- ACLManager Delegate Added
parent
a2613dc1a7
commit
bcbe97f547
@ -0,0 +1,29 @@
|
||||
package org.gcube.data.access.storagehub.handlers.plugins;
|
||||
|
||||
import java.util.Map;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import javax.enterprise.inject.Instance;
|
||||
import javax.inject.Inject;
|
||||
import javax.inject.Singleton;
|
||||
|
||||
import org.gcube.common.storagehub.model.exceptions.PluginNotFoundException;
|
||||
import org.gcube.common.storagehub.model.plugins.ExternalFolderManagerConnector;
|
||||
|
||||
@Singleton
|
||||
public class ExternalFolderPluginHandler {
|
||||
|
||||
@Inject
|
||||
private Instance<ExternalFolderManagerConnector> connectors;
|
||||
|
||||
private Map<String, ExternalFolderManagerConnector> connectorsMap;
|
||||
|
||||
ExternalFolderPluginHandler(){
|
||||
connectorsMap = connectors.stream().collect(Collectors.toMap(ExternalFolderManagerConnector::getName, e -> e ));
|
||||
}
|
||||
|
||||
public ExternalFolderManagerConnector getConnector(String name) throws PluginNotFoundException {
|
||||
if (!connectorsMap.containsKey(name)) throw new PluginNotFoundException("plugin "+name+" not found");
|
||||
return connectorsMap.get(name);
|
||||
}
|
||||
}
|
@ -1,119 +0,0 @@
|
||||
package org.gcube.data.access.storagehub.services.admin;
|
||||
|
||||
import static org.gcube.data.access.storagehub.Roles.INFRASTRUCTURE_MANAGER_ROLE;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import javax.enterprise.context.RequestScoped;
|
||||
import javax.jcr.Node;
|
||||
import javax.jcr.NodeIterator;
|
||||
import javax.jcr.RepositoryException;
|
||||
import javax.jcr.Session;
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.ws.rs.GET;
|
||||
import javax.ws.rs.POST;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.PathParam;
|
||||
import javax.ws.rs.Produces;
|
||||
import javax.ws.rs.QueryParam;
|
||||
import javax.ws.rs.core.Context;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
|
||||
import org.apache.jackrabbit.api.JackrabbitSession;
|
||||
import org.gcube.common.authorization.control.annotations.AuthorizationControl;
|
||||
import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse;
|
||||
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
|
||||
import org.gcube.data.access.storagehub.StorageHubAppllicationManager;
|
||||
import org.gcube.data.access.storagehub.exception.MyAuthException;
|
||||
import org.gcube.data.access.storagehub.handlers.CredentialHandler;
|
||||
import org.gcube.data.access.storagehub.services.RepositoryInitializer;
|
||||
import org.gcube.smartgears.utils.InnerMethodName;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
@Path("admin/nodes")
|
||||
public class NodeManagerAdmin {
|
||||
|
||||
private static final Logger log = LoggerFactory.getLogger(NodeManagerAdmin.class);
|
||||
|
||||
RepositoryInitializer repository = StorageHubAppllicationManager.repository;
|
||||
|
||||
@Context ServletContext context;
|
||||
|
||||
@RequestScoped
|
||||
@PathParam("id")
|
||||
String id;
|
||||
|
||||
@GET
|
||||
@Produces(MediaType.TEXT_PLAIN)
|
||||
@Path("byPath")
|
||||
@AuthorizationControl(allowedRoles = {INFRASTRUCTURE_MANAGER_ROLE},exception=MyAuthException.class)
|
||||
public String getNode(@QueryParam("path") String path){
|
||||
InnerMethodName.instance.set("getNodeByPathAdmin");
|
||||
|
||||
String toReturn= null;
|
||||
Session session = null;
|
||||
try{
|
||||
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
||||
|
||||
Node node = session.getNode(path);
|
||||
toReturn = infoNodeParser(node);
|
||||
}catch(RepositoryException re ){
|
||||
log.error("jcr error getting children by path", re);
|
||||
GXOutboundErrorResponse.throwException(new BackendGenericError(re));
|
||||
}finally{
|
||||
if (session!=null) {
|
||||
session.logout();
|
||||
}
|
||||
}
|
||||
return toReturn;
|
||||
}
|
||||
|
||||
@GET
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Path("{id}/children")
|
||||
@AuthorizationControl(allowedRoles = {INFRASTRUCTURE_MANAGER_ROLE},exception=MyAuthException.class)
|
||||
public List<String> getNodes(@QueryParam("pattern") String namePattern){
|
||||
InnerMethodName.instance.set("getNodesChildrenAdmin");
|
||||
|
||||
List<String> nodes =new ArrayList<>();
|
||||
Session session = null;
|
||||
try{
|
||||
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
||||
|
||||
Node nodeParent = session.getNodeByIdentifier(id);
|
||||
NodeIterator nIt = null;
|
||||
if (namePattern==null)
|
||||
nIt = nodeParent.getNodes();
|
||||
else
|
||||
nIt = nodeParent.getNodes(namePattern);
|
||||
while (nIt.hasNext()) {
|
||||
Node node = nIt.nextNode();
|
||||
nodes.add(infoNodeParser(node));
|
||||
}
|
||||
|
||||
}catch(RepositoryException re ){
|
||||
log.error("jcr error getting children by path", re);
|
||||
GXOutboundErrorResponse.throwException(new BackendGenericError(re));
|
||||
} finally{
|
||||
if (session!=null) {
|
||||
session.logout();
|
||||
}
|
||||
}
|
||||
return nodes;
|
||||
}
|
||||
|
||||
private String infoNodeParser(Node node) throws RepositoryException {
|
||||
/*
|
||||
PropertyIterator pIt = node.getProperties();
|
||||
while (pIt.hasNext()) {
|
||||
Property prop = pIt.nextProperty();
|
||||
prop.get
|
||||
}*/
|
||||
|
||||
return node.getIdentifier()+" "+node.getName()+" "+node.getPrimaryNodeType().getName();
|
||||
}
|
||||
|
||||
|
||||
}
|
@ -0,0 +1,107 @@
|
||||
package org.gcube.data.access.storagehub.services.delegates;
|
||||
|
||||
import java.security.Principal;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import javax.inject.Inject;
|
||||
import javax.inject.Singleton;
|
||||
import javax.jcr.Node;
|
||||
import javax.jcr.RepositoryException;
|
||||
import javax.jcr.Session;
|
||||
import javax.jcr.security.AccessControlEntry;
|
||||
import javax.jcr.security.AccessControlManager;
|
||||
import javax.jcr.security.Privilege;
|
||||
|
||||
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
|
||||
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
|
||||
import org.gcube.common.storagehub.model.acls.ACL;
|
||||
import org.gcube.common.storagehub.model.acls.AccessType;
|
||||
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
|
||||
import org.gcube.common.storagehub.model.exceptions.StorageHubException;
|
||||
import org.gcube.common.storagehub.model.items.Item;
|
||||
import org.gcube.common.storagehub.model.items.SharedFolder;
|
||||
import org.gcube.data.access.storagehub.handlers.items.Node2ItemConverter;
|
||||
import org.gcube.data.access.storagehub.services.interfaces.ACLManagerInterface;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
@Singleton
|
||||
public class ACLManagerDelegate implements ACLManagerInterface {
|
||||
|
||||
@Inject
|
||||
Node2ItemConverter node2Item;
|
||||
|
||||
private static final Logger log = LoggerFactory.getLogger(ACLManagerDelegate.class);
|
||||
|
||||
@Override
|
||||
public List<ACL> get(Item item, Session session) throws RepositoryException, BackendGenericError {
|
||||
List<ACL> acls = new ArrayList<>();
|
||||
if (!item.isShared()) return acls;
|
||||
|
||||
Node toRetrieve = (Node) item.getRelatedNode();
|
||||
if (!(item instanceof SharedFolder))
|
||||
toRetrieve = retrieveSharedFolderParent(toRetrieve, session);
|
||||
|
||||
JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, toRetrieve.getPath());
|
||||
for (AccessControlEntry aclEntry : accessControlList.getAccessControlEntries()) {
|
||||
ACL acl = new ACL();
|
||||
acl.setPricipal(aclEntry.getPrincipal().getName());
|
||||
List<AccessType> types = new ArrayList<>();
|
||||
for (Privilege priv : aclEntry.getPrivileges())
|
||||
try {
|
||||
types.add(AccessType.fromValue(priv.getName()));
|
||||
}catch (Exception e) {
|
||||
log.warn(priv.getName()+" cannot be mapped to AccessTypes",e);
|
||||
}
|
||||
acl.setAccessTypes(types);
|
||||
acls.add(acl);
|
||||
}
|
||||
return acls;
|
||||
}
|
||||
|
||||
private Node retrieveSharedFolderParent(Node node, Session session) throws BackendGenericError, RepositoryException{
|
||||
if (node2Item.checkNodeType(node, SharedFolder.class)) return node;
|
||||
else
|
||||
return retrieveSharedFolderParent(node.getParent(), session);
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void update(String targetUser, SharedFolder folder, AccessType accessType, Session session) throws RepositoryException, StorageHubException {
|
||||
|
||||
AccessControlManager acm = session.getAccessControlManager();
|
||||
JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, folder.getPath());
|
||||
Principal principal = AccessControlUtils.getPrincipal(session, targetUser);
|
||||
_remove(acls, principal);
|
||||
Privilege[] userPrivileges = new Privilege[] { acm.privilegeFromName(accessType.getValue()) };
|
||||
acls.addAccessControlEntry(principal, userPrivileges);
|
||||
acm.setPolicy(folder.getPath(), acls);
|
||||
session.save();
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void delete(String targetUser, SharedFolder folder, Session session) throws RepositoryException {
|
||||
AccessControlManager acm = session.getAccessControlManager();
|
||||
JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, folder.getPath());
|
||||
|
||||
Principal principal = AccessControlUtils.getPrincipal(session, targetUser);
|
||||
_remove(acls, principal);
|
||||
acm.setPolicy(folder.getPath(), acls);
|
||||
}
|
||||
|
||||
|
||||
private void _remove(JackrabbitAccessControlList acls, Principal principal) throws RepositoryException {
|
||||
AccessControlEntry aceToDelete = null;
|
||||
for (AccessControlEntry ace : acls.getAccessControlEntries())
|
||||
if (ace.getPrincipal().equals(principal)) {
|
||||
aceToDelete = ace;
|
||||
break;
|
||||
}
|
||||
|
||||
if (aceToDelete!= null)
|
||||
acls.removeAccessControlEntry(aceToDelete);
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,42 @@
|
||||
package org.gcube.data.access.storagehub.services.interfaces;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import javax.jcr.RepositoryException;
|
||||
import javax.jcr.Session;
|
||||
|
||||
import org.gcube.common.storagehub.model.acls.ACL;
|
||||
import org.gcube.common.storagehub.model.acls.AccessType;
|
||||
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
|
||||
import org.gcube.common.storagehub.model.exceptions.StorageHubException;
|
||||
import org.gcube.common.storagehub.model.items.Item;
|
||||
import org.gcube.common.storagehub.model.items.SharedFolder;
|
||||
|
||||
public interface ACLManagerInterface {
|
||||
|
||||
/**
|
||||
* returns the AccessType for all the users in a shared folder
|
||||
*
|
||||
* @exception {@link RepositoryException} when a generic jcr error occurs
|
||||
* @exception {@link UserNotAuthorizedException} when the caller is not authorized to access to the shared folder
|
||||
*/
|
||||
List<ACL> get(Item item, Session session) throws RepositoryException, BackendGenericError;
|
||||
|
||||
/**
|
||||
* Set a new AccessType for a user in a shared folder or VRE folder
|
||||
*
|
||||
*
|
||||
* @param String user
|
||||
* @param accessType accessType
|
||||
*
|
||||
* @exception {@link RepositoryException} when a generic jcr error occurs
|
||||
* @exception {@link UserNotAuthorizedException} when the caller is not ADMINISTRATOR of the shared folder
|
||||
* @exception {@link InvalidCallParameters} when the folder is not shared with the specified user
|
||||
* @exception {@link InvalidItemException} when the folder is not share
|
||||
*/
|
||||
void update(String targetUser, SharedFolder folder, AccessType accessType, Session session) throws RepositoryException, StorageHubException;
|
||||
|
||||
void delete(String targetUser, SharedFolder folder, Session session)
|
||||
throws RepositoryException, StorageHubException;
|
||||
|
||||
}
|
Loading…
Reference in New Issue