diff --git a/src/main/java/org/gcube/data/access/storagehub/AuthorizationChecker.java b/src/main/java/org/gcube/data/access/storagehub/AuthorizationChecker.java index ca235c8..2feac3e 100644 --- a/src/main/java/org/gcube/data/access/storagehub/AuthorizationChecker.java +++ b/src/main/java/org/gcube/data/access/storagehub/AuthorizationChecker.java @@ -1,6 +1,6 @@ package org.gcube.data.access.storagehub; -import java.security.acl.Group; +import org.apache.jackrabbit.api.security.user.Group; import javax.inject.Inject; import javax.inject.Singleton; @@ -45,11 +45,11 @@ public class AuthorizationChecker { //CHECKING ACL FOR VREFOLDER AND SHARED FOLDER JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentShared.getPath()); AccessControlEntry[] entries = accessControlList.getAccessControlEntries(); - + Authorizable UserAuthorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(login); for (AccessControlEntry entry: entries) { Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(entry.getPrincipal()); if (!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) return; - if (authorizable.isGroup() && ((Group) authorizable).isMember(entry.getPrincipal())) return; + if (authorizable.isGroup() && ((Group) authorizable).isMember(UserAuthorizable)) return; } throw new UserNotAuthorizedException("Insufficent Provileges for user "+login+" to read node with id "+id); @@ -82,10 +82,11 @@ public class AuthorizationChecker { Node parentSharedNode = retrieveSharedFolderParent(node, session); JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentSharedNode.getPath()); AccessControlEntry[] entries = accessControlList.getAccessControlEntries(); + Authorizable UserAuthorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(login); //put it in a different method for (AccessControlEntry entry: entries) { - Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(id); - if ((!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) || (authorizable.isGroup() && ((Group) authorizable).isMember(entry.getPrincipal()))){ + Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(entry.getPrincipal()); + if ((!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) || (authorizable.isGroup() && ((Group) authorizable).isMember(UserAuthorizable))){ for (Privilege privilege : entry.getPrivileges()){ AccessType access = AccessType.fromValue(privilege.getName()); if (isNewItem && access!=AccessType.READ_ONLY) diff --git a/src/main/java/org/gcube/data/access/storagehub/services/ItemsCreator.java b/src/main/java/org/gcube/data/access/storagehub/services/ItemsCreator.java index 222fe85..9c902cb 100644 --- a/src/main/java/org/gcube/data/access/storagehub/services/ItemsCreator.java +++ b/src/main/java/org/gcube/data/access/storagehub/services/ItemsCreator.java @@ -185,9 +185,9 @@ public class ItemsCreator { authChecker.checkWriteAuthorizationControl(ses, destination.getIdentifier(), true); - + Utils.acquireLockWithWait(ses, destination.getPath(), false, login, 10); - + Node newNode; try { newNode = Utils.createGcubeItemInternally(ses, destination, item.getName(), item.getDescription(), login, item, accountingHandler); @@ -239,7 +239,7 @@ public class ItemsCreator { log.info("session: {}",ses.toString()); - Node newNode = createFileItemInternally(ses, destination, stream, name, description, login); + Node newNode = createFileItemInternally(ses, destination, stream, name, description, login, true); ses.save(); versionHandler.checkinContentNode(newNode, ses); @@ -266,7 +266,7 @@ public class ItemsCreator { - private Node createFileItemInternally(Session ses, Node destinationNode, InputStream stream, String name, String description, String login) throws RepositoryException, UserNotAuthorizedException, ItemLockedException, BackendGenericError{ + private Node createFileItemInternally(Session ses, Node destinationNode, InputStream stream, String name, String description, String login, boolean withLock) throws RepositoryException, UserNotAuthorizedException, ItemLockedException, BackendGenericError{ ContentHandler handler = getContentHandler(stream , name, destinationNode.getPath(), login); @@ -282,12 +282,13 @@ public class ItemsCreator { try { newNode = ses.getNode(org.gcube.common.storagehub.model.Paths.append(org.gcube.common.storagehub.model.Paths.getPath(destinationNode.getPath()), name).toPath()); authChecker.checkWriteAuthorizationControl(ses, newNode.getIdentifier(), false); - try { - ses.getWorkspace().getLockManager().lock(newNode.getPath(), true, true, 0,login); - }catch (LockException le) { - throw new ItemLockedException(le); + if (withLock) { + try { + ses.getWorkspace().getLockManager().lock(newNode.getPath(), true, true, 0,login); + }catch (LockException le) { + throw new ItemLockedException(le); + } } - try { versionHandler.checkoutContentNode(newNode, ses); log.trace("replacing content of class {}",item.getContent().getClass()); @@ -295,21 +296,23 @@ public class ItemsCreator { accountingHandler.createFileUpdated(item.getTitle(), ses, newNode, false); ses.save(); }finally { - ses.getWorkspace().getLockManager().unlock(newNode.getPath()); + if (withLock) ses.getWorkspace().getLockManager().unlock(newNode.getPath()); } }catch(PathNotFoundException pnf) { authChecker.checkWriteAuthorizationControl(ses, destinationNode.getIdentifier(), true); - try { - log.debug("trying to acquire lock"); - Utils.acquireLockWithWait(ses, destinationNode.getPath(), false, login, 10); - }catch (LockException le) { - throw new ItemLockedException(le); + if (withLock) { + try { + log.debug("trying to acquire lock"); + Utils.acquireLockWithWait(ses, destinationNode.getPath(), false, login, 10); + }catch (LockException le) { + throw new ItemLockedException(le); + } } try { newNode = item2Node.getNode(destinationNode, item); ses.save(); }finally { - ses.getWorkspace().getLockManager().unlock(destinationNode.getPath()); + if (withLock) ses.getWorkspace().getLockManager().unlock(destinationNode.getPath()); } versionHandler.makeVersionableContent(newNode, ses); accountingHandler.createFolderAddObj(name, item.getClass().getSimpleName(), item.getContent().getMimeType(), ses, newNode, false); @@ -389,10 +392,10 @@ public class ItemsCreator { log.debug("creating file with entire path {}, name {}, parentPath {} ", entirePath, name, parentPath); Node fileNode = null; if (parentPath.isEmpty()) - fileNode = createFileItemInternally(ses, parentDirectoryNode, input, name, "", login); + fileNode = createFileItemInternally(ses, parentDirectoryNode, input, name, "", login, false); else { Node parentNode = directoryNodeMap.get(parentPath); - fileNode = createFileItemInternally(ses, parentNode, input, name, "", login); + fileNode = createFileItemInternally(ses, parentNode, input, name, "", login, false); } fileNodes.add(fileNode); }catch(Exception e) { diff --git a/src/main/webapp/WEB-INF/README b/src/main/webapp/WEB-INF/README index a32cb8e..489d2fa 100644 --- a/src/main/webapp/WEB-INF/README +++ b/src/main/webapp/WEB-INF/README @@ -25,7 +25,7 @@ no. 654119), SoBigData (grant no. 654024), AGINFRA PLUS (grant no. 731001). Version -------------------------------------------------- -1.0.5-SNAPSHOT (2019-04-12) +1.0.5-SNAPSHOT (2019-04-15) Please see the file named "changelog.xml" in this directory for the release notes.