Search in sources :

Example 1 with AccessPermission

use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.

the class PermissionsController method retrieveSetFolderPermission.

/**
     * Retrieves permissions that have been explicitly set for the folders with the exception
     * of the public read permission if specified in the parameter. The call for that is a separate method
     *
     * @param folder        folder whose permissions are being retrieved
     * @param includePublic whether to include public access if set
     * @return list of permissions that have been found for the specified folder
     */
public List<AccessPermission> retrieveSetFolderPermission(Folder folder, boolean includePublic) {
    ArrayList<AccessPermission> accessPermissions = new ArrayList<>();
    // read accounts
    List<Account> readAccounts = dao.retrieveAccountPermissions(folder, false, true);
    for (Account readAccount : readAccounts) {
        accessPermissions.add(new AccessPermission(AccessPermission.Article.ACCOUNT, readAccount.getId(), AccessPermission.Type.READ_FOLDER, folder.getId(), readAccount.getFullName()));
    }
    // write accounts
    List<Account> writeAccounts = dao.retrieveAccountPermissions(folder, true, false);
    for (Account writeAccount : writeAccounts) {
        accessPermissions.add(new AccessPermission(AccessPermission.Article.ACCOUNT, writeAccount.getId(), AccessPermission.Type.WRITE_FOLDER, folder.getId(), writeAccount.getFullName()));
    }
    // read groups
    List<Group> readGroups = dao.retrieveGroupPermissions(folder, false, true);
    for (Group group : readGroups) {
        if (!includePublic && group.getUuid().equalsIgnoreCase(GroupController.PUBLIC_GROUP_UUID))
            continue;
        accessPermissions.add(new AccessPermission(AccessPermission.Article.GROUP, group.getId(), AccessPermission.Type.READ_FOLDER, folder.getId(), group.getLabel()));
    }
    // write groups
    List<Group> writeGroups = dao.retrieveGroupPermissions(folder, true, false);
    for (Group group : writeGroups) {
        accessPermissions.add(new AccessPermission(AccessPermission.Article.GROUP, group.getId(), AccessPermission.Type.WRITE_FOLDER, folder.getId(), group.getLabel()));
    }
    // remote accounts
    RemoteShareModelDAO remoteShareModelDAO = DAOFactory.getRemoteShareModelDAO();
    List<RemoteShareModel> remoteAccessModelList = remoteShareModelDAO.getByFolder(folder);
    for (RemoteShareModel remoteShareModel : remoteAccessModelList) {
        accessPermissions.add(remoteShareModel.toDataTransferObject());
    }
    return accessPermissions;
}
Also used : ArrayList(java.util.ArrayList) AccessPermission(org.jbei.ice.lib.dto.access.AccessPermission)

Example 2 with AccessPermission

use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.

the class RemoteAccess method add.

/**
     * Add access privileges for a user on this instance to enable access
     * to a (currently folder only) resource on a remote ICE instance
     *
     * @param partner          remote partner requesting add
     * @param accessPermission details of access privilege, including access token and user on this instance
     *                         that the permission is for
     * @throws IllegalArgumentException if the permission details is missing some required information or has invalid
     *                                  information. e.g. the specified user does not exist on this ICE instance
     */
public AccessPermission add(RegistryPartner partner, AccessPermission accessPermission) {
    // todo : must be in web of registries to accept add remote permission
    // person on this site that the permission is for
    String userId = accessPermission.getUserId();
    // verify that it is valid
    // todo : if null
    Account account = accountDAO.getByEmail(userId);
    if (account == null)
        throw new IllegalArgumentException("Email address " + userId + " not on this registry instance");
    // remote person doing the sharing
    AccountTransfer accountTransfer = accessPermission.getAccount();
    if (accountTransfer == null)
        throw new IllegalArgumentException("No account for remote permission add");
    // read of write permission
    if (!accessPermission.isCanRead() && !accessPermission.isCanWrite())
        throw new IllegalArgumentException("Invalid read/write values for permission");
    // verify secret token
    if (StringUtils.isEmpty(accessPermission.getSecret()))
        throw new IllegalArgumentException("No access token sent with permission");
    String remoteEmail = accountTransfer.getEmail();
    // create a local folder instance that references a remote folder (also acts like a cache)
    Folder folder = new Folder();
    folder.setType(FolderType.REMOTE);
    folder.setName(accessPermission.getDisplay());
    folder.setOwnerEmail(remoteEmail);
    folder = this.folderDAO.create(folder);
    // get the remote partner object
    RemotePartner remotePartner = remotePartnerDAO.getByUrl(partner.getUrl());
    // get or create the client for the remote user who is sharing the folder
    RemoteClientModel remoteClientModel = getOrCreateRemoteClient(remoteEmail, remotePartner);
    // store access
    Permission permission = createPermissionModel(accessPermission, folder, account);
    RemoteAccessModel remoteAccessModel = createRemoteAccessModel(accessPermission, remoteClientModel, permission);
    return remoteAccessModel.toDataTransferObject();
}
Also used : AccessPermission(org.jbei.ice.lib.dto.access.AccessPermission) AccountTransfer(org.jbei.ice.lib.account.AccountTransfer)

Example 3 with AccessPermission

use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.

the class PermissionsController method setFolderPermissions.

public FolderDetails setFolderPermissions(String userId, long folderId, List<AccessPermission> permissions) {
    Folder folder = folderDAO.get(folderId);
    FolderAuthorization folderAuthorization = new FolderAuthorization();
    folderAuthorization.expectWrite(userId, folder);
    dao.clearPermissions(folder);
    if (permissions == null)
        return null;
    Account account = accountController.getByEmail(userId);
    for (AccessPermission access : permissions) {
        Permission permission = new Permission();
        permission.setFolder(folder);
        permission.setAccount(account);
        permission.setCanRead(access.isCanRead());
        permission.setCanWrite(access.isCanWrite());
        dao.create(permission);
    }
    return folder.toDataTransferObject();
}
Also used : FolderAuthorization(org.jbei.ice.lib.dto.folder.FolderAuthorization) AccessPermission(org.jbei.ice.lib.dto.access.AccessPermission) AccessPermission(org.jbei.ice.lib.dto.access.AccessPermission)

Example 4 with AccessPermission

use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.

the class PermissionsController method propagateFolderPermissions.

/**
     * Propagates the permissions for the folder to the contained entries
     *
     * @param userId unique identifier for account of user requesting action that led to this call
     * @param folder folder user permissions are being propagated
     * @param add    true if folder is to be added, false otherwise
     * @return true if action permission was scheduled to be propagated
     */
public boolean propagateFolderPermissions(String userId, Folder folder, boolean add) {
    if (!accountController.isAdministrator(userId) && !userId.equalsIgnoreCase(folder.getOwnerEmail()))
        return false;
    // retrieve folder permissions
    List<AccessPermission> permissions = retrieveSetFolderPermission(folder, true);
    if (permissions.isEmpty())
        return true;
    List<Long> entries = folderDAO.getEntryIds(folder);
    EntryPermissionTask task = new EntryPermissionTask(userId, entries, permissions, add);
    IceExecutorService.getInstance().runTask(task);
    return true;
}
Also used : AccessPermission(org.jbei.ice.lib.dto.access.AccessPermission) EntryPermissionTask(org.jbei.ice.lib.entry.EntryPermissionTask)

Example 5 with AccessPermission

use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.

the class EntryPermissionTask method removePermissions.

protected void removePermissions(Entry entry) {
    for (AccessPermission access : permissions) {
        // account or group
        Account account = null;
        Group group = null;
        switch(access.getArticle()) {
            case ACCOUNT:
            default:
                account = accountDAO.get(access.getArticleId());
                break;
            case GROUP:
                group = groupDAO.get(access.getArticleId());
                break;
        }
        permissionDAO.removePermission(entry, null, null, account, group, access.isCanRead(), access.isCanWrite());
    }
}
Also used : Account(org.jbei.ice.storage.model.Account) Group(org.jbei.ice.storage.model.Group) AccessPermission(org.jbei.ice.lib.dto.access.AccessPermission)

Aggregations

AccessPermission (org.jbei.ice.lib.dto.access.AccessPermission)34 Account (org.jbei.ice.storage.model.Account)8 Test (org.junit.Test)6 PermissionsController (org.jbei.ice.lib.access.PermissionsController)5 AccountTransfer (org.jbei.ice.lib.account.AccountTransfer)5 ArrayList (java.util.ArrayList)4 GroupController (org.jbei.ice.lib.group.GroupController)4 FolderDetails (org.jbei.ice.lib.dto.folder.FolderDetails)3 Group (org.jbei.ice.storage.model.Group)3 Permission (org.jbei.ice.storage.model.Permission)3 Date (java.util.Date)1 PartData (org.jbei.ice.lib.dto.entry.PartData)1 FolderAuthorization (org.jbei.ice.lib.dto.folder.FolderAuthorization)1 RegistryPartner (org.jbei.ice.lib.dto.web.RegistryPartner)1 EntryPermissionTask (org.jbei.ice.lib.entry.EntryPermissionTask)1 Collections (org.jbei.ice.lib.folder.collection.Collections)1 Folder (org.jbei.ice.storage.model.Folder)1 Plasmid (org.jbei.ice.storage.model.Plasmid)1 RemotePartner (org.jbei.ice.storage.model.RemotePartner)1 Strain (org.jbei.ice.storage.model.Strain)1