39 lines
1.5 KiB
Java
39 lines
1.5 KiB
Java
package org.gcube.data.access.storagehub;
|
|
|
|
import java.util.Arrays;
|
|
|
|
import javax.inject.Singleton;
|
|
import javax.jcr.Node;
|
|
import javax.jcr.Session;
|
|
|
|
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
|
import org.gcube.common.storagehub.model.items.Item;
|
|
import org.gcube.common.storagehub.model.items.SharedFolder;
|
|
import org.gcube.data.access.storagehub.handlers.ItemHandler;
|
|
|
|
@Singleton
|
|
public class AuthorizationChecker {
|
|
|
|
public void checkReadAuthorizationControl(Session session, String id) throws Exception{
|
|
Node node = session.getNodeByIdentifier(id);
|
|
|
|
Item item = ItemHandler.getItem(node, Arrays.asList("hl:accounting","jcr:content"));
|
|
|
|
if (item.isShared()) {
|
|
SharedFolder parentShared = retrieveSharedFolderParent(item, session);
|
|
if (!parentShared.getUsers().getValue().containsKey(AuthorizationProvider.instance.get().getClient().getId()))
|
|
throw new IllegalAccessException("Insufficent Provileges to read node with id "+id);
|
|
} else if (!node.getProperty("hl:portalLogin").getString().equals(AuthorizationProvider.instance.get().getClient().getId()))
|
|
throw new IllegalAccessException("Insufficent Provileges to read node with id "+id);
|
|
|
|
}
|
|
|
|
private SharedFolder retrieveSharedFolderParent(Item item, Session session) throws Exception{
|
|
if (item instanceof SharedFolder) return (SharedFolder)item;
|
|
else
|
|
return retrieveSharedFolderParent(ItemHandler.getItem(session.getNodeByIdentifier(item.getParentId()), Arrays.asList("hl:accounting","jcr:content")), session);
|
|
|
|
}
|
|
|
|
}
|