git-svn-id: https://svn.d4science-ii.research-infrastructures.eu/gcube/branches/data-access/storagehub-webapp/1.0@179048 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
parent
270c07514d
commit
95261236f4
|
@ -1,6 +1,6 @@
|
||||||
package org.gcube.data.access.storagehub;
|
package org.gcube.data.access.storagehub;
|
||||||
|
|
||||||
import java.security.acl.Group;
|
import org.apache.jackrabbit.api.security.user.Group;
|
||||||
|
|
||||||
import javax.inject.Inject;
|
import javax.inject.Inject;
|
||||||
import javax.inject.Singleton;
|
import javax.inject.Singleton;
|
||||||
|
@ -45,11 +45,11 @@ public class AuthorizationChecker {
|
||||||
//CHECKING ACL FOR VREFOLDER AND SHARED FOLDER
|
//CHECKING ACL FOR VREFOLDER AND SHARED FOLDER
|
||||||
JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentShared.getPath());
|
JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentShared.getPath());
|
||||||
AccessControlEntry[] entries = accessControlList.getAccessControlEntries();
|
AccessControlEntry[] entries = accessControlList.getAccessControlEntries();
|
||||||
|
Authorizable UserAuthorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(login);
|
||||||
for (AccessControlEntry entry: entries) {
|
for (AccessControlEntry entry: entries) {
|
||||||
Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(entry.getPrincipal());
|
Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(entry.getPrincipal());
|
||||||
if (!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) return;
|
if (!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) return;
|
||||||
if (authorizable.isGroup() && ((Group) authorizable).isMember(entry.getPrincipal())) return;
|
if (authorizable.isGroup() && ((Group) authorizable).isMember(UserAuthorizable)) return;
|
||||||
}
|
}
|
||||||
throw new UserNotAuthorizedException("Insufficent Provileges for user "+login+" to read node with id "+id);
|
throw new UserNotAuthorizedException("Insufficent Provileges for user "+login+" to read node with id "+id);
|
||||||
|
|
||||||
|
@ -82,10 +82,11 @@ public class AuthorizationChecker {
|
||||||
Node parentSharedNode = retrieveSharedFolderParent(node, session);
|
Node parentSharedNode = retrieveSharedFolderParent(node, session);
|
||||||
JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentSharedNode.getPath());
|
JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentSharedNode.getPath());
|
||||||
AccessControlEntry[] entries = accessControlList.getAccessControlEntries();
|
AccessControlEntry[] entries = accessControlList.getAccessControlEntries();
|
||||||
|
Authorizable UserAuthorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(login);
|
||||||
//put it in a different method
|
//put it in a different method
|
||||||
for (AccessControlEntry entry: entries) {
|
for (AccessControlEntry entry: entries) {
|
||||||
Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(id);
|
Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(entry.getPrincipal());
|
||||||
if ((!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) || (authorizable.isGroup() && ((Group) authorizable).isMember(entry.getPrincipal()))){
|
if ((!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) || (authorizable.isGroup() && ((Group) authorizable).isMember(UserAuthorizable))){
|
||||||
for (Privilege privilege : entry.getPrivileges()){
|
for (Privilege privilege : entry.getPrivileges()){
|
||||||
AccessType access = AccessType.fromValue(privilege.getName());
|
AccessType access = AccessType.fromValue(privilege.getName());
|
||||||
if (isNewItem && access!=AccessType.READ_ONLY)
|
if (isNewItem && access!=AccessType.READ_ONLY)
|
||||||
|
|
|
@ -185,9 +185,9 @@ public class ItemsCreator {
|
||||||
|
|
||||||
authChecker.checkWriteAuthorizationControl(ses, destination.getIdentifier(), true);
|
authChecker.checkWriteAuthorizationControl(ses, destination.getIdentifier(), true);
|
||||||
|
|
||||||
|
|
||||||
Utils.acquireLockWithWait(ses, destination.getPath(), false, login, 10);
|
Utils.acquireLockWithWait(ses, destination.getPath(), false, login, 10);
|
||||||
|
|
||||||
Node newNode;
|
Node newNode;
|
||||||
try {
|
try {
|
||||||
newNode = Utils.createGcubeItemInternally(ses, destination, item.getName(), item.getDescription(), login, item, accountingHandler);
|
newNode = Utils.createGcubeItemInternally(ses, destination, item.getName(), item.getDescription(), login, item, accountingHandler);
|
||||||
|
@ -239,7 +239,7 @@ public class ItemsCreator {
|
||||||
|
|
||||||
log.info("session: {}",ses.toString());
|
log.info("session: {}",ses.toString());
|
||||||
|
|
||||||
Node newNode = createFileItemInternally(ses, destination, stream, name, description, login);
|
Node newNode = createFileItemInternally(ses, destination, stream, name, description, login, true);
|
||||||
ses.save();
|
ses.save();
|
||||||
|
|
||||||
versionHandler.checkinContentNode(newNode, ses);
|
versionHandler.checkinContentNode(newNode, ses);
|
||||||
|
@ -266,7 +266,7 @@ public class ItemsCreator {
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
private Node createFileItemInternally(Session ses, Node destinationNode, InputStream stream, String name, String description, String login) throws RepositoryException, UserNotAuthorizedException, ItemLockedException, BackendGenericError{
