- ACLManager Delegate Added

master
lucio.lelii 3 years ago
parent a2613dc1a7
commit bcbe97f547

@ -1,20 +1,19 @@
package org.gcube.data.access.storagehub;
import java.util.List;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.authorization.library.provider.ClientInfo;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.gcube.common.storagehub.model.Excludes;
import org.gcube.common.storagehub.model.acls.ACL;
import org.gcube.common.storagehub.model.acls.AccessType;
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
import org.gcube.common.storagehub.model.exceptions.InvalidCallParameters;
@ -24,6 +23,7 @@ import org.gcube.common.storagehub.model.items.Item;
import org.gcube.common.storagehub.model.items.SharedFolder;
import org.gcube.common.storagehub.model.items.TrashItem;
import org.gcube.data.access.storagehub.handlers.items.Node2ItemConverter;
import org.gcube.data.access.storagehub.services.interfaces.ACLManagerInterface;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -34,6 +34,7 @@ import org.slf4j.LoggerFactory;
*
*
*/
@Singleton
public class AuthorizationChecker {
private static Logger log = LoggerFactory.getLogger(AuthorizationChecker.class);
@ -44,26 +45,10 @@ public class AuthorizationChecker {
@Inject
PathUtil pathUtil;
String userToCheck;
public AuthorizationChecker(){
ClientInfo client = AuthorizationProvider.instance.get().getClient();
this.userToCheck = client.getId();
}
@Inject
ACLManagerInterface aclManager;
public AuthorizationChecker(String userToCheck){
this.userToCheck = userToCheck;
}
public String getUserToCheck() {
return userToCheck;
}
public void setUserToCheck(String user) {
this.userToCheck = user;
}
public void checkReadAuthorizationControl(Session session, String id) throws UserNotAuthorizedException , BackendGenericError, RepositoryException{
public void checkReadAuthorizationControl(Session session, String userToCheck, String id) throws UserNotAuthorizedException , BackendGenericError, RepositoryException{
Node node = session.getNodeByIdentifier(id);
@ -72,42 +57,36 @@ public class AuthorizationChecker {
if (item==null) throw new UserNotAuthorizedException("Insufficent Privileges for user "+userToCheck+" to read node with id "+id+": it's not a valid StorageHub node");
//checking if the item is in the owner trash folder
if(item instanceof TrashItem && item.getParentPath().equals(pathUtil.getOldTrashPath(userToCheck).toPath()))
if(item instanceof TrashItem && item.getParentPath().equals(pathUtil.getTrashPath(userToCheck, session).toPath()))
return;
if (!item.isShared() && item.getOwner()!=null && item.getOwner().equals(userToCheck)) return;
if (hasParentPublicFolder(session, item)) return;
if (item.isShared()) {
SharedFolder parentShared = node2Item.getItem(retrieveSharedFolderParent(node, session), Excludes.EXCLUDE_ACCOUNTING);
if (parentShared.getUsers().getMap().keySet().contains(userToCheck)) return;
//SharedFolder parentShared = node2Item.getItem(retrieveSharedFolderParent(node, session), Excludes.EXCLUDE_ACCOUNTING);
//if (parentShared.getUsers().getMap().keySet().contains(userToCheck)) return;
//CHECKING ACL FOR VREFOLDER AND SHARED FOLDER
JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentShared.getPath());
AccessControlEntry[] entries = accessControlList.getAccessControlEntries();
Authorizable userAuthorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(userToCheck);
for (AccessControlEntry entry: entries) {
log.debug("checking access right for {} with compared with {}",userToCheck, entry.getPrincipal());
Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(entry.getPrincipal());
List<ACL> acls = aclManager.get(item, session);
UserManager userManager = ((JackrabbitSession) session).getUserManager();
Authorizable userAuthorizable = userManager.getAuthorizable(userToCheck);
for (ACL entry: acls) {
log.debug("checking access right for {} with compared with {}",userToCheck, entry.getPricipal());
Authorizable authorizable = userManager.getAuthorizable(entry.getPricipal());
if (authorizable==null) {
log.warn("{} doesn't have a correspondant auhtorizable object, check it ", entry.getPrincipal());
log.warn("{} doesn't have a correspondant auhtorizable object, check it ", entry.getPricipal());
continue;
}
try {
if (!authorizable.isGroup() && entry.getPrincipal().getName().equals(userToCheck)) return;
if (!authorizable.isGroup() && entry.getPricipal().equals(userToCheck)) return;
if (authorizable.isGroup() && ((Group) authorizable).isMember(userAuthorizable)) return;
}catch (Throwable e) {
log.warn("someting went wrong checking authorizations",e);
}
}
throw new UserNotAuthorizedException("Insufficent Privileges for user "+userToCheck+" to read node with id "+id);
}
throw new UserNotAuthorizedException("Insufficent Privileges for user "+userToCheck+" to read node with id "+id);
@ -138,40 +117,31 @@ public class AuthorizationChecker {
}
}
private Node retrieveSharedFolderParent(Node node, Session session) throws BackendGenericError, RepositoryException{
if (node2Item.checkNodeType(node, SharedFolder.class)) return node;
else
return retrieveSharedFolderParent(node.getParent(), session);
}
//newItem means that a new item will be created and id is the destination directory
public void checkWriteAuthorizationControl(Session session, Item item, Node node, boolean isNewItem) throws UserNotAuthorizedException, BackendGenericError, RepositoryException {
public void checkWriteAuthorizationControl(Session session, String userToCheck, Item item, Node node, boolean isNewItem) throws UserNotAuthorizedException, BackendGenericError, RepositoryException {
if (item==null) throw new UserNotAuthorizedException("Not valid StorageHub node");
if (Constants.WRITE_PROTECTED_FOLDER.contains(item.getName()) || Constants.WRITE_PROTECTED_FOLDER.contains(item.getTitle()))
throw new UserNotAuthorizedException("Insufficent Privileges for user "+userToCheck+" to write into node with id "+item.getId()+": it's a protected folder");
/*
if (item.isTrashed())
throw new UserNotAuthorizedException("Trashed item cannot be written");*/
if (item.isShared()) {
Node parentSharedNode = retrieveSharedFolderParent(node, session);
JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentSharedNode.getPath());
AccessControlEntry[] entries = accessControlList.getAccessControlEntries();
Authorizable UserAuthorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(userToCheck);
//CHECKING ACL FOR VREFOLDER AND SHARED FOLDER
List<ACL> acls = aclManager.get(item, session);
UserManager userManager = ((JackrabbitSession) session).getUserManager();
Authorizable UserAuthorizable = userManager.getAuthorizable(userToCheck);
//put it in a different method
for (AccessControlEntry entry: entries) {
Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(entry.getPrincipal());
if ((!authorizable.isGroup() && entry.getPrincipal().getName().equals(userToCheck)) || (authorizable.isGroup() && ((Group) authorizable).isMember(UserAuthorizable))){
for (Privilege privilege : entry.getPrivileges()){
AccessType access = AccessType.fromValue(privilege.getName());
if (isNewItem && access!=AccessType.READ_ONLY)
for (ACL entry: acls) {
Authorizable authorizable = userManager.getAuthorizable(entry.getPricipal());
if ((!authorizable.isGroup() && entry.getPricipal().equals(userToCheck)) || (authorizable.isGroup() && ((Group) authorizable).isMember(UserAuthorizable))){
for (AccessType privilege : entry.getAccessTypes()){
if (isNewItem && privilege!=AccessType.READ_ONLY)
return;
else
if (!isNewItem &&
(access==AccessType.ADMINISTRATOR || access==AccessType.WRITE_ALL || (access==AccessType.WRITE_OWNER && item.getOwner().equals(userToCheck))))
(privilege==AccessType.ADMINISTRATOR || privilege==AccessType.WRITE_ALL || (privilege==AccessType.WRITE_OWNER && item.getOwner().equals(userToCheck))))
return;
}
@ -185,14 +155,19 @@ public class AuthorizationChecker {
}
//newItem means that a new item will be created and id is the destination directory
public void checkWriteAuthorizationControl(Session session, String id, boolean isNewItem) throws UserNotAuthorizedException, BackendGenericError, RepositoryException {
public void checkWriteAuthorizationControl(Session session, String userToCheck , String id, boolean isNewItem) throws UserNotAuthorizedException, BackendGenericError, RepositoryException {
//in case of newItem the id is the parent otherwise the old node to replace
Node node = session.getNodeByIdentifier(id);
Item item = node2Item.getItem(node, Excludes.ALL);
checkWriteAuthorizationControl(session, item, node, isNewItem);
checkWriteAuthorizationControl(session, userToCheck, item, node, isNewItem);
}
/**
*
* checks if item with {id} can be moved
*
*/
public void checkMoveOpsForProtectedFolders(Session session, String id) throws InvalidCallParameters, BackendGenericError, RepositoryException {
Node node = session.getNodeByIdentifier(id);
Item item = node2Item.getItem(node, Excludes.ALL);
@ -202,56 +177,28 @@ public class AuthorizationChecker {
}
public void checkAdministratorControl(Session session, SharedFolder item) throws UserNotAuthorizedException, BackendGenericError, RepositoryException {
/**
*
* checks if {userToCheck} is an admin for {item}
*
*/
public void checkAdministratorControl(Session session, String userToCheck, SharedFolder item) throws UserNotAuthorizedException, BackendGenericError, RepositoryException {
if (item==null) throw new UserNotAuthorizedException("Insufficent Privileges for user "+userToCheck+": it's not a valid StorageHub node");
Node node = session.getNodeByIdentifier(item.getId());
if (item.isShared()) {
Node parentSharedNode = retrieveSharedFolderParent(node, session);
JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentSharedNode.getPath());
AccessControlEntry[] entries = accessControlList.getAccessControlEntries();
//put it in a different method
SharedFolder parentShared = node2Item.getItem(parentSharedNode, Excludes.EXCLUDE_ACCOUNTING);
for (AccessControlEntry entry: entries) {
if (entry.getPrincipal().getName().equals(userToCheck) || (parentShared.isVreFolder() && entry.getPrincipal().getName().equals(parentShared.getTitle()))) {
for (Privilege privilege : entry.getPrivileges()){
AccessType access = AccessType.fromValue(privilege.getName());
if (access==AccessType.ADMINISTRATOR)
List<ACL> acls = aclManager.get(item, session);
for (ACL entry: acls) {
if (entry.getPricipal().equals(userToCheck)) {
for (AccessType privilege : entry.getAccessTypes()){
if (privilege==AccessType.ADMINISTRATOR)
return;
}
//throw new UserNotAuthorizedException("The user "+login+" is not an administrator of node with id "+item.getId());
}
}
} //else should never happen
}
throw new UserNotAuthorizedException("The user "+userToCheck+" is not an administrator of node with id "+item.getId());
}
/*
private String retrieveOwner(Node node) {
Node nodeOwner;
//get Owner
try{
return node.getProperty(NodeProperty.PORTAL_LOGIN.toString()).getString();
}catch (Exception e) {
try {
nodeOwner = node.getNode(NodeProperty.OWNER.toString());
return nodeOwner.getProperty(NodeProperty.PORTAL_LOGIN.toString()).getString();
// this.userId = nodeOwner.getProperty(USER_ID).getString();
// this.portalLogin = nodeOwner.getProperty(PORTAL_LOGIN).getString();
// node.getSession().save();
} catch (Exception e1) {
throw new RuntimeException(e1);
}
}
}
*/
}

@ -23,6 +23,8 @@ public class Constants {
public static final String ADMIN_PARAM_PWD ="admin-pwd";
public static final String HOME_VERSION_PROP = "hl:version";
public static final List<String> FOLDERS_TO_EXLUDE = Arrays.asList(Constants.OLD_VRE_FOLDER_PARENT_NAME, Constants.TRASH_ROOT_FOLDER_NAME);
public static final List<String> WRITE_PROTECTED_FOLDER = Arrays.asList(Constants.OLD_VRE_FOLDER_PARENT_NAME, Constants.TRASH_ROOT_FOLDER_NAME);

@ -1,9 +1,12 @@
package org.gcube.data.access.storagehub;
import javax.inject.Singleton;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.storagehub.model.Paths;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.gcube.common.storagehub.model.Path;
import org.gcube.common.storagehub.model.Paths;
@Singleton
public class PathUtil {
@ -17,26 +20,43 @@ public class PathUtil {
}
@Deprecated
public Path getOldTrashPath(String login){
private Path getOldTrashPath(String login){
return Paths.append(getWorkspacePath(login),Constants.TRASH_ROOT_FOLDER_NAME);
}
public Path getTrashPath(String login){
private Path getNewTrashPath(String login){
return Paths.append(getHome(login), Constants.TRASH_ROOT_FOLDER_NAME);
}
@Deprecated
public Path getOldVREsPath(String login){
private Path getOldVREsPath(String login){
return Paths.append(getWorkspacePath(login),Constants.OLD_VRE_FOLDER_PARENT_NAME);
}
public Path getVREsPath(String login){
return Paths.append(getWorkspacePath(login),Constants.PERSONAL_VRES_FOLDER_PARENT_NAME);
private Path getNewVREsPath(String login){
return Paths.append(getHome(login),Constants.PERSONAL_VRES_FOLDER_PARENT_NAME);
}
public Path getSharedWithMePath(String login){
return Paths.append(getWorkspacePath(login),Constants.SHARED_WITH_ME_PARENT_NAME);
}
public Path getVREsPath(String login, Session session) throws RepositoryException {
Path home = getHome(login);
Node node = session.getNode(home.toPath());
if (node.hasProperty(Constants.HOME_VERSION_PROP) && node.getProperty(Constants.HOME_VERSION_PROP).getLong()>0)
return getNewVREsPath(login);
else
return getOldVREsPath(login);
}
public Path getTrashPath(String login, Session session) throws RepositoryException {
Path home = getHome(login);
Node node = session.getNode(home.toPath());
if (node.hasProperty(Constants.HOME_VERSION_PROP) && node.getProperty(Constants.HOME_VERSION_PROP).getLong()>0)
return getNewTrashPath(login);
else
return getOldTrashPath(login);
}
}

@ -15,7 +15,6 @@ import org.gcube.data.access.storagehub.services.ItemsCreator;
import org.gcube.data.access.storagehub.services.ItemsManager;
import org.gcube.data.access.storagehub.services.UserManager;
import org.gcube.data.access.storagehub.services.WorkspaceManager;
import org.gcube.data.access.storagehub.services.admin.NodeManagerAdmin;
import org.gcube.data.access.storagehub.services.admin.ScriptManager;
import org.glassfish.jersey.media.multipart.MultiPartFeature;
@ -34,7 +33,6 @@ public class StorageHub extends Application {
classes.add(ItemSharing.class);
classes.add(UserManager.class);
classes.add(GroupManager.class);
classes.add(NodeManagerAdmin.class);
classes.add(ScriptManager.class);
classes.add(MultiPartFeature.class);
classes.add(SerializableErrorEntityTextWriter.class);

@ -16,7 +16,6 @@ import java.util.Set;
import java.util.function.Predicate;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.PathNotFoundException;
@ -26,14 +25,15 @@ import javax.jcr.lock.Lock;
import javax.jcr.lock.LockException;
import javax.jcr.query.Query;
import javax.jcr.version.Version;
import org.apache.commons.io.FilenameUtils;
import org.apache.jackrabbit.util.ISO9075;
import org.apache.jackrabbit.util.Text;
import org.gcube.common.storagehub.model.Excludes;
import org.gcube.common.storagehub.model.Paths;
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
import org.gcube.common.storagehub.model.exceptions.IdNotFoundException;
import org.gcube.common.storagehub.model.exceptions.ItemLockedException;
import org.gcube.common.storagehub.model.exceptions.StorageHubException;
import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException;
import org.gcube.common.storagehub.model.items.AbstractFileItem;
import org.gcube.common.storagehub.model.items.ExternalLink;
@ -48,6 +48,7 @@ import org.gcube.data.access.storagehub.handlers.StorageBackendHandler;
import org.gcube.data.access.storagehub.handlers.VersionHandler;
import org.gcube.data.access.storagehub.handlers.items.Item2NodeConverter;
import org.gcube.data.access.storagehub.handlers.items.Node2ItemConverter;
import org.gcube.data.access.storagehub.handlers.items.builders.FolderCreationParameters;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -107,7 +108,7 @@ public class Utils {
}
public static <T extends Item> List<T> serachByNameOnFolder(Session ses, AuthorizationChecker authChecker, Node parent, List<String> excludes, Range range, boolean showHidden, boolean excludeTrashed, Class<? extends Item> nodeTypeToInclude, String nameParam) throws RepositoryException, BackendGenericError{
public static <T extends Item> List<T> serachByNameOnFolder(Session ses, String user, AuthorizationChecker authChecker, Node parent, List<String> excludes, Range range, boolean showHidden, boolean excludeTrashed, Class<? extends Item> nodeTypeToInclude, String nameParam) throws RepositoryException, BackendGenericError{
String xpath = String.format("/jcr:root%s//element(*,nthl:workspaceItem)[jcr:like(fn:lower-case(@jcr:title), '%s')]",ISO9075.encodePath(parent.getPath()), nameParam.toLowerCase());
//String query = String.format("SELECT * FROM [nthl:workspaceLeafItem] AS node WHERE ISDESCENDANTNODE('%s') ORDER BY node.[jcr:lastModified] DESC ",vreFolder.getPath());
@ -121,13 +122,11 @@ public class Utils {
@Override
public boolean test(Node t) {
try {
authChecker.checkReadAuthorizationControl(t.getSession(), t.getIdentifier());
authChecker.checkReadAuthorizationControl(t.getSession(), user, t.getIdentifier());
return true;
} catch (UserNotAuthorizedException | BackendGenericError | RepositoryException e) {
return false;
}
}
};
@ -343,16 +342,23 @@ public class Utils {
}
public static Node createFolderInternally(Session ses, String login, Node destinationNode, String name, String description, boolean hidden, AccountingHandler accountingHandler) throws BackendGenericError {
logger.debug("creating folder {} in {}", name, destinationNode);
String uniqueName = Utils.checkExistanceAndGetUniqueName(ses, destinationNode, name);
public static Node createFolderInternally(FolderCreationParameters params, AccountingHandler accountingHandler) throws StorageHubException {
logger.debug("creating folder {} in {}", params.getName(), params.getParentId());
Node destinationNode;
try {
destinationNode = params.getSession().getNodeByIdentifier(params.getParentId());
}catch (RepositoryException e) {
throw new IdNotFoundException(params.getParentId());
}
String uniqueName = Utils.checkExistanceAndGetUniqueName(params.getSession(), destinationNode, params.getName());
FolderItem item = new FolderItem();
Calendar now = Calendar.getInstance();
item.setName(uniqueName);
item.setTitle(uniqueName);
item.setDescription(description);
item.setDescription(params.getDescription());
//TODO: item.setExternalStorage();
//item.setCreationTime(now);
boolean hiddenDestNode= false;
@ -360,17 +366,17 @@ public class Utils {
hiddenDestNode = destinationNode.getProperty(NodeProperty.HIDDEN.toString()).getBoolean();
}catch (Throwable e) {}
item.setHidden(hidden || hiddenDestNode);
item.setHidden(params.isHidden() || hiddenDestNode);
item.setLastAction(ItemAction.CREATED);
item.setLastModificationTime(now);
item.setLastModifiedBy(login);
item.setOwner(login);
item.setLastModifiedBy(params.getUser());
item.setOwner(params.getUser());
item.setPublicItem(false);
Node newNode = new Item2NodeConverter().getNode(destinationNode, item);
if (accountingHandler!=null) {
accountingHandler.createFolderAddObj(name, item.getClass().getSimpleName(), null, ses, login, destinationNode, false);
accountingHandler.createEntryCreate(item.getTitle(), ses, newNode, login, false);
accountingHandler.createFolderAddObj(uniqueName, item.getClass().getSimpleName(), null, params.getSession(), params.getUser(), destinationNode, false);
accountingHandler.createEntryCreate(item.getTitle(), params.getSession(), newNode, params.getUser(), false);
}
return newNode;
}

@ -16,7 +16,6 @@ import javax.jcr.Session;
import javax.jcr.lock.LockException;
import org.gcube.common.authorization.library.AuthorizedTasks;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.storagehub.model.Excludes;
import org.gcube.common.storagehub.model.Paths;
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
@ -47,12 +46,12 @@ public class TrashHandler {
@Inject
VersionHandler versionHandler;
@Inject
AccountingHandler accountingHandler;
@Inject
AuthorizationChecker authChecker;
@Inject
AccountingHandler accountingHandler;
@Inject
Item2NodeConverter item2Node;
@ -99,7 +98,6 @@ public class TrashHandler {
log.debug("content ids to remove are {}",contentIdsToDelete);
Runnable deleteFromStorageRunnable = AuthorizedTasks.bind(new Runnable() {
@Override
public void run() {
for (String id: contentIdsToDelete) {
@ -110,7 +108,6 @@ public class TrashHandler {
log.warn("error removing file on storage with id {}",id, t);
}
}
}
});
executor.execute(deleteFromStorageRunnable);
@ -125,9 +122,10 @@ public class TrashHandler {
public void moveToTrash(Session ses, Node nodeToDelete, Item item, String login) throws RepositoryException, BackendGenericError{
log.debug("moving node {} to trash ",item.getId());
final Node trashFolder = ses.getNode(pathUtil.getOldTrashPath(login).toPath());
final Node trashFolder = ses.getNode(pathUtil.getTrashPath(login, ses).toPath());
try {
ses.getWorkspace().getLockManager().lock(trashFolder.getPath(), true, true, 0,login);
ses.getWorkspace().getLockManager().lock(nodeToDelete.getPath(), true, true, 0,login);
@ -190,7 +188,7 @@ public class TrashHandler {
}
public String restoreItem(Session ses, TrashItem item, FolderItem destination, String login) throws RepositoryException, StorageHubException, BackendGenericError{
log.debug("restoring node from trash");
log.debug("restoring node from trash with user ");
//final Node trashFolder = ses.getNode(Paths.append(Utils.getHomePath(),Constants.TRASH_ROOT_FOLDER_NAME).toPath());
Node destinationNode= null;
@ -227,7 +225,7 @@ public class TrashHandler {
destinationNode = node;
}
authChecker.checkWriteAuthorizationControl(ses, destinationNode.getIdentifier(), true );
authChecker.checkWriteAuthorizationControl(ses, login, destinationNode.getIdentifier(), true );
ses.getWorkspace().getLockManager().lock(destinationNode.getPath(), true, true, 0,login);
String newNodePath = null;

@ -67,7 +67,7 @@ public class UnshareHandler {
return _unshare(ses, users, sharedNode, login, false);
}
public String _unshare(Session ses, Set<String> users, Node sharedNode, String login, boolean withCopyOnUnshare) throws RepositoryException, StorageHubException{
private String _unshare(Session ses, Set<String> users, Node sharedNode, String login, boolean withCopyOnUnshare) throws RepositoryException, StorageHubException{
Item item = node2Item.getItem(sharedNode, Excludes.ALL);
if (!(item instanceof FolderItem) || !((FolderItem) item).isShared() || ((SharedFolder) item).isVreFolder()) {
log.warn("this item type cannot be unshared {}",item.getClass().getSimpleName());
@ -124,18 +124,6 @@ public class UnshareHandler {
if (withCopyCreation) {
//take the admin folder and remove his clone then move the shared folder from share to the user home and change the folder type
/*
String adminDirPath = (String)item.getUsers().getMap().get(login);
String[] splitString = adminDirPath.split("/");
String parentDirectoryId = splitString[0];
String directoryName = splitString[1];
Node parentNode = ses.getNodeByIdentifier(parentDirectoryId);
log.debug("parent node path is {}/{}",parentNode.getPath(), directoryName);
Node adminNode = ses.getNode(String.format("%s/%s",parentNode.getPath(), directoryName));
adminNode.removeShare(); */
Node sharedOwnerNode = null;
NodeIterator it = sharedItemNode.getSharedSet();
while(it.hasNext()) {
@ -250,7 +238,7 @@ public class UnshareHandler {
private String unsharePartial(Set<String> usersToUnshare, String login, Session ses, SharedFolder item) throws StorageHubException, RepositoryException {
log.info("unshare partial");
authChecker.checkAdministratorControl(ses, (SharedFolder)item);
authChecker.checkAdministratorControl(ses, login, (SharedFolder)item);
if (usersToUnshare.contains(item.getOwner()))
throw new UserNotAuthorizedException("user "+login+" not authorized to unshare owner");

