gCubeSystem
/
storagehub
15
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

solved an error on authorization for deleted user

This commit is contained in:
lucio 2020-04-05 11:37:15 +02:00
parent 62fe5a77a0
commit 6e69de91d0
1 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/main/java/org/gcube/data/access/storagehub/AuthorizationChecker.java
View File

@ -27,9 +27,9 @@ import org.slf4j.LoggerFactory;
@Singleton @Singleton
public class AuthorizationChecker { public class AuthorizationChecker {
private static Logger log = LoggerFactory.getLogger(AuthorizationChecker.class); private static Logger log = LoggerFactory.getLogger(AuthorizationChecker.class);
@Inject @Inject
Node2ItemConverter node2Item; Node2ItemConverter node2Item;
@ -42,13 +42,13 @@ public class AuthorizationChecker {
if (item==null) throw new UserNotAuthorizedException("Insufficent Privileges for user "+login+" to read node with id "+id+": it's not a valid StorageHub node"); if (item==null) throw new UserNotAuthorizedException("Insufficent Privileges for user "+login+" to read node with id "+id+": it's not a valid StorageHub node");
if (item.isShared()) { if (item.isShared()) {
SharedFolder parentShared = node2Item.getItem(retrieveSharedFolderParent(node, session), Excludes.EXCLUDE_ACCOUNTING); SharedFolder parentShared = node2Item.getItem(retrieveSharedFolderParent(node, session), Excludes.EXCLUDE_ACCOUNTING);
if (parentShared.getUsers().getMap().keySet().contains(login)) return; if (parentShared.getUsers().getMap().keySet().contains(login)) return;
//CHECKING ACL FOR VREFOLDER AND SHARED FOLDER //CHECKING ACL FOR VREFOLDER AND SHARED FOLDER
JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentShared.getPath()); JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentShared.getPath());
AccessControlEntry[] entries = accessControlList.getAccessControlEntries(); AccessControlEntry[] entries = accessControlList.getAccessControlEntries();
@ -56,9 +56,18 @@ public class AuthorizationChecker {
for (AccessControlEntry entry: entries) { for (AccessControlEntry entry: entries) {
log.debug("checking access right for {} with compared with {}",login, entry.getPrincipal()); log.debug("checking access right for {} with compared with {}",login, entry.getPrincipal());
Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(entry.getPrincipal()); Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(entry.getPrincipal());
//TODO; check why sometimes the next line gets a nullpointer
if (!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) return; if (authorizable==null) {
if (authorizable.isGroup() && ((Group) authorizable).isMember(userAuthorizable)) return; log.warn("{} doesn't have a correspondant auhtorizable object, check it ", entry.getPrincipal());
continue;
}
try {
if (!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) return;
if (authorizable.isGroup() && ((Group) authorizable).isMember(userAuthorizable)) return;
}catch (Throwable e) {
log.warn("someting went wrong checking authorizations",e);
}
} }
throw new UserNotAuthorizedException("Insufficent Privileges for user "+login+" to read node with id "+id); throw new UserNotAuthorizedException("Insufficent Privileges for user "+login+" to read node with id "+id);