tests
diff --git a/src/main/java/de/ids_mannheim/korap/security/PermissionsBuffer.java b/src/main/java/de/ids_mannheim/korap/security/PermissionsBuffer.java
index a9a88df..96f1e72 100644
--- a/src/main/java/de/ids_mannheim/korap/security/PermissionsBuffer.java
+++ b/src/main/java/de/ids_mannheim/korap/security/PermissionsBuffer.java
@@ -33,7 +33,7 @@
this.bytes = bytes;
}
- public boolean containsPermission(Permissions.PERMISSIONS p) {
+ public boolean containsPermission(Permissions.Permission p) {
return containsPByte(Permissions.getByte(p));
}
@@ -57,18 +57,17 @@
bytes = b.array();
}
- public void addPermissions(Permissions.PERMISSIONS... perm) {
+ public void addPermissions(Permissions.Permission... perm) {
if (perm.length > 0) {
- for (Permissions.PERMISSIONS p : perm)
- addPermission(Permissions.getByte(p));
+ for (Permissions.Permission p : perm)
+ addPermission(p.toByte());
}
}
- public void removePermission(Permissions.PERMISSIONS perm) {
- this.removePermission(Permissions.getByte(perm));
+ public void removePermission(Permissions.Permission perm) {
+ this.removePermission(perm.toByte());
}
-
public int removePermission(int b) {
if ((bytes[1] & b) != 0)
bytes[1] -= b;
@@ -100,7 +99,7 @@
}
public boolean leftShift(byte perm) {
-// return pbyte & (perm << 1);
+ // return pbyte & (perm << 1);
System.out.println("pbyte is: " + bytes[1]);
System.out.println("bitswise operation, left shift " + (perm << 1));
return false;
@@ -126,24 +125,27 @@
return this.bytes[1];
}
- public Set<Permissions.PERMISSIONS> getPermissions() {
- Set<Permissions.PERMISSIONS> pe = new HashSet<>();
- if (containsPByte(Permissions.READ))
- pe.add(Permissions.PERMISSIONS.READ);
- if (containsPByte(Permissions.WRITE))
- pe.add(Permissions.PERMISSIONS.WRITE);
- if (containsPByte(Permissions.DELETE))
- pe.add(Permissions.PERMISSIONS.DELETE);
- if (containsPByte(Permissions.CREATE_POLICY))
- pe.add(Permissions.PERMISSIONS.CREATE_POLICY);
- if (containsPByte(Permissions.MODIFY_POLICY))
- pe.add(Permissions.PERMISSIONS.MODIFY_POLICY);
- if (containsPByte(Permissions.DELETE_POLICY))
- pe.add(Permissions.PERMISSIONS.DELETE_POLICY);
+ public Set<Permissions.Permission> getPermissions() {
+ Set<Permissions.Permission> pe = new HashSet<>();
+ for (Permissions.Permission p : Permissions.Permission.values()) {
+ if (containsPByte(p.toByte()))
+ pe.add(p);
+ }
+ // if (containsPByte(Permissions.READ))
+ // pe.add(Permissions.Permission.READ);
+ // if (containsPByte(Permissions.WRITE))
+ // pe.add(Permissions.Permission.WRITE);
+ // if (containsPByte(Permissions.DELETE))
+ // pe.add(Permissions.Permission.DELETE);
+ // if (containsPByte(Permissions.CREATE_POLICY))
+ // pe.add(Permissions.Permission.CREATE_POLICY);
+ // if (containsPByte(Permissions.MODIFY_POLICY))
+ // pe.add(Permissions.Permission.MODIFY_POLICY);
+ // if (containsPByte(Permissions.DELETE_POLICY))
+ // pe.add(Permissions.Permission.DELETE_POLICY);
return pe;
}
-
public byte getOverride() {
return this.bytes[0];
}
@@ -151,10 +153,11 @@
public String toBinary() {
StringBuilder sb = new StringBuilder(bytes.length * Byte.SIZE);
for (int i = 0; i < Byte.SIZE * bytes.length; i++) {
- sb.append((bytes[i / Byte.SIZE] << i % Byte.SIZE & 0x80) == 0 ? '0' : '1');
+ sb.append((bytes[i / Byte.SIZE] << i % Byte.SIZE & 0x80) == 0 ?
+ '0' :
+ '1');
}
return sb.toString();
}
-
}
diff --git a/src/main/java/de/ids_mannheim/korap/security/SecurityPolicy.java b/src/main/java/de/ids_mannheim/korap/security/SecurityPolicy.java
index 5247b4a..dfaece7 100644
--- a/src/main/java/de/ids_mannheim/korap/security/SecurityPolicy.java
+++ b/src/main/java/de/ids_mannheim/korap/security/SecurityPolicy.java
@@ -86,8 +86,8 @@
// todo ???????
@Deprecated
- public SecurityPolicy setOverride(Permissions.PERMISSIONS... perms) {
- for (Permissions.PERMISSIONS p : perms)
+ public SecurityPolicy setOverride(Permissions.Permission... perms) {
+ for (Permissions.Permission p : perms)
this.permissions.addOverride(Permissions.getByte(p));
return this;
}
@@ -151,7 +151,11 @@
}
public SecurityPolicy removeCondition(PolicyCondition constraint) {
- this.removedidx.add(this.conditions.indexOf(constraint));
+ int idx = this.conditions.indexOf(constraint);
+ if (this.addedidx.contains(idx))
+ this.addedidx.remove(idx);
+ else
+ this.removedidx.add(this.conditions.indexOf(constraint));
return this;
}
@@ -181,7 +185,7 @@
this.addedidx.clear();
}
- public boolean hasPermission(Permissions.PERMISSIONS perm) {
+ public boolean hasPermission(Permissions.Permission perm) {
return permissions != null && permissions.containsPermission(perm);
}
@@ -191,19 +195,19 @@
* @param perms
* @return
*/
- public SecurityPolicy addPermission(Permissions.PERMISSIONS... perms) {
+ public SecurityPolicy addPermission(Permissions.Permission... perms) {
permissions.addPermissions(perms);
return this;
}
- public boolean equalsPermission(Permissions.PERMISSIONS... perms) {
+ public boolean equalsPermission(Permissions.Permission... perms) {
PermissionsBuffer b = new PermissionsBuffer();
b.addPermissions(perms);
return permissions != null && permissions.getPbyte()
.equals(b.getPbyte());
}
- public void removePermission(Permissions.PERMISSIONS perm) {
+ public void removePermission(Permissions.Permission perm) {
if (permissions != null)
permissions.removePermission(perm);
}
@@ -223,7 +227,7 @@
return sb.toString();
}
- public Set<Permissions.PERMISSIONS> getPermissions() {
+ public Set<Permissions.Permission> getPermissions() {
return permissions.getPermissions();
}
diff --git a/src/main/java/de/ids_mannheim/korap/security/ac/ConditionManagement.java b/src/main/java/de/ids_mannheim/korap/security/ac/ConditionManagement.java
index d06764f..eab7b7f 100644
--- a/src/main/java/de/ids_mannheim/korap/security/ac/ConditionManagement.java
+++ b/src/main/java/de/ids_mannheim/korap/security/ac/ConditionManagement.java
@@ -80,7 +80,7 @@
@Deprecated
public void addUser(KustvaktResource resource, String user,
- Permissions.PERMISSIONS... pps)
+ Permissions.Permission... pps)
throws NotAuthorizedException, KustvaktException,
EmptyResultException {
addUser(resource, Arrays.asList(user), pps);
@@ -88,7 +88,7 @@
@Deprecated
public void addUser(KustvaktResource resource, List<String> users,
- Permissions.PERMISSIONS... pps)
+ Permissions.Permission... pps)
throws NotAuthorizedException, KustvaktException,
EmptyResultException {
SecurityManager policies = SecurityManager
diff --git a/src/main/java/de/ids_mannheim/korap/security/ac/PolicyBuilder.java b/src/main/java/de/ids_mannheim/korap/security/ac/PolicyBuilder.java
index 1922433..7e65b7c 100644
--- a/src/main/java/de/ids_mannheim/korap/security/ac/PolicyBuilder.java
+++ b/src/main/java/de/ids_mannheim/korap/security/ac/PolicyBuilder.java
