Skip to content
Snippets Groups Projects
Commit 2124fd77 authored by Nicola Fulvio Calabria's avatar Nicola Fulvio Calabria
Browse files

#3636 - Handle permissions in ListNodeController: Return readable child 

nodes only
parent e73ff0df
No related branches found
No related tags found
No related merge requests found
Pipeline #1069 passed
Stage: build
Stage: test
Stage: dockerize
Show whitespace changes
Inline Side-by-side
src/main/java/it/inaf/oats/vospace/ListNodeController.java
+ 18
0
View file @ 2124fd77
...@@ -7,6 +7,7 @@ import org.springframework.web.bind.annotation.GetMapping; ...@@ -7,6 +7,7 @@ import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import net.ivoa.xml.vospace.v2.Node; import net.ivoa.xml.vospace.v2.Node;
import net.ivoa.xml.vospace.v2.ContainerNode;
import it.inaf.oats.vospace.persistence.NodeDAO; import it.inaf.oats.vospace.persistence.NodeDAO;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
...@@ -17,6 +18,8 @@ import it.inaf.ia2.aa.data.User; ...@@ -17,6 +18,8 @@ import it.inaf.ia2.aa.data.User;
import it.inaf.oats.vospace.datamodel.NodeUtils; import it.inaf.oats.vospace.datamodel.NodeUtils;
import java.util.Optional; import java.util.Optional;
import it.inaf.oats.vospace.exception.PermissionDeniedException; import it.inaf.oats.vospace.exception.PermissionDeniedException;
import java.util.stream.Collectors;
import java.util.List;
@RestController @RestController
public class ListNodeController extends BaseNodeController { public class ListNodeController extends BaseNodeController {
...@@ -43,6 +46,21 @@ public class ListNodeController extends BaseNodeController { ...@@ -43,6 +46,21 @@ public class ListNodeController extends BaseNodeController {
} }
} }
Node node = optNode.get();
if(node instanceof ContainerNode)
{
ContainerNode cnd = (ContainerNode) node;
List<Node> children =
cnd.getNodes().stream().filter(
(n)->NodeUtils.checkIfReadable(
n, principal.getName(),
principal.getGroups()))
.collect(Collectors.toList());
cnd.setNodes(children);
optNode = Optional.of(cnd);
}
return ResponseEntity.ok(optNode.get()); return ResponseEntity.ok(optNode.get());
} }
} }
src/test/java/it/inaf/oats/vospace/ListNodeControllerTest.java
+ 60
18
View file @ 2124fd77
...@@ -26,6 +26,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder ...@@ -26,6 +26,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
@SpringBootTest @SpringBootTest
@AutoConfigureMockMvc @AutoConfigureMockMvc
...@@ -108,6 +109,48 @@ public class ListNodeControllerTest { ...@@ -108,6 +109,48 @@ public class ListNodeControllerTest {
.andExpect(status().is2xxSuccessful()); .andExpect(status().is2xxSuccessful());
} }
@Test
public void testRemoveUnreadable() throws Exception {
// Create container node
ContainerNode root = (ContainerNode) getRootNode().get();
Node node1 = getDataNodeByOwnership("user1", "group10");
node1.setUri(URI_PREFIX + "/mynode1");
root.getNodes().add(node1);
Node node2 = getDataNodeByOwnership("user1", "group10");
node2.setUri(URI_PREFIX + "/mynode2");
root.getNodes().add(node2);
Node node3 = getDataNodeByOwnership("user2", "group10");
node3.setUri(URI_PREFIX + "/mynode3");
root.getNodes().add(node3);
Node node4 = getDataNodeByOwnership("user3", "group10");
node4.setUri(URI_PREFIX + "/mynode4");
root.getNodes().add(node4);
when(dao.listNode(eq("/"))).thenReturn(Optional.of(root));
String xml = mockMvc.perform(get("/nodes/")
.header("Authorization", "Bearer user2_token")
.accept(MediaType.APPLICATION_XML))
.andExpect(status().is2xxSuccessful())
.andDo(print())
.andReturn().getResponse().getContentAsString();
Document doc = loadDocument(xml);
assertEquals("vos:node", doc.getDocumentElement().getNodeName());
assertEquals("vos:ContainerNode", doc.getDocumentElement().getAttribute("xsi:type"));
NodeList nl = doc.getDocumentElement().getElementsByTagName("vos:nodes");
assertEquals(1, nl.getLength());
NodeList children = nl.item(0).getChildNodes();
assertEquals(2, children.getLength());
verify(dao, times(1)).listNode(eq("/"));
}
private Optional<Node> getRootNode() { private Optional<Node> getRootNode() {
ContainerNode root = new ContainerNode(); ContainerNode root = new ContainerNode();
root.setUri(URI_PREFIX + "/"); root.setUri(URI_PREFIX + "/");
...@@ -131,8 +174,7 @@ public class ListNodeControllerTest { ...@@ -131,8 +174,7 @@ public class ListNodeControllerTest {
return node; return node;
} }
private Node getDataNodeByOwnership(String ownerID, String group) private Node getDataNodeByOwnership(String ownerID, String group) {
{
DataNode node = new DataNode(); DataNode node = new DataNode();
node.setUri(URI_PREFIX + "/mynode"); node.setUri(URI_PREFIX + "/mynode");
// Set owner // Set owner
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment