Skip to content
Snippets Groups Projects
Commit aae399e8 authored by Nicola Fulvio Calabria's avatar Nicola Fulvio Calabria
Browse files

Include ownership in write privilege check in CreateNodeController. 

Changed separator for group_write property to " " in 
CreateNodeController for consistency with NodeDAO
parent c61d177c
Branches
Tags
No related merge requests found
Pipeline #865 passed
Stage: build
Stage: test
Stage: dockerize
Show whitespace changes
Inline Side-by-side
src/main/java/it/inaf/oats/vospace/CreateNodeController.java
+ 28
8
View file @ aae399e8
...@@ -32,14 +32,17 @@ public class CreateNodeController extends BaseNodeController { ...@@ -32,14 +32,17 @@ public class CreateNodeController extends BaseNodeController {
List<String> userGroups = principal.getGroups(); List<String> userGroups = principal.getGroups();
// Validate payload node URI
if (!isValidURI(node.getUri())) { if (!isValidURI(node.getUri())) {
throw new InvalidURIException(node.getUri()); throw new InvalidURIException(node.getUri());
} }
// Check if payload URI is consistent with http request
if (!isUrlConsistentWithPayloadURI(node.getUri(), path)) { if (!isUrlConsistentWithPayloadURI(node.getUri(), path)) {
throw new InvalidURIException(node.getUri(), path); throw new InvalidURIException(node.getUri(), path);
} }
// Check if another node is already present at specified path
// This checks if the user is trying to insert the root node at "/" too // This checks if the user is trying to insert the root node at "/" too
if (nodeDao.listNode(path).isPresent()) { if (nodeDao.listNode(path).isPresent()) {
throw new DuplicateNodeException(path); throw new DuplicateNodeException(path);
...@@ -49,26 +52,30 @@ public class CreateNodeController extends BaseNodeController { ...@@ -49,26 +52,30 @@ public class CreateNodeController extends BaseNodeController {
Node parentNode = nodeDao.listNode(getParentPath(path)) Node parentNode = nodeDao.listNode(getParentPath(path))
.orElseThrow(() -> new ContainerNotFoundException(getParentPath(path))); .orElseThrow(() -> new ContainerNotFoundException(getParentPath(path)));
List<String> groupWritePropValues = parentNode.getProperties().stream() // Check user write/ownership privilege against parent node
.filter((i) -> i.getUri() List<String> groupWritePropValues
.equals("ivo://ivoa.net/vospace/core#groupwrite")) = getNodePropertyByURI(parentNode, "ivo://ivoa.net/vospace/core#groupwrite");
.map((i) -> i.getValue())
.collect(Collectors.toList());
if (groupWritePropValues.isEmpty()) { if (groupWritePropValues.isEmpty()) {
throw new PermissionDeniedException(path); throw new PermissionDeniedException(path);
} }
List<String> nodeGroups List<String> nodeGroups
= Arrays.asList(groupWritePropValues.get(0).split(",", -1)); = Arrays.asList(groupWritePropValues.get(0).split(" ", -1));
if (!nodeGroups.stream().anyMatch((i) -> userGroups.contains(i))) { if (!nodeGroups.stream().anyMatch((i) -> userGroups.contains(i))) {
// If groups don't match check ownership at least
List<String> nodeOwner
= getNodePropertyByURI(parentNode, "ivo://ivoa.net/vospace/core#creator");
if (nodeOwner.isEmpty()
|| !nodeOwner.get(0).equals(principal.getName())) {
throw new PermissionDeniedException(path); throw new PermissionDeniedException(path);
} }
}
// Check if parent node is not a Container node and in case throw // Check if parent node is not a Container node and in case throw
// appropriate exception // appropriate exception
if (!parentNode.getType().equals("vos:ContainerNode")) { if (!parentNode.getType().equals("vos:ContainerNode")) {
if (parentNode.getType().equals("vos:LinkNode")) { if (parentNode.getType().equals("vos:LinkNode")) {
throw new LinkFoundException(getParentPath(path)); throw new LinkFoundException(getParentPath(path));
...@@ -117,4 +124,17 @@ public class CreateNodeController extends BaseNodeController { ...@@ -117,4 +124,17 @@ public class CreateNodeController extends BaseNodeController {
return sb.toString(); return sb.toString();
} }
// Returns all properties stored inside the node under the requested
// property URI.
private List<String> getNodePropertyByURI(Node node, String propertyURI) {
List<String> propertyList = node.getProperties().stream()
.filter((i) -> i.getUri()
.equals(propertyURI))
.map((i) -> i.getValue())
.collect(Collectors.toList());
return propertyList;
}
} }
src/test/java/it/inaf/oats/vospace/CreateNodeControllerTest.java
+ 2
2
View file @ aae399e8
...@@ -48,7 +48,7 @@ public class CreateNodeControllerTest { ...@@ -48,7 +48,7 @@ public class CreateNodeControllerTest {
// Set groupwrite property // Set groupwrite property
Property groups = new Property(); Property groups = new Property();
groups.setUri("ivo://ivoa.net/vospace/core#groupwrite"); groups.setUri("ivo://ivoa.net/vospace/core#groupwrite");
groups.setValue("test1,test2"); groups.setValue("test1 test2");
parentNode.setProperties(List.of(groups)); parentNode.setProperties(List.of(groups));
return parentNode; return parentNode;
} }
...@@ -60,7 +60,7 @@ public class CreateNodeControllerTest { ...@@ -60,7 +60,7 @@ public class CreateNodeControllerTest {
// Set groupwrite property // Set groupwrite property
Property groups = new Property(); Property groups = new Property();
groups.setUri("ivo://ivoa.net/vospace/core#groupwrite"); groups.setUri("ivo://ivoa.net/vospace/core#groupwrite");
groups.setValue("test1,test2"); groups.setValue("test1 test2");
parentNode.setProperties(List.of(groups)); parentNode.setProperties(List.of(groups));
return parentNode; return parentNode;
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment