diff --git a/src/main/java/org/gcube/data/access/storagehub/services/ACLManager.java b/src/main/java/org/gcube/data/access/storagehub/services/ACLManager.java index 3436006..c44033e 100644 --- a/src/main/java/org/gcube/data/access/storagehub/services/ACLManager.java +++ b/src/main/java/org/gcube/data/access/storagehub/services/ACLManager.java @@ -159,8 +159,28 @@ public class ACLManager { SharedFolder folder = ((SharedFolder)item); if (folder.isVreFolder()) { - throw new InvalidCallParameters("acls in vreFolder cannot be changed with this method"); + if (accessType==AccessType.ADMINISTRATOR) throw new InvalidCallParameters("A group of a VRE cannot be set as ADMINISTRATOR"); + + if (!user.equals(folder.getTitle())) throw new InvalidCallParameters("the groupId in the argument is different to the one of the VREFolder"); + + AccessControlManager acm = ses.getAccessControlManager(); + JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, folder.getPath()); + Privilege[] userPrivileges = new Privilege[] { acm.privilegeFromName(accessType.getValue()) }; + AccessControlEntry aceToDelete = null;; + Principal principal = AccessControlUtils.getPrincipal(ses, user); + for (AccessControlEntry ace : acls.getAccessControlEntries()) + if (ace.getPrincipal().equals(principal)) { + aceToDelete = ace; + break; + } + + if (aceToDelete!= null) + acls.removeAccessControlEntry(aceToDelete); + acls.addAccessControlEntry(principal, userPrivileges); + acm.setPolicy(folder.getPath(), acls); + ses.save(); + } else { NodeIterator sharedSet = node.getSharedSet(); @@ -237,7 +257,7 @@ public class ACLManager { throw new InvalidItemException("the item is not a shared folder"); if (item instanceof VreFolder) - throw new InvalidCallParameters("acls in vreFolder cannot be changed with this method"); + throw new InvalidCallParameters("acls in vreFolder cannot be removed with this method"); authChecker.checkAdministratorControl(ses, (SharedFolder) item);