git-svn-id: https://svn.d4science-ii.research-infrastructures.eu/gcube/branches/data-access/storagehub-webapp/1.0@179048 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
parent
270c07514d
commit
95261236f4
|
|
@ -1,6 +1,6 @@
|
|||
package org.gcube.data.access.storagehub;
|
||||
|
||||
import java.security.acl.Group;
|
||||
import org.apache.jackrabbit.api.security.user.Group;
|
||||
|
||||
import javax.inject.Inject;
|
||||
import javax.inject.Singleton;
|
||||
|
|
@ -45,11 +45,11 @@ public class AuthorizationChecker {
|
|||
//CHECKING ACL FOR VREFOLDER AND SHARED FOLDER
|
||||
JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentShared.getPath());
|
||||
AccessControlEntry[] entries = accessControlList.getAccessControlEntries();
|
||||
|
||||
Authorizable UserAuthorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(login);
|
||||
for (AccessControlEntry entry: entries) {
|
||||
Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(entry.getPrincipal());
|
||||
if (!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) return;
|
||||
if (authorizable.isGroup() && ((Group) authorizable).isMember(entry.getPrincipal())) return;
|
||||
if (authorizable.isGroup() && ((Group) authorizable).isMember(UserAuthorizable)) return;
|
||||
}
|
||||
throw new UserNotAuthorizedException("Insufficent Provileges for user "+login+" to read node with id "+id);
|
||||
|
||||
|
|
@ -82,10 +82,11 @@ public class AuthorizationChecker {
|
|||
Node parentSharedNode = retrieveSharedFolderParent(node, session);
|
||||
JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentSharedNode.getPath());
|
||||
AccessControlEntry[] entries = accessControlList.getAccessControlEntries();
|
||||
Authorizable UserAuthorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(login);
|
||||
//put it in a different method
|
||||
for (AccessControlEntry entry: entries) {
|
||||
Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(id);
|
||||
if ((!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) || (authorizable.isGroup() && ((Group) authorizable).isMember(entry.getPrincipal()))){
|
||||
Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(entry.getPrincipal());
|
||||
if ((!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) || (authorizable.isGroup() && ((Group) authorizable).isMember(UserAuthorizable))){
|
||||
for (Privilege privilege : entry.getPrivileges()){
|
||||
AccessType access = AccessType.fromValue(privilege.getName());
|
||||
if (isNewItem && access!=AccessType.READ_ONLY)
|
||||
|
|
|
|||
|
|
@ -185,9 +185,9 @@ public class ItemsCreator {
|
|||
|
||||
authChecker.checkWriteAuthorizationControl(ses, destination.getIdentifier(), true);
|
||||
|
||||
|
||||
|
||||
Utils.acquireLockWithWait(ses, destination.getPath(), false, login, 10);
|
||||
|
||||
|
||||
Node newNode;
|
||||
try {
|
||||
newNode = Utils.createGcubeItemInternally(ses, destination, item.getName(), item.getDescription(), login, item, accountingHandler);
|
||||
|
|
@ -239,7 +239,7 @@ public class ItemsCreator {
|
|||
|
||||
log.info("session: {}",ses.toString());
|
||||
|
||||
Node newNode = createFileItemInternally(ses, destination, stream, name, description, login);
|
||||
Node newNode = createFileItemInternally(ses, destination, stream, name, description, login, true);
|
||||
ses.save();
|
||||
|
||||
versionHandler.checkinContentNode(newNode, ses);
|
||||
|
|
@ -266,7 +266,7 @@ public class ItemsCreator {
|
|||
|
||||
|
||||
|
||||
private Node createFileItemInternally(Session ses, Node destinationNode, InputStream stream, String name, String description, String login) throws RepositoryException, UserNotAuthorizedException, ItemLockedException, BackendGenericError{
|
||||
private Node createFileItemInternally(Session ses, Node destinationNode, InputStream stream, String name, String description, String login, boolean withLock) throws RepositoryException, UserNotAuthorizedException, ItemLockedException, BackendGenericError{
|
||||
|
||||
ContentHandler handler = getContentHandler(stream , name, destinationNode.getPath(), login);
|
||||
|
||||
|
|
@ -282,12 +282,13 @@ public class ItemsCreator {
|
|||
try {
|
||||
newNode = ses.getNode(org.gcube.common.storagehub.model.Paths.append(org.gcube.common.storagehub.model.Paths.getPath(destinationNode.getPath()), name).toPath());
|
||||
authChecker.checkWriteAuthorizationControl(ses, newNode.getIdentifier(), false);
|
||||
try {
|
||||
ses.getWorkspace().getLockManager().lock(newNode.getPath(), true, true, 0,login);
|
||||
}catch (LockException le) {
|
||||
throw new ItemLockedException(le);
|
||||
if (withLock) {
|
||||
try {
|
||||
ses.getWorkspace().getLockManager().lock(newNode.getPath(), true, true, 0,login);
|
||||
}catch (LockException le) {
|
||||
throw new ItemLockedException(le);
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
versionHandler.checkoutContentNode(newNode, ses);
|
||||
log.trace("replacing content of class {}",item.getContent().getClass());
|
||||
|
|
@ -295,21 +296,23 @@ public class ItemsCreator {
|
|||
accountingHandler.createFileUpdated(item.getTitle(), ses, newNode, false);
|
||||
ses.save();
|
||||
}finally {
|
||||
ses.getWorkspace().getLockManager().unlock(newNode.getPath());
|
||||
if (withLock) ses.getWorkspace().getLockManager().unlock(newNode.getPath());
|
||||
}
|
||||
}catch(PathNotFoundException pnf) {
|
||||
authChecker.checkWriteAuthorizationControl(ses, destinationNode.getIdentifier(), true);
|
||||
try {
|
||||
log.debug("trying to acquire lock");
|
||||
Utils.acquireLockWithWait(ses, destinationNode.getPath(), false, login, 10);
|
||||
}catch (LockException le) {
|
||||
throw new ItemLockedException(le);
|
||||
if (withLock) {
|
||||
try {
|
||||
log.debug("trying to acquire lock");
|
||||
Utils.acquireLockWithWait(ses, destinationNode.getPath(), false, login, 10);
|
||||
}catch (LockException le) {
|
||||
throw new ItemLockedException(le);
|
||||
}
|
||||
}
|
||||
try {
|
||||
newNode = item2Node.getNode(destinationNode, item);
|
||||
ses.save();
|
||||
}finally {
|
||||
ses.getWorkspace().getLockManager().unlock(destinationNode.getPath());
|
||||
if (withLock) ses.getWorkspace().getLockManager().unlock(destinationNode.getPath());
|
||||
}
|
||||
versionHandler.makeVersionableContent(newNode, ses);
|
||||
accountingHandler.createFolderAddObj(name, item.getClass().getSimpleName(), item.getContent().getMimeType(), ses, newNode, false);
|
||||
|
|
@ -389,10 +392,10 @@ public class ItemsCreator {
|
|||
log.debug("creating file with entire path {}, name {}, parentPath {} ", entirePath, name, parentPath);
|
||||
Node fileNode = null;
|
||||
if (parentPath.isEmpty())
|
||||
fileNode = createFileItemInternally(ses, parentDirectoryNode, input, name, "", login);
|
||||
fileNode = createFileItemInternally(ses, parentDirectoryNode, input, name, "", login, false);
|
||||
else {
|
||||
Node parentNode = directoryNodeMap.get(parentPath);
|
||||
fileNode = createFileItemInternally(ses, parentNode, input, name, "", login);
|
||||
fileNode = createFileItemInternally(ses, parentNode, input, name, "", login, false);
|
||||
}
|
||||
fileNodes.add(fileNode);
|
||||
}catch(Exception e) {
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ no. 654119), SoBigData (grant no. 654024), AGINFRA PLUS (grant no. 731001).
|
|||
Version
|
||||
--------------------------------------------------
|
||||
|
||||
1.0.5-SNAPSHOT (2019-04-12)
|
||||
1.0.5-SNAPSHOT (2019-04-15)
|
||||
|
||||
Please see the file named "changelog.xml" in this directory for the release notes.
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue