From 47342b33a4a70cbbab3776786cfba84ab2e44815 Mon Sep 17 00:00:00 2001
From: Sara Bertocco <sara.bertocco@inaf.it>
Date: Wed, 3 Feb 2021 12:03:17 +0100
Subject: [PATCH] Working on task #3635 - Refactoring: create NodeUtils class
---
.../oats/vospace/CreateNodeController.java | 44 +++----------------
.../java/it/inaf/oats/vospace/UriService.java | 13 +-----
2 files changed, 7 insertions(+), 50 deletions(-)
diff --git a/src/main/java/it/inaf/oats/vospace/CreateNodeController.java b/src/main/java/it/inaf/oats/vospace/CreateNodeController.java
index fe9452a..488d2c1 100644
--- a/src/main/java/it/inaf/oats/vospace/CreateNodeController.java
+++ b/src/main/java/it/inaf/oats/vospace/CreateNodeController.java
@@ -2,6 +2,7 @@ package it.inaf.oats.vospace;
import it.inaf.ia2.aa.data.User;
import it.inaf.oats.vospace.datamodel.NodeProperties;
+import it.inaf.oats.vospace.datamodel.NodeUtils;
import net.ivoa.xml.vospace.v2.Node;
import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.RequestBody;
@@ -58,45 +59,10 @@ public class CreateNodeController extends BaseNodeController {
} else {
throw new ContainerNotFoundException(getParentPath(path));
}
- }
-
- // First check if parent node creator is == userid
- List<String> nodeOwner
- = NodeProperties.getNodePropertyByURI(
- parentNode, NodeProperties.CREATOR_URI);
-
- if (nodeOwner == null
- || nodeOwner.isEmpty()
- || !nodeOwner.get(0).equals(principal.getName())) {
- // Node owner check has failed: let's check if user can write
- // due to group privileges
-
- List<String> userGroups = principal.getGroups();
-
- // If the user doesn't belong to any groups throw exception
- if (userGroups == null || userGroups.isEmpty()) {
- throw new PermissionDeniedException(path);
- }
-
- List<String> groupWritePropValues
- = NodeProperties.getNodePropertyByURI(parentNode,
- "ivo://ivoa.net/vospace/core#groupwrite");
-
- // If groupwrite property is absent in Parent Node throw exception
- if (groupWritePropValues == null
- || groupWritePropValues.isEmpty()) {
- throw new PermissionDeniedException(path);
- }
-
- List<String> nodeGroups
- = NodeProperties.parsePropertyStringToList(groupWritePropValues.get(0));
-
- if (nodeGroups.isEmpty()
- || !nodeGroups.stream()
- .anyMatch((i) -> userGroups.contains(i))) {
- throw new PermissionDeniedException(path);
- }
-
+ }
+
+ if(!NodeUtils.checkIfWritable(parentNode, principal.getName(), principal.getGroups())) {
+ throw new PermissionDeniedException(path);
}
nodeDao.createNode(node);
diff --git a/src/main/java/it/inaf/oats/vospace/UriService.java b/src/main/java/it/inaf/oats/vospace/UriService.java
index d1dfb6f..ca39095 100644
--- a/src/main/java/it/inaf/oats/vospace/UriService.java
+++ b/src/main/java/it/inaf/oats/vospace/UriService.java
@@ -3,6 +3,7 @@ package it.inaf.oats.vospace;
import it.inaf.ia2.aa.ServletRapClient;
import it.inaf.ia2.aa.data.User;
import it.inaf.ia2.rap.client.call.TokenExchangeRequest;
+import it.inaf.oats.vospace.datamodel.NodeProperties;
import it.inaf.oats.vospace.persistence.NodeDAO;
import java.util.ArrayList;
import java.util.List;
@@ -73,7 +74,7 @@ public class UriService {
// TODO add token for authenticated access
String endpoint = fileServiceUrl + relativePath + "?jobId=" + job.getJobId();
- if (!"true".equals(getProperty(node, "publicread"))) {
+ if (!"true".equals(NodeProperties.getProperty(node, "publicread"))) {
endpoint += "&token=" + getEndpointToken(fileServiceUrl + relativePath);
}
@@ -97,16 +98,6 @@ public class UriService {
return rapClient.exchangeToken(exchangeRequest, servletRequest);
}
- private String getProperty(Node node, String propertyName) {
-
- for (Property property : node.getProperties()) {
- if (property.getUri().equals("ivo://ivoa.net/vospace/core#".concat(propertyName))) {
- return property.getValue();
- }
- }
- return null;
- }
-
private Transfer getTransfer(JobSummary job) {
// TODO add checks on data type
return (Transfer) job.getJobInfo().getAny().get(0);
--
GitLab