solved error on group creation

This commit is contained in:
lucio 2020-01-16 18:11:23 +01:00
parent 67fe556a4f
commit c1ab8333b8
2 changed files with 29 additions and 25 deletions

View File

@ -57,6 +57,7 @@ import org.gcube.data.access.storagehub.handlers.Node2ItemConverter;
import org.gcube.data.access.storagehub.handlers.VRE; import org.gcube.data.access.storagehub.handlers.VRE;
import org.gcube.data.access.storagehub.handlers.VREManager; import org.gcube.data.access.storagehub.handlers.VREManager;
import org.gcube.smartgears.utils.InnerMethodName; import org.gcube.smartgears.utils.InnerMethodName;
import org.glassfish.jersey.media.multipart.FormDataParam;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -119,9 +120,9 @@ public class GroupManager {
@POST @POST
@Path("") @Path("")
@Consumes(MediaType.APPLICATION_FORM_URLENCODED) @Consumes(MediaType.MULTIPART_FORM_DATA)
@AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class) @AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class)
public String createGroup(@FormParam("group") String group, @FormParam("accessType") AccessType accessType){ public String createGroup(@FormDataParam("group") String group, @FormDataParam("accessType") AccessType accessType, @FormDataParam("folderOwner") String folderOwner){
InnerMethodName.instance.set("createGroup"); InnerMethodName.instance.set("createGroup");
@ -129,9 +130,6 @@ public class GroupManager {
String groupId = null; String groupId = null;
try { try {
if (!isValidGroupForContext(groupId))
throw new UserNotAuthorizedException("only VREManager can execute this operation");
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context)); session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
@ -139,7 +137,7 @@ public class GroupManager {
Group createdGroup = usrManager.createGroup(group); Group createdGroup = usrManager.createGroup(group);
groupId = createdGroup.getID(); groupId = createdGroup.getID();
createVreFolder(groupId, session, accessType!=null?accessType:AccessType.WRITE_OWNER); createVreFolder(groupId, session, accessType!=null?accessType:AccessType.WRITE_OWNER, folderOwner);
session.save(); session.save();
}catch(Exception e) { }catch(Exception e) {
@ -163,9 +161,6 @@ public class GroupManager {
JackrabbitSession session = null; JackrabbitSession session = null;
try { try {
if (!isValidGroupForContext(group))
throw new UserNotAuthorizedException("only VREManager of the selected VRE can execute this operation");
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context)); session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
@ -207,7 +202,7 @@ public class GroupManager {
throw new UserNotAuthorizedException("only VREManager of the selected VRE can execute this operation"); throw new UserNotAuthorizedException("only VREManager of the selected VRE can execute this operation");
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context)); session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
VRE vreFolder = Utils.getVreFolderItemByGroupNameAndUser(session, groupId, userId, node2Item, vreManager, Excludes.ALL);
org.apache.jackrabbit.api.security.user.UserManager usrManager = ((JackrabbitSession)session).getUserManager(); org.apache.jackrabbit.api.security.user.UserManager usrManager = ((JackrabbitSession)session).getUserManager();
@ -218,13 +213,13 @@ public class GroupManager {
if (!group.isMember(authUser)) if (!group.isMember(authUser))
throw new InvalidCallParameters("user "+userId+" is not in the group "+groupId); throw new InvalidCallParameters("user "+userId+" is not in the group "+groupId);
Node node = session.getNodeByIdentifier(vreFolder.getVreFolder().getId()); Node vreFolder = getVreFolderNode(session, groupId);
AccessControlManager acm = session.getAccessControlManager(); AccessControlManager acm = session.getAccessControlManager();
JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, node.getPath()); JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, vreFolder.getPath());
Privilege[] userPrivileges = new Privilege[] { acm.privilegeFromName(AccessType.ADMINISTRATOR.getValue()) }; Privilege[] userPrivileges = new Privilege[] { acm.privilegeFromName(AccessType.ADMINISTRATOR.getValue()) };
Principal principal = AccessControlUtils.getPrincipal(session, userId); Principal principal = AccessControlUtils.getPrincipal(session, userId);
acls.addAccessControlEntry(principal, userPrivileges); acls.addAccessControlEntry(principal, userPrivileges);
acm.setPolicy(node.getPath(), acls); acm.setPolicy(vreFolder.getPath(), acls);
session.save(); session.save();
}catch(StorageHubException she ){ }catch(StorageHubException she ){
@ -255,11 +250,11 @@ public class GroupManager {
throw new UserNotAuthorizedException("only VREManager of the selected VRE can execute this operation"); throw new UserNotAuthorizedException("only VREManager of the selected VRE can execute this operation");
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context)); session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
VRE vreFolder = Utils.getVreFolderItemByGroupNameAndUser(session, groupId, userId, node2Item, vreManager, Excludes.ALL);
Node node = session.getNodeByIdentifier(vreFolder.getVreFolder().getId());
Node vreFolder = getVreFolderNode(session, groupId);
AccessControlManager acm = session.getAccessControlManager(); AccessControlManager acm = session.getAccessControlManager();
JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, node.getPath()); JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, vreFolder.getPath());
AccessControlEntry toRemove = null; AccessControlEntry toRemove = null;
for (AccessControlEntry acl: acls.getAccessControlEntries()) for (AccessControlEntry acl: acls.getAccessControlEntries())
@ -269,7 +264,7 @@ public class GroupManager {
} }
acls.removeAccessControlEntry(toRemove); acls.removeAccessControlEntry(toRemove);
acm.setPolicy(node.getPath(), acls); acm.setPolicy(vreFolder.getPath(), acls);
session.save(); session.save();
}catch(StorageHubException she ){ }catch(StorageHubException she ){
log.error(she.getErrorMessage(), she); log.error(she.getErrorMessage(), she);
@ -461,7 +456,7 @@ public class GroupManager {
return users; return users;
} }
private void createVreFolder(String groupId, JackrabbitSession session, AccessType defaultAccessType) throws Exception{ private void createVreFolder(String groupId, JackrabbitSession session, AccessType defaultAccessType, String owner ) throws Exception{
Node sharedRootNode = session.getNode(Constants.SHARED_FOLDER_PATH); Node sharedRootNode = session.getNode(Constants.SHARED_FOLDER_PATH);
@ -469,7 +464,7 @@ public class GroupManager {
String title = groupId.substring(groupId.lastIndexOf("-")+1); String title = groupId.substring(groupId.lastIndexOf("-")+1);
Node folder= Utils.createFolderInternally(session, sharedRootNode, name, "VREFolder for "+groupId, false, AuthorizationProvider.instance.get().getClient().getId(), null); Node folder= Utils.createFolderInternally(session, sharedRootNode, name, "VREFolder for "+groupId, false, owner, null);
folder.setPrimaryType(PrimaryNodeType.NT_WORKSPACE_SHARED_FOLDER); folder.setPrimaryType(PrimaryNodeType.NT_WORKSPACE_SHARED_FOLDER);
folder.setProperty(NodeProperty.IS_VRE_FOLDER.toString(), true); folder.setProperty(NodeProperty.IS_VRE_FOLDER.toString(), true);
folder.setProperty(NodeProperty.TITLE.toString(), name); folder.setProperty(NodeProperty.TITLE.toString(), name);
@ -478,8 +473,12 @@ public class GroupManager {
AccessControlManager acm = session.getAccessControlManager(); AccessControlManager acm = session.getAccessControlManager();
JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, folder.getPath()); JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, folder.getPath());
Privilege[] adminPrivileges = new Privilege[] { acm.privilegeFromName(AccessType.ADMINISTRATOR.getValue()) };
/*Privilege[] adminPrivileges = new Privilege[] { acm.privilegeFromName(AccessType.ADMINISTRATOR.getValue()) };
acls.addAccessControlEntry(AccessControlUtils.getPrincipal(session, AuthorizationProvider.instance.get().getClient().getId()), adminPrivileges ); acls.addAccessControlEntry(AccessControlUtils.getPrincipal(session, AuthorizationProvider.instance.get().getClient().getId()), adminPrivileges );
*/
Privilege[] usersPrivileges = new Privilege[] { acm.privilegeFromName(defaultAccessType.getValue()) }; Privilege[] usersPrivileges = new Privilege[] { acm.privilegeFromName(defaultAccessType.getValue()) };
acls.addAccessControlEntry(AccessControlUtils.getPrincipal(session,groupId), usersPrivileges ); acls.addAccessControlEntry(AccessControlUtils.getPrincipal(session,groupId), usersPrivileges );
@ -487,7 +486,7 @@ public class GroupManager {
} }
private Node getVreFolderNode(JackrabbitSession session, String name) throws InvalidItemException, Exception { private Node getVreFolderNode(JackrabbitSession session, String name) throws InvalidItemException, RepositoryException {
Node sharedRootNode = session.getNode(Constants.SHARED_FOLDER_PATH); Node sharedRootNode = session.getNode(Constants.SHARED_FOLDER_PATH);
Node vreFolder = null; Node vreFolder = null;

View File

@ -38,6 +38,7 @@ import org.gcube.data.access.storagehub.Utils;
import org.gcube.data.access.storagehub.exception.MyAuthException; import org.gcube.data.access.storagehub.exception.MyAuthException;
import org.gcube.data.access.storagehub.handlers.CredentialHandler; import org.gcube.data.access.storagehub.handlers.CredentialHandler;
import org.gcube.data.access.storagehub.handlers.UnshareHandler; import org.gcube.data.access.storagehub.handlers.UnshareHandler;
import org.gcube.smartgears.utils.InnerMethodName;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -61,6 +62,8 @@ public class UserManager {
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
public List<String> getUsers(){ public List<String> getUsers(){
InnerMethodName.instance.set("getUsers");
JackrabbitSession session = null; JackrabbitSession session = null;
List<String> users= new ArrayList<>(); List<String> users= new ArrayList<>();
try { try {
@ -95,6 +98,8 @@ public class UserManager {
@AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class) @AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class)
public String createUser(@FormParam("user") String user, @FormParam("password") String password){ public String createUser(@FormParam("user") String user, @FormParam("password") String password){
InnerMethodName.instance.set("createUser");
JackrabbitSession session = null; JackrabbitSession session = null;
String userId = null; String userId = null;
try { try {
@ -134,7 +139,7 @@ public class UserManager {
@AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class) @AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class)
public String deleteUser(@PathParam("user") String user){ public String deleteUser(@PathParam("user") String user){
InnerMethodName.instance.set("deleteUser");
JackrabbitSession session = null; JackrabbitSession session = null;
String userId = null; String userId = null;