use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.
the class PermissionsController method retrieveSetFolderPermission.
/**
* Retrieves permissions that have been explicitly set for the folders with the exception
* of the public read permission if specified in the parameter. The call for that is a separate method
*
* @param folder folder whose permissions are being retrieved
* @param includePublic whether to include public access if set
* @return list of permissions that have been found for the specified folder
*/
public List<AccessPermission> retrieveSetFolderPermission(Folder folder, boolean includePublic) {
ArrayList<AccessPermission> accessPermissions = new ArrayList<>();
// read accounts
List<Account> readAccounts = dao.retrieveAccountPermissions(folder, false, true);
for (Account readAccount : readAccounts) {
accessPermissions.add(new AccessPermission(AccessPermission.Article.ACCOUNT, readAccount.getId(), AccessPermission.Type.READ_FOLDER, folder.getId(), readAccount.getFullName()));
}
// write accounts
List<Account> writeAccounts = dao.retrieveAccountPermissions(folder, true, false);
for (Account writeAccount : writeAccounts) {
accessPermissions.add(new AccessPermission(AccessPermission.Article.ACCOUNT, writeAccount.getId(), AccessPermission.Type.WRITE_FOLDER, folder.getId(), writeAccount.getFullName()));
}
// read groups
List<Group> readGroups = dao.retrieveGroupPermissions(folder, false, true);
for (Group group : readGroups) {
if (!includePublic && group.getUuid().equalsIgnoreCase(GroupController.PUBLIC_GROUP_UUID))
continue;
accessPermissions.add(new AccessPermission(AccessPermission.Article.GROUP, group.getId(), AccessPermission.Type.READ_FOLDER, folder.getId(), group.getLabel()));
}
// write groups
List<Group> writeGroups = dao.retrieveGroupPermissions(folder, true, false);
for (Group group : writeGroups) {
accessPermissions.add(new AccessPermission(AccessPermission.Article.GROUP, group.getId(), AccessPermission.Type.WRITE_FOLDER, folder.getId(), group.getLabel()));
}
// remote accounts
RemoteShareModelDAO remoteShareModelDAO = DAOFactory.getRemoteShareModelDAO();
List<RemoteShareModel> remoteAccessModelList = remoteShareModelDAO.getByFolder(folder);
for (RemoteShareModel remoteShareModel : remoteAccessModelList) {
accessPermissions.add(remoteShareModel.toDataTransferObject());
}
return accessPermissions;
}
use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.
the class RemoteAccess method add.
/**
* Add access privileges for a user on this instance to enable access
* to a (currently folder only) resource on a remote ICE instance
*
* @param partner remote partner requesting add
* @param accessPermission details of access privilege, including access token and user on this instance
* that the permission is for
* @throws IllegalArgumentException if the permission details is missing some required information or has invalid
* information. e.g. the specified user does not exist on this ICE instance
*/
public AccessPermission add(RegistryPartner partner, AccessPermission accessPermission) {
// todo : must be in web of registries to accept add remote permission
// person on this site that the permission is for
String userId = accessPermission.getUserId();
// verify that it is valid
// todo : if null
Account account = accountDAO.getByEmail(userId);
if (account == null)
throw new IllegalArgumentException("Email address " + userId + " not on this registry instance");
// remote person doing the sharing
AccountTransfer accountTransfer = accessPermission.getAccount();
if (accountTransfer == null)
throw new IllegalArgumentException("No account for remote permission add");
// read of write permission
if (!accessPermission.isCanRead() && !accessPermission.isCanWrite())
throw new IllegalArgumentException("Invalid read/write values for permission");
// verify secret token
if (StringUtils.isEmpty(accessPermission.getSecret()))
throw new IllegalArgumentException("No access token sent with permission");
String remoteEmail = accountTransfer.getEmail();
// create a local folder instance that references a remote folder (also acts like a cache)
Folder folder = new Folder();
folder.setType(FolderType.REMOTE);
folder.setName(accessPermission.getDisplay());
folder.setOwnerEmail(remoteEmail);
folder = this.folderDAO.create(folder);
// get the remote partner object
RemotePartner remotePartner = remotePartnerDAO.getByUrl(partner.getUrl());
// get or create the client for the remote user who is sharing the folder
RemoteClientModel remoteClientModel = getOrCreateRemoteClient(remoteEmail, remotePartner);
// store access
Permission permission = createPermissionModel(accessPermission, folder, account);
RemoteAccessModel remoteAccessModel = createRemoteAccessModel(accessPermission, remoteClientModel, permission);
return remoteAccessModel.toDataTransferObject();
}
use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.
the class PermissionsController method setFolderPermissions.
public FolderDetails setFolderPermissions(String userId, long folderId, List<AccessPermission> permissions) {
Folder folder = folderDAO.get(folderId);
FolderAuthorization folderAuthorization = new FolderAuthorization();
folderAuthorization.expectWrite(userId, folder);
dao.clearPermissions(folder);
if (permissions == null)
return null;
Account account = accountController.getByEmail(userId);
for (AccessPermission access : permissions) {
Permission permission = new Permission();
permission.setFolder(folder);
permission.setAccount(account);
permission.setCanRead(access.isCanRead());
permission.setCanWrite(access.isCanWrite());
dao.create(permission);
}
return folder.toDataTransferObject();
}
use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.
the class PermissionsController method propagateFolderPermissions.
/**
* Propagates the permissions for the folder to the contained entries
*
* @param userId unique identifier for account of user requesting action that led to this call
* @param folder folder user permissions are being propagated
* @param add true if folder is to be added, false otherwise
* @return true if action permission was scheduled to be propagated
*/
public boolean propagateFolderPermissions(String userId, Folder folder, boolean add) {
if (!accountController.isAdministrator(userId) && !userId.equalsIgnoreCase(folder.getOwnerEmail()))
return false;
// retrieve folder permissions
List<AccessPermission> permissions = retrieveSetFolderPermission(folder, true);
if (permissions.isEmpty())
return true;
List<Long> entries = folderDAO.getEntryIds(folder);
EntryPermissionTask task = new EntryPermissionTask(userId, entries, permissions, add);
IceExecutorService.getInstance().runTask(task);
return true;
}
use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.
the class EntryPermissionTask method removePermissions.
protected void removePermissions(Entry entry) {
for (AccessPermission access : permissions) {
// account or group
Account account = null;
Group group = null;
switch(access.getArticle()) {
case ACCOUNT:
default:
account = accountDAO.get(access.getArticleId());
break;
case GROUP:
group = groupDAO.get(access.getArticleId());
break;
}
permissionDAO.removePermission(entry, null, null, account, group, access.isCanRead(), access.isCanWrite());
}
}
Aggregations