storagehub/src/main/java/org/gcube/data/access/storagehub/AuthorizationChecker.java

package org.gcube.data.access.storagehub;

import java.util.Arrays;

import javax.inject.Singleton;
import javax.jcr.Node;
import javax.jcr.Session;

import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.storagehub.model.items.Item;
import org.gcube.common.storagehub.model.items.SharedFolder;
import org.gcube.data.access.storagehub.handlers.ItemHandler;

@Singleton
public class AuthorizationChecker {

	public void checkReadAuthorizationControl(Session session, String id) throws Exception{
		Node node = session.getNodeByIdentifier(id);

		Item item  = ItemHandler.getItem(node, Arrays.asList("hl:accounting","jcr:content"));

		if (item.isShared()) {
			SharedFolder parentShared = retrieveSharedFolderParent(item, session);
			if (!parentShared.getUsers().getValue().containsKey(AuthorizationProvider.instance.get().getClient().getId()))
				throw new IllegalAccessException("Insufficent Provileges to read node with id "+id);
		} else if (!node.getProperty("hl:portalLogin").getString().equals(AuthorizationProvider.instance.get().getClient().getId()))
			throw new IllegalAccessException("Insufficent Provileges to read node with id "+id);

	}
	
	private SharedFolder retrieveSharedFolderParent(Item item, Session session) throws Exception{
		if (item instanceof SharedFolder) return (SharedFolder)item;
		else 
			return retrieveSharedFolderParent(ItemHandler.getItem(session.getNodeByIdentifier(item.getParentId()), Arrays.asList("hl:accounting","jcr:content")), session);
		
	}
	
}