fix for incident #17623

5 years ago · d9a9cde064
parent 82732af8d1
commit d9a9cde064
2 changed files with 16 additions and 18 deletions
--- a/distro/gcube-app.xml
+++ b/distro/gcube-app.xml
@ -1,14 +0,0 @@
-<application mode='online'>
-		<name>StorageHub</name>
-		<group>DataAccess</group>
-		<version>${version}</version>
-		<description>Storage Hub webapp</description>
-		
-		<!-- <proxy protocol="https">
-                <hostname>workspace-repository.dev.d4science.org</hostname>
-				<port>443</port>	 
-         </proxy>  --> 
-
-		
-		<local-persistence location='target' />
-</application>
--- a/src/main/java/org/gcube/data/access/storagehub/AuthorizationChecker.java
+++ b/src/main/java/org/gcube/data/access/storagehub/AuthorizationChecker.java
@ -23,10 +23,17 @@ import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException;
 import org.gcube.common.storagehub.model.items.Item;
 import org.gcube.common.storagehub.model.items.SharedFolder;
 import org.gcube.data.access.storagehub.handlers.Node2ItemConverter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import lombok.extern.java.Log;
+import lombok.extern.log4j.Log4j;

@Singleton
 public class AuthorizationChecker {
-
+	
+	private static Logger log = LoggerFactory.getLogger(AuthorizationChecker.class);
+	
 	@Inject
 	Node2ItemConverter node2Item;

@ -39,18 +46,23 @@ public class AuthorizationChecker {

 		if (item==null) throw new UserNotAuthorizedException("Insufficent Provileges for user "+login+" to read node with id "+id+": it's  not a valid StorageHub node");

+		
+		
 		if (item.isShared()) {
 			SharedFolder parentShared = node2Item.getItem(retrieveSharedFolderParent(node, session), Excludes.EXCLUDE_ACCOUNTING);
-
+			
+			if (parentShared.getUsers().getMap().keySet().contains(login)) return;
+			
 			//CHECKING ACL FOR VREFOLDER AND SHARED FOLDER
 			JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, parentShared.getPath());
 			AccessControlEntry[] entries = accessControlList.getAccessControlEntries();
-			Authorizable UserAuthorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(login);
+			Authorizable userAuthorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(login);
 			for (AccessControlEntry entry: entries) {
+				log.debug("checking access right for {} with compared with {}",login, entry.getPrincipal());
 				Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(entry.getPrincipal());
 				//TODO; check why sometimes the next line gets a nullpointer
 				if (!authorizable.isGroup() && entry.getPrincipal().getName().equals(login)) return;
-				if (authorizable.isGroup() && ((Group) authorizable).isMember(UserAuthorizable)) return;
+				if (authorizable.isGroup() && ((Group) authorizable).isMember(userAuthorizable)) return;
 			}
 			throw new UserNotAuthorizedException("Insufficent Provileges for user "+login+" to read node with id "+id);