Search in sources :

Example 16 with PrivateUrlUser

use of edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser in project dataverse by IQSS.

the class SearchServiceBean method getPermissionFilterQuery.

/**
 * Moved this logic out of the "search" function
 *
 * @return
 */
private String getPermissionFilterQuery(DataverseRequest dataverseRequest, SolrQuery solrQuery, Dataverse dataverse, boolean onlyDatatRelatedToMe) {
    User user = dataverseRequest.getUser();
    if (user == null) {
        throw new NullPointerException("user cannot be null");
    }
    if (solrQuery == null) {
        throw new NullPointerException("solrQuery cannot be null");
    }
    /**
     * @todo For people who are not logged in, should we show stuff indexed
     * with "AllUsers" group or not? If so, uncomment the allUsersString
     * stuff below.
     */
    // String allUsersString = IndexServiceBean.getGroupPrefix() + AllUsers.get().getAlias();
    // String publicOnly = "{!join from=" + SearchFields.DEFINITION_POINT + " to=id}" + SearchFields.DISCOVERABLE_BY + ":(" + IndexServiceBean.getPublicGroupString() + " OR " + allUsersString + ")";
    String publicOnly = "{!join from=" + SearchFields.DEFINITION_POINT + " to=id}" + SearchFields.DISCOVERABLE_BY + ":(" + IndexServiceBean.getPublicGroupString() + ")";
    // String publicOnly = "{!join from=" + SearchFields.GROUPS + " to=" + SearchFields.PERMS + "}id:" + IndexServiceBean.getPublicGroupString();
    // initialize to public only to be safe
    String dangerZoneNoSolrJoin = null;
    if (user instanceof PrivateUrlUser) {
        user = GuestUser.get();
    }
    // ----------------------------------------------------
    if (user instanceof GuestUser) {
        String groupsFromProviders = "";
        Set<Group> groups = groupService.collectAncestors(groupService.groupsFor(dataverseRequest));
        StringBuilder sb = new StringBuilder();
        for (Group group : groups) {
            logger.fine("found group " + group.getIdentifier() + " with alias " + group.getAlias());
            String groupAlias = group.getAlias();
            if (groupAlias != null && !groupAlias.isEmpty()) {
                sb.append(" OR ");
                // i.e. group_builtIn/all-users, ip/ipGroup3
                sb.append(IndexServiceBean.getGroupPrefix()).append(groupAlias);
            }
        }
        groupsFromProviders = sb.toString();
        logger.fine("groupsFromProviders:" + groupsFromProviders);
        String guestWithGroups = "{!join from=" + SearchFields.DEFINITION_POINT + " to=id}" + SearchFields.DISCOVERABLE_BY + ":(" + IndexServiceBean.getPublicGroupString() + groupsFromProviders + ")";
        logger.fine(guestWithGroups);
        return guestWithGroups;
    }
    // ----------------------------------------------------
    if (!(user instanceof AuthenticatedUser)) {
        logger.severe("Should never reach here. A User must be an AuthenticatedUser or a Guest");
        throw new IllegalStateException("A User must be an AuthenticatedUser or a Guest");
    }
    AuthenticatedUser au = (AuthenticatedUser) user;
    // Logged in user, has publication status facet
    // 
    solrQuery.addFacetField(SearchFields.PUBLICATION_STATUS);
    // ----------------------------------------------------
    if (au.isSuperuser()) {
        return dangerZoneNoSolrJoin;
    }
    // ----------------------------------------------------
    if (onlyDatatRelatedToMe == true) {
        if (systemConfig.myDataDoesNotUsePermissionDocs()) {
            logger.fine("old 4.2 behavior: MyData is not using Solr permission docs");
            return dangerZoneNoSolrJoin;
        } else {
            logger.fine("new post-4.2 behavior: MyData is using Solr permission docs");
        }
    }
    // ----------------------------------------------------
    // (5) Work with Authenticated User who is not a Superuser
    // ----------------------------------------------------
    /**
     * @todo all this code needs cleanup and clarification.
     */
    /**
     * Every AuthenticatedUser is part of a "User Private Group" (UGP), a
     * concept we borrow from RHEL:
     * https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-Managing_Users_and_Groups.html#s2-users-groups-private-groups
     */
    /**
     * @todo rename this from publicPlusUserPrivateGroup. Confusing
     */
    // safe default: public only
    String publicPlusUserPrivateGroup = publicOnly;
    // + (onlyDatatRelatedToMe ? "" : (publicOnly + " OR "))
    // + "{!join from=" + SearchFields.GROUPS + " to=" + SearchFields.PERMS + "}id:" + IndexServiceBean.getGroupPerUserPrefix() + au.getId() + ")";
    // /**
    // * @todo add onlyDatatRelatedToMe option into the experimental JOIN
    // * before enabling it.
    // */
    /**
     * From a search perspective, we don't care about if the group was
     * created within one dataverse or another. We just want a list of *all*
     * the groups the user is part of. We are greedy. We want all BuiltIn
     * Groups, Shibboleth Groups, IP Groups, "system" groups, everything.
     *
     * A JOIN on "permission documents" will determine if the user can find
     * a given "content document" (dataset version, etc) in Solr.
     */
    String groupsFromProviders = "";
    Set<Group> groups = groupService.collectAncestors(groupService.groupsFor(dataverseRequest));
    StringBuilder sb = new StringBuilder();
    for (Group group : groups) {
        logger.fine("found group " + group.getIdentifier() + " with alias " + group.getAlias());
        String groupAlias = group.getAlias();
        if (groupAlias != null && !groupAlias.isEmpty()) {
            sb.append(" OR ");
            // i.e. group_builtIn/all-users, group_builtIn/authenticated-users, group_1-explictGroup1, group_shib/2
            sb.append(IndexServiceBean.getGroupPrefix() + groupAlias);
        }
    }
    groupsFromProviders = sb.toString();
    logger.fine(groupsFromProviders);
    if (true) {
        /**
         * @todo get rid of "experimental" in name
         */
        String experimentalJoin = "{!join from=" + SearchFields.DEFINITION_POINT + " to=id}" + SearchFields.DISCOVERABLE_BY + ":(" + IndexServiceBean.getPublicGroupString() + " OR " + IndexServiceBean.getGroupPerUserPrefix() + au.getId() + groupsFromProviders + ")";
        publicPlusUserPrivateGroup = experimentalJoin;
    }
    // permissionFilterQuery = publicPlusUserPrivateGroup;
    logger.fine(publicPlusUserPrivateGroup);
    return publicPlusUserPrivateGroup;
}
Also used : GuestUser(edu.harvard.iq.dataverse.authorization.users.GuestUser) Group(edu.harvard.iq.dataverse.authorization.groups.Group) AuthenticatedUser(edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser) User(edu.harvard.iq.dataverse.authorization.users.User) PrivateUrlUser(edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser) GuestUser(edu.harvard.iq.dataverse.authorization.users.GuestUser) PrivateUrlUser(edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser) AuthenticatedUser(edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser)

