From c1ab8333b8a0061f44a26d01722cc41552a9d8e3 Mon Sep 17 00:00:00 2001 From: lucio Date: Thu, 16 Jan 2020 18:11:23 +0100 Subject: [PATCH] solved error on group creation --- .../storagehub/services/GroupManager.java | 43 +++++++++---------- .../storagehub/services/UserManager.java | 11 +++-- 2 files changed, 29 insertions(+), 25 deletions(-) diff --git a/src/main/java/org/gcube/data/access/storagehub/services/GroupManager.java b/src/main/java/org/gcube/data/access/storagehub/services/GroupManager.java index 4f5b28e..c73995a 100644 --- a/src/main/java/org/gcube/data/access/storagehub/services/GroupManager.java +++ b/src/main/java/org/gcube/data/access/storagehub/services/GroupManager.java @@ -57,6 +57,7 @@ import org.gcube.data.access.storagehub.handlers.Node2ItemConverter; import org.gcube.data.access.storagehub.handlers.VRE; import org.gcube.data.access.storagehub.handlers.VREManager; import org.gcube.smartgears.utils.InnerMethodName; +import org.glassfish.jersey.media.multipart.FormDataParam; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -119,9 +120,9 @@ public class GroupManager { @POST @Path("") - @Consumes(MediaType.APPLICATION_FORM_URLENCODED) + @Consumes(MediaType.MULTIPART_FORM_DATA) @AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class) - public String createGroup(@FormParam("group") String group, @FormParam("accessType") AccessType accessType){ + public String createGroup(@FormDataParam("group") String group, @FormDataParam("accessType") AccessType accessType, @FormDataParam("folderOwner") String folderOwner){ InnerMethodName.instance.set("createGroup"); @@ -129,9 +130,6 @@ public class GroupManager { String groupId = null; try { - if (!isValidGroupForContext(groupId)) - throw new UserNotAuthorizedException("only VREManager can execute this operation"); - session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context)); org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); @@ -139,7 +137,7 @@ public class GroupManager { Group createdGroup = usrManager.createGroup(group); groupId = createdGroup.getID(); - createVreFolder(groupId, session, accessType!=null?accessType:AccessType.WRITE_OWNER); + createVreFolder(groupId, session, accessType!=null?accessType:AccessType.WRITE_OWNER, folderOwner); session.save(); }catch(Exception e) { @@ -162,10 +160,7 @@ public class GroupManager { JackrabbitSession session = null; try { - - if (!isValidGroupForContext(group)) - throw new UserNotAuthorizedException("only VREManager of the selected VRE can execute this operation"); - + session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context)); org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); @@ -207,7 +202,7 @@ public class GroupManager { throw new UserNotAuthorizedException("only VREManager of the selected VRE can execute this operation"); session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context)); - VRE vreFolder = Utils.getVreFolderItemByGroupNameAndUser(session, groupId, userId, node2Item, vreManager, Excludes.ALL); + org.apache.jackrabbit.api.security.user.UserManager usrManager = ((JackrabbitSession)session).getUserManager(); @@ -218,13 +213,13 @@ public class GroupManager { if (!group.isMember(authUser)) throw new InvalidCallParameters("user "+userId+" is not in the group "+groupId); - Node node = session.getNodeByIdentifier(vreFolder.getVreFolder().getId()); + Node vreFolder = getVreFolderNode(session, groupId); AccessControlManager acm = session.getAccessControlManager(); - JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, node.getPath()); + JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, vreFolder.getPath()); Privilege[] userPrivileges = new Privilege[] { acm.privilegeFromName(AccessType.ADMINISTRATOR.getValue()) }; Principal principal = AccessControlUtils.getPrincipal(session, userId); acls.addAccessControlEntry(principal, userPrivileges); - acm.setPolicy(node.getPath(), acls); + acm.setPolicy(vreFolder.getPath(), acls); session.save(); }catch(StorageHubException she ){ @@ -255,11 +250,11 @@ public class GroupManager { throw new UserNotAuthorizedException("only VREManager of the selected VRE can execute this operation"); session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context)); - VRE vreFolder = Utils.getVreFolderItemByGroupNameAndUser(session, groupId, userId, node2Item, vreManager, Excludes.ALL); - Node node = session.getNodeByIdentifier(vreFolder.getVreFolder().getId()); + + Node vreFolder = getVreFolderNode(session, groupId); AccessControlManager acm = session.getAccessControlManager(); - JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, node.getPath()); + JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, vreFolder.getPath()); AccessControlEntry toRemove = null; for (AccessControlEntry acl: acls.getAccessControlEntries()) @@ -269,7 +264,7 @@ public class GroupManager { } acls.removeAccessControlEntry(toRemove); - acm.setPolicy(node.getPath(), acls); + acm.setPolicy(vreFolder.getPath(), acls); session.save(); }catch(StorageHubException she ){ log.error(she.getErrorMessage(), she); @@ -461,7 +456,7 @@ public class GroupManager { return users; } - private void createVreFolder(String groupId, JackrabbitSession session, AccessType defaultAccessType) throws Exception{ + private void createVreFolder(String groupId, JackrabbitSession session, AccessType defaultAccessType, String owner ) throws Exception{ Node sharedRootNode = session.getNode(Constants.SHARED_FOLDER_PATH); @@ -469,7 +464,7 @@ public class GroupManager { String title = groupId.substring(groupId.lastIndexOf("-")+1); - Node folder= Utils.createFolderInternally(session, sharedRootNode, name, "VREFolder for "+groupId, false, AuthorizationProvider.instance.get().getClient().getId(), null); + Node folder= Utils.createFolderInternally(session, sharedRootNode, name, "VREFolder for "+groupId, false, owner, null); folder.setPrimaryType(PrimaryNodeType.NT_WORKSPACE_SHARED_FOLDER); folder.setProperty(NodeProperty.IS_VRE_FOLDER.toString(), true); folder.setProperty(NodeProperty.TITLE.toString(), name); @@ -478,8 +473,12 @@ public class GroupManager { AccessControlManager acm = session.getAccessControlManager(); JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, folder.getPath()); - Privilege[] adminPrivileges = new Privilege[] { acm.privilegeFromName(AccessType.ADMINISTRATOR.getValue()) }; + + + /*Privilege[] adminPrivileges = new Privilege[] { acm.privilegeFromName(AccessType.ADMINISTRATOR.getValue()) }; acls.addAccessControlEntry(AccessControlUtils.getPrincipal(session, AuthorizationProvider.instance.get().getClient().getId()), adminPrivileges ); + */ + Privilege[] usersPrivileges = new Privilege[] { acm.privilegeFromName(defaultAccessType.getValue()) }; acls.addAccessControlEntry(AccessControlUtils.getPrincipal(session,groupId), usersPrivileges ); @@ -487,7 +486,7 @@ public class GroupManager { } - private Node getVreFolderNode(JackrabbitSession session, String name) throws InvalidItemException, Exception { + private Node getVreFolderNode(JackrabbitSession session, String name) throws InvalidItemException, RepositoryException { Node sharedRootNode = session.getNode(Constants.SHARED_FOLDER_PATH); Node vreFolder = null; diff --git a/src/main/java/org/gcube/data/access/storagehub/services/UserManager.java b/src/main/java/org/gcube/data/access/storagehub/services/UserManager.java index fcee912..3756b22 100644 --- a/src/main/java/org/gcube/data/access/storagehub/services/UserManager.java +++ b/src/main/java/org/gcube/data/access/storagehub/services/UserManager.java @@ -38,6 +38,7 @@ import org.gcube.data.access.storagehub.Utils; import org.gcube.data.access.storagehub.exception.MyAuthException; import org.gcube.data.access.storagehub.handlers.CredentialHandler; import org.gcube.data.access.storagehub.handlers.UnshareHandler; +import org.gcube.smartgears.utils.InnerMethodName; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -60,7 +61,9 @@ public class UserManager { @Path("") @Produces(MediaType.APPLICATION_JSON) public List getUsers(){ - + + InnerMethodName.instance.set("getUsers"); + JackrabbitSession session = null; List users= new ArrayList<>(); try { @@ -94,7 +97,9 @@ public class UserManager { @Consumes(MediaType.APPLICATION_FORM_URLENCODED) @AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class) public String createUser(@FormParam("user") String user, @FormParam("password") String password){ - + + InnerMethodName.instance.set("createUser"); + JackrabbitSession session = null; String userId = null; try { @@ -133,8 +138,8 @@ public class UserManager { @Path("{user}") @AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class) public String deleteUser(@PathParam("user") String user){ - + InnerMethodName.instance.set("deleteUser"); JackrabbitSession session = null; String userId = null;