@ -35,6 +35,7 @@ import org.gcube.common.storagehub.model.exceptions.IdNotFoundException;
import org.gcube.common.storagehub.model.exceptions.InvalidCallParameters;
import org.gcube.common.storagehub.model.exceptions.InvalidItemException;
import org.gcube.common.storagehub.model.exceptions.ItemLockedException;
import org.gcube.common.storagehub.model.exceptions.StorageHubException;
import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException;
import org.gcube.common.storagehub.model.items.AbstractFileItem;
import org.gcube.common.storagehub.model.items.FolderItem;
@ -68,6 +69,9 @@ public class ItemHandler {
@Inject
ContentHandlerFactory contenthandlerFactory;
@Inject
AuthorizationChecker authChecker;
@Inject
VersionHandler versionHandler;
@ -81,7 +85,7 @@ public class ItemHandler {
private static Logger log = LoggerFactory.getLogger(ItemHandler.class);
public <T extends CreateParameters> String create(T parameters, AuthorizationChecker authChecker) throws Exception{
public <T extends CreateParameters> String create(T parameters) throws Exception{
Session ses = parameters.getSession();
Node destination;
@ -94,26 +98,26 @@ public class ItemHandler {
if (!node2Item.checkNodeType(destination, FolderItem.class))
throw new InvalidItemException("the destination item is not a folder");
authChecker.checkWriteAuthorizationControl(ses, destination.getIdentifier(), true);
authChecker.checkWriteAuthorizationControl(ses, parameters.getUser(), destination.getIdentifier(), true);
try {
Node newNode = null;
switch (parameters.getMangedType()) {
case FILE:
newNode = create((FileCreationParameters)parameters, authChecker, destination);
newNode = create((FileCreationParameters)parameters, destination);
break;
case FOLDER:
newNode = create((FolderCreationParameters)parameters, authChecker, destination);
newNode = create((FolderCreationParameters)parameters, destination);
break;
case ARCHIVE:
newNode = create((ArchiveStructureCreationParameter)parameters, authChecker, destination);
newNode = create((ArchiveStructureCreationParameter)parameters, destination);
break;
case URL:
newNode = create((URLCreationParameters) parameters, authChecker, destination);
newNode = create((URLCreationParameters) parameters, destination);
break;
case GCUBEITEM:
newNode = create((GCubeItemCreationParameters) parameters, authChecker, destination);
newNode = create((GCubeItemCreationParameters) parameters, destination);
break;
default:
throw new InvalidCallParameters("Item not supported");
@ -128,15 +132,15 @@ public class ItemHandler {
}
private Node create(FolderCreationParameters params, AuthorizationChecker authChecker, Node destination) throws Exception{
private Node create(FolderCreationParameters params, Node destination) throws Exception{
Utils.acquireLockWithWait(params.getSession(), destination.getPath(), false, params.getUser(), 10);
Node newNode = Utils.createFolderInternally(params.getSession(), params.getUser(), destination, params.getName(), params.getDescription(), params.isHidden(), accountingHandler);
Node newNode = Utils.createFolderInternally(params, accountingHandler);
params.getSession().save();
return newNode;
}
private Node create(FileCreationParameters params, AuthorizationChecker authChecker, Node destination) throws Exception{
Node newNode = createFileItemInternally(params.getSession(), authChecker, destination, params.getStream(), params.getName(), params.getDescription(), params.getUser(), true);
private Node create(FileCreationParameters params, Node destination) throws Exception{
Node newNode = createFileItemInternally(params.getSession(), destination, params.getStream(), params.getName(), params.getDescription(), params.getUser(), true);
params.getSession().save();
versionHandler.checkinContentNode(newNode, params.getSession());
@ -144,16 +148,17 @@ public class ItemHandler {
return newNode;
}
private Node create(URLCreationParameters params, AuthorizationChecker authChecker, Node destination) throws Exception{
private Node create(URLCreationParameters params, Node destination) throws Exception{
Utils.acquireLockWithWait(params.getSession(), destination.getPath(), false, params.getUser(), 10);
Node newNode = Utils.createURLInternally(params.getSession(), destination, params.getName(), params.getUrl(), params.getDescription(), params.getUser(), accountingHandler);
params.getSession().save();
return newNode;
}
private Node create(ArchiveStructureCreationParameter params, AuthorizationChecker authChecker, Node destination) throws Exception{
private Node create(ArchiveStructureCreationParameter params, Node destination) throws Exception{
Utils.acquireLockWithWait(params.getSession(), destination.getPath(), false, params.getUser(), 10);
Node parentDirectoryNode = Utils.createFolderInternally(params.getSession(), params.getUser(), destination, params.getParentFolderName(), "", false, accountingHandler);
FolderCreationParameters folderParameters = FolderCreationParameters.builder().name(params.getParentFolderName()).author(params.getUser()).on(destination.getIdentifier()).with(params.getSession()).build();
Node parentDirectoryNode = Utils.createFolderInternally(folderParameters, accountingHandler);
params.getSession().save();
try {
if (params.getSession().getWorkspace().getLockManager().isLocked(destination.getPath()))
@ -176,19 +181,6 @@ public class ItemHandler {
if (entry.isDirectory()) {
log.debug("creating directory with entire path {} ", entirePath);
createPath(entirePath, directoryNodeMap, parentDirectoryNode, params.getSession(), params.getUser());
/*
Node createdNode;
if (parentPath.isEmpty()) {
createdNode = Utils.createFolderInternally(params.getSession(), parentDirectoryNode, name, "", false, params.getUser(), accountingHandler);
}else {
Node parentNode = directoryNodeMap.get(parentPath);
if (parentNode==null)
createdNode = Utils.createFolderInternally(params.getSession(), parentNode, name, "", false, params.getUser(), accountingHandler);
}*/
//directoryNodeMap.put(entirePath, createdNode);
continue;
} else {
try {
@ -198,13 +190,13 @@ public class ItemHandler {
log.debug("creating file with entire path {}, name {}, parentPath {} ", entirePath, name, parentPath);
Node fileNode = null;
if (parentPath.isEmpty())
fileNode = createFileItemInternally(params.getSession(), authChecker, parentDirectoryNode, input, name, "", params.getUser(), false);
fileNode = createFileItemInternally(params.getSession(), parentDirectoryNode, input, name, "", params.getUser(), false);
else {
Node parentNode = directoryNodeMap.get(parentPath);
if (parentNode ==null)
parentNode = createPath(parentPath, directoryNodeMap, parentDirectoryNode, params.getSession(), params.getUser());
fileNode = createFileItemInternally(params.getSession(), authChecker, parentNode, input, name, "", params.getUser(), false);
fileNode = createFileItemInternally(params.getSession(), parentNode, input, name, "", params.getUser(), false);
}
fileNodes.add(fileNode);
}catch(Exception e) {
@ -221,7 +213,7 @@ public class ItemHandler {
return parentDirectoryNode;
}
private Node createPath(String parentPath, Map<String, Node> directoryNodeMap, Node rootNode, Session ses, String user) throws BackendGenericError{
private Node createPath(String parentPath, Map<String, Node> directoryNodeMap, Node rootNode, Session ses, String user) throws StorageHubException, RepositoryException{
String[] parentPathSplit = parentPath.split("/");
String name = parentPathSplit[parentPathSplit.length-1];
StringBuilder relParentPath = new StringBuilder();
@ -229,7 +221,8 @@ public class ItemHandler {
relParentPath.append(parentPathSplit[i]).append("/");
if (relParentPath.toString().isEmpty()) {
Node createdNode = Utils.createFolderInternally(ses, user, rootNode, name, "", false, accountingHandler);
FolderCreationParameters folderParameters = FolderCreationParameters.builder().name(name).author(user).on(rootNode.getIdentifier()).with(ses).build();
Node createdNode = Utils.createFolderInternally(folderParameters, accountingHandler);
directoryNodeMap.put(name+"/", createdNode);
return createdNode;
}else {
@ -238,26 +231,27 @@ public class ItemHandler {
relParentNode = createPath(relParentPath.toString(), directoryNodeMap, rootNode, ses, user);
}
Node createdNode = Utils.createFolderInternally(ses, user, relParentNode, name, "", false, accountingHandler);
FolderCreationParameters folderParameters = FolderCreationParameters.builder().name(name).author(user).on(relParentNode.getIdentifier()).with(ses).build();
Node createdNode = Utils.createFolderInternally(folderParameters, accountingHandler);
directoryNodeMap.put(relParentPath.append(name).append("/").toString(), createdNode);
return createdNode;
}
}
private Node create(GCubeItemCreationParameters params, AuthorizationChecker authChecker, Node destination) throws Exception{
private Node create(GCubeItemCreationParameters params, Node destination) throws Exception{
Utils.acquireLockWithWait(params.getSession(), destination.getPath(), false, params.getUser(), 10);
Node newNode = Utils.createGcubeItemInternally(params.getSession(), destination, params.getItem().getName(), params.getItem().getDescription(), params.getUser(), params.getItem(), accountingHandler);
params.getSession().save();
return newNode;
}
private Node createFileItemInternally(Session ses, AuthorizationChecker authChecker, Node destinationNode, InputStream stream, String name, String description, String login, boolean withLock) throws RepositoryException, UserNotAuthorizedException, ItemLockedException, BackendGenericError{
private Node createFileItemInternally(Session ses, Node destinationNode, InputStream stream, String name, String description, String login, boolean withLock) throws RepositoryException, UserNotAuthorizedException, ItemLockedException, BackendGenericError{
Node newNode;
try {
newNode = ses.getNode(org.gcube.common.storagehub.model.Paths.append(org.gcube.common.storagehub.model.Paths.getPath(destinationNode.getPath()), name).toPath());
authChecker.checkWriteAuthorizationControl(ses, newNode.getIdentifier(), false);
authChecker.checkWriteAuthorizationControl(ses, login, newNode.getIdentifier(), false);
AbstractFileItem item = fillItemWithContent(stream, name, description, destinationNode.getPath(), login);
item.setHidden(destinationNode.getProperty(NodeProperty.HIDDEN.toString()).getBoolean());
if (withLock) {
@ -277,7 +271,7 @@ public class ItemHandler {
if (withLock) ses.getWorkspace().getLockManager().unlock(newNode.getPath());
}
}catch(PathNotFoundException pnf) {
authChecker.checkWriteAuthorizationControl(ses, destinationNode.getIdentifier(), true);
authChecker.checkWriteAuthorizationControl(ses, login, destinationNode.getIdentifier(), true);
AbstractFileItem item = fillItemWithContent(stream, name, description, destinationNode.getPath(), login);
if (withLock) {
try {

@ -12,6 +12,8 @@ import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Consumer;
import java.util.function.Function;
import javax.inject.Singleton;
import javax.jcr.Node;
@ -48,10 +50,10 @@ import org.slf4j.LoggerFactory;
public class Node2ItemConverter {
private static final Logger logger = LoggerFactory.getLogger(Node2ItemConverter.class);
private static HashMap<Class<?>, Map<String, Class>> typeToSubtypeMap = new HashMap<>();
public <T extends Item> T getFilteredItem(Node node, List<String> excludes, Class<? extends Item> nodeTypeToInclude) throws RepositoryException, BackendGenericError{
@SuppressWarnings("unchecked")
Class<T> classToHandle = (Class<T>)ClassHandler.instance().get(node.getPrimaryNodeType().getName());
@ -64,7 +66,7 @@ public class Node2ItemConverter {
Node node = session.getNodeByIdentifier(nodeIdentifier);
return getItem(node, excludes);
}
public <T extends Item> T getItem(Node node, List<String> excludes) throws RepositoryException, BackendGenericError{
@SuppressWarnings("unchecked")
Class<T> classToHandle = (Class<T>)ClassHandler.instance().get(node.getPrimaryNodeType().getName());
@ -77,7 +79,7 @@ public class Node2ItemConverter {
if (sharedNode.getPath().startsWith(Utils.getWorkspacePath().toPath())) {
nodeToRetrieve = sharedNode;
}
}
}*/
T item = retrieveItem(node, excludes, classToHandle);
@ -95,34 +97,24 @@ public class Node2ItemConverter {
}
item.setId(node.getIdentifier());
item.setName(Text.unescapeIllegalJcrChars(node.getName()));
item.setPath(Text.unescapeIllegalJcrChars(node.getPath()));
item.setLocked(node.isLocked());
item.setPrimaryType(node.getPrimaryNodeType().getName());
Item parent = null ;
if (item instanceof SharedFolder) {
logger.trace("I'm in a Shared Folder");
item.setShared(true);
}else {
try {
parent = getItem(node.getParent(), Excludes.ALL);
item.setShared(parent.isShared());
} catch(Exception e) {
item.setShared(false);
}
try {
item.setShared(SharedFolder.class.isInstance(item) ||
hasTypedParent(node, SharedFolder.class));
}catch (Exception e) {
item.setShared(false);
}
if (item instanceof TrashItem)
item.setTrashed(true);
else {
try {
if (parent==null)
parent = getItem(node.getParent(), Excludes.ALL);
item.setTrashed(parent.isTrashed());
} catch(Exception e) {
item.setTrashed(false);
}
try {
item.setTrashed(TrashItem.class.isInstance(item) ||
hasTypedParent(node, TrashItem.class));
}catch (Exception e) {
item.setTrashed(false);
}
try{
@ -168,6 +160,15 @@ public class Node2ItemConverter {
return item;
}
private <T extends Item> boolean hasTypedParent(Node node, Class<T> parentType) throws BackendGenericError, RepositoryException{
if(node==null) return false;
return checkNodeType(node, parentType) || hasTypedParent(node.getParent(), parentType);
}
private <T> T iterateNodeAttributeFields(Class<T> clazz, Node node) throws Exception{
T obj = clazz.newInstance();
for (Field field : retrieveAllFields(clazz)){
@ -294,7 +295,7 @@ public class Node2ItemConverter {
}while ((currentClass =currentClass.getSuperclass())!=null);
return fields;
}
private Object getPropertyValue(Property prop) throws Exception{
if (prop.isMultiple()){
Object[] values = new Object[prop.getValues().length];
@ -306,7 +307,7 @@ public class Node2ItemConverter {
return getSingleValue(prop.getValue());
}
private Object getSingleValue(Value value) throws Exception{
switch (value.getType()) {
case PropertyType.DATE:
@ -319,7 +320,7 @@ public class Node2ItemConverter {
return value.getString();
}
}
private Object[] getArrayValue(Property prop) throws Exception{
Object[] values = new Object[prop.getValues().length];
int i = 0;
@ -328,18 +329,18 @@ public class Node2ItemConverter {
return values;
}
//Checks if a node is a subtype od classToCompare
//Checks if a node is a subtype of classToCompare
public boolean checkNodeType(Node node, Class<? extends Item> classToCompare) throws BackendGenericError{
try {
logger.trace("class from nodetype is {} and class to compare is {}",ClassHandler.instance().get(node.getPrimaryNodeType().getName()), classToCompare);
return classToCompare.isAssignableFrom(ClassHandler.instance().get(node.getPrimaryNodeType().getName()));
//(node.isNodeType(ClassHandler.instance().getNodeType(classToCompare)));
}catch (Throwable e) {
throw new BackendGenericError(e);
}
}
}

