search excludes not authorized node from the results
This commit is contained in:
parent
9e3b5f08e0
commit
a7ee9afb76
2
pom.xml
2
pom.xml
|
@ -12,7 +12,7 @@
|
||||||
<modelVersion>4.0.0</modelVersion>
|
<modelVersion>4.0.0</modelVersion>
|
||||||
<groupId>org.gcube.data.access</groupId>
|
<groupId>org.gcube.data.access</groupId>
|
||||||
<artifactId>storagehub</artifactId>
|
<artifactId>storagehub</artifactId>
|
||||||
<version>1.1.0</version>
|
<version>1.1.0-SNAPSHOT</version>
|
||||||
<name>storagehub</name>
|
<name>storagehub</name>
|
||||||
|
|
||||||
<scm>
|
<scm>
|
||||||
|
|
|
@ -1,7 +1,5 @@
|
||||||
package org.gcube.data.access.storagehub;
|
package org.gcube.data.access.storagehub;
|
||||||
|
|
||||||
import org.apache.jackrabbit.api.security.user.Group;
|
|
||||||
|
|
||||||
import javax.inject.Inject;
|
import javax.inject.Inject;
|
||||||
import javax.inject.Singleton;
|
import javax.inject.Singleton;
|
||||||
import javax.jcr.Node;
|
import javax.jcr.Node;
|
||||||
|
@ -13,6 +11,7 @@ import javax.jcr.security.Privilege;
|
||||||
import org.apache.jackrabbit.api.JackrabbitSession;
|
import org.apache.jackrabbit.api.JackrabbitSession;
|
||||||
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
|
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
|
||||||
import org.apache.jackrabbit.api.security.user.Authorizable;
|
import org.apache.jackrabbit.api.security.user.Authorizable;
|
||||||
|
import org.apache.jackrabbit.api.security.user.Group;
|
||||||
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
|
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
|
||||||
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
||||||
import org.gcube.common.storagehub.model.Excludes;
|
import org.gcube.common.storagehub.model.Excludes;
|
||||||
|
@ -26,9 +25,6 @@ import org.gcube.data.access.storagehub.handlers.Node2ItemConverter;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
import lombok.extern.java.Log;
|
|
||||||
import lombok.extern.log4j.Log4j;
|
|
||||||
|
|
||||||
@Singleton
|
@Singleton
|
||||||
public class AuthorizationChecker {
|
public class AuthorizationChecker {
|
||||||
|
|
||||||
|
|
|
@ -36,6 +36,7 @@ import org.gcube.common.storagehub.model.Excludes;
|
||||||
import org.gcube.common.storagehub.model.Paths;
|
import org.gcube.common.storagehub.model.Paths;
|
||||||
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
|
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
|
||||||
import org.gcube.common.storagehub.model.exceptions.ItemLockedException;
|
import org.gcube.common.storagehub.model.exceptions.ItemLockedException;
|
||||||
|
import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException;
|
||||||
import org.gcube.common.storagehub.model.items.AbstractFileItem;
|
import org.gcube.common.storagehub.model.items.AbstractFileItem;
|
||||||
import org.gcube.common.storagehub.model.items.ExternalLink;
|
import org.gcube.common.storagehub.model.items.ExternalLink;
|
||||||
import org.gcube.common.storagehub.model.items.FolderItem;
|
import org.gcube.common.storagehub.model.items.FolderItem;
|
||||||
|
@ -110,16 +111,16 @@ public class Utils {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
public static <T extends Item> List<T> serachByNameOnFolder(Session ses, Node parent, List<String> excludes, Range range, boolean showHidden, boolean excludeTrashed, Class<? extends Item> nodeTypeToInclude, String nameParam) throws RepositoryException, BackendGenericError{
|
public static <T extends Item> List<T> serachByNameOnFolder(Session ses, AuthorizationChecker authChecker, Node parent, List<String> excludes, Range range, boolean showHidden, boolean excludeTrashed, Class<? extends Item> nodeTypeToInclude, String nameParam) throws RepositoryException, BackendGenericError{
|
||||||
String xpath = String.format("/jcr:root%s//element(*,nthl:workspaceItem)[jcr:like(fn:lower-case(@jcr:title), '%s')]",ISO9075.encodePath(parent.getPath()), nameParam.toLowerCase());
|
String xpath = String.format("/jcr:root%s//element(*,nthl:workspaceItem)[jcr:like(fn:lower-case(@jcr:title), '%s')]",ISO9075.encodePath(parent.getPath()), nameParam.toLowerCase());
|
||||||
|
|
||||||
//String query = String.format("SELECT * FROM [nthl:workspaceLeafItem] AS node WHERE ISDESCENDANTNODE('%s') ORDER BY node.[jcr:lastModified] DESC ",vreFolder.getPath());
|
//String query = String.format("SELECT * FROM [nthl:workspaceLeafItem] AS node WHERE ISDESCENDANTNODE('%s') ORDER BY node.[jcr:lastModified] DESC ",vreFolder.getPath());
|
||||||
logger.trace("query for search is {}",xpath);
|
logger.debug("query for search is {}",xpath);
|
||||||
|
long start = System.currentTimeMillis();
|
||||||
Query jcrQuery = ses.getWorkspace().getQueryManager().createQuery(xpath, Query.XPATH);
|
Query jcrQuery = ses.getWorkspace().getQueryManager().createQuery(xpath, Query.XPATH);
|
||||||
|
|
||||||
NodeIterator it = jcrQuery.execute().getNodes();
|
NodeIterator it = jcrQuery.execute().getNodes();
|
||||||
return getItemListFromNodeIterator(parent, it, excludes, range, showHidden, excludeTrashed, nodeTypeToInclude);
|
logger.debug("[SEARCH] real search took {} millis",(System.currentTimeMillis()-start));
|
||||||
|
return getItemListFromNodeIterator(authChecker, it, excludes, range, showHidden, excludeTrashed, nodeTypeToInclude);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -131,7 +132,7 @@ public class Utils {
|
||||||
return getItemListFromNodeIterator(null, iterator, excludes, range, showHidden, false, nodeTypeToInclude);
|
return getItemListFromNodeIterator(null, iterator, excludes, range, showHidden, false, nodeTypeToInclude);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static <T extends Item> List<T> getItemListFromNodeIterator(Node parent, NodeIterator iterator, List<String> excludes, Range range, boolean showHidden, boolean excludeTrashed, Class<? extends Item> nodeTypeToInclude) throws RepositoryException, BackendGenericError{
|
private static <T extends Item> List<T> getItemListFromNodeIterator(AuthorizationChecker authChecker, NodeIterator iterator, List<String> excludes, Range range, boolean showHidden, boolean excludeTrashed, Class<? extends Item> nodeTypeToInclude) throws RepositoryException, BackendGenericError{
|
||||||
List<T> returnList = new ArrayList<T>();
|
List<T> returnList = new ArrayList<T>();
|
||||||
|
|
||||||
logger.trace("nodeType is {}",nodeTypeToInclude);
|
logger.trace("nodeType is {}",nodeTypeToInclude);
|
||||||
|
@ -141,15 +142,20 @@ public class Utils {
|
||||||
while (iterator.hasNext()){
|
while (iterator.hasNext()){
|
||||||
Node current = iterator.nextNode();
|
Node current = iterator.nextNode();
|
||||||
|
|
||||||
if (parent!=null && !current.getPath().startsWith(parent.getPath()))
|
logger.debug("[SEARCH] evaluating node {} ",current.hasProperty(NodeProperty.TITLE.toString())? current.getProperty(NodeProperty.TITLE.toString()):current.getName());
|
||||||
continue;
|
|
||||||
|
|
||||||
logger.trace("current node "+current.getName());
|
//ECLUDES node not authorized, in case the indexes are not working
|
||||||
|
if (authChecker!=null)
|
||||||
|
try {
|
||||||
|
authChecker.checkReadAuthorizationControl(current.getSession(), current.getIdentifier());
|
||||||
|
} catch (UserNotAuthorizedException | BackendGenericError | RepositoryException e) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
if (isToExclude(current, showHidden))
|
if (isToExclude(current, showHidden))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
logger.trace("current node not excluded "+current.getName());
|
logger.debug("[SEARCH] current node not excluded {} ",current.hasProperty(NodeProperty.TITLE.toString())? current.getProperty(NodeProperty.TITLE.toString()):current.getName());
|
||||||
|
|
||||||
if (range==null || (count>=range.getStart() && returnList.size()<range.getLimit())) {
|
if (range==null || (count>=range.getStart() && returnList.size()<range.getLimit())) {
|
||||||
T item = node2Item.getFilteredItem(current, excludes, nodeTypeToInclude);
|
T item = node2Item.getFilteredItem(current, excludes, nodeTypeToInclude);
|
||||||
|
|
|
@ -324,7 +324,7 @@ public class ItemsManager {
|
||||||
log.debug("search for node {}",name);
|
log.debug("search for node {}",name);
|
||||||
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
||||||
authChecker.checkReadAuthorizationControl(ses, id);
|
authChecker.checkReadAuthorizationControl(ses, id);
|
||||||
toReturn = Utils.serachByNameOnFolder(ses, ses.getNodeByIdentifier(id), excludes, null, showHidden==null?false:showHidden,excludeTrashed==true?false:excludeTrashed , nodeType!=null ? ClassHandler.instance().get(nodeType) : null, name);
|
toReturn = Utils.serachByNameOnFolder(ses, authChecker, ses.getNodeByIdentifier(id), excludes, null, showHidden==null?false:showHidden,excludeTrashed==true?false:excludeTrashed , nodeType!=null ? ClassHandler.instance().get(nodeType) : null, name);
|
||||||
log.debug("search retrieved {} elements",toReturn.size());
|
log.debug("search retrieved {} elements",toReturn.size());
|
||||||
}catch (ItemNotFoundException e) {
|
}catch (ItemNotFoundException e) {
|
||||||
log.error("id {} not found",id,e);
|
log.error("id {} not found",id,e);
|
||||||
|
|
|
@ -25,7 +25,7 @@ The projects leading to this software have received funding from a series of
|
||||||
Version
|
Version
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
|
|
||||||
1.1.0-SNAPSHOT (2020-03-16)
|
1.1.0-SNAPSHOT (2020-03-17)
|
||||||
|
|
||||||
Please see the file named "changelog.xml" in this directory for the release notes.
|
Please see the file named "changelog.xml" in this directory for the release notes.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue