search excludes not authorized node from the results

This commit is contained in:
lucio 2020-03-17 13:40:41 +01:00
parent 9e3b5f08e0
commit a7ee9afb76
5 changed files with 21 additions and 19 deletions

View File

@ -12,7 +12,7 @@
<modelVersion>4.0.0</modelVersion> <modelVersion>4.0.0</modelVersion>
<groupId>org.gcube.data.access</groupId> <groupId>org.gcube.data.access</groupId>
<artifactId>storagehub</artifactId> <artifactId>storagehub</artifactId>
<version>1.1.0</version> <version>1.1.0-SNAPSHOT</version>
<name>storagehub</name> <name>storagehub</name>
<scm> <scm>

View File

@ -1,7 +1,5 @@
package org.gcube.data.access.storagehub; package org.gcube.data.access.storagehub;
import org.apache.jackrabbit.api.security.user.Group;
import javax.inject.Inject; import javax.inject.Inject;
import javax.inject.Singleton; import javax.inject.Singleton;
import javax.jcr.Node; import javax.jcr.Node;
@ -13,6 +11,7 @@ import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitSession; import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils; import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.gcube.common.authorization.library.provider.AuthorizationProvider; import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.storagehub.model.Excludes; import org.gcube.common.storagehub.model.Excludes;
@ -26,9 +25,6 @@ import org.gcube.data.access.storagehub.handlers.Node2ItemConverter;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import lombok.extern.java.Log;
import lombok.extern.log4j.Log4j;
@Singleton @Singleton
public class AuthorizationChecker { public class AuthorizationChecker {

View File

@ -36,6 +36,7 @@ import org.gcube.common.storagehub.model.Excludes;
import org.gcube.common.storagehub.model.Paths; import org.gcube.common.storagehub.model.Paths;
import org.gcube.common.storagehub.model.exceptions.BackendGenericError; import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
import org.gcube.common.storagehub.model.exceptions.ItemLockedException; import org.gcube.common.storagehub.model.exceptions.ItemLockedException;
import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException;
import org.gcube.common.storagehub.model.items.AbstractFileItem; import org.gcube.common.storagehub.model.items.AbstractFileItem;
import org.gcube.common.storagehub.model.items.ExternalLink; import org.gcube.common.storagehub.model.items.ExternalLink;
import org.gcube.common.storagehub.model.items.FolderItem; import org.gcube.common.storagehub.model.items.FolderItem;
@ -110,16 +111,16 @@ public class Utils {
} }
public static <T extends Item> List<T> serachByNameOnFolder(Session ses, Node parent, List<String> excludes, Range range, boolean showHidden, boolean excludeTrashed, Class<? extends Item> nodeTypeToInclude, String nameParam) throws RepositoryException, BackendGenericError{ public static <T extends Item> List<T> serachByNameOnFolder(Session ses, AuthorizationChecker authChecker, Node parent, List<String> excludes, Range range, boolean showHidden, boolean excludeTrashed, Class<? extends Item> nodeTypeToInclude, String nameParam) throws RepositoryException, BackendGenericError{
String xpath = String.format("/jcr:root%s//element(*,nthl:workspaceItem)[jcr:like(fn:lower-case(@jcr:title), '%s')]",ISO9075.encodePath(parent.getPath()), nameParam.toLowerCase()); String xpath = String.format("/jcr:root%s//element(*,nthl:workspaceItem)[jcr:like(fn:lower-case(@jcr:title), '%s')]",ISO9075.encodePath(parent.getPath()), nameParam.toLowerCase());
//String query = String.format("SELECT * FROM [nthl:workspaceLeafItem] AS node WHERE ISDESCENDANTNODE('%s') ORDER BY node.[jcr:lastModified] DESC ",vreFolder.getPath()); //String query = String.format("SELECT * FROM [nthl:workspaceLeafItem] AS node WHERE ISDESCENDANTNODE('%s') ORDER BY node.[jcr:lastModified] DESC ",vreFolder.getPath());
logger.trace("query for search is {}",xpath); logger.debug("query for search is {}",xpath);
long start = System.currentTimeMillis();
Query jcrQuery = ses.getWorkspace().getQueryManager().createQuery(xpath, Query.XPATH); Query jcrQuery = ses.getWorkspace().getQueryManager().createQuery(xpath, Query.XPATH);
NodeIterator it = jcrQuery.execute().getNodes(); NodeIterator it = jcrQuery.execute().getNodes();
return getItemListFromNodeIterator(parent, it, excludes, range, showHidden, excludeTrashed, nodeTypeToInclude); logger.debug("[SEARCH] real search took {} millis",(System.currentTimeMillis()-start));
return getItemListFromNodeIterator(authChecker, it, excludes, range, showHidden, excludeTrashed, nodeTypeToInclude);
} }
@ -131,7 +132,7 @@ public class Utils {
return getItemListFromNodeIterator(null, iterator, excludes, range, showHidden, false, nodeTypeToInclude); return getItemListFromNodeIterator(null, iterator, excludes, range, showHidden, false, nodeTypeToInclude);
} }
private static <T extends Item> List<T> getItemListFromNodeIterator(Node parent, NodeIterator iterator, List<String> excludes, Range range, boolean showHidden, boolean excludeTrashed, Class<? extends Item> nodeTypeToInclude) throws RepositoryException, BackendGenericError{ private static <T extends Item> List<T> getItemListFromNodeIterator(AuthorizationChecker authChecker, NodeIterator iterator, List<String> excludes, Range range, boolean showHidden, boolean excludeTrashed, Class<? extends Item> nodeTypeToInclude) throws RepositoryException, BackendGenericError{
List<T> returnList = new ArrayList<T>(); List<T> returnList = new ArrayList<T>();
logger.trace("nodeType is {}",nodeTypeToInclude); logger.trace("nodeType is {}",nodeTypeToInclude);
@ -141,15 +142,20 @@ public class Utils {
while (iterator.hasNext()){ while (iterator.hasNext()){
Node current = iterator.nextNode(); Node current = iterator.nextNode();
if (parent!=null && !current.getPath().startsWith(parent.getPath())) logger.debug("[SEARCH] evaluating node {} ",current.hasProperty(NodeProperty.TITLE.toString())? current.getProperty(NodeProperty.TITLE.toString()):current.getName());
continue;
logger.trace("current node "+current.getName()); //ECLUDES node not authorized, in case the indexes are not working
if (authChecker!=null)
try {
authChecker.checkReadAuthorizationControl(current.getSession(), current.getIdentifier());
} catch (UserNotAuthorizedException | BackendGenericError | RepositoryException e) {
continue;
}
if (isToExclude(current, showHidden)) if (isToExclude(current, showHidden))
continue; continue;
logger.trace("current node not excluded "+current.getName()); logger.debug("[SEARCH] current node not excluded {} ",current.hasProperty(NodeProperty.TITLE.toString())? current.getProperty(NodeProperty.TITLE.toString()):current.getName());
if (range==null || (count>=range.getStart() && returnList.size()<range.getLimit())) { if (range==null || (count>=range.getStart() && returnList.size()<range.getLimit())) {
T item = node2Item.getFilteredItem(current, excludes, nodeTypeToInclude); T item = node2Item.getFilteredItem(current, excludes, nodeTypeToInclude);

View File

@ -324,7 +324,7 @@ public class ItemsManager {
log.debug("search for node {}",name); log.debug("search for node {}",name);
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context)); ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkReadAuthorizationControl(ses, id); authChecker.checkReadAuthorizationControl(ses, id);
toReturn = Utils.serachByNameOnFolder(ses, ses.getNodeByIdentifier(id), excludes, null, showHidden==null?false:showHidden,excludeTrashed==true?false:excludeTrashed , nodeType!=null ? ClassHandler.instance().get(nodeType) : null, name); toReturn = Utils.serachByNameOnFolder(ses, authChecker, ses.getNodeByIdentifier(id), excludes, null, showHidden==null?false:showHidden,excludeTrashed==true?false:excludeTrashed , nodeType!=null ? ClassHandler.instance().get(nodeType) : null, name);
log.debug("search retrieved {} elements",toReturn.size()); log.debug("search retrieved {} elements",toReturn.size());
}catch (ItemNotFoundException e) { }catch (ItemNotFoundException e) {
log.error("id {} not found",id,e); log.error("id {} not found",id,e);

View File

@ -25,7 +25,7 @@ The projects leading to this software have received funding from a series of
Version Version
-------------------------------------------------- --------------------------------------------------
1.1.0-SNAPSHOT (2020-03-16) 1.1.0-SNAPSHOT (2020-03-17)
Please see the file named "changelog.xml" in this directory for the release notes. Please see the file named "changelog.xml" in this directory for the release notes.