use of nl.knaw.huygens.timbuctoo.v5.security.exceptions.PermissionFetchingException in project timbuctoo by HuygensING.
the class DataSetRepository method removeDataSet.
public void removeDataSet(String ownerId, String dataSetName, User user) throws IOException, NotEnoughPermissionsException, DataSetDoesNotExistException {
try {
DataSet dataSet = dataSetMap.get(ownerId).get(dataSetName);
if (dataSet == null) {
LOG.warn("DataSet '{}' of user with id '{}' does not exist (anymore).", dataSetName, ownerId);
throw new DataSetDoesNotExistException(dataSetName, ownerId);
}
String combinedId = dataSet.getMetadata().getCombinedId();
if (!permissionFetcher.getPermissions(user, dataSet.getMetadata()).contains(Permission.ADMIN)) {
throw new NotEnoughPermissionsException(String.format("User '%s' is not allowed to remove dataset '%s'", user.getDisplayName(), combinedId));
}
dataSet.stop();
dataSetMap.get(ownerId).remove(dataSetName);
permissionFetcher.removeAuthorizations(combinedId);
} catch (PermissionFetchingException e) {
throw new IOException(e);
}
// remove folder
dataStorage.getDataSetStorage(ownerId, dataSetName).clear();
}
use of nl.knaw.huygens.timbuctoo.v5.security.exceptions.PermissionFetchingException in project timbuctoo by HuygensING.
the class Index method createNew.
@POST
public Response createNew(@PathParam("collection") String collectionName, @HeaderParam("Authorization") String authHeader, ObjectNode body) throws URISyntaxException {
Optional<User> user;
try {
user = userValidator.getUserFromAccessToken(authHeader);
} catch (UserValidationException e) {
user = Optional.empty();
}
Optional<User> newUser = user;
if (!user.isPresent()) {
return Response.status(Response.Status.UNAUTHORIZED).build();
} else {
return transactionEnforcer.executeAndReturn(timbuctooActions -> {
JsonCrudService crudService = crudServiceFactory.newJsonCrudService(timbuctooActions);
try {
UUID id = crudService.create(collectionName, body, newUser.get());
return commitAndReturn(Response.created(SingleEntity.makeUrl(collectionName, id)).build());
} catch (InvalidCollectionException e) {
return rollbackAndReturn(Response.status(Response.Status.NOT_FOUND).entity(jsnO("message", jsn(e.getMessage()))).build());
} catch (IOException e) {
return rollbackAndReturn(Response.status(Response.Status.BAD_REQUEST).entity(jsnO("message", jsn(e.getMessage()))).build());
} catch (PermissionFetchingException e) {
return rollbackAndReturn(Response.status(Response.Status.FORBIDDEN).entity(jsnO("message", jsn(e.getMessage()))).build());
}
});
}
}
use of nl.knaw.huygens.timbuctoo.v5.security.exceptions.PermissionFetchingException in project timbuctoo by HuygensING.
the class SingleEntity method put.
@PUT
public Response put(@PathParam("collection") String collectionName, @HeaderParam("Authorization") String authHeader, @PathParam("id") UUIDParam id, ObjectNode body) {
Optional<User> user;
try {
user = userValidator.getUserFromAccessToken(authHeader);
} catch (UserValidationException e) {
user = Optional.empty();
}
Optional<User> newUser = user;
if (!newUser.isPresent()) {
return Response.status(Response.Status.UNAUTHORIZED).build();
} else {
UpdateMessage updateMessage = transactionEnforcer.executeAndReturn(timbuctooActions -> {
JsonCrudService crudService = crudServiceFactory.newJsonCrudService(timbuctooActions);
try {
crudService.replace(collectionName, id.get(), body, newUser.get());
return commitAndReturn(UpdateMessage.success());
} catch (InvalidCollectionException e) {
return rollbackAndReturn(UpdateMessage.failure(e.getMessage(), Response.Status.NOT_FOUND));
} catch (NotFoundException e) {
return rollbackAndReturn(UpdateMessage.failure("not found", Response.Status.NOT_FOUND));
} catch (IOException e) {
return rollbackAndReturn(UpdateMessage.failure(e.getMessage(), Response.Status.BAD_REQUEST));
} catch (AlreadyUpdatedException e) {
