@ -57,6 +57,7 @@ import org.gcube.data.access.storagehub.handlers.Node2ItemConverter;
import org.gcube.data.access.storagehub.handlers.VRE ;
import org.gcube.data.access.storagehub.handlers.VREManager ;
import org.gcube.smartgears.utils.InnerMethodName ;
import org.glassfish.jersey.media.multipart.FormDataParam ;
import org.slf4j.Logger ;
import org.slf4j.LoggerFactory ;
@ -119,9 +120,9 @@ public class GroupManager {
@POST
@Path ( "" )
@Consumes ( MediaType . APPLICATION_FORM_URLENCODED )
@Consumes ( MediaType . MULTIPART_FORM_DATA )
@AuthorizationControl ( allowedRoles = { INFRASTRUCTURE_MANAGER_ROLE } , exception = MyAuthException . class )
public String createGroup ( @Form Param( "group" ) String group , @Form Param( "accessType" ) AccessType accessType ) {
public String createGroup ( @Form Data Param( "group" ) String group , @Form Data Param( "accessType" ) AccessType accessType , @FormDataParam ( "folderOwner" ) String folderOwner ) {
InnerMethodName . instance . set ( "createGroup" ) ;
@ -129,9 +130,6 @@ public class GroupManager {
String groupId = null ;
try {
if ( ! isValidGroupForContext ( groupId ) )
throw new UserNotAuthorizedException ( "only VREManager can execute this operation" ) ;
session = ( JackrabbitSession ) repository . getRepository ( ) . login ( CredentialHandler . getAdminCredentials ( context ) ) ;
org . apache . jackrabbit . api . security . user . UserManager usrManager = session . getUserManager ( ) ;
@ -139,7 +137,7 @@ public class GroupManager {
Group createdGroup = usrManager . createGroup ( group ) ;
groupId = createdGroup . getID ( ) ;
createVreFolder ( groupId , session , accessType ! = null ? accessType : AccessType . WRITE_OWNER );
createVreFolder ( groupId , session , accessType ! = null ? accessType : AccessType . WRITE_OWNER , folderOwner );
session . save ( ) ;
} catch ( Exception e ) {
@ -162,10 +160,7 @@ public class GroupManager {
JackrabbitSession session = null ;
try {
if ( ! isValidGroupForContext ( group ) )
throw new UserNotAuthorizedException ( "only VREManager of the selected VRE can execute this operation" ) ;
session = ( JackrabbitSession ) repository . getRepository ( ) . login ( CredentialHandler . getAdminCredentials ( context ) ) ;
org . apache . jackrabbit . api . security . user . UserManager usrManager = session . getUserManager ( ) ;
@ -207,7 +202,7 @@ public class GroupManager {
throw new UserNotAuthorizedException ( "only VREManager of the selected VRE can execute this operation" ) ;
session = ( JackrabbitSession ) repository . getRepository ( ) . login ( CredentialHandler . getAdminCredentials ( context ) ) ;
VRE vreFolder = Utils . getVreFolderItemByGroupNameAndUser ( session , groupId , userId , node2Item , vreManager , Excludes . ALL ) ;
org . apache . jackrabbit . api . security . user . UserManager usrManager = ( ( JackrabbitSession ) session ) . getUserManager ( ) ;
@ -218,13 +213,13 @@ public class GroupManager {
if ( ! group . isMember ( authUser ) )
throw new InvalidCallParameters ( "user " + userId + " is not in the group " + groupId ) ;
Node node = session . getNodeByIdentifier ( vreFolder . getVreFolder ( ) . getId ( ) ) ;
Node vreFolder = getVreFolderNode ( session , groupId ) ;
AccessControlManager acm = session . getAccessControlManager ( ) ;
JackrabbitAccessControlList acls = AccessControlUtils . getAccessControlList ( acm , node . getPath ( ) ) ;
JackrabbitAccessControlList acls = AccessControlUtils . getAccessControlList ( acm , vreFolder . getPath ( ) ) ;
Privilege [ ] userPrivileges = new Privilege [ ] { acm . privilegeFromName ( AccessType . ADMINISTRATOR . getValue ( ) ) } ;
Principal principal = AccessControlUtils . getPrincipal ( session , userId ) ;
acls . addAccessControlEntry ( principal , userPrivileges ) ;
acm . setPolicy ( node . getPath ( ) , acls ) ;
acm . setPolicy ( vreFolder . getPath ( ) , acls ) ;
session . save ( ) ;
} catch ( StorageHubException she ) {
@ -255,11 +250,11 @@ public class GroupManager {
throw new UserNotAuthorizedException ( "only VREManager of the selected VRE can execute this operation" ) ;
session = ( JackrabbitSession ) repository . getRepository ( ) . login ( CredentialHandler . getAdminCredentials ( context ) ) ;
VRE vreFolder = Utils . getVreFolderItemByGroupNameAndUser ( session , groupId , userId , node2Item , vreManager , Excludes . ALL ) ;
Node node = session . getNodeByIdentifier ( vreFolder . getVreFolder ( ) . getId ( ) ) ;
Node vreFolder = getVreFolderNode ( session , groupId ) ;
AccessControlManager acm = session . getAccessControlManager ( ) ;
JackrabbitAccessControlList acls = AccessControlUtils . getAccessControlList ( acm , node . getPath ( ) ) ;
JackrabbitAccessControlList acls = AccessControlUtils . getAccessControlList ( acm , vreFolder . getPath ( ) ) ;
AccessControlEntry toRemove = null ;
for ( AccessControlEntry acl : acls . getAccessControlEntries ( ) )
@ -269,7 +264,7 @@ public class GroupManager {
}
acls . removeAccessControlEntry ( toRemove ) ;
acm . setPolicy ( node . getPath ( ) , acls ) ;
acm . setPolicy ( vreFolder . getPath ( ) , acls ) ;
session . save ( ) ;
} catch ( StorageHubException she ) {
log . error ( she . getErrorMessage ( ) , she ) ;
@ -461,7 +456,7 @@ public class GroupManager {
return users ;
}
private void createVreFolder ( String groupId , JackrabbitSession session , AccessType defaultAccessType ) throws Exception {
private void createVreFolder ( String groupId , JackrabbitSession session , AccessType defaultAccessType , String owner ) throws Exception {
Node sharedRootNode = session . getNode ( Constants . SHARED_FOLDER_PATH ) ;
@ -469,7 +464,7 @@ public class GroupManager {
String title = groupId . substring ( groupId . lastIndexOf ( "-" ) + 1 ) ;
Node folder = Utils . createFolderInternally ( session , sharedRootNode , name , "VREFolder for " + groupId , false , AuthorizationProvider. instance . get ( ) . getClient ( ) . getId ( ) , null ) ;
Node folder = Utils . createFolderInternally ( session , sharedRootNode , name , "VREFolder for " + groupId , false , owner , null ) ;
folder . setPrimaryType ( PrimaryNodeType . NT_WORKSPACE_SHARED_FOLDER ) ;
folder . setProperty ( NodeProperty . IS_VRE_FOLDER . toString ( ) , true ) ;
folder . setProperty ( NodeProperty . TITLE . toString ( ) , name ) ;
@ -478,8 +473,12 @@ public class GroupManager {
AccessControlManager acm = session . getAccessControlManager ( ) ;
JackrabbitAccessControlList acls = AccessControlUtils . getAccessControlList ( acm , folder . getPath ( ) ) ;
Privilege [ ] adminPrivileges = new Privilege [ ] { acm . privilegeFromName ( AccessType . ADMINISTRATOR . getValue ( ) ) } ;
/ * Privilege [ ] adminPrivileges = new Privilege [ ] { acm . privilegeFromName ( AccessType . ADMINISTRATOR . getValue ( ) ) } ;
acls . addAccessControlEntry ( AccessControlUtils . getPrincipal ( session , AuthorizationProvider . instance . get ( ) . getClient ( ) . getId ( ) ) , adminPrivileges ) ;
* /
Privilege [ ] usersPrivileges = new Privilege [ ] { acm . privilegeFromName ( defaultAccessType . getValue ( ) ) } ;
acls . addAccessControlEntry ( AccessControlUtils . getPrincipal ( session , groupId ) , usersPrivileges ) ;
@ -487,7 +486,7 @@ public class GroupManager {
}
private Node getVreFolderNode ( JackrabbitSession session , String name ) throws InvalidItemException , Exception {
private Node getVreFolderNode ( JackrabbitSession session , String name ) throws InvalidItemException , Repository Exception {
Node sharedRootNode = session . getNode ( Constants . SHARED_FOLDER_PATH ) ;
Node vreFolder = null ;