git-svn-id: https://svn.d4science-ii.research-infrastructures.eu/gcube/branches/data-access/storagehub-webapp/1.0@179048 82a268e6-3cf1-43bd-a215-b396298e98cf

5 years ago · 95261236f4
parent 270c07514d
commit 95261236f4
3 changed files with 28 additions and 24 deletions
--- a/src/main/java/org/gcube/data/access/storagehub/AuthorizationChecker.java
+++ b/src/main/java/org/gcube/data/access/storagehub/AuthorizationChecker.java
@ -1,6 +1,6 @@
 package org.gcube.data.access.storagehub;

-import java.security.acl.Group;
+import org.apache.jackrabbit.api.security.user.Group;

 import javax.inject.Inject;
 import javax.inject.Singleton;
@ -45,11 +45,11 @@ public class AuthorizationChecker {
 			//CHECKING ACL FOR VREFOLDER AND SHARED FOLDER
 			JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentShared.getPath());
 			AccessControlEntry[] entries = accessControlList.getAccessControlEntries();
-
+			Authorizable UserAuthorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(login);
 			for (AccessControlEntry entry: entries) {
 				Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(entry.getPrincipal());
 				if (!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) return;
-				if (authorizable.isGroup() && ((Group) authorizable).isMember(entry.getPrincipal())) return;
+				if (authorizable.isGroup() && ((Group) authorizable).isMember(UserAuthorizable)) return;
 			}
 			throw new UserNotAuthorizedException("Insufficent Provileges for user "+login+" to read node with id "+id);

@ -82,10 +82,11 @@ public class AuthorizationChecker {
 			Node parentSharedNode = retrieveSharedFolderParent(node, session);
 			JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentSharedNode.getPath());
 			AccessControlEntry[] entries = accessControlList.getAccessControlEntries();
+			Authorizable UserAuthorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(login);
 			//put it in a different method
 			for (AccessControlEntry entry: entries) {
-				Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(id);
-				if ((!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) || (authorizable.isGroup() && ((Group) authorizable).isMember(entry.getPrincipal()))){
+				Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(entry.getPrincipal());
+				if ((!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) || (authorizable.isGroup() && ((Group) authorizable).isMember(UserAuthorizable))){
 					for (Privilege privilege : entry.getPrivileges()){
 						AccessType access = AccessType.fromValue(privilege.getName());
 						if (isNewItem && access!=AccessType.READ_ONLY)
--- a/src/main/java/org/gcube/data/access/storagehub/services/ItemsCreator.java
+++ b/src/main/java/org/gcube/data/access/storagehub/services/ItemsCreator.java
@ -185,9 +185,9 @@ public class ItemsCreator {

 			authChecker.checkWriteAuthorizationControl(ses, destination.getIdentifier(), true);

-			
+
 			Utils.acquireLockWithWait(ses, destination.getPath(), false, login, 10);
-			
+
 			Node newNode;
 			try {
 				newNode = Utils.createGcubeItemInternally(ses, destination, item.getName(), item.getDescription(), login, item, accountingHandler);
@ -239,7 +239,7 @@ public class ItemsCreator {

 			log.info("session: {}",ses.toString());

-			Node newNode = createFileItemInternally(ses, destination,  stream, name, description, login);
+			Node newNode = createFileItemInternally(ses, destination,  stream, name, description, login, true);
 			ses.save();

 			versionHandler.checkinContentNode(newNode, ses);
@ -266,7 +266,7 @@ public class ItemsCreator {



-	private Node createFileItemInternally(Session ses, Node destinationNode,  InputStream stream, String name, String description, String login) throws RepositoryException, UserNotAuthorizedException, ItemLockedException, BackendGenericError{
+	private Node createFileItemInternally(Session ses, Node destinationNode,  InputStream stream, String name, String description, String login, boolean withLock) throws RepositoryException, UserNotAuthorizedException, ItemLockedException, BackendGenericError{

 		ContentHandler handler = getContentHandler(stream , name, destinationNode.getPath(), login);

@ -282,12 +282,13 @@ public class ItemsCreator {
 		try {
 			newNode = ses.getNode(org.gcube.common.storagehub.model.Paths.append(org.gcube.common.storagehub.model.Paths.getPath(destinationNode.getPath()), name).toPath());
 			authChecker.checkWriteAuthorizationControl(ses, newNode.getIdentifier(), false);
-			try {
-				ses.getWorkspace().getLockManager().lock(newNode.getPath(), true, true, 0,login);
-			}catch (LockException le) {
-				throw new ItemLockedException(le);
+			if (withLock) {
+				try {
+					ses.getWorkspace().getLockManager().lock(newNode.getPath(), true, true, 0,login);
+				}catch (LockException le) {
+					throw new ItemLockedException(le);
+				}
 			}
-
 			try {
 				versionHandler.checkoutContentNode(newNode, ses);
 				log.trace("replacing content of class {}",item.getContent().getClass());
@ -295,21 +296,23 @@ public class ItemsCreator {
 				accountingHandler.createFileUpdated(item.getTitle(), ses, newNode, false);
 				ses.save();
 			}finally {
-				ses.getWorkspace().getLockManager().unlock(newNode.getPath());
+				if (withLock) ses.getWorkspace().getLockManager().unlock(newNode.getPath());
 			}
 		}catch(PathNotFoundException pnf) {
 			authChecker.checkWriteAuthorizationControl(ses, destinationNode.getIdentifier(), true);
-			try {
-				log.debug("trying to acquire lock");
-				Utils.acquireLockWithWait(ses, destinationNode.getPath(), false, login, 10);
-			}catch (LockException le) {
-				throw new ItemLockedException(le);
+			if (withLock) {
+				try {
+					log.debug("trying to acquire lock");
+					Utils.acquireLockWithWait(ses, destinationNode.getPath(), false, login, 10);
+				}catch (LockException le) {
+					throw new ItemLockedException(le);
+				}
 			}
 			try {
 				newNode = item2Node.getNode(destinationNode, item);	
 				ses.save();
 			}finally {
-				ses.getWorkspace().getLockManager().unlock(destinationNode.getPath());
+				if (withLock) ses.getWorkspace().getLockManager().unlock(destinationNode.getPath());
 			}
 			versionHandler.makeVersionableContent(newNode, ses);
 			accountingHandler.createFolderAddObj(name, item.getClass().getSimpleName(), item.getContent().getMimeType(), ses, newNode, false);
@ -389,10 +392,10 @@ public class ItemsCreator {
 							log.debug("creating file with entire path {}, name {}, parentPath {} ", entirePath, name, parentPath);
 							Node fileNode = null;
 							if (parentPath.isEmpty())
-								fileNode = createFileItemInternally(ses, parentDirectoryNode, input, name, "", login);
+								fileNode = createFileItemInternally(ses, parentDirectoryNode, input, name, "", login, false);
 							else { 
 								Node parentNode = directoryNodeMap.get(parentPath);
-								fileNode = createFileItemInternally(ses, parentNode, input, name, "", login);
+								fileNode = createFileItemInternally(ses, parentNode, input, name, "", login, false);
 							}
 							fileNodes.add(fileNode);
 						}catch(Exception e) {
--- a/src/main/webapp/WEB-INF/README
+++ b/src/main/webapp/WEB-INF/README
@ -25,7 +25,7 @@ no. 654119), SoBigData (grant no. 654024), AGINFRA PLUS (grant no. 731001).
 Version
 --------------------------------------------------
 
-1.0.5-SNAPSHOT (2019-04-12)
+1.0.5-SNAPSHOT (2019-04-15)
 
 Please see the file named "changelog.xml" in this directory for the release notes.