@ -2,12 +2,15 @@ package org.gcube.data.access.storagehub.handlers.items.builders;
import java.util.Objects;
import org.gcube.common.storagehub.model.plugins.PluginParameters;
public class FolderCreationParameters extends CreateParameters {
String name;
String description;
boolean hidden = false;
private String name;
private String description="";
private boolean hidden = false;
private String externalPluginName = null;
private PluginParameters externalPluginParameters = null;
protected FolderCreationParameters() {}
@ -23,6 +26,18 @@ public class FolderCreationParameters extends CreateParameters {
return hidden;
}
public boolean isExternal() {
return externalPluginName!=null;
}
public String getPluginName(String name) {
return this.externalPluginName;
}
public PluginParameters getPluginParameters() {
return externalPluginParameters;
}
@Override
protected boolean isValid() {
return Objects.nonNull(name) && Objects.nonNull(description);
@ -55,12 +70,33 @@ public class FolderCreationParameters extends CreateParameters {
return this;
}
public ExternalFolderCreationBuilder onRepository(String pluginName) {
return new ExternalFolderCreationBuilder(pluginName, this);
}
public FolderCreationBuilder hidden(boolean hidden) {
parameters.hidden = hidden;
return this;
}
}
public static class ExternalFolderCreationBuilder {
FolderCreationBuilder cb;
protected ExternalFolderCreationBuilder(String pluginName, FolderCreationBuilder cb) {
this.cb.parameters.externalPluginName = pluginName;
}
public FolderCreationBuilder withParameters(PluginParameters params){
this.cb.parameters.externalPluginParameters = params;
return this.cb;
}
}
@Override
public ManagedType getMangedType() {

@ -0,0 +1,29 @@
package org.gcube.data.access.storagehub.handlers.plugins;
import java.util.Map;
import java.util.stream.Collectors;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.gcube.common.storagehub.model.exceptions.PluginNotFoundException;
import org.gcube.common.storagehub.model.plugins.ExternalFolderManagerConnector;
@Singleton
public class ExternalFolderPluginHandler {
@Inject
private Instance<ExternalFolderManagerConnector> connectors;
private Map<String, ExternalFolderManagerConnector> connectorsMap;
ExternalFolderPluginHandler(){
connectorsMap = connectors.stream().collect(Collectors.toMap(ExternalFolderManagerConnector::getName, e -> e ));
}
public ExternalFolderManagerConnector getConnector(String name) throws PluginNotFoundException {
if (!connectorsMap.containsKey(name)) throw new PluginNotFoundException("plugin "+name+" not found");
return connectorsMap.get(name);
}
}

@ -1,4 +1,4 @@
package org.gcube.data.access.storagehub.handlers;
package org.gcube.data.access.storagehub.handlers.vres;
import java.util.List;
import java.util.concurrent.ExecutorService;
@ -21,7 +21,7 @@ public class VRE {
private VREQueryRetriever vreQueryRetriever;
private ExecutorService executor;
public VRE(Item item, Repository repository, SimpleCredentials credentials, ExecutorService executor) {
protected VRE(Item item, Repository repository, SimpleCredentials credentials, ExecutorService executor) {
super();
this.vreFolder = item;
this.executor = executor;

@ -1,4 +1,4 @@
package org.gcube.data.access.storagehub.handlers;
package org.gcube.data.access.storagehub.handlers.vres;
import java.util.HashMap;
import java.util.List;
@ -16,11 +16,16 @@ import javax.jcr.SimpleCredentials;
import javax.jcr.query.Query;
import javax.servlet.ServletContext;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.scope.impl.ScopeBean;
import org.gcube.common.scope.impl.ScopeBean.Type;
import org.gcube.common.storagehub.model.Paths;
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
import org.gcube.common.storagehub.model.exceptions.InvalidCallParameters;
import org.gcube.common.storagehub.model.exceptions.StorageHubException;
import org.gcube.common.storagehub.model.items.Item;
import org.gcube.data.access.storagehub.Constants;
import org.gcube.data.access.storagehub.PathUtil;
@ -64,7 +69,7 @@ public class VREManager {
}
public synchronized VRE putVRE(Item vreFolder) {
private synchronized VRE putVRE(Item vreFolder) {
logger.trace("inserting VRE {}",vreFolder.getTitle());
if (vreMap.containsKey(vreFolder.getTitle())) throw new RuntimeException("something went wrong (vre already present in the map)");
else {
@ -74,40 +79,33 @@ public class VREManager {
}
}
public synchronized VRE getVreFolderItem(Session ses, String userId, List<String> excludes ) throws RepositoryException, BackendGenericError{
org.gcube.common.storagehub.model.Path vrePath = Paths.append(pathUtil.getWorkspacePath(userId), Constants.OLD_VRE_FOLDER_PARENT_NAME);
public synchronized VRE getVreFolderItem(JackrabbitSession ses, String userId, List<String> excludes ) throws RepositoryException, StorageHubException{
ScopeBean bean = new ScopeBean(ScopeProvider.instance.get());
if (!bean.is(Type.VRE)) throw new BackendGenericError("the current scope is not a VRE");
String entireScopeName= bean.toString().replaceAll("^/(.*)/?$", "$1").replaceAll("/", "-");
VRE vre = this.getVRE(entireScopeName);
if (vre!=null) return vre;
else {
String query = String.format("SELECT * FROM [nthl:workspaceItem] As node WHERE node.[jcr:title] like '%s' AND ISDESCENDANTNODE('%s')",entireScopeName, vrePath.toPath());
Query jcrQuery = ses.getWorkspace().getQueryManager().createQuery(query, Constants.QUERY_LANGUAGE);
NodeIterator it = jcrQuery.execute().getNodes();
if (!it.hasNext()) throw new BackendGenericError("vre folder not found for context "+entireScopeName);
Node folder = it.nextNode();
Item vreFolder = node2Item.getItem(folder, excludes);
return this.putVRE(vreFolder);
}
return getVreFolderItemByGroupName(ses, entireScopeName, userId, excludes);
}
public synchronized VRE getVreFolderItemByGroupNameAndUser(Session ses, String goupName, String userId, List<String> excludes ) throws RepositoryException, BackendGenericError{
org.gcube.common.storagehub.model.Path vrePath = Paths.append(pathUtil.getWorkspacePath(userId), Constants.OLD_VRE_FOLDER_PARENT_NAME);
VRE vre = this.getVRE(goupName);
public synchronized VRE getVreFolderItemByGroupName(JackrabbitSession ses, String groupName, String userId, List<String> excludes ) throws RepositoryException, StorageHubException{
UserManager um = ses.getUserManager();
Group groupAuth = um.getAuthorizable(groupName, Group.class);
User userAuth = um.getAuthorizable(userId, User.class);
if (groupAuth == null || userAuth == null || !groupAuth.isMember(userAuth))
throw new InvalidCallParameters("error getting VRE with user "+userId+" for group "+groupName);
org.gcube.common.storagehub.model.Path vrePath = pathUtil.getVREsPath(userId, ses);
VRE vre = this.getVRE(groupName);
if (vre!=null) return vre;
else {
String query = String.format("SELECT * FROM [nthl:workspaceItem] As node WHERE node.[jcr:title] like '%s' AND ISDESCENDANTNODE('%s')",goupName, vrePath.toPath());
String query = String.format("SELECT * FROM [nthl:workspaceItem] As node WHERE node.[jcr:title] like '%s' AND ISDESCENDANTNODE('%s')",groupName, vrePath.toPath());
Query jcrQuery = ses.getWorkspace().getQueryManager().createQuery(query, Constants.QUERY_LANGUAGE);
NodeIterator it = jcrQuery.execute().getNodes();
if (!it.hasNext()) throw new BackendGenericError("vre folder not found for context "+goupName);
if (!it.hasNext()) throw new BackendGenericError("vre folder not found for context "+groupName);
Node folder = it.nextNode();
Item vreFolder = node2Item.getItem(folder, excludes);

@ -1,4 +1,4 @@
package org.gcube.data.access.storagehub.handlers;
package org.gcube.data.access.storagehub.handlers.vres;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
@ -78,23 +78,6 @@ public class VREQueryRetriever implements Callable<List<Item>> {
while (it.hasNext()) {
Node node = it.next();
//long lastModifiedTimeItem = node.getProperty(NodeProperty.LAST_MODIFIED.toString()).getLong();
//logger.debug("RECENTS - node {} has timestamp {} ", node.getProperty(NodeProperty.TITLE.toString()).getString(), lastModifiedTimeItem);
/*
if(cachedList.size()<=CACHE_DIMENSION || lastModifiedTimeItem>cachedList.get(CACHE_DIMENSION-1).getLastModificationTime().getTimeInMillis()) {
logger.debug("cachedList contains {}",cachedList.size());
if(cachedList.size()>=CACHE_DIMENSION) cachedList.remove(CACHE_DIMENSION-1);
Item item =node2Item.getItem(node, Excludes.EXCLUDE_ACCOUNTING);
int insertposition =0;
for(Item cachedItem: cachedList) {
if (cachedItem.getLastModificationTime().before(item.getLastModificationTime()))
break;
insertposition++;
}
cachedList.add(insertposition, item);
logger.debug("RECENTS - adding item {} with node {} in position {}",item.getTitle(), node.getName(), insertposition);
}*/
Item item = node2Item.getItem(node, Excludes.EXCLUDE_ACCOUNTING);
logger.debug("RECENTS - adding item {} with timestamp {}",item.getTitle(), item.getLastModificationTime().getTimeInMillis());
cachedList.add(item);

@ -1,9 +1,6 @@
package org.gcube.data.access.storagehub.services;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
@ -11,9 +8,6 @@ import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import javax.servlet.ServletContext;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
@ -22,17 +16,13 @@ import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse;
import org.gcube.common.storagehub.model.Excludes;
import org.gcube.common.storagehub.model.acls.ACL;
import org.gcube.common.storagehub.model.acls.AccessType;
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
import org.gcube.common.storagehub.model.exceptions.InvalidCallParameters;
@ -44,11 +34,13 @@ import org.gcube.common.storagehub.model.items.Item;
import org.gcube.common.storagehub.model.items.SharedFolder;
import org.gcube.common.storagehub.model.items.VreFolder;
import org.gcube.common.storagehub.model.types.ACLList;
import org.gcube.data.access.storagehub.AuthorizationChecker;
import org.gcube.data.access.storagehub.PathUtil;
import org.gcube.data.access.storagehub.StorageHubAppllicationManager;
import org.gcube.data.access.storagehub.handlers.CredentialHandler;
import org.gcube.data.access.storagehub.handlers.UnshareHandler;
import org.gcube.data.access.storagehub.handlers.items.Node2ItemConverter;
import org.gcube.data.access.storagehub.services.interfaces.ACLManagerInterface;
import org.gcube.smartgears.annotations.ManagedBy;
import org.gcube.smartgears.utils.InnerMethodName;
import org.glassfish.jersey.media.multipart.FormDataParam;
@ -67,17 +59,21 @@ public class ACLManager extends Impersonable {
@PathParam("id")
String id;
@Inject
AuthorizationChecker authChecker;
@Inject
PathUtil pathUtil;
@Context
ServletContext context;
@Inject UnshareHandler unshareHandler;
@Inject Node2ItemConverter node2Item;
@Inject UnshareHandler unshareHandler;
@Inject ACLManagerInterface aclManagerDelegate;
/**
* returns the AccessType for all the users in a shared folder
*
@ -90,38 +86,21 @@ public class ACLManager extends Impersonable {
public ACLList getACL() {
InnerMethodName.instance.set("getACLById");
Session ses = null;
List<ACL> acls = new ArrayList<>();
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkReadAuthorizationControl(ses,id);
String path = ses.getNodeByIdentifier(id).getPath();
log.info("checking acces for path {}",path);
JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(ses, path );
for (AccessControlEntry aclEntry : accessControlList.getAccessControlEntries()) {
ACL acl = new ACL();
acl.setPricipal(aclEntry.getPrincipal().getName());
List<AccessType> types = new ArrayList<>();
for (Privilege priv : aclEntry.getPrivileges())
try {
types.add(AccessType.fromValue(priv.getName()));
}catch (Exception e) {
log.warn(priv.getName()+" cannot be mapped to AccessTypes",e);
}
acl.setAccessTypes(types);
acls.add(acl);
}
Item item = node2Item.getItem(ses.getNodeByIdentifier(id), Excludes.ALL);
authChecker.checkReadAuthorizationControl(ses, currentUser, id);
return new ACLList(aclManagerDelegate.get(item, ses));
}catch(RepositoryException re){
log.error("jcr error getting acl", re);
GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error getting acl", re));
throw new WebApplicationException(new BackendGenericError("jcr error getting acl", re));
}catch(StorageHubException she ){
log.error(she.getErrorMessage(), she);
GXOutboundErrorResponse.throwException(she, Response.Status.fromStatusCode(she.getStatus()));
throw new WebApplicationException(she, Response.Status.fromStatusCode(she.getStatus()));
}finally{
if (ses!=null)
ses.logout();
}
return new ACLList(acls);
}
@ -141,13 +120,14 @@ public class ACLManager extends Impersonable {
@PUT
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Path("{id}/acls")
public void setACL(@FormDataParam("user") String user, @FormDataParam("access") AccessType accessType) {
public void updateACL(@FormDataParam("user") String user, @FormDataParam("access") AccessType accessType) {
InnerMethodName.instance.set("setACLById");
Session ses = null;
try{
try {
if (user==currentUser) throw new InvalidCallParameters("own ACLs cannot be modified");
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
Node node = ses.getNodeByIdentifier(id);
Item item = node2Item.getItem(node, Excludes.ALL);
@ -158,35 +138,16 @@ public class ACLManager extends Impersonable {
if (item.getOwner().equals(user))
throw new UserNotAuthorizedException("owner acl cannot be changed");
authChecker.checkAdministratorControl(ses, (SharedFolder) item);
SharedFolder folder = ((SharedFolder)item);
SharedFolder folder = (SharedFolder) item;
authChecker.checkAdministratorControl(ses, currentUser, folder);
if (folder.isVreFolder()) {
if (accessType==AccessType.ADMINISTRATOR) throw new InvalidCallParameters("a VRE admin cannot be changed with this method");
if (!user.equals(folder.getTitle())) throw new InvalidCallParameters("the groupId in the argument is different to the one of the VREFolder");
AccessControlManager acm = ses.getAccessControlManager();
JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, folder.getPath());
Privilege[] userPrivileges = new Privilege[] { acm.privilegeFromName(accessType.getValue()) };
AccessControlEntry aceToDelete = null;;
Principal principal = AccessControlUtils.getPrincipal(ses, user);
for (AccessControlEntry ace : acls.getAccessControlEntries())
if (ace.getPrincipal().equals(principal)) {
aceToDelete = ace;
break;
}
if (!user.equals(folder.getTitle())) throw new InvalidCallParameters("the groupId in the argument is different to the one of the VREFolder");
if (aceToDelete!= null)
acls.removeAccessControlEntry(aceToDelete);
acls.addAccessControlEntry(principal, userPrivileges);
acm.setPolicy(folder.getPath(), acls);
ses.save();
} else {
NodeIterator sharedSet = node.getSharedSet();
boolean found = false;
while (sharedSet.hasNext() && !found) {
@ -195,35 +156,17 @@ public class ACLManager extends Impersonable {
found = true;
}
if (!found)
throw new InvalidCallParameters("shared folder with id "+item.getId()+" is not shared with user "+user);
String path = node.getPath();
AccessControlManager acm = ses.getAccessControlManager();
JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, path);
Privilege[] userPrivileges = new Privilege[] { acm.privilegeFromName(accessType.getValue()) };
AccessControlEntry aceToDelete = null;;
Principal principal = AccessControlUtils.getPrincipal(ses, user);
for (AccessControlEntry ace : acls.getAccessControlEntries())
if (ace.getPrincipal().equals(principal)) {
aceToDelete = ace;
break;
}
if (aceToDelete!= null)
acls.removeAccessControlEntry(aceToDelete);
acls.addAccessControlEntry(principal, userPrivileges);
acm.setPolicy(path, acls);
ses.save();
throw new InvalidCallParameters("shared folder with id "+folder.getId()+" is not shared with user "+user);
}
aclManagerDelegate.update(user, folder, accessType, ses);
}catch(RepositoryException re){
log.error("jcr error extracting archive", re);
GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error setting acl", re));
throw new WebApplicationException(new BackendGenericError("jcr error setting acl", re));
}catch(StorageHubException she ){
log.error(she.getErrorMessage(), she);
GXOutboundErrorResponse.throwException(she, Response.Status.fromStatusCode(she.getStatus()));
throw new WebApplicationException(she, Response.Status.fromStatusCode(she.getStatus()));
}finally{
if (ses!=null)
ses.logout();
@ -243,6 +186,7 @@ public class ACLManager extends Impersonable {
* @exception {@link InvalidCallParameters} when the folder is not shared with the specified user
* @exception {@link InvalidItemException} when the folder is not share
*/
//TODO: is this method correct? can ACL be removed, is correct that this means an unshare operation?
@DELETE
@Consumes(MediaType.TEXT_PLAIN)
@Path("{id}/acls/{user}")
@ -255,7 +199,6 @@ public class ACLManager extends Impersonable {
Node node = ses.getNodeByIdentifier(id);
Item item = node2Item.getItem(node, Excludes.ALL);
if (!(item instanceof SharedFolder))
throw new InvalidItemException("the item is not a shared folder");
@ -263,13 +206,13 @@ public class ACLManager extends Impersonable {
if (item instanceof VreFolder || ((SharedFolder) item).isVreFolder())
throw new InvalidCallParameters("acls in vreFolder cannot be removed with this method");
authChecker.checkAdministratorControl(ses, (SharedFolder) item);
authChecker.checkAdministratorControl(ses, currentUser, (SharedFolder) item);
unshareHandler.unshare(ses, Collections.singleton(user), node, currentUser);
}catch(RepositoryException re){
log.error("jcr error extracting archive", re);
GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error setting acl", re));
GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error removing acl", re));
}catch(StorageHubException she ){
log.error(she.getErrorMessage(), she);
GXOutboundErrorResponse.throwException(she, Response.Status.fromStatusCode(she.getStatus()));
@ -293,7 +236,7 @@ public class ACLManager extends Impersonable {
throw new InvalidItemException("this method can be applied only to folder");
try {
authChecker.checkWriteAuthorizationControl(ses, id, true);
authChecker.checkWriteAuthorizationControl(ses, currentUser, id, true);
}catch (UserNotAuthorizedException e) {
return false;
}

@ -40,6 +40,7 @@ import org.apache.jackrabbit.api.security.user.QueryBuilder;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.gcube.common.authorization.control.annotations.AuthorizationControl;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse;
import org.gcube.common.scope.api.ScopeProvider;
@ -64,9 +65,10 @@ import org.gcube.data.access.storagehub.exception.MyAuthException;
import org.gcube.data.access.storagehub.handlers.CredentialHandler;
import org.gcube.data.access.storagehub.handlers.GroupHandler;
import org.gcube.data.access.storagehub.handlers.TrashHandler;
import org.gcube.data.access.storagehub.handlers.VRE;
import org.gcube.data.access.storagehub.handlers.VREManager;
import org.gcube.data.access.storagehub.handlers.items.Node2ItemConverter;
import org.gcube.data.access.storagehub.handlers.items.builders.FolderCreationParameters;
import org.gcube.data.access.storagehub.handlers.vres.VRE;
import org.gcube.data.access.storagehub.handlers.vres.VREManager;
import org.gcube.smartgears.annotations.ManagedBy;
import org.gcube.smartgears.utils.InnerMethodName;
import org.glassfish.jersey.media.multipart.FormDataParam;
@ -100,16 +102,10 @@ public class GroupManager {
@Inject
PathUtil pathUtil;
@Inject
AuthorizationChecker authChecker;
@RequestScoped
@Inject
public void setAuthChecker(AuthorizationChecker authChecker) {
this.authChecker = authChecker;
log.info("auth checker initialized with login {}",this.authChecker.getUserToCheck());
}
@GET
@Path("")
@Produces(MediaType.APPLICATION_JSON)
@ -238,7 +234,7 @@ public class GroupManager {
public void addAdmin(@PathParam("id") String groupId, @FormParam("userId") String userId){
InnerMethodName.instance.set("addAdmin");
JackrabbitSession session = null;
try {
Objects.nonNull(groupId);
@ -247,9 +243,10 @@ public class GroupManager {
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
Node vreFolder = groupHandler.getVreFolderNode(session, groupId);
String currentUser = AuthorizationProvider.instance.get().getClient().getId();
if (!isInfraManager() && !(isVREManager() && isValidGroupForContext(groupId) ))
authChecker.checkAdministratorControl(session, node2Item.getItem(vreFolder, Excludes.ALL));
authChecker.checkAdministratorControl(session, currentUser, node2Item.getItem(vreFolder, Excludes.ALL));
org.apache.jackrabbit.api.security.user.UserManager usrManager = ((JackrabbitSession)session).getUserManager();
@ -300,9 +297,10 @@ public class GroupManager {
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
Node vreFolder = groupHandler.getVreFolderNode(session, groupId);
String currentUser = AuthorizationProvider.instance.get().getClient().getId();
if (!isInfraManager() && !(isVREManager() && isValidGroupForContext(groupId) ))
authChecker.checkAdministratorControl(session, node2Item.getItem(vreFolder, Excludes.ALL));
authChecker.checkAdministratorControl(session, currentUser, node2Item.getItem(vreFolder, Excludes.ALL));
@ -345,7 +343,7 @@ public class GroupManager {
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
VRE vreFolder = vreManager.getVreFolderItemByGroupNameAndUser(session, groupId, login, Excludes.ALL);
VRE vreFolder = vreManager.getVreFolderItemByGroupName(session, groupId, login, Excludes.ALL);
AccessControlManager acm = session.getAccessControlManager();
//authChecker.checkAdministratorControl(session, (VreFolder)vreFolder.getVreFolder());
Node node = session.getNodeByIdentifier(vreFolder.getVreFolder().getId());
@ -426,7 +424,7 @@ public class GroupManager {
String folderName = group.getPrincipal().getName();
Node folder = groupHandler.getVreFolderNode(session, folderName);
String userPath = Paths.append(pathUtil.getOldVREsPath(user.getPrincipal().getName()), folderName).toPath();
String userPath = Paths.append(pathUtil.getVREsPath(user.getPrincipal().getName(), session), folderName).toPath();
log.debug("creating folder in user path {} from {}", userPath, folder.getPath() );
session.getWorkspace().clone(session.getWorkspace().getName(), folder.getPath(),userPath , false);
@ -533,7 +531,9 @@ public class GroupManager {
log.info("creating vreFolder with name {} and title {} and owner {}", name, displayName, owner);
Node folder= Utils.createFolderInternally(session, owner, sharedRootNode, name, "VREFolder for "+groupId, false, null);
FolderCreationParameters folderParameters = FolderCreationParameters.builder().name(name).description( "VREFolder for "+groupId).author(owner).on(sharedRootNode.getIdentifier()).with(session).build();
Node folder= Utils.createFolderInternally(folderParameters, null);
folder.setPrimaryType(PrimaryNodeType.NT_WORKSPACE_SHARED_FOLDER);
folder.setProperty(NodeProperty.IS_VRE_FOLDER.toString(), true);
folder.setProperty(NodeProperty.TITLE.toString(), name);

@ -5,14 +5,12 @@ import static org.gcube.data.access.storagehub.Roles.INFRASTRUCTURE_MANAGER_ROLE
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Path;
import javax.ws.rs.core.Context;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.authorization.library.provider.ClientInfo;
import org.gcube.data.access.storagehub.AuthorizationChecker;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -20,20 +18,12 @@ import org.slf4j.LoggerFactory;
public abstract class Impersonable {
Logger log = LoggerFactory.getLogger(Impersonable.class);
AuthorizationChecker authChecker;
@Context
ServletContext context;
@RequestScoped
String currentUser;
@RequestScoped
@Inject
public void setAuthChecker(AuthorizationChecker authChecker, @Context final HttpServletRequest request) {
public void setCurrentUser(@Context final HttpServletRequest request) {
String impersonate = request!=null ? request.getParameter("impersonate") : null ;
ClientInfo info = AuthorizationProvider.instance.get().getClient();
@ -41,9 +31,8 @@ public abstract class Impersonable {
this.currentUser = impersonate;
} else
this.currentUser = info.getId();
authChecker.setUserToCheck(currentUser);
this.authChecker = authChecker;
log.info("called with login {} and impersonate {}, auth checker initialized with {}",info.getId(), impersonate, authChecker.getUserToCheck());
log.info("called with login {} and impersonate {}",info.getId(), impersonate);
}
}

@ -19,7 +19,6 @@ import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@ -41,6 +40,7 @@ import org.gcube.common.storagehub.model.items.Item;
import org.gcube.common.storagehub.model.items.SharedFolder;
import org.gcube.common.storagehub.model.types.NodeProperty;
import org.gcube.common.storagehub.model.types.PrimaryNodeType;
import org.gcube.data.access.storagehub.AuthorizationChecker;
import org.gcube.data.access.storagehub.Constants;
import org.gcube.data.access.storagehub.PathUtil;
import org.gcube.data.access.storagehub.StorageHubAppllicationManager;
@ -71,7 +71,12 @@ public class ItemSharing extends Impersonable{
@PathParam("id")
String id;
@Context
ServletContext context;
@Inject
AuthorizationChecker authChecker;
@Inject
PathUtil pathUtil;
@ -106,7 +111,7 @@ public class ItemSharing extends Impersonable{
}
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkWriteAuthorizationControl(ses, id, false);
authChecker.checkWriteAuthorizationControl(ses, currentUser, id, false);
Item item = node2Item.getItem(ses.getNodeByIdentifier(id), Excludes.ALL);
@ -196,7 +201,7 @@ public class ItemSharing extends Impersonable{
String toReturn = null;
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkWriteAuthorizationControl(ses, id, false);
authChecker.checkWriteAuthorizationControl(ses, currentUser, id, false);
Item item = node2Item.getItem(ses.getNodeByIdentifier(id), Excludes.ALL);

@ -4,7 +4,6 @@ import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
@ -14,7 +13,6 @@ import javax.ws.rs.FormParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@ -46,7 +44,9 @@ import org.slf4j.LoggerFactory;
public class ItemsCreator extends Impersonable{
private static final Logger log = LoggerFactory.getLogger(ItemsCreator.class);
@Context
ServletContext context;
RepositoryInitializer repository = StorageHubAppllicationManager.repository;
@ -56,7 +56,8 @@ public class ItemsCreator extends Impersonable{
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Path("/{id}/create/FOLDER")
public Response createFolder(@PathParam("id") String id, @FormParam("name") String name, @FormParam("description") String description, @FormParam("hidden") boolean hidden) {
public Response createFolder(@PathParam("id") String id, @FormParam("name") String name,
@FormParam("description") String description, @FormParam("hidden") boolean hidden) {
InnerMethodName.instance.set("createItem(FOLDER)");
log.info("create folder item called");
Session ses = null;
@ -64,7 +65,7 @@ public class ItemsCreator extends Impersonable{
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
ItemsParameterBuilder<FolderCreationParameters> builder = FolderCreationParameters.builder().name(name).description(description).hidden(hidden).on(id).with(ses).author(currentUser);
toReturn = itemHandler.create(builder.build(), authChecker);
toReturn = itemHandler.create(builder.build());
}catch(StorageHubException she ){
log.error(she.getErrorMessage(), she);
GXOutboundErrorResponse.throwException(she, Response.Status.fromStatusCode(she.getStatus()));
@ -82,6 +83,40 @@ public class ItemsCreator extends Impersonable{
return Response.ok(toReturn).build();
}
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Path("/{id}/create/EXTERNALFOLDER")
public Response createExternalFolder(@PathParam("id") String id, @FormParam("name") String name,
@FormParam("description") String description, @FormParam("hidden") boolean hidden,
@FormParam("pluginName") String pluginName,
@FormParam("parameters") String pluginParameters) {
InnerMethodName.instance.set("createItem(EXTERNALFOLDER)");
log.info("create folder item called");
Session ses = null;
String toReturn = null;
try{
//TODO
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
ItemsParameterBuilder<FolderCreationParameters> builder = FolderCreationParameters.builder().name(name)
.description(description).onRepository(pluginName).withParameters(null).hidden(hidden).on(id).with(ses).author(currentUser);
toReturn = itemHandler.create(builder.build());
}catch(StorageHubException she ){
log.error(she.getErrorMessage(), she);
GXOutboundErrorResponse.throwException(she, Response.Status.fromStatusCode(she.getStatus()));
}catch(RepositoryException re ){
log.error("jcr error creating item", re);
GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error creating item", re));
}catch(Throwable e ){
log.error("unexpected error", e);
GXOutboundErrorResponse.throwException(new BackendGenericError(e));
}finally{
if (ses!=null)
ses.logout();
}
return Response.ok(toReturn).build();
}
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Path("/{id}/create/URL")
@ -95,7 +130,7 @@ public class ItemsCreator extends Impersonable{
ItemsParameterBuilder<URLCreationParameters> builder = URLCreationParameters.builder().name(name).description(description).url(value).on(id).with(ses).author(currentUser);
toReturn = itemHandler.create(builder.build(), authChecker);
toReturn = itemHandler.create(builder.build());
}catch(StorageHubException she ){
log.error(she.getErrorMessage(), she);
GXOutboundErrorResponse.throwException(she, Response.Status.fromStatusCode(she.getStatus()));
@ -127,7 +162,7 @@ public class ItemsCreator extends Impersonable{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
ItemsParameterBuilder<GCubeItemCreationParameters> builder = GCubeItemCreationParameters.builder().item(item).on(id).with(ses).author(currentUser);
toReturn = itemHandler.create(builder.build(), authChecker);
toReturn = itemHandler.create(builder.build());
}catch(StorageHubException she ){
log.error(she.getErrorMessage(), she);
GXOutboundErrorResponse.throwException(she, Response.Status.fromStatusCode(she.getStatus()));
@ -162,7 +197,7 @@ public class ItemsCreator extends Impersonable{
ItemsParameterBuilder<FileCreationParameters> builder = FileCreationParameters.builder().name(name).description(description).stream(stream).fileDetails(fileDetail)
.on(id).with(ses).author(currentUser);
toReturn = itemHandler.create(builder.build(), authChecker);
toReturn = itemHandler.create(builder.build());
}catch(RepositoryException re ){
log.error("jcr error creating file item", re);
@ -204,7 +239,7 @@ public class ItemsCreator extends Impersonable{
ItemsParameterBuilder<ArchiveStructureCreationParameter> builder = ArchiveStructureCreationParameter.builder().parentName(parentFolderName).stream(stream).fileDetails(fileDetail)
.on(id).with(ses).author(currentUser);
toReturn = itemHandler.create(builder.build(), authChecker);
toReturn = itemHandler.create(builder.build());
}catch(RepositoryException | ArchiveException | IOException re){
log.error("jcr error extracting archive", re);

@ -68,6 +68,7 @@ import org.gcube.common.storagehub.model.service.ItemWrapper;
import org.gcube.common.storagehub.model.service.VersionList;
import org.gcube.common.storagehub.model.types.ItemAction;
import org.gcube.common.storagehub.model.types.NodeProperty;
import org.gcube.data.access.storagehub.AuthorizationChecker;
import org.gcube.data.access.storagehub.Constants;
import org.gcube.data.access.storagehub.PathUtil;
import org.gcube.data.access.storagehub.Range;
@ -107,6 +108,9 @@ public class ItemsManager extends Impersonable{
@Context
ServletContext context;
@Inject
AuthorizationChecker authChecker;
@Inject
VersionHandler versionHandler;
@ -131,7 +135,7 @@ public class ItemsManager extends Impersonable{
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
Node node = ses.getNodeByIdentifier(id);
authChecker.checkReadAuthorizationControl(ses, id);
authChecker.checkReadAuthorizationControl(ses, currentUser, id);
toReturn = node2Item.getItem(node, excludes);
}catch (ItemNotFoundException e) {
log.error("id {} not found",id,e);
@ -159,7 +163,7 @@ public class ItemsManager extends Impersonable{
Item toReturn = null;
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkReadAuthorizationControl(ses, id);
authChecker.checkReadAuthorizationControl(ses, currentUser, id);
String relativePath = path.startsWith("/")? path.substring(1) : path;
if (path.endsWith("/"))
@ -173,7 +177,7 @@ public class ItemsManager extends Impersonable{
for (String actualPath: paths) {
item = getChildrenMatchingName(ses, nextId, actualPath, Excludes.ALL);
if (item ==null) throw new InvalidCallParameters("relative path "+actualPath+" not found under item with id "+nextId);
authChecker.checkReadAuthorizationControl(ses, item.getId());
authChecker.checkReadAuthorizationControl(ses, currentUser, item.getId());
nextId = item.getId();
}
@ -220,7 +224,7 @@ public class ItemsManager extends Impersonable{
List<Item> toReturn = new ArrayList<>();
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkReadAuthorizationControl(ses, id);
authChecker.checkReadAuthorizationControl(ses, currentUser, id);
//NOT using the internal pattern matching of jcr because of title for shared folder
NodeIterator it = ses.getNodeByIdentifier(id).getNodes();
@ -266,7 +270,7 @@ public class ItemsManager extends Impersonable{
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkReadAuthorizationControl(ses, id);
authChecker.checkReadAuthorizationControl(ses, currentUser, id);
toReturn = Utils.getItemCount(ses.getNodeByIdentifier(id), showHidden==null?false:showHidden, nodeType!=null ? ClassHandler.instance().get(nodeType) : null);
}catch (ItemNotFoundException e) {
log.error("id {} not found",id,e);
@ -293,7 +297,7 @@ public class ItemsManager extends Impersonable{
List<? extends Item> toReturn = null;
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkReadAuthorizationControl(ses, id);
authChecker.checkReadAuthorizationControl(ses, currentUser, id);
toReturn = Utils.getItemList(ses.getNodeByIdentifier(id), excludes, null, showHidden==null?false:showHidden, nodeType!=null ? ClassHandler.instance().get(nodeType) : null);
}catch (ItemNotFoundException e) {
log.error("id {} not found",id,e);
@ -322,8 +326,8 @@ public class ItemsManager extends Impersonable{
try{
log.debug("search for node {}",name);
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkReadAuthorizationControl(ses, id);
toReturn = Utils.serachByNameOnFolder(ses, authChecker, ses.getNodeByIdentifier(id), excludes, null, showHidden==null?false:showHidden,excludeTrashed==true?false:excludeTrashed , nodeType!=null ? ClassHandler.instance().get(nodeType) : null, name);
authChecker.checkReadAuthorizationControl(ses, currentUser, id);
toReturn = Utils.serachByNameOnFolder(ses, currentUser, authChecker, ses.getNodeByIdentifier(id), excludes, null, showHidden==null?false:showHidden,excludeTrashed==true?false:excludeTrashed , nodeType!=null ? ClassHandler.instance().get(nodeType) : null, name);
log.debug("search retrieved {} elements",toReturn.size());
}catch (ItemNotFoundException e) {
log.error("id {} not found",id,e);
@ -351,7 +355,7 @@ public class ItemsManager extends Impersonable{
List<? extends Item> toReturn = null;
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkReadAuthorizationControl(ses, id);
authChecker.checkReadAuthorizationControl(ses, currentUser, id);
toReturn = Utils.getItemList(ses.getNodeByIdentifier(id), excludes, new Range(start, limit),showHidden==null?false:showHidden, nodeType!=null ? ClassHandler.instance().get(nodeType) : null);
}catch (ItemNotFoundException e) {
log.error("id {} not found",id,e);
@ -450,7 +454,7 @@ public class ItemsManager extends Impersonable{
URL toReturn = null;
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkReadAuthorizationControl(ses, id);
authChecker.checkReadAuthorizationControl(ses, currentUser, id);
Node selectedNode = ses.getNodeByIdentifier(id);
@ -533,7 +537,7 @@ public class ItemsManager extends Impersonable{
Item folder= null;
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkWriteAuthorizationControl(ses, id, false);
authChecker.checkWriteAuthorizationControl(ses, currentUser, id, false);
Node currentNode =ses.getNodeByIdentifier(id);
log.trace("current node is {}",currentNode.getPath());
@ -569,7 +573,7 @@ public class ItemsManager extends Impersonable{
Item sharedParent= null;
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkReadAuthorizationControl(ses, id);
authChecker.checkReadAuthorizationControl(ses, currentUser, id);
Node currentNode =ses.getNodeByIdentifier(id);
log.trace("current node is {}",currentNode.getPath());
@ -612,7 +616,7 @@ public class ItemsManager extends Impersonable{
List<org.gcube.common.storagehub.model.service.Version> versions = new ArrayList<>();
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkReadAuthorizationControl(ses, id);
authChecker.checkReadAuthorizationControl(ses, currentUser, id);
Node node = ses.getNodeByIdentifier(id);
@ -647,7 +651,7 @@ public class ItemsManager extends Impersonable{
Session ses = null;
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkReadAuthorizationControl(ses, id);
authChecker.checkReadAuthorizationControl(ses, currentUser, id);
return downloadVersionInternal(ses, currentUser, id, versionName, true);
@ -713,7 +717,7 @@ public class ItemsManager extends Impersonable{
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkReadAuthorizationControl(ses, id);
authChecker.checkReadAuthorizationControl(ses, currentUser, id);
Node currentNode = ses.getNodeByIdentifier(id);
Item currentItem = node2Item.getItem(currentNode, excludes);
log.trace("current node is {}",currentNode.getPath());
@ -768,7 +772,7 @@ public class ItemsManager extends Impersonable{
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
final Node node = ses.getNodeByIdentifier(id);
authChecker.checkReadAuthorizationControl(ses, id);
authChecker.checkReadAuthorizationControl(ses, currentUser, id);
final Item item = node2Item.getItem(node, null);
if (item instanceof AbstractFileItem){
return downloadFileInternal(ses, (AbstractFileItem) item, currentUser, true);
@ -851,8 +855,8 @@ public class ItemsManager extends Impersonable{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkMoveOpsForProtectedFolders(ses, id);
authChecker.checkWriteAuthorizationControl(ses, destinationId, true);
authChecker.checkWriteAuthorizationControl(ses, id, false);
authChecker.checkWriteAuthorizationControl(ses, currentUser, destinationId, true);
authChecker.checkWriteAuthorizationControl(ses, currentUser, id, false);
final Node nodeToMove = ses.getNodeByIdentifier(id);
final Node destination = ses.getNodeByIdentifier(destinationId);
@ -888,7 +892,7 @@ public class ItemsManager extends Impersonable{
String uniqueName =(Utils.checkExistanceAndGetUniqueName(ses, destination, nodeToMove.getName()));
String newPath = String.format("%s/%s",destination.getPath(), uniqueName);
ses.getWorkspace().move(nodeToMove.getPath(), newPath);
ses.move(nodeToMove.getPath(), newPath);
Utils.setPropertyOnChangeNode(ses.getNode(newPath), currentUser, ItemAction.MOVED);
String mimeTypeForAccounting = (item instanceof AbstractFileItem)? ((AbstractFileItem) item).getContent().getMimeType(): null;
@ -926,11 +930,11 @@ public class ItemsManager extends Impersonable{
Session ses = null;
String newFileIdentifier = null;
try{
//TODO check if it is possible to change all the ACL on a workspace
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkWriteAuthorizationControl(ses, destinationId, true);
authChecker.checkReadAuthorizationControl(ses, id);
authChecker.checkWriteAuthorizationControl(ses, currentUser, destinationId, true);
authChecker.checkReadAuthorizationControl(ses, currentUser, id);
final Node nodeToCopy = ses.getNodeByIdentifier(id);
final Node destination = ses.getNodeByIdentifier(destinationId);
@ -1002,7 +1006,7 @@ public class ItemsManager extends Impersonable{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkMoveOpsForProtectedFolders(ses, id);
authChecker.checkWriteAuthorizationControl(ses, id, false);
authChecker.checkWriteAuthorizationControl(ses, currentUser, id, false);
final Node nodeToMove = ses.getNodeByIdentifier(id);
@ -1064,7 +1068,7 @@ public class ItemsManager extends Impersonable{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkWriteAuthorizationControl(ses, id, false);
authChecker.checkWriteAuthorizationControl(ses, currentUser, id, false);
final Node nodeToUpdate = ses.getNodeByIdentifier(id);
@ -1109,7 +1113,7 @@ public class ItemsManager extends Impersonable{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkWriteAuthorizationControl(ses, id, false);
authChecker.checkWriteAuthorizationControl(ses, currentUser, id, false);
final Node nodeToUpdate = ses.getNodeByIdentifier(id);
@ -1153,7 +1157,7 @@ public class ItemsManager extends Impersonable{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkWriteAuthorizationControl(ses, id, false);
authChecker.checkWriteAuthorizationControl(ses, currentUser, id, false);
final Node nodeToUpdate = ses.getNodeByIdentifier(id);
@ -1200,7 +1204,7 @@ public class ItemsManager extends Impersonable{
//TODO check if it is possible to change all the ACL on a workspace
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
authChecker.checkWriteAuthorizationControl(ses, id, false);
authChecker.checkWriteAuthorizationControl(ses, currentUser, id, false);
authChecker.checkMoveOpsForProtectedFolders(ses, id);
final Node nodeToDelete = ses.getNodeByIdentifier(id);

@ -52,6 +52,7 @@ import org.gcube.data.access.storagehub.handlers.CredentialHandler;
import org.gcube.data.access.storagehub.handlers.GroupHandler;
import org.gcube.data.access.storagehub.handlers.TrashHandler;
import org.gcube.data.access.storagehub.handlers.UnshareHandler;
import org.gcube.data.access.storagehub.handlers.items.builders.FolderCreationParameters;
import org.gcube.smartgears.annotations.ManagedBy;
import org.gcube.smartgears.utils.InnerMethodName;
import org.slf4j.Logger;
@ -72,6 +73,9 @@ public class UserManager {
@Inject
UnshareHandler unshareHandler;
@Inject
AuthorizationChecker authChecker;
@Inject
TrashHandler trashHandler;
@ -178,15 +182,18 @@ public class UserManager {
Node homeNode = session.getNode("/Home");
Node userHome = homeNode.addNode(user, "nthl:home");
//TODO: changing version
userHome.setProperty(Constants.HOME_VERSION_PROP, 1l);
//creating workspace folder
Node workspaceFolder = Utils.createFolderInternally(session, user, userHome, Constants.WORKSPACE_ROOT_FOLDER_NAME, "workspace of "+user, false, null);
FolderCreationParameters wsFolderParameters = FolderCreationParameters.builder().name(Constants.WORKSPACE_ROOT_FOLDER_NAME).description("workspace of "+user).author(user).on(userHome.getIdentifier()).with(session).build();
Utils.createFolderInternally(wsFolderParameters, null);
//creating thrash folder
Utils.createFolderInternally(session, user, workspaceFolder, Constants.TRASH_ROOT_FOLDER_NAME, "trash of "+user, false, null);
FolderCreationParameters trashFolderParameters = FolderCreationParameters.builder().name(Constants.TRASH_ROOT_FOLDER_NAME).description("trash of "+user).author(user).on(userHome.getIdentifier()).with(session).build();
Utils.createFolderInternally(trashFolderParameters, null);
//creating Vre container folder
Utils.createFolderInternally(session, user, workspaceFolder, Constants.OLD_VRE_FOLDER_PARENT_NAME, "special folder container of "+user, false, null);
FolderCreationParameters vreFolderParameters = FolderCreationParameters.builder().name(Constants.PERSONAL_VRES_FOLDER_PARENT_NAME).description("vre folder container of "+user).author(user).on(userHome.getIdentifier()).with(session).build();
Utils.createFolderInternally(vreFolderParameters, null);
session.save();
}catch(StorageHubException she ){
@ -277,13 +284,12 @@ public class UserManager {
Node sharedFolderNode = session.getNode(Constants.SHARED_FOLDER_PATH);
AuthorizationChecker authChecker = new AuthorizationChecker(user);
Predicate<Node> sharedWithUserChecker = new Predicate<Node>() {
@Override
public boolean test(Node t) {
try {
authChecker.checkReadAuthorizationControl(t.getSession(), t.getIdentifier());
authChecker.checkReadAuthorizationControl(t.getSession(), user, t.getIdentifier());
return true;
} catch (UserNotAuthorizedException | BackendGenericError | RepositoryException e) {
return false;
@ -320,7 +326,7 @@ public class UserManager {
private void removeUserHomeAndDeleteFiles(JackrabbitSession session, String user) throws RepositoryException, StorageHubException {
org.gcube.common.storagehub.model.Path homePath = pathUtil.getHome(user);
org.gcube.common.storagehub.model.Path workspacePath = pathUtil.getWorkspacePath(user);
org.gcube.common.storagehub.model.Path trashPath = pathUtil.getOldTrashPath(user);
org.gcube.common.storagehub.model.Path trashPath = pathUtil.getTrashPath(user, session);
try {
Node workspaceNode = session.getNode(workspacePath.toPath());

@ -1,19 +1,14 @@
package org.gcube.data.access.storagehub.services;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.query.Query;
import javax.jcr.query.QueryResult;
import javax.servlet.ServletContext;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
@ -22,10 +17,11 @@ import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse;
import org.gcube.common.storagehub.model.Excludes;
import org.gcube.common.storagehub.model.Paths;
@ -34,14 +30,12 @@ import org.gcube.common.storagehub.model.exceptions.InvalidCallParameters;
import org.gcube.common.storagehub.model.exceptions.InvalidItemException;
import org.gcube.common.storagehub.model.exceptions.StorageHubException;
import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException;
import org.gcube.common.storagehub.model.expressions.Expression;
import org.gcube.common.storagehub.model.expressions.logical.And;
import org.gcube.common.storagehub.model.expressions.logical.ISDescendant;
import org.gcube.common.storagehub.model.items.FolderItem;
import org.gcube.common.storagehub.model.items.Item;
import org.gcube.common.storagehub.model.items.TrashItem;
import org.gcube.common.storagehub.model.service.ItemList;
import org.gcube.common.storagehub.model.service.ItemWrapper;
import org.gcube.data.access.storagehub.AuthorizationChecker;
import org.gcube.data.access.storagehub.Constants;
import org.gcube.data.access.storagehub.PathUtil;
import org.gcube.data.access.storagehub.Range;
@ -50,10 +44,11 @@ import org.gcube.data.access.storagehub.Utils;
import org.gcube.data.access.storagehub.handlers.CredentialHandler;
import org.gcube.data.access.storagehub.handlers.StorageBackendHandler;
import org.gcube.data.access.storagehub.handlers.TrashHandler;
import org.gcube.data.access.storagehub.handlers.VRE;
import org.gcube.data.access.storagehub.handlers.VREManager;
import org.gcube.data.access.storagehub.handlers.items.Item2NodeConverter;
import org.gcube.data.access.storagehub.handlers.items.Node2ItemConverter;
import org.gcube.data.access.storagehub.handlers.items.builders.FolderCreationParameters;
import org.gcube.data.access.storagehub.handlers.vres.VRE;
import org.gcube.data.access.storagehub.handlers.vres.VREManager;
import org.gcube.data.access.storagehub.query.sql2.evaluators.Evaluators;
import org.gcube.smartgears.annotations.ManagedBy;
import org.gcube.smartgears.utils.InnerMethodName;
@ -79,6 +74,12 @@ public class WorkspaceManager extends Impersonable{
@Inject
VREManager vreManager;
@Context
ServletContext context;
@Inject
AuthorizationChecker authChecker;
@Inject
TrashHandler trashHandler;
@ -106,20 +107,19 @@ public class WorkspaceManager extends Impersonable{
Item toReturn = null;
try{
long start = System.currentTimeMillis();
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
//TODO: remove when all user will have TRASH
org.gcube.common.storagehub.model.Path trashPath = pathUtil.getOldTrashPath(currentUser);
org.gcube.common.storagehub.model.Path trashPath = pathUtil.getTrashPath(currentUser, ses);
if (!ses.nodeExists(trashPath.toPath())) {
Node wsNode = ses.getNode(pathUtil.getWorkspacePath(currentUser).toPath());
Utils.createFolderInternally(ses, currentUser, wsNode, Constants.TRASH_ROOT_FOLDER_NAME, "trash of "+currentUser, false, null);
FolderCreationParameters trashFolderParameters = FolderCreationParameters.builder().name(Constants.TRASH_ROOT_FOLDER_NAME)
.description("trash of "+currentUser)
.author(currentUser).on(wsNode.getIdentifier()).with(ses).build();
Utils.createFolderInternally(trashFolderParameters, null);
ses.save();
}
log.trace("time to connect to repo {}",(System.currentTimeMillis()-start));
Node node = ses.getNode(absolutePath.toPath());
authChecker.checkReadAuthorizationControl(ses, node.getIdentifier());
authChecker.checkReadAuthorizationControl(ses, currentUser, node.getIdentifier());
toReturn = node2Item.getItem(node, excludes);
}catch(RepositoryException re ){
log.error("jcr error getting workspace item", re);
@ -135,37 +135,16 @@ public class WorkspaceManager extends Impersonable{
return new ItemWrapper<Item>(toReturn);
}
/*private synchronized VRE getVreFolderItem(Session ses) throws RepositoryException, BackendGenericError{
org.gcube.common.storagehub.model.Path vrePath = Paths.append(Utils.getWorkspacePath(), Constants.VRE_FOLDER_PARENT_NAME);
ScopeBean bean = new ScopeBean(ScopeProvider.instance.get());
if (!bean.is(Type.VRE)) throw new BackendGenericError("the current scope is not a VRE");
String entireScopeName= bean.toString().replaceAll("^/(.*)/?$", "$1").replaceAll("/", "-");
VRE vre = vreManager.getVRE(entireScopeName);
if (vre!=null) return vre;
else {
String query = String.format("SELECT * FROM [nthl:workspaceItem] As node WHERE node.[jcr:title] like '%s' AND ISDESCENDANTNODE('%s')",entireScopeName, vrePath.toPath());
Query jcrQuery = ses.getWorkspace().getQueryManager().createQuery(query, Constants.QUERY_LANGUAGE);
NodeIterator it = jcrQuery.execute().getNodes();
if (!it.hasNext()) throw new BackendGenericError("vre folder not found for context "+entireScopeName);
Node folder = it.nextNode();
Item vreFolder = node2Item.getItem(folder, excludes);
return vreManager.putVRE(vreFolder);
}
}*/
@Path("vrefolder")
@GET
@Produces(MediaType.APPLICATION_JSON)
public ItemWrapper<Item> getVreRootFolder(){
InnerMethodName.instance.set("getVreRootFolder");
Session ses = null;
JackrabbitSession ses = null;
Item vreItem = null;
try {
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
ses = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
vreItem = vreManager.getVreFolderItem(ses, currentUser, excludes).getVreFolder();
}catch(RepositoryException re ){
log.error("jcr error getting vrefolder", re);
@ -185,10 +164,10 @@ public class WorkspaceManager extends Impersonable{
@Produces(MediaType.APPLICATION_JSON)
public ItemList getVreFolderRecentsDocument(){
InnerMethodName.instance.set("getVreFolderRecents");
Session ses = null;
JackrabbitSession ses = null;
List<Item> recentItems = Collections.emptyList();
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
ses = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
VRE vre = vreManager.getVreFolderItem(ses, currentUser, excludes);
log.trace("VRE retrieved {}",vre.getVreFolder().getTitle());
@ -218,11 +197,12 @@ public class WorkspaceManager extends Impersonable{
public ItemWrapper<Item> getTrashRootFolder(){
InnerMethodName.instance.set("getTrashRootFolder");
Session ses = null;
org.gcube.common.storagehub.model.Path trashPath = pathUtil.getOldTrashPath(currentUser);
Item item = null;
try{
long start = System.currentTimeMillis();
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
org.gcube.common.storagehub.model.Path trashPath = pathUtil.getTrashPath(currentUser, ses);
log.info("time to connect to repo {}",(System.currentTimeMillis()-start));
Node folder = ses.getNode(trashPath.toPath());
@ -247,10 +227,10 @@ public class WorkspaceManager extends Impersonable{
public String emptyTrash(){
InnerMethodName.instance.set("emptyTrash");
Session ses = null;
org.gcube.common.storagehub.model.Path trashPath = pathUtil.getOldTrashPath(currentUser);
String toReturn = null;
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
org.gcube.common.storagehub.model.Path trashPath = pathUtil.getTrashPath(currentUser, ses);
Node trashNode = ses.getNode(trashPath.toPath());
List<Item> itemsToDelete = Utils.getItemList(trashNode, Excludes.ALL, null, true, null);
trashHandler.removeNodes(ses, itemsToDelete);
@ -279,12 +259,8 @@ public class WorkspaceManager extends Impersonable{
try{
log.info("restoring node with id {}", trashedItemId);
//TODO check if it is possible to change all the ACL on a workspace
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
//authChecker.checkWriteAuthorizationControl(ses, identifier, false);
final Node nodeToRestore = ses.getNodeByIdentifier(trashedItemId);
Item itemToRestore = node2Item.getItem(nodeToRestore, Excludes.ALL);
@ -292,7 +268,7 @@ public class WorkspaceManager extends Impersonable{
if (!(itemToRestore instanceof TrashItem))
throw new InvalidItemException("Only trash items can be restored");
org.gcube.common.storagehub.model.Path trashPath = pathUtil.getOldTrashPath(currentUser);
org.gcube.common.storagehub.model.Path trashPath = pathUtil.getTrashPath(currentUser, ses);
if (!itemToRestore.getPath().startsWith(trashPath.toPath()))
throw new UserNotAuthorizedException("this item is not in the user "+currentUser+" trash");
@ -301,13 +277,10 @@ public class WorkspaceManager extends Impersonable{
destinationItem = node2Item.getItem(ses.getNodeByIdentifier(destinationFolderId), Excludes.ALL);
if (!(destinationItem instanceof FolderItem))
throw new InvalidCallParameters("destintation item is not a folder");
toReturn = trashHandler.restoreItem(ses, (TrashItem)itemToRestore, (FolderItem) destinationItem, currentUser);
} else {
} else
toReturn = trashHandler.restoreItem(ses, (TrashItem)itemToRestore, null, currentUser);
}
}catch(RepositoryException re ){
log.error("error restoring item with id {}",trashedItemId, re);
GXOutboundErrorResponse.throwException(new BackendGenericError(re));
@ -330,12 +303,13 @@ public class WorkspaceManager extends Impersonable{
public ItemList getVreFolders(){
InnerMethodName.instance.set("getVreFolders");
Session ses = null;
org.gcube.common.storagehub.model.Path vrePath = pathUtil.getOldVREsPath(currentUser);
List<? extends Item> toReturn = null;
org.gcube.common.storagehub.model.Path vrePath = null;
try{
log.info("vres folder path is {}",vrePath.toPath());
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
vrePath = pathUtil.getVREsPath(currentUser, ses);
log.info("vres folder path is {}",vrePath.toPath());
toReturn = Utils.getItemList(ses.getNode(vrePath.toPath()) , excludes, null, false, null);
}catch(RepositoryException re ){
log.error("error reading the node children of {}",vrePath, re);
@ -357,10 +331,11 @@ public class WorkspaceManager extends Impersonable{
public ItemList getVreFoldersPaged(@QueryParam("start") Integer start, @QueryParam("limit") Integer limit){
InnerMethodName.instance.set("getVreFoldersPaged");
Session ses = null;
org.gcube.common.storagehub.model.Path vrePath = pathUtil.getOldVREsPath(currentUser);
org.gcube.common.storagehub.model.Path vrePath = null;
List<? extends Item> toReturn = null;
try{
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
vrePath = pathUtil.getVREsPath(currentUser, ses);
toReturn = Utils.getItemList(ses.getNode(vrePath.toPath()) , excludes, new Range(start, limit), false, null);
}catch(RepositoryException re ){
log.error("(paged) error reading the node children of {}",vrePath, re);
@ -377,7 +352,7 @@ public class WorkspaceManager extends Impersonable{
}
/*
@Path("query")
@GET
@Produces(MediaType.APPLICATION_JSON)
@ -399,8 +374,6 @@ public class WorkspaceManager extends Impersonable{
String sql2Query = String.format("SELECT * FROM [%s] AS node WHERE %s %s ",node, stringExpression,orderBy);
log.info("query sent is {}",sql2Query);
ses = repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
Query jcrQuery = ses.getWorkspace().getQueryManager().createQuery(sql2Query, Constants.QUERY_LANGUAGE);
@ -430,7 +403,7 @@ public class WorkspaceManager extends Impersonable{
return new ItemList(toReturn);
}
*/
@Path("count")