Example 17 with PrivateUrlUser

use of edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser in project dataverse by IQSS.

the class DeletePrivateUrlCommand method executeImpl.

@Override
protected void executeImpl(CommandContext ctxt) throws CommandException {
    logger.fine("Executing DeletePrivateUrlCommand....");
    if (dataset == null) {
        /**
         * @todo Internationalize this.
         */
        String message = "Can't delete Private URL. Dataset is null.";
        logger.info(message);
        throw new IllegalCommandException(message, this);
    }
    PrivateUrlUser privateUrlUser = new PrivateUrlUser(dataset.getId());
    List<RoleAssignment> roleAssignments = ctxt.roles().directRoleAssignments(privateUrlUser, dataset);
    for (RoleAssignment roleAssignment : roleAssignments) {
        ctxt.engine().submit(new RevokeRoleCommand(roleAssignment, getRequest()));
    }
}
Also used : IllegalCommandException(edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException) PrivateUrlUser(edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser) RoleAssignment(edu.harvard.iq.dataverse.RoleAssignment)

Example 18 with PrivateUrlUser

use of edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser in project dataverse by IQSS.

the class JsonPrinterTest method testJson_RoleAssignment.

@Test
public void testJson_RoleAssignment() {
    DataverseRole aRole = new DataverseRole();
    PrivateUrlUser privateUrlUserIn = new PrivateUrlUser(42);
    RoleAssignee anAssignee = privateUrlUserIn;
    Dataset dataset = new Dataset();
    dataset.setId(123l);
    String privateUrlToken = "e1d53cf6-794a-457a-9709-7c07629a8267";
    RoleAssignment ra = new RoleAssignment(aRole, anAssignee, dataset, privateUrlToken);
    JsonObjectBuilder job = JsonPrinter.json(ra);
    assertNotNull(job);
    JsonObject jsonObject = job.build();
    assertEquals("#42", jsonObject.getString("assignee"));
    assertEquals(123, jsonObject.getInt("definitionPointId"));
    assertEquals("e1d53cf6-794a-457a-9709-7c07629a8267", jsonObject.getString("privateUrlToken"));
}
Also used : Dataset(edu.harvard.iq.dataverse.Dataset) PrivateUrlUser(edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser) RoleAssignment(edu.harvard.iq.dataverse.RoleAssignment) JsonObject(javax.json.JsonObject) JsonObjectBuilder(javax.json.JsonObjectBuilder) DataverseRole(edu.harvard.iq.dataverse.authorization.DataverseRole) RoleAssignee(edu.harvard.iq.dataverse.authorization.RoleAssignee) Test(org.junit.Test)

Example 19 with PrivateUrlUser

use of edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser in project dataverse by IQSS.

the class Access method isAccessAuthorized.

private boolean isAccessAuthorized(DataFile df, String apiToken) {
    // First, check if the file belongs to a released Dataset version:
    boolean published = false;
    if (df.getOwner().getReleasedVersion() != null) {
        // logger.fine("file belongs to a dataset with a released version.");
        if (df.getOwner().getReleasedVersion().getFileMetadatas() != null) {
            // logger.fine("going through the list of filemetadatas that belong to the released version.");
            for (FileMetadata fm : df.getOwner().getReleasedVersion().getFileMetadatas()) {
                if (df.equals(fm.getDataFile())) {
                    // logger.fine("found a match!");
                    published = true;
                }
            }
        }
    }
    // TODO: (IMPORTANT!)
    // Business logic like this should NOT be maintained in individual
    // application fragments.
    // At the moment it is duplicated here, and inside the Dataset page.
    // There are also stubs for file-level permission lookups and caching
    // inside Gustavo's view-scoped PermissionsWrapper.
    // All this logic needs to be moved to the PermissionServiceBean where it will be
    // centrally maintained; with the PermissionsWrapper providing
    // efficient cached lookups to the pages (that often need to make
    // repeated lookups on the same files). Care will need to be taken
    // to preserve the slight differences in logic utilized by the page and
    // this Access call (the page checks the restriction flag on the
    // filemetadata, not the datafile - as it needs to reflect the permission
    // status of the file in the version history).
    // I will open a 4.[34] ticket.
    // 
    // -- L.A. 4.2.1
    // We don't need to check permissions on files that are
    // from released Dataset versions and not restricted:
    boolean restricted = false;
    if (df.isRestricted()) {
        restricted = true;
    } else {
        // !df.isReleased() really means just this: new file, only exists in a Draft version!
        if (!df.isReleased()) {
            if (df.getFileMetadata().isRestricted()) {
                restricted = true;
            }
        }
    }
    if (!restricted) {
        // be handled below)
        if (published) {
            return true;
        }
    }
    User user = null;
    if (session != null) {
        if (session.getUser() != null) {
            if (session.getUser().isAuthenticated()) {
                user = session.getUser();
            } else {
                logger.fine("User associated with the session is not an authenticated user.");
                if (session.getUser() instanceof PrivateUrlUser) {
                    logger.fine("User associated with the session is a PrivateUrlUser user.");
                    user = session.getUser();
                }
                if (session.getUser() instanceof GuestUser) {
                    logger.fine("User associated with the session is indeed a guest user.");
                }
            }
        } else {
            logger.fine("No user associated with the session.");
        }
    } else {
        logger.fine("Session is null.");
    }
    User apiTokenUser = null;
    if ((apiToken != null) && (apiToken.length() != 64)) {
        try {
            logger.fine("calling apiTokenUser = findUserOrDie()...");
            apiTokenUser = findUserOrDie();
        } catch (WrappedResponse wr) {
            logger.log(Level.FINE, "Message from findUserOrDie(): {0}", wr.getMessage());
        }
        if (apiTokenUser == null) {
            logger.warning("API token-based auth: Unable to find a user with the API token provided.");
        }
    }
    if (!restricted) {
        if (user != null) {
            // used in JSF context
            if (permissionService.requestOn(dvRequestService.getDataverseRequest(), df.getOwner()).has(Permission.ViewUnpublishedDataset)) {
                // it's not unthinkable, that a null user (i.e., guest user) could be given
                // the ViewUnpublished permission!
                logger.log(Level.FINE, "Session-based auth: user {0} has access rights on the non-restricted, unpublished datafile.", user.getIdentifier());
                return true;
            }
        }
        if (apiTokenUser != null) {
            // used in an API context
            if (permissionService.requestOn(createDataverseRequest(apiTokenUser), df.getOwner()).has(Permission.ViewUnpublishedDataset)) {
                logger.log(Level.FINE, "Session-based auth: user {0} has access rights on the non-restricted, unpublished datafile.", apiTokenUser.getIdentifier());
                return true;
            }
        }
        // Guset user is impled by the code above.
        if (permissionService.requestOn(dvRequestService.getDataverseRequest(), df.getOwner()).has(Permission.ViewUnpublishedDataset)) {
            return true;
        }
    // We don't want to return false just yet.
    // If all else fails, we'll want to use the special WorldMapAuth
    // token authentication before we give up.
    // return false;
    } else {
        // OK, this is a restricted file.
        boolean hasAccessToRestrictedBySession = false;
        boolean hasAccessToRestrictedByToken = false;
        if (permissionService.on(df).has(Permission.DownloadFile)) {
            // Note: PermissionServiceBean.on(Datafile df) will obtain the
            // User from the Session object, just like in the code fragment
            // above. That's why it's not passed along as an argument.
            hasAccessToRestrictedBySession = true;
        } else if (apiTokenUser != null && permissionService.requestOn(createDataverseRequest(apiTokenUser), df).has(Permission.DownloadFile)) {
            hasAccessToRestrictedByToken = true;
        }
        if (hasAccessToRestrictedBySession || hasAccessToRestrictedByToken) {
            if (published) {
                if (hasAccessToRestrictedBySession) {
                    if (user != null) {
                        logger.log(Level.FINE, "Session-based auth: user {0} is granted access to the restricted, published datafile.", user.getIdentifier());
                    } else {
                        logger.fine("Session-based auth: guest user is granted access to the restricted, published datafile.");
                    }
                } else {
                    logger.log(Level.FINE, "Token-based auth: user {0} is granted access to the restricted, published datafile.", apiTokenUser.getIdentifier());
                }
                return true;
            } else {
                // user with the ViewUnpublished permission, or vice versa!
                if (hasAccessToRestrictedBySession) {
                    if (permissionService.on(df.getOwner()).has(Permission.ViewUnpublishedDataset)) {
                        if (user != null) {
                            logger.log(Level.FINE, "Session-based auth: user {0} is granted access to the restricted, unpublished datafile.", user.getIdentifier());
                        } else {
                            logger.fine("Session-based auth: guest user is granted access to the restricted, unpublished datafile.");
                        }
                        return true;
                    }
                } else {
                    if (apiTokenUser != null && permissionService.requestOn(createDataverseRequest(apiTokenUser), df.getOwner()).has(Permission.ViewUnpublishedDataset)) {
                        logger.log(Level.FINE, "Token-based auth: user {0} is granted access to the restricted, unpublished datafile.", apiTokenUser.getIdentifier());
                        return true;
                    }
                }
            }
        }
    }
    if ((apiToken != null) && (apiToken.length() == 64)) {
        /* 
                WorldMap token check
                - WorldMap tokens are 64 chars in length
            
                - Use the worldMapTokenServiceBean to verify token 
                    and check permissions against the requested DataFile
            */
        if (!(this.worldMapTokenServiceBean.isWorldMapTokenAuthorizedForDataFileDownload(apiToken, df))) {
            return false;
        }
        // Yes! User may access file
        // 
        logger.fine("WorldMap token-based auth: Token is valid for the requested datafile");
        return true;
    } else if ((apiToken != null) && (apiToken.length() != 64)) {
        try {
            logger.fine("calling user = findUserOrDie()...");
            user = findUserOrDie();
        } catch (WrappedResponse wr) {
            logger.log(Level.FINE, "Message from findUserOrDie(): {0}", wr.getMessage());
        }
        if (user == null) {
            logger.warning("API token-based auth: Unable to find a user with the API token provided.");
            return false;
        }
        if (permissionService.requestOn(createDataverseRequest(user), df).has(Permission.DownloadFile)) {
            if (published) {
                logger.log(Level.FINE, "API token-based auth: User {0} has rights to access the datafile.", user.getIdentifier());
                return true;
            } else {
                // unpublished versions:
                if (permissionService.requestOn(createDataverseRequest(user), df.getOwner()).has(Permission.ViewUnpublishedDataset)) {
                    logger.log(Level.FINE, "API token-based auth: User {0} has rights to access the (unpublished) datafile.", user.getIdentifier());
                    return true;
                } else {
                    logger.log(Level.FINE, "API token-based auth: User {0} is not authorized to access the (unpublished) datafile.", user.getIdentifier());
                }
            }
        } else {
            logger.log(Level.FINE, "API token-based auth: User {0} is not authorized to access the datafile.", user.getIdentifier());
        }
        return false;
    }
    if (user != null) {
        logger.log(Level.FINE, "Session-based auth: user {0} has NO access rights on the requested datafile.", user.getIdentifier());
    }
    if (apiTokenUser != null) {
        logger.log(Level.FINE, "Token-based auth: user {0} has NO access rights on the requested datafile.", apiTokenUser.getIdentifier());
    }
    if (user == null && apiTokenUser == null) {
        logger.fine("Unauthenticated access: No guest access to the datafile.");
    }
    return false;
}
Also used : GuestUser(edu.harvard.iq.dataverse.authorization.users.GuestUser) AuthenticatedUser(edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser) User(edu.harvard.iq.dataverse.authorization.users.User) PrivateUrlUser(edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser) GuestUser(edu.harvard.iq.dataverse.authorization.users.GuestUser) PrivateUrlUser(edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser) FileMetadata(edu.harvard.iq.dataverse.FileMetadata)

Example 20 with PrivateUrlUser

use of edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser in project dataverse by IQSS.

the class PrivateUrlUtil method getPrivateUrlRedirectData.

/**
 * @return PrivateUrlRedirectData or null.
 *
 * @todo Show the Exception to the user?
 */
public static PrivateUrlRedirectData getPrivateUrlRedirectData(RoleAssignment roleAssignment) {
    PrivateUrlUser privateUrlUser = PrivateUrlUtil.getPrivateUrlUserFromRoleAssignment(roleAssignment);
    String draftDatasetPageToBeRedirectedTo = PrivateUrlUtil.getDraftDatasetPageToBeRedirectedTo(roleAssignment);
    try {
        return new PrivateUrlRedirectData(privateUrlUser, draftDatasetPageToBeRedirectedTo);
    } catch (Exception ex) {
        logger.info("Exception caught trying to instantiate PrivateUrlRedirectData: " + ex);
        return null;
    }
}
Also used : PrivateUrlUser(edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser) CommandException(edu.harvard.iq.dataverse.engine.command.exception.CommandException)

Aggregations

PrivateUrlUser (edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser)33 RoleAssignment (edu.harvard.iq.dataverse.RoleAssignment)22 Test (org.junit.Test)21 DataverseRole (edu.harvard.iq.dataverse.authorization.DataverseRole)18 RoleAssignee (edu.harvard.iq.dataverse.authorization.RoleAssignee)18 Dataset (edu.harvard.iq.dataverse.Dataset)14 DvObject (edu.harvard.iq.dataverse.DvObject)11 PrivateUrl (edu.harvard.iq.dataverse.privateurl.PrivateUrl)6 DatasetVersion (edu.harvard.iq.dataverse.DatasetVersion)5 CommandException (edu.harvard.iq.dataverse.engine.command.exception.CommandException)4 IllegalCommandException (edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException)4 ArrayList (java.util.ArrayList)3 JsonObject (javax.json.JsonObject)3 Dataverse (edu.harvard.iq.dataverse.Dataverse)2 DataverseRoleServiceBean (edu.harvard.iq.dataverse.DataverseRoleServiceBean)2 FileMetadata (edu.harvard.iq.dataverse.FileMetadata)2 AuthenticatedUser (edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser)2 GuestUser (edu.harvard.iq.dataverse.authorization.users.GuestUser)2 User (edu.harvard.iq.dataverse.authorization.users.User)2 TestCommandContext (edu.harvard.iq.dataverse.engine.TestCommandContext)2