return rollbackAndReturn(UpdateMessage.failure("Entry was already updated", Response.Status.EXPECTATION_FAILED));
} catch (PermissionFetchingException e) {
return rollbackAndReturn(UpdateMessage.failure(e.getMessage(), Response.Status.FORBIDDEN));
}
});
// committed in the database
if (updateMessage.isSuccess()) {
return transactionEnforcer.executeAndReturn(timbuctooActions -> {
JsonCrudService crudService = crudServiceFactory.newJsonCrudService(timbuctooActions);
try {
JsonNode jsonNode = crudService.get(collectionName, id.get());
return commitAndReturn(Response.ok(jsonNode).build());
} catch (InvalidCollectionException e) {
return rollbackAndReturn(Response.status(Response.Status.NOT_FOUND).entity(jsnO("message", jsn("Collection '" + collectionName + "' was available a moment ago, but not anymore: " + e.getMessage()))).build());
} catch (NotFoundException e) {
return rollbackAndReturn(Response.status(Response.Status.NOT_FOUND).entity(jsnO("message", jsn("not found"))).build());
}
});
} else {
return Response.status(updateMessage.getResponseStatus()).entity(jsnO("message", jsn(updateMessage.getException().get()))).build();
}
}
}
use of nl.knaw.huygens.timbuctoo.v5.security.exceptions.PermissionFetchingException in project timbuctoo by HuygensING.
the class DataSetRepository method publishDataSet.
public void publishDataSet(User user, String ownerId, String dataSetName) throws DataSetPublishException {
Optional<DataSet> dataSet = getDataSet(user, ownerId, dataSetName);
try {
if (dataSet.isPresent() && permissionFetcher.getPermissions(user, dataSet.get().getMetadata()).contains(Permission.ADMIN)) {
DataSetMetaData dataSetMetaData = dataSet.get().getMetadata();
dataSetMetaData.publish();
try {
dataStorage.getDataSetStorage(ownerId, dataSetName).saveMetaData(dataSetMetaData);
} catch (DataStorageSaveException e) {
throw new DataSetPublishException(e);
}
}
} catch (PermissionFetchingException e) {
throw new DataSetPublishException(e);
}
}
use of nl.knaw.huygens.timbuctoo.v5.security.exceptions.PermissionFetchingException in project timbuctoo by HuygensING.
the class DataSetRepository method createDataSet.
public DataSet createDataSet(User user, String dataSetId) throws DataStoreCreationException, IllegalDataSetNameException {
// The ownerId might not be valid (i.e. a safe string). We make it safe here:
// dataSetId is under the control of the user so we simply throw if it's not valid
String ownerPrefix = "u" + user.getPersistentId();
final String baseUri = rdfIdHelper.dataSetBaseUri(ownerPrefix, dataSetId);
String uriPrefix;
if (!baseUri.endsWith("/") && !baseUri.endsWith("#") && !baseUri.endsWith("?")) {
// #boo&foo=bar
if (baseUri.contains("#") || baseUri.contains("?")) {
if (baseUri.endsWith("&")) {
uriPrefix = baseUri;
} else {
uriPrefix = baseUri + "&";
}
} else {
uriPrefix = baseUri + "/";
}
} else {
uriPrefix = baseUri;
}
final DataSetMetaData dataSet = new BasicDataSetMetaData(ownerPrefix, dataSetId, baseUri, uriPrefix, false, publicByDefault);
try {
dataStorage.getDataSetStorage(ownerPrefix, dataSetId).saveMetaData(dataSet);
} catch (DataStorageSaveException e) {
throw new DataStoreCreationException(e);
}
synchronized (dataSetMap) {
Map<String, DataSet> userDataSets = dataSetMap.computeIfAbsent(ownerPrefix, key -> new HashMap<>());
if (!userDataSets.containsKey(dataSetId)) {
try {
permissionFetcher.initializeOwnerAuthorization(user, dataSet.getOwnerId(), dataSet.getDataSetId());
userDataSets.put(dataSetId, dataSet(dataSet, executorService, rdfBaseUri, dataStoreFactory, () -> onUpdated.accept(dataSet.getCombinedId()), dataStorage.getDataSetStorage(ownerPrefix, dataSetId)));
} catch (PermissionFetchingException | AuthorizationCreationException | IOException e) {
throw new DataStoreCreationException(e);
}
}
return userDataSets.get(dataSetId);
}
}
Aggregations