@ -1,119 +0,0 @@
package org.gcube.data.access.storagehub.services.admin;
import static org.gcube.data.access.storagehub.Roles.INFRASTRUCTURE_MANAGER_ROLE;
import java.util.ArrayList;
import java.util.List;
import javax.enterprise.context.RequestScoped;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.ServletContext;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.gcube.common.authorization.control.annotations.AuthorizationControl;
import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse;
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
import org.gcube.data.access.storagehub.StorageHubAppllicationManager;
import org.gcube.data.access.storagehub.exception.MyAuthException;
import org.gcube.data.access.storagehub.handlers.CredentialHandler;
import org.gcube.data.access.storagehub.services.RepositoryInitializer;
import org.gcube.smartgears.utils.InnerMethodName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@Path("admin/nodes")
public class NodeManagerAdmin {
private static final Logger log = LoggerFactory.getLogger(NodeManagerAdmin.class);
RepositoryInitializer repository = StorageHubAppllicationManager.repository;
@Context ServletContext context;
@RequestScoped
@PathParam("id")
String id;
@GET
@Produces(MediaType.TEXT_PLAIN)
@Path("byPath")
@AuthorizationControl(allowedRoles = {INFRASTRUCTURE_MANAGER_ROLE},exception=MyAuthException.class)
public String getNode(@QueryParam("path") String path){
InnerMethodName.instance.set("getNodeByPathAdmin");
String toReturn= null;
Session session = null;
try{
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
Node node = session.getNode(path);
toReturn = infoNodeParser(node);
}catch(RepositoryException re ){
log.error("jcr error getting children by path", re);
GXOutboundErrorResponse.throwException(new BackendGenericError(re));
}finally{
if (session!=null) {
session.logout();
}
}
return toReturn;
}
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/children")
@AuthorizationControl(allowedRoles = {INFRASTRUCTURE_MANAGER_ROLE},exception=MyAuthException.class)
public List<String> getNodes(@QueryParam("pattern") String namePattern){
InnerMethodName.instance.set("getNodesChildrenAdmin");
List<String> nodes =new ArrayList<>();
Session session = null;
try{
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
Node nodeParent = session.getNodeByIdentifier(id);
NodeIterator nIt = null;
if (namePattern==null)
nIt = nodeParent.getNodes();
else
nIt = nodeParent.getNodes(namePattern);
while (nIt.hasNext()) {
Node node = nIt.nextNode();
nodes.add(infoNodeParser(node));
}
}catch(RepositoryException re ){
log.error("jcr error getting children by path", re);
GXOutboundErrorResponse.throwException(new BackendGenericError(re));
} finally{
if (session!=null) {
session.logout();
}
}
return nodes;
}
private String infoNodeParser(Node node) throws RepositoryException {
/*
PropertyIterator pIt = node.getProperties();
while (pIt.hasNext()) {
Property prop = pIt.nextProperty();
prop.get
}*/
return node.getIdentifier()+" "+node.getName()+" "+node.getPrimaryNodeType().getName();
}
}

@ -8,7 +8,6 @@ import java.io.PrintWriter;
import java.io.StringReader;
import java.io.StringWriter;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.jcr.Node;
import javax.servlet.ServletContext;
@ -25,7 +24,6 @@ import org.gcube.common.authorization.control.annotations.AuthorizationControl;
import org.gcube.common.authorization.library.AuthorizedTasks;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.storagehub.model.Paths;
import org.gcube.data.access.storagehub.AuthorizationChecker;
import org.gcube.data.access.storagehub.PathUtil;
import org.gcube.data.access.storagehub.StorageHubAppllicationManager;
import org.gcube.data.access.storagehub.accounting.AccountingHandler;
@ -55,15 +53,6 @@ public class ScriptManager {
@Context
ServletContext context;
AuthorizationChecker authChecker;
@RequestScoped
@Inject
public void setAuthChecker(AuthorizationChecker authChecker) {
this.authChecker = authChecker;
log.info("auth checker initialized with login {}",this.authChecker.getUserToCheck());
}
@Inject
ScriptUtil scriptUtil;
@ -177,7 +166,7 @@ public class ScriptManager {
try( InputStream stream = new ReaderInputStream(new StringReader(result))){
ItemsParameterBuilder<FileCreationParameters> builder = FileCreationParameters.builder().name(name).description("result of script execution "+name)
.stream(stream).on(parentId).with(ses).author(login);
itemHandler.create(builder.build(), authChecker);
itemHandler.create(builder.build());
} catch (Throwable e) {
log.error("error saving script result {} in the Workspace",name);
}

@ -0,0 +1,107 @@
package org.gcube.data.access.storagehub.services.delegates;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.gcube.common.storagehub.model.acls.ACL;
import org.gcube.common.storagehub.model.acls.AccessType;
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
import org.gcube.common.storagehub.model.exceptions.StorageHubException;
import org.gcube.common.storagehub.model.items.Item;
import org.gcube.common.storagehub.model.items.SharedFolder;
import org.gcube.data.access.storagehub.handlers.items.Node2ItemConverter;
import org.gcube.data.access.storagehub.services.interfaces.ACLManagerInterface;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@Singleton
public class ACLManagerDelegate implements ACLManagerInterface {
@Inject
Node2ItemConverter node2Item;
private static final Logger log = LoggerFactory.getLogger(ACLManagerDelegate.class);
@Override
public List<ACL> get(Item item, Session session) throws RepositoryException, BackendGenericError {
List<ACL> acls = new ArrayList<>();
if (!item.isShared()) return acls;
Node toRetrieve = (Node) item.getRelatedNode();
if (!(item instanceof SharedFolder))
toRetrieve = retrieveSharedFolderParent(toRetrieve, session);
JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, toRetrieve.getPath());
for (AccessControlEntry aclEntry : accessControlList.getAccessControlEntries()) {
ACL acl = new ACL();
acl.setPricipal(aclEntry.getPrincipal().getName());
List<AccessType> types = new ArrayList<>();
for (Privilege priv : aclEntry.getPrivileges())
try {
types.add(AccessType.fromValue(priv.getName()));
}catch (Exception e) {
log.warn(priv.getName()+" cannot be mapped to AccessTypes",e);
}
acl.setAccessTypes(types);
acls.add(acl);
}
return acls;
}
private Node retrieveSharedFolderParent(Node node, Session session) throws BackendGenericError, RepositoryException{
if (node2Item.checkNodeType(node, SharedFolder.class)) return node;
else
return retrieveSharedFolderParent(node.getParent(), session);
}
@Override
public void update(String targetUser, SharedFolder folder, AccessType accessType, Session session) throws RepositoryException, StorageHubException {
AccessControlManager acm = session.getAccessControlManager();
JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, folder.getPath());
Principal principal = AccessControlUtils.getPrincipal(session, targetUser);
_remove(acls, principal);
Privilege[] userPrivileges = new Privilege[] { acm.privilegeFromName(accessType.getValue()) };
acls.addAccessControlEntry(principal, userPrivileges);
acm.setPolicy(folder.getPath(), acls);
session.save();
}
@Override
public void delete(String targetUser, SharedFolder folder, Session session) throws RepositoryException {
AccessControlManager acm = session.getAccessControlManager();
JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, folder.getPath());
Principal principal = AccessControlUtils.getPrincipal(session, targetUser);
_remove(acls, principal);
acm.setPolicy(folder.getPath(), acls);
}
private void _remove(JackrabbitAccessControlList acls, Principal principal) throws RepositoryException {
AccessControlEntry aceToDelete = null;
for (AccessControlEntry ace : acls.getAccessControlEntries())
if (ace.getPrincipal().equals(principal)) {
aceToDelete = ace;
break;
}
if (aceToDelete!= null)
acls.removeAccessControlEntry(aceToDelete);
}
}

@ -0,0 +1,42 @@
package org.gcube.data.access.storagehub.services.interfaces;
import java.util.List;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.gcube.common.storagehub.model.acls.ACL;
import org.gcube.common.storagehub.model.acls.AccessType;
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
import org.gcube.common.storagehub.model.exceptions.StorageHubException;
import org.gcube.common.storagehub.model.items.Item;
import org.gcube.common.storagehub.model.items.SharedFolder;
public interface ACLManagerInterface {
/**
* returns the AccessType for all the users in a shared folder
*
* @exception {@link RepositoryException} when a generic jcr error occurs
* @exception {@link UserNotAuthorizedException} when the caller is not authorized to access to the shared folder
*/
List<ACL> get(Item item, Session session) throws RepositoryException, BackendGenericError;
/**
* Set a new AccessType for a user in a shared folder or VRE folder
*
*
* @param String user
* @param accessType accessType
*
* @exception {@link RepositoryException} when a generic jcr error occurs
* @exception {@link UserNotAuthorizedException} when the caller is not ADMINISTRATOR of the shared folder
* @exception {@link InvalidCallParameters} when the folder is not shared with the specified user
* @exception {@link InvalidItemException} when the folder is not share
*/
void update(String targetUser, SharedFolder folder, AccessType accessType, Session session) throws RepositoryException, StorageHubException;
void delete(String targetUser, SharedFolder folder, Session session)
throws RepositoryException, StorageHubException;
}

@ -25,7 +25,7 @@ The projects leading to this software have received funding from a series of
Version
--------------------------------------------------
1.3.0-SNAPSHOT (20210331-113723)
1.3.0-SNAPSHOT (20210407-065343)
Please see the file named "changelog.xml" in this directory for the release notes.

Loading…
Cancel
Save