107 lines
3.5 KiB
Java
107 lines
3.5 KiB
Java
package org.gcube.data.access.storagehub.handlers;
|
|
|
|
import jakarta.inject.Inject;
|
|
import jakarta.inject.Singleton;
|
|
import javax.jcr.ItemNotFoundException;
|
|
import javax.jcr.Node;
|
|
import javax.jcr.NodeIterator;
|
|
import javax.jcr.PathNotFoundException;
|
|
import javax.jcr.RepositoryException;
|
|
import javax.jcr.security.AccessControlEntry;
|
|
import javax.jcr.security.AccessControlManager;
|
|
|
|
import org.apache.jackrabbit.api.JackrabbitSession;
|
|
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
|
|
import org.apache.jackrabbit.api.security.user.Group;
|
|
import org.apache.jackrabbit.api.security.user.User;
|
|
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
|
|
import org.gcube.common.storagehub.model.exceptions.InvalidCallParameters;
|
|
import org.gcube.common.storagehub.model.exceptions.StorageHubException;
|
|
import org.gcube.common.storagehub.model.types.NodeProperty;
|
|
import org.gcube.data.access.storagehub.Constants;
|
|
import org.gcube.data.access.storagehub.PathUtil;
|
|
import org.gcube.data.access.storagehub.services.GroupManager;
|
|
import org.slf4j.Logger;
|
|
import org.slf4j.LoggerFactory;
|
|
|
|
@Singleton
|
|
public class GroupHandler {
|
|
|
|
private static final Logger log = LoggerFactory.getLogger(GroupManager.class);
|
|
|
|
@Inject
|
|
PathUtil pathUtil;
|
|
|
|
public boolean removeUserFromGroup(String groupId, String userId, JackrabbitSession session) throws StorageHubException, RepositoryException {
|
|
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
|
|
|
Group group = (Group)usrManager.getAuthorizable(groupId);
|
|
User user = (User)usrManager.getAuthorizable(userId);
|
|
|
|
if (!group.isMember(user))
|
|
throw new InvalidCallParameters("user "+userId+" is not member of group "+groupId);
|
|
|
|
//delete folder on user
|
|
String folderName = group.getPrincipal().getName();
|
|
Node folder = getFolderNodeRelatedToGroup(session, folderName);
|
|
|
|
|
|
//Removing the ACL for the user
|
|
AccessControlManager acm = session.getAccessControlManager();
|
|
JackrabbitAccessControlList acls = AccessControlUtils.getAccessControlList(acm, folder.getPath());
|
|
AccessControlEntry entryToDelete= null;
|
|
for (AccessControlEntry ace :acls.getAccessControlEntries()) {
|
|
if (ace.getPrincipal().getName().equals(userId)) {
|
|
entryToDelete = ace;
|
|
break;
|
|
}
|
|
|
|
}
|
|
if (entryToDelete!=null)
|
|
acls.removeAccessControlEntry(entryToDelete);
|
|
|
|
|
|
boolean found = false;
|
|
NodeIterator ni = folder.getSharedSet();
|
|
while (ni.hasNext()) {
|
|
Node node = ni.nextNode();
|
|
if (node.getPath().startsWith(pathUtil.getVREsPath(userId, session).toPath())) {
|
|
node.removeShare();
|
|
found = true;
|
|
break;
|
|
}
|
|
}
|
|
if (!found)
|
|
log.warn("sharing not removed for user {} ",userId);
|
|
|
|
return group.removeMember(user);
|
|
|
|
}
|
|
|
|
public Node getFolderNodeRelatedToGroup(JackrabbitSession session, String name) throws ItemNotFoundException, RepositoryException {
|
|
Node sharedRootNode = session.getNode(Constants.SHARED_FOLDER_PATH);
|
|
|
|
Node vreFolder = null;
|
|
try {
|
|
vreFolder = sharedRootNode.getNode(name);
|
|
}catch (PathNotFoundException e) {
|
|
log.debug("is an old HL VRE");
|
|
}
|
|
|
|
if (vreFolder==null) {
|
|
NodeIterator nodes = sharedRootNode.getNodes();
|
|
while (nodes.hasNext()) {
|
|
Node node = nodes.nextNode();
|
|
if (node.hasProperty(NodeProperty.TITLE.toString()) && node.getProperty(NodeProperty.TITLE.toString()).getString().equals(name)) {
|
|
vreFolder= node;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (vreFolder==null) throw new ItemNotFoundException("vre folder not found for group "+name);
|
|
return vreFolder;
|
|
}
|
|
|
|
}
|