Skip to content
Snippets Groups Projects
Commit aae399e8 authored by Nicola Fulvio Calabria's avatar Nicola Fulvio Calabria
Browse files

Include ownership in write privilege check in CreateNodeController. 

Changed separator for group_write property to " " in 
CreateNodeController for consistency with NodeDAO
parent c61d177c
No related branches found
No related tags found
No related merge requests found
Pipeline #865 passed
Stage: build
Stage: test
Stage: dockerize
Show whitespace changes
Inline Side-by-side
src/main/java/it/inaf/oats/vospace/CreateNodeController.java
+ 28
8
View file @ aae399e8
......@@ -32,14 +32,17 @@ public class CreateNodeController extends BaseNodeController {
List<String> userGroups = principal.getGroups();
// Validate payload node URI
if (!isValidURI(node.getUri())) {
throw new InvalidURIException(node.getUri());
}
// Check if payload URI is consistent with http request
if (!isUrlConsistentWithPayloadURI(node.getUri(), path)) {
throw new InvalidURIException(node.getUri(), path);
}
// Check if another node is already present at specified path
// This checks if the user is trying to insert the root node at "/" too
if (nodeDao.listNode(path).isPresent()) {
throw new DuplicateNodeException(path);
......@@ -49,26 +52,30 @@ public class CreateNodeController extends BaseNodeController {
Node parentNode = nodeDao.listNode(getParentPath(path))
.orElseThrow(() -> new ContainerNotFoundException(getParentPath(path)));
List<String> groupWritePropValues = parentNode.getProperties().stream()
.filter((i) -> i.getUri()
.equals("ivo://ivoa.net/vospace/core#groupwrite"))
.map((i) -> i.getValue())
.collect(Collectors.toList());
// Check user write/ownership privilege against parent node
List<String> groupWritePropValues
= getNodePropertyByURI(parentNode, "ivo://ivoa.net/vospace/core#groupwrite");
if (groupWritePropValues.isEmpty()) {
throw new PermissionDeniedException(path);
}
List<String> nodeGroups
= Arrays.asList(groupWritePropValues.get(0).split(",", -1));
= Arrays.asList(groupWritePropValues.get(0).split(" ", -1));
if (!nodeGroups.stream().anyMatch((i) -> userGroups.contains(i))) {
// If groups don't match check ownership at least
List<String> nodeOwner
= getNodePropertyByURI(parentNode, "ivo://ivoa.net/vospace/core#creator");
if (nodeOwner.isEmpty()
|| !nodeOwner.get(0).equals(principal.getName())) {
throw new PermissionDeniedException(path);
}
}
// Check if parent node is not a Container node and in case throw
// appropriate exception
if (!parentNode.getType().equals("vos:ContainerNode")) {
if (parentNode.getType().equals("vos:LinkNode")) {
throw new LinkFoundException(getParentPath(path));
......@@ -117,4 +124,17 @@ public class CreateNodeController extends BaseNodeController {
return sb.toString();
}
// Returns all properties stored inside the node under the requested
// property URI.
private List<String> getNodePropertyByURI(Node node, String propertyURI) {
List<String> propertyList = node.getProperties().stream()
.filter((i) -> i.getUri()
.equals(propertyURI))
.map((i) -> i.getValue())
.collect(Collectors.toList());
return propertyList;
}
}
src/test/java/it/inaf/oats/vospace/CreateNodeControllerTest.java
+ 2
2
View file @ aae399e8
......@@ -48,7 +48,7 @@ public class CreateNodeControllerTest {
// Set groupwrite property
Property groups = new Property();
groups.setUri("ivo://ivoa.net/vospace/core#groupwrite");
groups.setValue("test1,test2");
groups.setValue("test1 test2");
parentNode.setProperties(List.of(groups));
return parentNode;
}
......@@ -60,7 +60,7 @@ public class CreateNodeControllerTest {
// Set groupwrite property
Property groups = new Property();
groups.setUri("ivo://ivoa.net/vospace/core#groupwrite");
groups.setValue("test1,test2");
groups.setValue("test1 test2");
parentNode.setProperties(List.of(groups));
return parentNode;
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment