git-svn-id: https://svn.d4science-ii.research-infrastructures.eu/gcube/branches/data-access/storagehub-webapp/1.0@167790 82a268e6-3cf1-43bd-a215-b396298e98cf

2018-05-28 10:01:01 +00:00 · 2018-05-28 10:01:01 +00:00 · b79c70445d
parent f50cc7582d
commit b79c70445d
9 changed files with 284 additions and 91 deletions
--- a/src/main/java/org/gcube/data/access/storagehub/AuthorizationChecker.java
+++ b/src/main/java/org/gcube/data/access/storagehub/AuthorizationChecker.java
@ -5,8 +5,13 @@ import java.util.Arrays;
 import javax.inject.Singleton;
 import javax.jcr.Node;
 import javax.jcr.Session;
 import javax.jcr.security.AccessControlEntry;
 import javax.jcr.security.Privilege;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
 import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
 import org.gcube.common.authorization.library.provider.AuthorizationProvider;
 import org.gcube.common.storagehub.model.acls.AccessType;
 import org.gcube.common.storagehub.model.items.Item;
 import org.gcube.common.storagehub.model.items.SharedFolder;
 import org.gcube.data.access.storagehub.handlers.ItemHandler;
@ -21,18 +26,47 @@ public class AuthorizationChecker {
 		if (item.isShared()) {
 			SharedFolder parentShared = retrieveSharedFolderParent(item, session);
-			if (!parentShared.getUsers().getValue().containsKey(AuthorizationProvider.instance.get().getClient().getId()))
+			if (!parentShared.getUsers().getValues().containsKey(AuthorizationProvider.instance.get().getClient().getId()))
 				throw new IllegalAccessException("Insufficent Provileges to read node with id "+id);
 		} else if (!node.getProperty("hl:portalLogin").getString().equals(AuthorizationProvider.instance.get().getClient().getId()))
 			throw new IllegalAccessException("Insufficent Provileges to read node with id "+id);
 	}
-	
+
 	private SharedFolder retrieveSharedFolderParent(Item item, Session session) throws Exception{
 		if (item instanceof SharedFolder) return (SharedFolder)item;
 		else 
 			return retrieveSharedFolderParent(ItemHandler.getItem(session.getNodeByIdentifier(item.getParentId()), Arrays.asList("hl:accounting","jcr:content")), session);
 	}
 	public void checkWriteAuthorizationControl(Session session, String id) throws Exception {
 		Node node = session.getNodeByIdentifier(id);
 		Item item  = ItemHandler.getItem(node, Arrays.asList("hl:accounting","jcr:content"));
 		if (item.isShared()) {
 			//put it in a different method
 			JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, node.getPath());
 			AccessControlEntry[] entries = accessControlList.getAccessControlEntries();
 			for (AccessControlEntry entry: entries) {
 				if (entry.getPrincipal().equals(AuthorizationProvider.instance.get().getClient().getId())) {
 					for (Privilege privilege : entry.getPrivileges()){
 						AccessType access = AccessType.valueOf(privilege.getName());
 						if (access==AccessType.ADMINISTRATOR || access==AccessType.WRITE_ALL || (access==AccessType.WRITE_OWNER && item.getOwner().equals(AuthorizationProvider.instance.get().getClient().getId()))) 
 							return;
 						else throw new IllegalAccessException("Insufficent Provileges to write node with id "+id);
 					}
 				}
 			}
 			throw new IllegalAccessException("Insufficent Provileges to write node with id "+id);
 		} else 
 			if(!item.getOwner().equals(AuthorizationProvider.instance.get().getClient().getId()))
 					throw new IllegalAccessException("Insufficent Provileges to write node with id "+id);
 	}
-	
+
 }
--- a/src/main/java/org/gcube/data/access/storagehub/StorageHub.java
+++ b/src/main/java/org/gcube/data/access/storagehub/StorageHub.java
@ -6,6 +6,7 @@ import java.util.Set;
 import javax.ws.rs.Path;
 import javax.ws.rs.core.Application;
 import org.gcube.data.access.storagehub.services.ACLManager;
 import org.gcube.data.access.storagehub.services.ItemsCreator;
 import org.gcube.data.access.storagehub.services.ItemsManager;
 import org.gcube.data.access.storagehub.services.WorkspaceManager;
@ -22,6 +23,7 @@ public class StorageHub extends Application {
        classes.add(WorkspaceManager.class);
        classes.add(ItemsManager.class);
        classes.add(ItemsCreator.class);
        classes.add(ACLManager.class);
        return classes;
    }
--- a/src/main/java/org/gcube/data/access/storagehub/accounting/AccountingHandler.java
+++ b/src/main/java/org/gcube/data/access/storagehub/accounting/AccountingHandler.java
@ -7,9 +7,6 @@ import javax.inject.Singleton;
 import javax.jcr.Node;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.UnsupportedRepositoryOperationException;
 import javax.jcr.version.Version;
 import javax.jcr.version.VersionManager;
 import org.gcube.common.authorization.library.provider.AuthorizationProvider;
 import org.gcube.common.storagehub.model.items.nodes.accounting.AccountingEntryType;
@ -42,15 +39,39 @@ public class AccountingHandler {
 			accountingNode.setProperty("hl:date", Calendar.getInstance());
 			accountingNode.setProperty("hl:itemName", title);
-			try {
+			/*try {
-				VersionManager vManager = ses.getWorkspace().getVersionManager();
+				//VersionManager vManager = ses.getWorkspace().getVersionManager();
 				//VersionManager versionManager = session.getWorkspace().getVersionManager();
 				//Version version = versionManager.checkin(node.getPath());
-				Version version = vManager.getBaseVersion(node.getNode("jcr:content").getPath());
+				//Version version = vManager.getBaseVersion(node.getNode("jcr:content").getPath());
-				accountingNode.setProperty("hl:version", version.getName());
+				//accountingNode.setProperty("hl:version", version.getName());
 			}catch(UnsupportedRepositoryOperationException uropex) {
 				logger.warn("version cannot be retrieved", uropex);
 			}*/
 			if (saveHistory) ses.save();
 		} catch (RepositoryException e) {
 			logger.warn("error trying to retrieve accountign node",e);
 		}
 	}
 	public void createFolderAddObj(String title, String itemType, String mimeType, Session ses, Node node, boolean saveHistory ) {
 		try {
 			Node directoryNode = node.getParent();
 			if (!directoryNode.hasNode(NodeProperty.ACCOUNTING.toString())){
 				directoryNode.addNode(NodeProperty.ACCOUNTING.toString(), NodeProperty.NT_ACCOUNTING.toString());
 			}
 			Node accountingNodeParent = directoryNode.getNode(NodeProperty.ACCOUNTING.toString());
 			Node accountingNode = accountingNodeParent.addNode(UUID.randomUUID().toString(),AccountingEntryType.ADD.getNodeTypeDefinition());
 			accountingNode.setProperty("hl:user", AuthorizationProvider.instance.get().getClient().getId());
 			accountingNode.setProperty("hl:date", Calendar.getInstance());
 			accountingNode.setProperty("hl:itemName", title);
 			accountingNode.setProperty("hl:itemType", itemType);
 			if (mimeType!=null)
 				accountingNode.setProperty("hl:mimeType", mimeType);
 			if (saveHistory) ses.save();
 		} catch (RepositoryException e) {
 			logger.warn("error trying to retrieve accountign node",e);
--- a/src/main/java/org/gcube/data/access/storagehub/handlers/ItemHandler.java
+++ b/src/main/java/org/gcube/data/access/storagehub/handlers/ItemHandler.java
@ -105,7 +105,7 @@ public class ItemHandler {
 				}catch(PathNotFoundException e){
 					logger.debug("the current node dosn't contain {} property",attribute.value());
 				} catch (Exception e ) {
-					logger.warn("error setting value",e);
+					 logger.warn("error setting value for property {} ",attribute.value());
 				}
 			} else if (field.isAnnotationPresent(NodeAttribute.class)){
 				String fieldNodeName = field.getAnnotation(NodeAttribute.class).value();
@ -322,6 +322,7 @@ public class ItemHandler {
 			for (Field field : retrieveAllFields(item.getClass())){
 				if (field.isAnnotationPresent(Attribute.class)){
 					Attribute attribute = field.getAnnotation(Attribute.class);
 					if (attribute.isReadOnly()) continue;
 					field.setAccessible(true);
 					try{
 						//Class<?> returnType = field.getType();
@ -361,6 +362,7 @@ public class ItemHandler {
 		for (Field field : retrieveAllFields(object.getClass())){
 			if (field.isAnnotationPresent(Attribute.class)){
 				Attribute attribute = field.getAnnotation(Attribute.class);
 				if (attribute.isReadOnly()) continue;
 				field.setAccessible(true);
 				try{
 					@SuppressWarnings("rawtypes")
--- a/src/main/java/org/gcube/data/access/storagehub/handlers/content/ContentHandler.java
+++ b/src/main/java/org/gcube/data/access/storagehub/handlers/content/ContentHandler.java
@ -1,7 +1,6 @@
 package org.gcube.data.access.storagehub.handlers.content;
 import java.io.InputStream;
 import java.util.List;
 import org.gcube.common.storagehub.model.items.AbstractFileItem;
 import org.gcube.common.storagehub.model.items.nodes.Content;
--- a/src/main/java/org/gcube/data/access/storagehub/services/ACLManager.java
+++ b/src/main/java/org/gcube/data/access/storagehub/services/ACLManager.java
@ -0,0 +1,88 @@
 package org.gcube.data.access.storagehub.services;
 import java.util.ArrayList;
 import java.util.List;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.jcr.Session;
 import javax.jcr.SimpleCredentials;
 import javax.jcr.security.AccessControlEntry;
 import javax.jcr.security.Privilege;
 import javax.servlet.ServletContext;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
 import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
 import org.gcube.common.authorization.library.provider.AuthorizationProvider;
 import org.gcube.common.authorization.library.provider.CalledMethodProvider;
 import org.gcube.common.storagehub.model.acls.ACL;
 import org.gcube.common.storagehub.model.acls.AccessType;
 import org.gcube.common.storagehub.model.types.ACLList;
 import org.gcube.data.access.storagehub.AuthorizationChecker;
 import org.gcube.data.access.storagehub.Constants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@Path("item")
 public class ACLManager {
 	private static final Logger log = LoggerFactory.getLogger(ACLManager.class);
 	@Inject 
 	RepositoryInitializer repository;
 	@RequestScoped
 	@PathParam("id") 
 	String id;
 	@Context 
 	ServletContext context;
 	@Inject
 	AuthorizationChecker authChecker;
 	@Produces(MediaType.APPLICATION_JSON)
 	@GET
 	@Path("{id}/acls")
 	public ACLList getACL() {
 		CalledMethodProvider.instance.set("getACLById");
 		Session ses = null;
 		List<ACL> acls = new ArrayList<>();
 		try{
 			ses = repository.getRepository().login(new SimpleCredentials(context.getInitParameter(Constants.ADMIN_PARAM_NAME),context.getInitParameter(Constants.ADMIN_PARAM_PWD).toCharArray()));
 			authChecker.checkReadAuthorizationControl(ses, id);
 			JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(ses, ses.getNodeByIdentifier(id).getPath());
 			for (AccessControlEntry aclEntry : accessControlList.getAccessControlEntries()) {
 				ACL acl = new ACL();
 				acl.setPricipal(aclEntry.getPrincipal().getName());
 				List<AccessType> types = new ArrayList<>();
 				for (Privilege priv : aclEntry.getPrivileges()) 
 					try {
 						types.add(AccessType.fromValue(priv.getName()));
 					}catch (Exception e) {
 						log.warn(priv.getName()+" cannot be mapped to AccessTypes",e);
 					}
 				acl.setAccessTypes(types);
 				acls.add(acl);
 			}
 			return new ACLList(acls);	
 		}catch (Exception e) {
 			log.error("error gettign ACL",e);
 			throw new WebApplicationException(e);
 		}finally{
 			if (ses!=null)
 				ses.logout();
 		}
 	}
 }
--- a/src/main/java/org/gcube/data/access/storagehub/services/ItemsCreator.java
+++ b/src/main/java/org/gcube/data/access/storagehub/services/ItemsCreator.java
@ -3,6 +3,7 @@ package org.gcube.data.access.storagehub.services;
 import java.io.BufferedInputStream;
 import java.io.InputStream;
 import java.util.Arrays;
 import java.util.Calendar;
 import java.util.concurrent.Callable;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
@ -19,6 +20,7 @@ import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
@ -34,10 +36,13 @@ import org.gcube.common.storagehub.model.items.AbstractFileItem;
 import org.gcube.common.storagehub.model.items.FolderItem;
 import org.gcube.common.storagehub.model.items.Item;
 import org.gcube.common.storagehub.model.service.ItemWrapper;
 import org.gcube.common.storagehub.model.types.ItemAction;
 import org.gcube.data.access.storagehub.AuthorizationChecker;
 import org.gcube.data.access.storagehub.Constants;
 import org.gcube.data.access.storagehub.MetaInfo;
 import org.gcube.data.access.storagehub.MultipleOutputStream;
 import org.gcube.data.access.storagehub.Utils;
 import org.gcube.data.access.storagehub.accounting.AccountingHandler;
 import org.gcube.data.access.storagehub.handlers.ItemHandler;
 import org.gcube.data.access.storagehub.handlers.VersionHandler;
 import org.gcube.data.access.storagehub.handlers.content.ContentHandler;
@ -64,9 +69,18 @@ public class ItemsCreator {
 	@Inject
 	VersionHandler versionHandler;
 	@Inject
 	AuthorizationChecker authChecker;
 	@Inject 
 	AccountingHandler accountingHandler;
 	@POST
 	@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
 	@Produces(MediaType.APPLICATION_JSON)
 	@Path("/{id}/create/{type:(?!FILE)[^/?$]*}")
-	public Response createItem(@Context UriInfo uriInfo, @PathParam("id") String id, @PathParam("type") String type){
+	public Response createItem(@Context UriInfo uriInfo, @PathParam("id") String id, @PathParam("type") String type,@QueryParam("name") String name, @QueryParam("description") String description){
 		CalledMethodProvider.instance.set(String.format("createItem(%s)",type));
 		log.info("create generic item called");
 		Session ses = null;
 		Item destinationItem = null;
@ -79,30 +93,45 @@ public class ItemsCreator {
 			//validate input parameters for Item Type
 			if(!type.equals("FOLDER")) throw new IllegalAccessException("invalid item type");
 			log.info("time to connect to repo  {}",(System.currentTimeMillis()-start));
 			Node destination = ses.getNodeByIdentifier(id);
 			destinationItem = ItemHandler.getItem(destination,Arrays.asList("hl:accounting","jcr:content"));
 			if (!(destinationItem instanceof FolderItem)) throw new Exception("an Item must be created into a directory");
-			if (!(destinationItem instanceof FolderItem)) throw new Exception("an Item must be copyed to another directory");
+			authChecker.checkWriteAuthorizationControl(ses, destinationItem.getId());
-
+		
-			//TODO: write control
+			ses.getWorkspace().getLockManager().lock(destinationItem.getPath(), true, true, 0,login);
-			if (!destinationItem.getOwner().equals(login)){
+			
-				/*AccessControlManager accessControlManager = ses.getAccessControlManager();
+			FolderItem item = new FolderItem();
-				boolean canWrite = accessControlManager.hasPrivileges(path, new Privilege[] {
+			Calendar now = Calendar.getInstance();
-						accessControlManager.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES)});*/
+			item.setName(name);
-				//if (!canWrite) 
+			item.setTitle(name);
-
+			item.setDescription(description);
-				throw new IllegalAccessException("Insufficent Provileges to write in "+destinationItem.getPath());
+			//item.setCreationTime(now);
-			}
+			item.setHidden(false);
-
+			item.setLastAction(ItemAction.CREATED);
-			//ses.getWorkspace().getLockManager().lock(destinationItem.getPath(), true, true, 0,login);
+			item.setLastModificationTime(now);
-
+			item.setLastModifiedBy(login);
-			//TODO for now only owner of the destination folder can move file
+			item.setOwner(login);
 			//to inherit hidden property
 			item.setHidden(destinationItem.isHidden());
 			log.debug("item prepared, fulfilling content");
 			log.debug("content prepared");
 			Node newnode = ItemHandler.createNodeFromItem(ses, destination, item);
 			accountingHandler.createFolderAddObj(name, type, null, ses, newnode, false);
 			ses.save();
 			log.info("item correctly created");
 			return Response.ok(new ItemWrapper<>(item)).build();
 		}catch(Exception e){
 			log.error("error creating item", e);
-			return Response.serverError().build();
+			throw new WebApplicationException(e);
 		} finally{
 			if (ses!=null){
 				if (destinationItem!=null)
@ -114,7 +143,6 @@ public class ItemsCreator {
 				ses.logout();
 			}
 		}
 		return Response.ok().build();
 	}
@ -125,7 +153,7 @@ public class ItemsCreator {
 	@Path("/{id}/create/FILE")
 	public Response createFileItem(InputStream stream , @PathParam("id") String id, 
 			@QueryParam("name") String name, @QueryParam("description") String description){
-		CalledMethodProvider.instance.set("createFileItem");
+		CalledMethodProvider.instance.set(String.format("createItem(FILE)"));
 		log.info("create file called");
 		Session ses = null;
 		Item destinationItem = null;
@ -136,36 +164,27 @@ public class ItemsCreator {
 			//TODO check if it is possible to change all the ACL on a workspace
 			ses = repository.getRepository().login(new SimpleCredentials(context.getInitParameter(Constants.ADMIN_PARAM_NAME),context.getInitParameter(Constants.ADMIN_PARAM_PWD).toCharArray()));
-			//validate input parameters for Item Type
+			//TODO: validate input parameters for Item Type
 			log.info("time to connect to repo  {}",(System.currentTimeMillis()-start));
 			Node destination = ses.getNodeByIdentifier(id);
 			destinationItem = ItemHandler.getItem(destination,Arrays.asList("hl:accounting","jcr:content"));
 			log.debug("destination item path is {}",destinationItem.getPath());
 			if (!(destinationItem instanceof FolderItem)) throw new Exception("an Item must be copyed to another directory");
-
+			authChecker.checkWriteAuthorizationControl(ses, destinationItem.getId());
 			//TODO: write control
 			if (!destinationItem.getOwner().equals(login)){
 				/*AccessControlManager accessControlManager = ses.getAccessControlManager();
 				boolean canWrite = accessControlManager.hasPrivileges(path, new Privilege[] {
 						accessControlManager.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES)});*/
 				//if (!canWrite) 
 				throw new IllegalAccessException("Insufficent Provileges to write in "+destinationItem.getPath());
 			}
 			ses.getWorkspace().getLockManager().lock(destinationItem.getPath(), true, true, 0,login);
 			ContentHandler handler = getContentHandler(stream , name, destinationItem.getPath());
 			AbstractFileItem item =handler.buildItem(name, description, login);
 			//to inherit hidden property
 			item.setHidden(destinationItem.isHidden());
 			log.debug("item prepared, fulfilling content");
 			log.debug("content prepared");
 			Node newNode = ItemHandler.createNodeFromItem(ses, destination, item);						
 			accountingHandler.createFolderAddObj(name, "FILE", item.getContent().getMimeType(), ses, newNode, false);
 			versionHandler.makeVersionableContent(newNode, ses);
 			ses.save();
 			versionHandler.checkinContentNode(newNode, ses);;
@ -251,17 +270,4 @@ public class ItemsCreator {
 	}
 	/*	
 	private boolean hasSharedChildren(FolderItem folder, Session session) throws Exception{
 		Node currentNode = session.getNodeByIdentifier(folder.getId());
 		for (Item item : Utils.getItemList(currentNode,Arrays.asList("hl:accounting","jcr:content"), null)){
 			if (item instanceof FolderItem) 
 				return (item instanceof SharedFolder) || hasSharedChildren((FolderItem)item, session);
 		}
 		return false;
 	}*/
 }
--- a/src/main/java/org/gcube/data/access/storagehub/services/ItemsManager.java
+++ b/src/main/java/org/gcube/data/access/storagehub/services/ItemsManager.java
@ -5,7 +5,9 @@ import java.io.OutputStream;
 import java.net.URL;
 import java.util.Arrays;
 import java.util.Deque;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.zip.Deflater;
 import java.util.zip.ZipOutputStream;
@ -28,6 +30,7 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.StreamingOutput;
 import org.gcube.common.authorization.library.provider.AuthorizationProvider;
 import org.gcube.common.authorization.library.provider.CalledMethodProvider;
 import org.gcube.common.storagehub.model.Paths;
 import org.gcube.common.storagehub.model.items.AbstractFileItem;
 import org.gcube.common.storagehub.model.items.FolderItem;
@ -73,15 +76,13 @@ public class ItemsManager {
 	@Path("{id}")
 	@Produces(MediaType.APPLICATION_JSON)
 	public ItemWrapper<Item> getById(@QueryParam("exclude") List<String> excludes){
 		CalledMethodProvider.instance.set("getById");
 		Session ses = null;
 		Item toReturn = null;
 		try{
 			String login = AuthorizationProvider.instance.get().getClient().getId();
 			long start = System.currentTimeMillis();
 			ses = repository.getRepository().login(new SimpleCredentials(login,Utils.getSecurePassword(login).toCharArray()));
 			authChecker.checkReadAuthorizationControl(ses, id);
 			log.info("time to connect to repo  {}",(System.currentTimeMillis()-start));
 			log.info("excludes is   {}",excludes);
 			toReturn = ItemHandler.getItem(ses.getNodeByIdentifier(id), excludes);
 		}catch(Throwable e){
 			log.error("error reading the node children of {}",id,e);
@ -99,15 +100,13 @@ public class ItemsManager {
 	@Path("{id}/children/count")
 	@Produces(MediaType.APPLICATION_JSON)
 	public Long countById(@QueryParam("showHidden") Boolean showHidden, @QueryParam("exclude") List<String> excludes){
 		CalledMethodProvider.instance.set("countById");
 		Session ses = null;
 		Long toReturn = null;
 		try{
 			String login = AuthorizationProvider.instance.get().getClient().getId();
 			long start = System.currentTimeMillis();
 			ses = repository.getRepository().login(new SimpleCredentials(login,Utils.getSecurePassword(login).toCharArray()));
 			authChecker.checkReadAuthorizationControl(ses, id);
 			log.info("time to connect to repo  {}",(System.currentTimeMillis()-start));
 			log.info("excludes is   {}",excludes);
 			toReturn = Utils.getItemCount(ses.getNodeByIdentifier(id), showHidden==null?false:showHidden);
 		}catch(Throwable e){
 			log.error("error reading the node children of {}",id,e);
@ -123,15 +122,13 @@ public class ItemsManager {
 	@Path("{id}/children")
 	@Produces(MediaType.APPLICATION_JSON)
 	public ItemList listById(@QueryParam("showHidden") Boolean showHidden, @QueryParam("exclude") List<String> excludes){
 		CalledMethodProvider.instance.set("listById");
 		Session ses = null;
 		List<? extends Item> toReturn = null;
 		try{
 			String login = AuthorizationProvider.instance.get().getClient().getId();
 			long start = System.currentTimeMillis();
 			ses = repository.getRepository().login(new SimpleCredentials(login,Utils.getSecurePassword(login).toCharArray()));
 			authChecker.checkReadAuthorizationControl(ses, id);
 			log.info("time to connect to repo  {}",(System.currentTimeMillis()-start));
 			log.info("excludes is   {}",excludes);
 			toReturn = Utils.getItemList(ses.getNodeByIdentifier(id), excludes, null, showHidden==null?false:showHidden);
 		}catch(Throwable e){
 			log.error("error reading the node children of {}",id,e);
@ -148,14 +145,13 @@ public class ItemsManager {
 	@Path("{id}/children/paged")
 	@Produces(MediaType.APPLICATION_JSON)
 	public ItemList listByIdPaged(@QueryParam("showHidden") Boolean showHidden, @QueryParam("start") Integer start, @QueryParam("limit") Integer limit, @QueryParam("exclude") List<String> excludes){
 		CalledMethodProvider.instance.set("listByIdPaged");
 		Session ses = null;
 		List<? extends Item> toReturn = null;
 		try{
 			String login = AuthorizationProvider.instance.get().getClient().getId();
 			ses = repository.getRepository().login(new SimpleCredentials(login,Utils.getSecurePassword(login).toCharArray()));
 			authChecker.checkReadAuthorizationControl(ses, id);
 			log.info("time to connect to repo  {}",(System.currentTimeMillis()-start));
 			log.info("excludes is   {}",excludes);
 			toReturn = Utils.getItemList(ses.getNodeByIdentifier(id), excludes, new Range(start, limit),showHidden==null?false:showHidden);
 		}catch(Throwable e){
 			log.error("error reading the node children of {}",id,e);
@ -171,6 +167,7 @@ public class ItemsManager {
 	@GET
 	@Path("{id}/publiclink")
 	public URL getPubliclink() {
 		CalledMethodProvider.instance.set("getPubliclink");
 		//TODO: check who can call this method
 		Session ses = null;
 		try{
@ -189,22 +186,59 @@ public class ItemsManager {
 	}
 	@GET
 	@Path("{id}/anchestors")
 	@Produces(MediaType.APPLICATION_JSON)
 	public ItemList getAnchestors(@QueryParam("exclude") List<String> excludes){
 		CalledMethodProvider.instance.set("getAnchestors");
 		org.gcube.common.storagehub.model.Path absolutePath = Utils.getHomePath();
 		Session ses = null;
 		List<Item> toReturn = new LinkedList<>();
 		try{
 			String login = AuthorizationProvider.instance.get().getClient().getId();
 			ses = repository.getRepository().login(new SimpleCredentials(login,Utils.getSecurePassword(login).toCharArray()));
 			authChecker.checkReadAuthorizationControl(ses, id);
 			Item currentItem = ItemHandler.getItem(ses.getNodeByIdentifier(id), excludes);
 			log.trace("current node is {}",currentItem.getPath());
 			while (!(currentItem.getPath()+"/").equals(absolutePath.toPath())) {
 				if (currentItem instanceof SharedFolder){
 					Map<String, Object> users =  ((SharedFolder) currentItem).getUsers().getValues();
 					String[] user = ((String)users.get(login)).split("/");
 					String parentId = user[0];
 					currentItem = ItemHandler.getItem(ses.getNodeByIdentifier(parentId), excludes);
 				}else
 					currentItem = ItemHandler.getItem(ses.getNodeByIdentifier(currentItem.getParentId()), excludes);
 				log.trace("current node is {}",currentItem.getPath());
 				toReturn.add(currentItem);
 			}
 		}catch(Throwable e){
 			log.error("error retrieving parents of node with id {}",id,e);
 			throw new WebApplicationException(e);
 		}finally{
 			if (ses!=null)
 				ses.logout();
 		}
 		log.trace("item list to return is empty ? {}",toReturn.isEmpty());
 		return new ItemList(toReturn);
 	}
 	@GET
 	@Path("{id}/download")
 	public Response download(){
-
+		CalledMethodProvider.instance.set("downloadById");
 		Session ses = null;
 		try{
 			final String login = AuthorizationProvider.instance.get().getClient().getId();
 			long start = System.currentTimeMillis();
 			ses = repository.getRepository().login(new SimpleCredentials(context.getInitParameter(Constants.ADMIN_PARAM_NAME),context.getInitParameter(Constants.ADMIN_PARAM_PWD).toCharArray()));
 			log.info("time to connect to repo  {}",(System.currentTimeMillis()-start));
 			final Node node = ses.getNodeByIdentifier(id);
 			authChecker.checkReadAuthorizationControl(ses, id);
 			final Item item = ItemHandler.getItem(node, null);
 			if (item instanceof AbstractFileItem){
 				AbstractFileItem fileItem =(AbstractFileItem) item;
@ -264,28 +298,28 @@ public class ItemsManager {
 	@PUT
 	@Path("{id}/move")
-	public Response move(@QueryParam("newpath") String path, @PathParam("id") String identifier){
+	public Response move(@QueryParam("destinationId") String destinationId, @PathParam("id") String identifier){
 		CalledMethodProvider.instance.set("move");
 		Session ses = null;
 		try{
 			final String login = AuthorizationProvider.instance.get().getClient().getId();
 			long start = System.currentTimeMillis();
 			//ses = RepositoryInitializer.getRepository().login(new SimpleCredentials(login,Utils.getSecurePassword(login).toCharArray()));
 			//TODO check if it is possible to change all the ACL on a workspace
 			ses = repository.getRepository().login(new SimpleCredentials(context.getInitParameter(Constants.ADMIN_PARAM_NAME),context.getInitParameter(Constants.ADMIN_PARAM_PWD).toCharArray()));
-			authChecker.checkReadAuthorizationControl(ses, id);
+			
-			log.info("time to connect to repo  {}",(System.currentTimeMillis()-start));
+			authChecker.checkWriteAuthorizationControl(ses, destinationId);
 			authChecker.checkReadAuthorizationControl(ses, identifier);
 			final Node nodeToMove = ses.getNodeByIdentifier(identifier);
-			final Node destination = ses.getNode(path);
+			final Node destination = ses.getNodeByIdentifier(destinationId);
 			Item destinationItem = ItemHandler.getItem(destination,null);
-			//TODO for now only owner of the destination folder can move file
+			
-			if (!destinationItem.getOwner().equals(login)){
+			
-				/*AccessControlManager accessControlManager = ses.getAccessControlManager();
+			
-				boolean canWrite = accessControlManager.hasPrivileges(path, new Privilege[] {
+			
-						accessControlManager.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES)});*/
+			ses.getWorkspace().getLockManager().lock(destinationItem.getPath(), true, true, 0,login);
-				//if (!canWrite) 
+			ses.getWorkspace().getLockManager().lock(destinationItem.getPath(), true, true, 0,login);
-
+			
 				throw new IllegalAccessException("Insufficent Provileges to write in "+path);
 			}
 			final Item item = ItemHandler.getItem(nodeToMove, null);
 			if (item instanceof SharedFolder){
 				throw new Exception("shared folder cannot be moved");				
@ -298,7 +332,7 @@ public class ItemsManager {
 			}
 			ses.save();
 		}catch(Exception e){
-			log.error("error moving item with id {} in path {}",identifier, path,e);
+			log.error("error moving item with id {} in item with id {}",identifier, destinationId,e);
 			throw new WebApplicationException(e);
 		} finally{
 			if (ses!=null) ses.logout();
--- a/src/main/java/org/gcube/data/access/storagehub/services/WorkspaceManager.java
+++ b/src/main/java/org/gcube/data/access/storagehub/services/WorkspaceManager.java
@ -22,6 +22,7 @@ import javax.ws.rs.core.MediaType;
 import javax.xml.ws.WebServiceException;
 import org.gcube.common.authorization.library.provider.AuthorizationProvider;
 import org.gcube.common.authorization.library.provider.CalledMethodProvider;
 import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.common.scope.impl.ScopeBean;
 import org.gcube.common.scope.impl.ScopeBean.Type;
@ -62,6 +63,7 @@ public class WorkspaceManager {
 	@GET
 	@Produces(MediaType.APPLICATION_JSON)
 	public ItemWrapper<Item> getWorkspace(){
 		CalledMethodProvider.instance.set("getWorkspace");
 		Session ses = null;
 		org.gcube.common.storagehub.model.Path absolutePath = Utils.getHomePath();
 		Item toReturn = null;
@ -86,6 +88,7 @@ public class WorkspaceManager {
 	@GET
 	@Produces(MediaType.APPLICATION_JSON)
 	public ItemWrapper<Item> getVreRootFolder(){
 		CalledMethodProvider.instance.set("getVreRootFolder");
 		Session ses = null;
 		org.gcube.common.storagehub.model.Path vrePath = Paths.append(Utils.getHomePath(), Constants.VRE_FOLDER_PARENT_NAME);
@ -124,6 +127,7 @@ public class WorkspaceManager {
 	@GET
 	@Produces(MediaType.APPLICATION_JSON)
 	public ItemWrapper<Item> getTrashRootFolder(){
 		CalledMethodProvider.instance.set("getTrashRootFolder");
 		Session ses = null;
 		org.gcube.common.storagehub.model.Path trashPath = Paths.append(Utils.getHomePath(), Constants.TRASH_ROOT_FOLDER_NAME);
@ -154,6 +158,7 @@ public class WorkspaceManager {
 	@GET
 	@Produces(MediaType.APPLICATION_JSON)
 	public ItemList getVreFolders(){
 		CalledMethodProvider.instance.set("getVreFolders");
 		Session ses = null;
 		org.gcube.common.storagehub.model.Path vrePath = Paths.append(Utils.getHomePath(), Constants.VRE_FOLDER_PARENT_NAME);
@ -176,6 +181,7 @@ public class WorkspaceManager {
 	@GET
 	@Produces(MediaType.APPLICATION_JSON)
 	public ItemList getVreFoldersPaged(@QueryParam("start") Integer start, @QueryParam("limit") Integer limit){
 		CalledMethodProvider.instance.set("getVreFoldersPaged");
 		Session ses = null;
 		org.gcube.common.storagehub.model.Path vrePath = Paths.append(Utils.getHomePath(), Constants.VRE_FOLDER_PARENT_NAME);
@ -198,6 +204,7 @@ public class WorkspaceManager {
 	@GET
 	@Produces(MediaType.APPLICATION_JSON)
 	public ItemList searchItems(@QueryParam("n") String node, @QueryParam("e") String jsonExpr, @QueryParam("o") List<String> orderField, @QueryParam("l") Integer limit, @QueryParam("f") Integer offset){
 		CalledMethodProvider.instance.set("searchItems");
 		Session ses = null;
 		List<? extends Item> toReturn = new ArrayList<>();