthorizationChecker.java @@ -27,9 +27,9 @@ import org.slf4j.LoggerFactory; @Singleton public class AuthorizationChecker { - + private static Logger log = LoggerFactory.getLogger(AuthorizationChecker.class); - + @Inject Node2ItemConverter node2Item; @@ -42,13 +42,13 @@ public class AuthorizationChecker { if (item==null) throw new UserNotAuthorizedException("Insufficent Privileges for user "+login+" to read node with id "+id+": it's not a valid StorageHub node"); - - + + if (item.isShared()) { SharedFolder parentShared = node2Item.getItem(retrieveSharedFolderParent(node, session), Excludes.EXCLUDE_ACCOUNTING); - + if (parentShared.getUsers().getMap().keySet().contains(login)) return; - + //CHECKING ACL FOR VREFOLDER AND SHARED FOLDER JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentShared.getPath()); AccessControlEntry[] entries = accessControlList.getAccessControlEntries(); @@ -56,9 +56,18 @@ public class AuthorizationChecker { for (AccessControlEntry entry: entries) { log.debug("checking access right for {} with compared with {}",login, entry.getPrincipal()); Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(entry.getPrincipal()); - //TODO; check why sometimes the next line gets a nullpointer - if (!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) return; - if (authorizable.isGroup() && ((Group) authorizable).isMember(userAuthorizable)) return; + + if (authorizable==null) { + log.warn("{} doesn't have a correspondant auhtorizable object, check it ", entry.getPrincipal()); + continue; + } + + try { + if (!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) return; + if (authorizable.isGroup() && ((Group) authorizable).isMember(userAuthorizable)) return; + }catch (Throwable e) { + log.warn("someting went wrong checking authorizations",e); + } } throw new UserNotAuthorizedException("Insufficent Privileges for user "+login+" to read node with id "+id);