@@ -1,11 +1,11 @@
package de.ids_mannheim.korap.security.ac;
import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.exceptions.NotAuthorizedException;
import de.ids_mannheim.korap.exceptions.StatusCodes;
import de.ids_mannheim.korap.resources.KustvaktResource;
import de.ids_mannheim.korap.resources.Permissions;
import de.ids_mannheim.korap.resources.Relation;
+import de.ids_mannheim.korap.response.Notifications;
import de.ids_mannheim.korap.security.PolicyCondition;
import de.ids_mannheim.korap.security.PolicyContext;
import de.ids_mannheim.korap.security.SecurityPolicy;
@@ -19,10 +19,11 @@
// todo: also be able to create or edit relations
public class PolicyBuilder {
+ private Notifications notifications;
private User user;
private KustvaktResource[] resources;
private KustvaktResource[] parents;
- private Permissions.PERMISSIONS[] permissions;
+ private Permissions.Permission[] permissions;
private PolicyCondition[] conditions;
// private Map<String, ParameterSettingsHandler> settings;
private Relation rel = null;
@@ -30,10 +31,10 @@
public PolicyBuilder(User user) {
this.user = user;
-
+ this.notifications = new Notifications();
// fixme: other exception!?
if (this.user.getId() == -1)
- throw new RuntimeException("user id must be set");
+ throw new RuntimeException("user id must be a valid interger id");
}
public PolicyBuilder setResources(KustvaktResource... targets) {
@@ -77,7 +78,7 @@
}
public PolicyBuilder setPermissions(
- Permissions.PERMISSIONS... permissions) {
+ Permissions.Permission... permissions) {
this.permissions = permissions;
return this;
}
@@ -107,12 +108,12 @@
return setConditions(condition);
}
- public void create() throws NotAuthorizedException, KustvaktException {
- this.doIt();
+ public String create() throws KustvaktException {
+ return this.doIt();
}
// for and relations there is no way of setting parameters conjoined with the policy
- private void doIt() throws NotAuthorizedException, KustvaktException {
+ private String doIt() throws KustvaktException {
if (this.resources == null)
throw new KustvaktException(user.getId(),
StatusCodes.ILLEGAL_ARGUMENT, "resource must be set",
@@ -172,9 +173,10 @@
}
}
}catch (KustvaktException e) {
- System.out.println("IF ERROR, LET OTHER RESOURCES RUN ANYWAY!");
- e.printStackTrace();
+ this.notifications.addError(e.getStatusCode(), e.getMessage(),
+ resources[idx].getPersistentID());
}
}
+ return notifications.toJsonString();
}
}
diff --git a/src/main/java/de/ids_mannheim/korap/security/ac/PolicyDao.java b/src/main/java/de/ids_mannheim/korap/security/ac/PolicyDao.java
index eb30029..8d87df6 100644
--- a/src/main/java/de/ids_mannheim/korap/security/ac/PolicyDao.java
+++ b/src/main/java/de/ids_mannheim/korap/security/ac/PolicyDao.java
@@ -15,6 +15,7 @@
import de.ids_mannheim.korap.utils.BooleanUtils;
import de.ids_mannheim.korap.utils.StringUtils;
import de.ids_mannheim.korap.utils.TimeUtils;
+import edu.emory.mathcs.backport.java.util.Collections;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.dao.DataAccessException;
@@ -228,7 +229,7 @@
@Override
public List<SecurityPolicy>[] extractData(ResultSet rs)
throws SQLException, DataAccessException {
- return SecurityRowMappers.mapping(rs);
+ return SecurityRowMappers.mapResourcePolicies(rs);
}
});
}catch (DataAccessException e) {
@@ -239,12 +240,14 @@
}
}
+ // without root policies, since these are policies from different resources!
@Override
- public List<SecurityPolicy>[] getPolicies(PolicyCondition condition,
- Byte perm) {
+ public List<SecurityPolicy> getPolicies(PolicyCondition condition,
+ Class<? extends KustvaktResource> clazz, Byte perm) {
MapSqlParameterSource param = new MapSqlParameterSource();
param.addValue("cond", condition.getSpecifier());
param.addValue("perm", perm);
+ param.addValue("type", ResourceFactory.getResourceMapping(clazz));
param.addValue("en", new Timestamp(TimeUtils.getNow().getMillis()));
String sql_new = "select pv.*, pv.perm & :perm as allowed, " +
@@ -255,28 +258,28 @@
"where " +
"pv.enable <= :en and (pv.expire > :en or pv.expire is NULL) and "
+
- "(pv.group_id='self' or pv.group_id=:cond) and " +
+ "pv.group_id=:cond and pv.type=:type and " +
"(select sum(distinct depth) from resource_tree where child_id=rh.child_id) = "
+
"(select sum(distinct res.depth) from policy_view as pos inner join resource_tree as res on res.parent_id=pos.id where (pos.group_id=:cond)"
+
- " or pos.group_id='self') and res.child_id=rh.child_id group by child_id)";
+ " and res.child_id=rh.child_id group by child_id)";
try {
return this.jdbcTemplate.query(sql_new, param,
- new ResultSetExtractor<List<SecurityPolicy>[]>() {
+ new ResultSetExtractor<List<SecurityPolicy>>() {
@Override
- public List<SecurityPolicy>[] extractData(ResultSet rs)
+ public List<SecurityPolicy> extractData(ResultSet rs)
throws SQLException, DataAccessException {
- return SecurityRowMappers.mapping(rs);
+ return SecurityRowMappers.mapConditionPolicies(rs);
}
});
}catch (DataAccessException e) {
e.printStackTrace();
jlog.error("Permission Denied for policy retrieval for '{}'",
condition.getSpecifier());
- return new List[2];
+ return Collections.emptyList();
}
}
@@ -313,7 +316,7 @@
@Override
public List<SecurityPolicy>[] extractData(ResultSet rs)
throws SQLException, DataAccessException {
- return SecurityRowMappers.mapping(rs);
+ return SecurityRowMappers.mapResourcePolicies(rs);
}
});
}catch (DataAccessException e) {
@@ -356,7 +359,7 @@
@Override
public List<SecurityPolicy>[] extractData(ResultSet rs)
throws SQLException, DataAccessException {
- return SecurityRowMappers.mapping(rs);
+ return SecurityRowMappers.mapResourcePolicies(rs);
}
});
}catch (DataAccessException e) {
diff --git a/src/main/java/de/ids_mannheim/korap/security/ac/PolicyEvaluator.java b/src/main/java/de/ids_mannheim/korap/security/ac/PolicyEvaluator.java
index d76848a..ed1d0af 100644
--- a/src/main/java/de/ids_mannheim/korap/security/ac/PolicyEvaluator.java
+++ b/src/main/java/de/ids_mannheim/korap/security/ac/PolicyEvaluator.java
@@ -57,7 +57,7 @@
// todo: test benchmarks
private List<SecurityPolicy> evaluate(List<SecurityPolicy>[] policies,
- Permissions.PERMISSIONS perm) throws NotAuthorizedException {
+ Permissions.Permission perm) throws NotAuthorizedException {
//fixme: what happens in case a parent relation does not allow changing a resource, but the owner of child per default
//todo: receives all rights? --> test casing
jlog.error("IS USER RESOURCE OWNER? " + isOwner());
@@ -117,10 +117,10 @@
* @return
*/
public boolean isAllowed() {
- return isAllowed(Permissions.PERMISSIONS.READ);
+ return isAllowed(Permissions.Permission.READ);
}
- public boolean isAllowed(Permissions.PERMISSIONS perm) {
+ public boolean isAllowed(Permissions.Permission perm) {
try {
List s = evaluate(this.policies, perm);
return s != null && !s.isEmpty();
diff --git a/src/main/java/de/ids_mannheim/korap/security/ac/ResourceFinder.java b/src/main/java/de/ids_mannheim/korap/security/ac/ResourceFinder.java
index 822c94c..66d9f76 100755
--- a/src/main/java/de/ids_mannheim/korap/security/ac/ResourceFinder.java
+++ b/src/main/java/de/ids_mannheim/korap/security/ac/ResourceFinder.java
@@ -9,6 +9,7 @@
import de.ids_mannheim.korap.resources.ResourceFactory;
import de.ids_mannheim.korap.security.PermissionsBuffer;
import de.ids_mannheim.korap.security.PolicyCondition;
+import de.ids_mannheim.korap.security.SecurityPolicy;
import de.ids_mannheim.korap.user.Attributes;
import de.ids_mannheim.korap.user.User;
import org.slf4j.Logger;
@@ -24,14 +25,14 @@
private static final Logger jlog = LoggerFactory
.getLogger(ResourceFinder.class);
private static PolicyHandlerIface policydao;
+ private static ResourceOperationIface resourcedao;
private List<KustvaktResource.Container> containers;
private User user;
private ResourceFinder(User user) {
- this.containers = new ArrayList<>();
+ this();
this.user = user;
- checkProviders();
}
private ResourceFinder() {
@@ -43,25 +44,27 @@
if (BeanConfiguration.hasContext() && policydao == null) {
ResourceFinder.policydao = BeanConfiguration.getBeans()
.getPolicyDbProvider();
+ ResourceFinder.resourcedao = BeanConfiguration.getBeans()
+ .getResourceProvider();
}
- if (policydao == null)
+ if (policydao == null | resourcedao == null)
throw new RuntimeException("provider not set!");
}
public static <T extends KustvaktResource> Set<T> search(String path,
boolean asParent, User user, Class<T> clazz,
- Permissions.PERMISSIONS... perms) throws KustvaktException {
+ Permissions.Permission... perms) throws KustvaktException {
ResourceFinder cat = init(path, asParent, user, clazz, perms);
return cat.getResources();
}
private static <T extends KustvaktResource> ResourceFinder init(String path,
boolean asParent, User user, Class<T> clazz,
- Permissions.PERMISSIONS... perms) throws KustvaktException {
+ Permissions.Permission... perms) throws KustvaktException {
ResourceFinder cat = new ResourceFinder(user);
PermissionsBuffer buffer = new PermissionsBuffer();
if (perms.length == 0)
- buffer.addPermissions(Permissions.PERMISSIONS.READ);
+ buffer.addPermissions(Permissions.Permission.READ);
buffer.addPermissions(perms);
cat.retrievePolicies(path, buffer.getPbyte(), clazz, asParent);
return cat;
@@ -70,32 +73,34 @@
//todo: needs to be much faster!
public static <T extends KustvaktResource> ResourceFinder init(User user,
Class<T> clazz) throws KustvaktException {
- return init(null, true, user, clazz, Permissions.PERMISSIONS.READ);
+ return init(null, true, user, clazz, Permissions.Permission.READ);
}
public static <T extends KustvaktResource> Set<T> search(String name,
boolean asParent, User user, String type) throws KustvaktException {
return (Set<T>) search(name, asParent, user,
ResourceFactory.getResourceClass(type),
- Permissions.PERMISSIONS.READ);
+ Permissions.Permission.READ);
}
public static <T extends KustvaktResource> Set<T> searchPublic(
- Class<T> clazz) {
- List[] list = policydao
+ Class<T> clazz) throws KustvaktException {
+ checkProviders();
+ Set<T> sets = new HashSet<>();
+ List<SecurityPolicy> policies = policydao
.getPolicies(new PolicyCondition(Attributes.PUBLIC_GROUP),
- Permissions.READ);
- System.out.println("_____________________");
- System.out.println("list 1 " + list[0]);
- System.out.println("list 1 " + list[1]);
- return new HashSet<>();
+ clazz, Permissions.READ);
+ for (SecurityPolicy policy : policies)
+ sets.add((T) resourcedao.findbyId(policy.getTarget(),
+ User.UserFactory.getDemoUser()));
+ return sets;
}
// todo: should this be working?
public static <T extends KustvaktResource> Set<T> search(User user,
Class<T> clazz) throws KustvaktException {
- return search(null, true, user, clazz, Permissions.PERMISSIONS.READ);
+ return search(null, true, user, clazz, Permissions.Permission.READ);
}
private void retrievePolicies(String path, Byte b, Class type,
diff --git a/src/main/java/de/ids_mannheim/korap/security/ac/ResourceHandler.java b/src/main/java/de/ids_mannheim/korap/security/ac/ResourceHandler.java
index 85665c0..7510e23 100644
--- a/src/main/java/de/ids_mannheim/korap/security/ac/ResourceHandler.java
+++ b/src/main/java/de/ids_mannheim/korap/security/ac/ResourceHandler.java
@@ -104,7 +104,7 @@
for (T resource : resources) {
SecurityManager policies;
try {
- policies = SecurityManager.init(resource.getPersistentID(), user, Permissions.PERMISSIONS.WRITE);
+ policies = SecurityManager.init(resource.getPersistentID(), user, Permissions.Permission.WRITE);
} catch (EmptyResultException e) {
return;
}
@@ -125,7 +125,7 @@
SecurityManager policies;
try {
policies = SecurityManager.init(id, user,
- Permissions.PERMISSIONS.DELETE);
+ Permissions.Permission.DELETE);
} catch (EmptyResultException e) {
return;
}
@@ -139,7 +139,7 @@
SecurityManager policies;
try {
policies = SecurityManager.findbyId(r.getPersistentID(), user, r.getClass(),
- Permissions.PERMISSIONS.DELETE);
+ Permissions.Permission.DELETE);
} catch (EmptyResultException e) {
return;
}
@@ -154,7 +154,7 @@
SecurityManager policies;
try {
policies = SecurityManager.findbyId(id, user,
- Permissions.PERMISSIONS.DELETE);
+ Permissions.Permission.DELETE);
} catch (EmptyResultException e) {
return;
}
diff --git a/src/main/java/de/ids_mannheim/korap/security/ac/SecurityManager.java b/src/main/java/de/ids_mannheim/korap/security/ac/SecurityManager.java
index 94d08e6..b05d810 100644
--- a/src/main/java/de/ids_mannheim/korap/security/ac/SecurityManager.java
+++ b/src/main/java/de/ids_mannheim/korap/security/ac/SecurityManager.java
@@ -10,6 +10,7 @@
import de.ids_mannheim.korap.interfaces.db.ResourceOperationIface;
import de.ids_mannheim.korap.resources.KustvaktResource;
import de.ids_mannheim.korap.resources.Permissions;
+import de.ids_mannheim.korap.resources.ResourceFactory;
import de.ids_mannheim.korap.security.Parameter;
import de.ids_mannheim.korap.security.PermissionsBuffer;
import de.ids_mannheim.korap.security.PolicyCondition;
@@ -96,7 +97,7 @@
*/
//todo: implement a fall back that throws an exception when the user NULL, but the resource has restrictions!
public static SecurityManager findbyId(String id, User user, Class type,
- Permissions.PERMISSIONS... perms) throws KustvaktException {
+ Permissions.Permission... perms) throws KustvaktException {
SecurityManager p = new SecurityManager(user);
p.findPolicies(id, false, perms);
p.resource = p.findResource(type);
@@ -104,7 +105,7 @@
}
public static SecurityManager findbyId(String id, User user,
- Permissions.PERMISSIONS... perms) throws KustvaktException {
+ Permissions.Permission... perms) throws KustvaktException {
SecurityManager p = new SecurityManager(user);
p.findPolicies(id, false, perms);
p.resource = p.findResource(null);
@@ -112,7 +113,7 @@
}
public static SecurityManager findbyId(Integer id, User user,
- Permissions.PERMISSIONS... perms) throws KustvaktException {
+ Permissions.Permission... perms) throws KustvaktException {
SecurityManager p = new SecurityManager(user);
p.findPolicies(id, false, perms);
p.resource = p.findResource(null);
@@ -120,7 +121,7 @@
}
public static SecurityManager findbyPath(String path, User user,
- Permissions.PERMISSIONS... perms)
+ Permissions.Permission... perms)
throws NotAuthorizedException, EmptyResultException {
SecurityManager manager = new SecurityManager(user);
manager.findPolicies(path, true, perms);
@@ -129,7 +130,7 @@
}
public static SecurityManager init(String id, User user,
- Permissions.PERMISSIONS... perms)
+ Permissions.Permission... perms)
throws NotAuthorizedException, EmptyResultException {
SecurityManager p = new SecurityManager(user);
p.findPolicies(id, false, perms);
@@ -143,7 +144,7 @@
* @throws NotAuthorizedException
*/
public final T getResource() throws NotAuthorizedException {
- if (evaluator.isAllowed(Permissions.PERMISSIONS.READ)) {
+ if (evaluator.isAllowed(Permissions.Permission.READ)) {
return this.resource;
}else {
jlog.error("Reading the resource '{}' is not allowed for user '{}'",
@@ -155,7 +156,7 @@
public void updateResource(T resource)
throws NotAuthorizedException, KustvaktException {
- if (evaluator.isAllowed(Permissions.PERMISSIONS.WRITE)) {
+ if (evaluator.isAllowed(Permissions.Permission.WRITE)) {
ResourceOperationIface iface = handlers.get(resource.getClass());
if (iface != null)
iface.updateResource(resource, this.user);
@@ -179,7 +180,7 @@
// todo: delete only works with find, not with init constructor!
public void deleteResource()
throws NotAuthorizedException, KustvaktException {
- if (evaluator.isAllowed(Permissions.PERMISSIONS.DELETE)) {
+ if (evaluator.isAllowed(Permissions.Permission.DELETE)) {
ResourceOperationIface iface = handlers
.get(this.resource.getClass());
if (iface != null)
@@ -198,10 +199,10 @@
// todo: type should be deprecated and return type of policies should be containers!
private boolean findPolicies(Object id, boolean path,
- Permissions.PERMISSIONS... perms) throws EmptyResultException {
+ Permissions.Permission... perms) throws EmptyResultException {
PermissionsBuffer b = new PermissionsBuffer();
if (perms.length == 0)
- b.addPermission(Permissions.READ);
+ b.addPermission(Permissions.Permission.READ.toByte());
else
b.addPermissions(perms);
if (id instanceof String && !path)
@@ -213,9 +214,9 @@
if (id instanceof Integer)
this.policies = policydao
.getPolicies((Integer) id, this.user, b.getPbyte());
-// System.out.println("-------------------------------");
-// System.out.println("LENGTH OF POLICY ARRAY " + this.policies.length);
-// System.out.println("POLICY AT 0 " + this.policies[0]);
+ // System.out.println("-------------------------------");
+ // System.out.println("LENGTH OF POLICY ARRAY " + this.policies.length);
+ // System.out.println("POLICY AT 0 " + this.policies[0]);
this.evaluator = new PolicyEvaluator(this.user, this.policies);
if (this.policies == null) {
@@ -263,7 +264,7 @@
// this is mostly for convenvience and database consistency, since a request query would result in not authorized, based on missing parent relation dependencies
// --> in order not to have a resource owner that is denied access due to missing parent relation dependency
SecurityManager.findbyId(resource.getParentID(), user,
- Permissions.PERMISSIONS.ALL);
+ Permissions.Permission.ALL);
}catch (EmptyResultException e) {
jlog.error(
"No policies found for parent '{}' for user '{}'",
@@ -275,8 +276,7 @@
// create persistent identifier for the resource
if (resource.getPersistentID() == null || resource.getPersistentID()
.isEmpty()) {
- // todo: use resource data!
- resource.setPersistentID(p.crypto.createID());
+ ResourceFactory.createID(resource);
newid = true;
}
@@ -300,9 +300,9 @@
try {
// todo: which is better? Integer id or String persistentID?
p.findPolicies(resource.getPersistentID(), false,
- Permissions.PERMISSIONS.CREATE_POLICY,
- Permissions.PERMISSIONS.READ_POLICY,
- Permissions.PERMISSIONS.MODIFY_POLICY);
+ Permissions.Permission.CREATE_POLICY,
+ Permissions.Permission.READ_POLICY,
+ Permissions.Permission.MODIFY_POLICY);
}catch (EmptyResultException e) {
jlog.error(
"No policies found for '{}' for user '{}'. Resource could not be registered!",
@@ -332,7 +332,7 @@
}
// fixme: make protected
- public PolicyCondition getExtensional(Permissions.PERMISSIONS... pps) {
+ public PolicyCondition getExtensional(Permissions.Permission... pps) {
for (SecurityPolicy p : this.policies[0]) {
if (p.equalsPermission(pps)) {
for (PolicyCondition c : p.getConditions()) {
@@ -370,7 +370,7 @@
return;
}
- if (evaluator.isAllowed(Permissions.PERMISSIONS.CREATE_POLICY)) {
+ if (evaluator.isAllowed(Permissions.Permission.CREATE_POLICY)) {
policydao.createPolicy(policy, this.user);
}else if (silent) {
jlog.error(
@@ -424,7 +424,7 @@
this.evaluator.getResourceID());
}
if (contains(policy) && (evaluator
- .isAllowed(Permissions.PERMISSIONS.DELETE_POLICY))) {
+ .isAllowed(Permissions.Permission.DELETE_POLICY))) {
policydao.deletePolicy(policy, this.user);
}else if (silent) {
jlog.error("Permission Denied (DELETE_POLICY) on '{}' for '{}'",
@@ -453,7 +453,7 @@
}
if (contains(policy) && (evaluator
- .isAllowed(Permissions.PERMISSIONS.MODIFY_POLICY))) {
+ .isAllowed(Permissions.Permission.MODIFY_POLICY))) {
policydao.updatePolicy(policy, this.user);
}else if (silent) {
jlog.error("Permission Denied (DELETE_POLICY) on '{}' for '{}'",
@@ -474,7 +474,7 @@
return evaluator.isAllowed();
}
- public boolean isAllowed(Permissions.PERMISSIONS... perm) {
+ public boolean isAllowed(Permissions.Permission... perm) {
return evaluator.isAllowed();
}
diff --git a/src/main/java/de/ids_mannheim/korap/security/ac/SecurityRowMappers.java b/src/main/java/de/ids_mannheim/korap/security/ac/SecurityRowMappers.java
index 48f339a..efcc95c 100644
--- a/src/main/java/de/ids_mannheim/korap/security/ac/SecurityRowMappers.java
+++ b/src/main/java/de/ids_mannheim/korap/security/ac/SecurityRowMappers.java
@@ -70,7 +70,7 @@
}
}
- public static List<SecurityPolicy>[] mapping(ResultSet rs)
+ public static List<SecurityPolicy>[] mapResourcePolicies(ResultSet rs)
throws SQLException {
List<SecurityPolicy>[] policyArray = null;
List<Integer>[] idx = null;
@@ -126,6 +126,27 @@
return policyArray;
}
+ public static List<SecurityPolicy> mapConditionPolicies(ResultSet rs)
+ throws SQLException {
+ Map<Integer, SecurityPolicy> policyMap = new HashMap<>();
+ while (rs.next()) {
+ if (rs.getInt("allowed") == 0)
+ continue;
+
+ Integer pid = rs.getInt("pid");
+ SecurityPolicy policy;
+ if ((policy = policyMap.get(pid)) == null) {
+ policy = new SecurityRowMappers.PolicyRowMapper().mapRow(rs, 0);
+ policyMap.put(pid, policy);
+ }
+ PolicyCondition c = new PolicyCondition(rs.getString("group_id"));
+
+ if (!policy.contains(c))
+ policy.addCondition(c);
+ }
+ return new ArrayList<>(policyMap.values());
+ }
+
@Deprecated
public static List<SecurityPolicy>[] map(ResultSet rs) throws SQLException {
Map<Integer, SecurityPolicy>[] policyArray = null;
@@ -148,7 +169,7 @@
policy = new SecurityRowMappers.PolicyRowMapper().mapRow(rs, 0);
cursor.put(pid, policy);
}
- PolicyCondition c = new PolicyCondition(rs.getString("group_ref"));
+ PolicyCondition c = new PolicyCondition(rs.getString("group_id"));
if (!policy.contains(c))
policy.addCondition(c);