|
private Node createFileItemInternally(Session ses, Node destinationNode, InputStream stream, String name, String description, String login, boolean withLock) throws RepositoryException, UserNotAuthorizedException, ItemLockedException, BackendGenericError{
|
||||||
|
|
||||||
ContentHandler handler = getContentHandler(stream , name, destinationNode.getPath(), login);
|
ContentHandler handler = getContentHandler(stream , name, destinationNode.getPath(), login);
|
||||||
|
|
||||||
|
@ -282,12 +282,13 @@ public class ItemsCreator {
|
||||||
try {
|
try {
|
||||||
newNode = ses.getNode(org.gcube.common.storagehub.model.Paths.append(org.gcube.common.storagehub.model.Paths.getPath(destinationNode.getPath()), name).toPath());
|
newNode = ses.getNode(org.gcube.common.storagehub.model.Paths.append(org.gcube.common.storagehub.model.Paths.getPath(destinationNode.getPath()), name).toPath());
|
||||||
authChecker.checkWriteAuthorizationControl(ses, newNode.getIdentifier(), false);
|
authChecker.checkWriteAuthorizationControl(ses, newNode.getIdentifier(), false);
|
||||||
try {
|
if (withLock) {
|
||||||
ses.getWorkspace().getLockManager().lock(newNode.getPath(), true, true, 0,login);
|
try {
|
||||||
}catch (LockException le) {
|
ses.getWorkspace().getLockManager().lock(newNode.getPath(), true, true, 0,login);
|
||||||
throw new ItemLockedException(le);
|
}catch (LockException le) {
|
||||||
|
throw new ItemLockedException(le);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
versionHandler.checkoutContentNode(newNode, ses);
|
versionHandler.checkoutContentNode(newNode, ses);
|
||||||
log.trace("replacing content of class {}",item.getContent().getClass());
|
log.trace("replacing content of class {}",item.getContent().getClass());
|
||||||
|
@ -295,21 +296,23 @@ public class ItemsCreator {
|
||||||
accountingHandler.createFileUpdated(item.getTitle(), ses, newNode, false);
|
accountingHandler.createFileUpdated(item.getTitle(), ses, newNode, false);
|
||||||
ses.save();
|
ses.save();
|
||||||
}finally {
|
}finally {
|
||||||
ses.getWorkspace().getLockManager().unlock(newNode.getPath());
|
if (withLock) ses.getWorkspace().getLockManager().unlock(newNode.getPath());
|
||||||
}
|
}
|
||||||
}catch(PathNotFoundException pnf) {
|
}catch(PathNotFoundException pnf) {
|
||||||
authChecker.checkWriteAuthorizationControl(ses, destinationNode.getIdentifier(), true);
|
authChecker.checkWriteAuthorizationControl(ses, destinationNode.getIdentifier(), true);
|
||||||
try {
|
if (withLock) {
|
||||||
log.debug("trying to acquire lock");
|
try {
|
||||||
Utils.acquireLockWithWait(ses, destinationNode.getPath(), false, login, 10);
|
log.debug("trying to acquire lock");
|
||||||
}catch (LockException le) {
|
Utils.acquireLockWithWait(ses, destinationNode.getPath(), false, login, 10);
|
||||||
throw new ItemLockedException(le);
|
}catch (LockException le) {
|
||||||
|
throw new ItemLockedException(le);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
newNode = item2Node.getNode(destinationNode, item);
|
newNode = item2Node.getNode(destinationNode, item);
|
||||||
ses.save();
|
ses.save();
|
||||||
}finally {
|
}finally {
|
||||||
ses.getWorkspace().getLockManager().unlock(destinationNode.getPath());
|
if (withLock) ses.getWorkspace().getLockManager().unlock(destinationNode.getPath());
|
||||||
}
|
}
|
||||||
versionHandler.makeVersionableContent(newNode, ses);
|
versionHandler.makeVersionableContent(newNode, ses);
|
||||||
accountingHandler.createFolderAddObj(name, item.getClass().getSimpleName(), item.getContent().getMimeType(), ses, newNode, false);
|
accountingHandler.createFolderAddObj(name, item.getClass().getSimpleName(), item.getContent().getMimeType(), ses, newNode, false);
|
||||||
|
@ -389,10 +392,10 @@ public class ItemsCreator {
|
||||||
log.debug("creating file with entire path {}, name {}, parentPath {} ", entirePath, name, parentPath);
|
log.debug("creating file with entire path {}, name {}, parentPath {} ", entirePath, name, parentPath);
|
||||||
Node fileNode = null;
|
Node fileNode = null;
|
||||||
if (parentPath.isEmpty())
|
if (parentPath.isEmpty())
|
||||||
fileNode = createFileItemInternally(ses, parentDirectoryNode, input, name, "", login);
|
fileNode = createFileItemInternally(ses, parentDirectoryNode, input, name, "", login, false);
|
||||||
else {
|
else {
|
||||||
Node parentNode = directoryNodeMap.get(parentPath);
|
Node parentNode = directoryNodeMap.get(parentPath);
|
||||||
fileNode = createFileItemInternally(ses, parentNode, input, name, "", login);
|
fileNode = createFileItemInternally(ses, parentNode, input, name, "", login, false);
|
||||||
}
|
}
|
||||||
fileNodes.add(fileNode);
|
fileNodes.add(fileNode);
|
||||||
}catch(Exception e) {
|
}catch(Exception e) {
|
||||||
|
|
|
@ -25,7 +25,7 @@ no. 654119), SoBigData (grant no. 654024), AGINFRA PLUS (grant no. 731001).
|
||||||
Version
|
Version
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
|
|
||||||
1.0.5-SNAPSHOT (2019-04-12)
|
1.0.5-SNAPSHOT (2019-04-15)
|
||||||
|
|
||||||
Please see the file named "changelog.xml" in this directory for the release notes.
|
Please see the file named "changelog.xml" in this directory for the release notes.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue