diff --git a/src/main/java/it/inaf/oats/vospace/ListNodeController.java b/src/main/java/it/inaf/oats/vospace/ListNodeController.java index 7dd303f42c02a101c3334d6bf8604c8798434326..185f68eb8d754d88209de6832dd14450bb1ad2a3 100644 --- a/src/main/java/it/inaf/oats/vospace/ListNodeController.java +++ b/src/main/java/it/inaf/oats/vospace/ListNodeController.java @@ -7,6 +7,7 @@ import org.springframework.web.bind.annotation.GetMapping; import org.springframework.http.ResponseEntity; import net.ivoa.xml.vospace.v2.Node; +import net.ivoa.xml.vospace.v2.ContainerNode; import it.inaf.oats.vospace.persistence.NodeDAO; import javax.servlet.http.HttpServletRequest; @@ -17,6 +18,8 @@ import it.inaf.ia2.aa.data.User; import it.inaf.oats.vospace.datamodel.NodeUtils; import java.util.Optional; import it.inaf.oats.vospace.exception.PermissionDeniedException; +import java.util.stream.Collectors; +import java.util.List; @RestController public class ListNodeController extends BaseNodeController { @@ -42,6 +45,21 @@ public class ListNodeController extends BaseNodeController { throw new PermissionDeniedException(path); } } + + Node node = optNode.get(); + + if(node instanceof ContainerNode) + { + ContainerNode cnd = (ContainerNode) node; + List<Node> children = + cnd.getNodes().stream().filter( + (n)->NodeUtils.checkIfReadable( + n, principal.getName(), + principal.getGroups())) + .collect(Collectors.toList()); + cnd.setNodes(children); + optNode = Optional.of(cnd); + } return ResponseEntity.ok(optNode.get()); } diff --git a/src/test/java/it/inaf/oats/vospace/ListNodeControllerTest.java b/src/test/java/it/inaf/oats/vospace/ListNodeControllerTest.java index 415e2b403099fa6f8f234d7baad4ccfd6458706c..9d37ae60880438b47c0ef25454fa51de3e33f095 100644 --- a/src/test/java/it/inaf/oats/vospace/ListNodeControllerTest.java +++ b/src/test/java/it/inaf/oats/vospace/ListNodeControllerTest.java @@ -26,6 +26,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import org.w3c.dom.Document; +import org.w3c.dom.NodeList; @SpringBootTest @AutoConfigureMockMvc @@ -39,7 +40,7 @@ public class ListNodeControllerTest { private NodeDAO dao; @Autowired - private MockMvc mockMvc; + private MockMvc mockMvc; @Test public void testRootXml() throws Exception { @@ -83,29 +84,71 @@ public class ListNodeControllerTest { .accept(MediaType.APPLICATION_XML)) .andExpect(status().isNotFound()); } - + @Test public void testPermissionDeniedUser() throws Exception { - Node node = getDataNodeByOwnership("user2","group1"); - + Node node = getDataNodeByOwnership("user2", "group1"); + when(dao.listNode(eq("/mynode"))).thenReturn(Optional.of(node)); - + mockMvc.perform(get("/nodes/mynode") .header("Authorization", "Bearer user1_token") .accept(MediaType.APPLICATION_XML)) - .andExpect(status().is4xxClientError()); + .andExpect(status().is4xxClientError()); } - + @Test public void testGrantedByGroup() throws Exception { - Node node = getDataNodeByOwnership("user1","group1"); - + Node node = getDataNodeByOwnership("user1", "group1"); + when(dao.listNode(eq("/mynode"))).thenReturn(Optional.of(node)); - + mockMvc.perform(get("/nodes/mynode") .header("Authorization", "Bearer user2_token") .accept(MediaType.APPLICATION_XML)) - .andExpect(status().is2xxSuccessful()); + .andExpect(status().is2xxSuccessful()); + } + + @Test + public void testRemoveUnreadable() throws Exception { + // Create container node + ContainerNode root = (ContainerNode) getRootNode().get(); + + Node node1 = getDataNodeByOwnership("user1", "group10"); + node1.setUri(URI_PREFIX + "/mynode1"); + root.getNodes().add(node1); + + Node node2 = getDataNodeByOwnership("user1", "group10"); + node2.setUri(URI_PREFIX + "/mynode2"); + root.getNodes().add(node2); + + Node node3 = getDataNodeByOwnership("user2", "group10"); + node3.setUri(URI_PREFIX + "/mynode3"); + root.getNodes().add(node3); + + Node node4 = getDataNodeByOwnership("user3", "group10"); + node4.setUri(URI_PREFIX + "/mynode4"); + root.getNodes().add(node4); + + when(dao.listNode(eq("/"))).thenReturn(Optional.of(root)); + + String xml = mockMvc.perform(get("/nodes/") + .header("Authorization", "Bearer user2_token") + .accept(MediaType.APPLICATION_XML)) + .andExpect(status().is2xxSuccessful()) + .andDo(print()) + .andReturn().getResponse().getContentAsString(); + + Document doc = loadDocument(xml); + assertEquals("vos:node", doc.getDocumentElement().getNodeName()); + assertEquals("vos:ContainerNode", doc.getDocumentElement().getAttribute("xsi:type")); + NodeList nl = doc.getDocumentElement().getElementsByTagName("vos:nodes"); + + assertEquals(1, nl.getLength()); + NodeList children = nl.item(0).getChildNodes(); + assertEquals(2, children.getLength()); + verify(dao, times(1)).listNode(eq("/")); + } private Optional<Node> getRootNode() { @@ -114,8 +157,8 @@ public class ListNodeControllerTest { Property publicProperty = new Property(); publicProperty.setUri(NodeProperties.PUBLIC_READ_URI); publicProperty.setValue("true"); - root.getProperties().add(publicProperty); - + root.getProperties().add(publicProperty); + root.getNodes().add(getDataNode()); return Optional.of(root); } @@ -130,9 +173,8 @@ public class ListNodeControllerTest { return node; } - - private Node getDataNodeByOwnership(String ownerID, String group) - { + + private Node getDataNodeByOwnership(String ownerID, String group) { DataNode node = new DataNode(); node.setUri(URI_PREFIX + "/mynode"); // Set owner @@ -145,7 +187,7 @@ public class ListNodeControllerTest { readGroupProperty.setUri(NodeProperties.GROUP_READ_URI); readGroupProperty.setValue(group); node.getProperties().add(readGroupProperty); - - return node; + + return node; } }