use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.
the class FolderContents method getContents.
/**
* Retrieves the folder specified in the parameter and contents
*
* @param userId unique identifier for user making request. If null, folder must have public read privs
* @param folderId unique identifier for folder to be retrieved
* @param pageParameters paging parameters
* @return wrapper around list of folder entries if folder is found, null otherwise
* @throws PermissionException if user does not have read permissions on folder
*/
public FolderDetails getContents(String userId, long folderId, PageParameters pageParameters) {
Folder folder = folderDAO.get(folderId);
if (folder == null)
return null;
// should have permission to read folder
folderAuthorization.expectRead(userId, folder);
if (folder.getType() == FolderType.REMOTE)
return getRemoteContents(userId, folder, pageParameters);
boolean visibleOnly = folder.getType() != FolderType.TRANSFERRED;
FolderDetails details = folder.toDataTransferObject();
// all local entries at this point
long folderSize = folderDAO.getFolderSize(folderId, pageParameters.getFilter(), visibleOnly);
details.setCount(folderSize);
if (userId != null) {
List<AccessPermission> permissions = getAndFilterFolderPermissions(userId, folder);
details.setAccessPermissions(permissions);
boolean canEdit = permissionsController.hasWritePermission(userId, folder);
details.setCanEdit(canEdit);
}
details.setPublicReadAccess(permissionsController.isPublicVisible(folder));
Account owner = DAOFactory.getAccountDAO().getByEmail(folder.getOwnerEmail());
if (owner != null)
details.setOwner(owner.toDataTransferObject());
// retrieve folder contents
List<Entry> results = folderDAO.retrieveFolderContents(folderId, pageParameters, visibleOnly);
for (Entry entry : results) {
PartData info = ModelToInfoFactory.createTableViewData(userId, entry, false);
details.getEntries().add(info);
}
return details;
}
use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.
the class FolderPermissions method createPermission.
/**
* Creates a new access permission record to enable read or write privileges for a folder.
* User initiating request must have write privileges for the folder
*
* @param accessPermission details about access permissions to create
* @return access permission data transfer object with unique record identifier
* @throws IllegalArgumentException if the <code>accessPermission</code> object is null
* @throws PermissionException if specified user does not have write privileges
* on specified folder.
*/
public AccessPermission createPermission(AccessPermission accessPermission) {
if (accessPermission == null)
throw new IllegalArgumentException("Cannot add null permission");
// check if permission for remote folder is being created
if (accessPermission.getArticle() == AccessPermission.Article.REMOTE) {
return createRemotePermission(accessPermission);
}
// verify write authorization
authorization.expectWrite(userId, folder);
// permission object
Permission permission = new Permission();
permission.setFolder(folder);
if (accessPermission.getArticle() == AccessPermission.Article.GROUP) {
Group group = DAOFactory.getGroupDAO().get(accessPermission.getArticleId());
if (group == null) {
String errorMessage = "Could not assign group with id " + accessPermission.getArticleId() + " to folder";
Logger.error(errorMessage);
throw new IllegalArgumentException(errorMessage);
}
permission.setGroup(group);
} else {
Account account = accountDAO.get(accessPermission.getArticleId());
if (account == null) {
String errorMessage = "Could not assign account with id " + accessPermission.getArticleId() + " to folder";
Logger.error(errorMessage);
throw new IllegalArgumentException(errorMessage);
}
permission.setAccount(account);
}
permission.setCanRead(accessPermission.isCanRead());
permission.setCanWrite(accessPermission.isCanWrite());
AccessPermission created = permissionDAO.create(permission).toDataTransferObject();
// todo : on remote folder as well
if (folder.getType() == FolderType.PRIVATE) {
folder.setType(FolderType.SHARED);
folder.setModificationTime(new Date());
dao.update(folder);
}
PermissionsController permissionsController = new PermissionsController();
// propagate permission
if (folder.isPropagatePermissions()) {
permissionsController.propagateFolderPermissions(userId, folder, true);
}
return created;
}
use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.
the class FolderPermissions method enablePublicReadAccess.
public boolean enablePublicReadAccess() {
AccessPermission permission = new AccessPermission();
permission.setType(AccessPermission.Type.READ_FOLDER);
permission.setTypeId(folder.getId());
permission.setArticle(AccessPermission.Article.GROUP);
GroupController groupController = new GroupController();
permission.setArticleId(groupController.createOrRetrievePublicGroup().getId());
return createPermission(permission) != null;
}
use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.
the class FolderPermissions method createRemotePermission.
/**
* Creates an access folder permission for a remote user
*
* @param accessPermission access details
* @return wrapper around the unique identifier for the remote permission created
* @throws IllegalArgumentException if the partner record cannot be retrieved
*/
public AccessPermission createRemotePermission(AccessPermission accessPermission) {
RegistryPartner partner = accessPermission.getPartner();
RemotePartner remotePartner = remotePartnerDAO.get(partner.getId());
if (remotePartner == null) {
String errorMessage = "Could not find remote partner for remote permission";
Logger.error(errorMessage);
throw new IllegalArgumentException(errorMessage);
}
// todo : must be owner?
authorization.expectWrite(userId, folder);
String remoteUserId = accessPermission.getUserId();
String token = tokenHash.generateSalt();
// send token and also verify user Id
accessPermission.setSecret(token);
AccountTransfer accountTransfer = new AccountTransfer();
accountTransfer.setEmail(userId);
accessPermission.setAccount(accountTransfer);
accessPermission.setDisplay(folder.getName());
accessPermission.setTypeId(folder.getId());
if (!sendToken(accessPermission, remotePartner))
// something happened with the send; likely user id is invalid
return null;
// create local client record mapping to remote
RemoteClientModel remoteClientModel = getOrCreateRemoteClient(remoteUserId, remotePartner);
// create remote share record storing the secret
// todo : use folder uuid instead of folder id ?
String secret = tokenHash.encrypt(folder.getId() + remotePartner.getUrl() + remoteUserId, token);
RemoteShareModel remoteShare = new RemoteShareModel();
remoteShare.setClient(remoteClientModel);
remoteShare.setSecret(secret);
Account account = accountDAO.getByEmail(userId);
remoteShare.setSharer(account);
remoteShare = remoteShareModelDAO.create(remoteShare);
// create permission object
Permission permission = createPermissionModel(accessPermission, remoteShare);
accessPermission.setId(remoteShare.getId());
accessPermission.setArticleId(permission.getId());
accessPermission.setArticle(AccessPermission.Article.REMOTE);
RemoteShareModel remoteShareModel = permission.getRemoteShare();
accessPermission.setPartner(remoteShareModel.getClient().getRemotePartner().toDataTransferObject());
accessPermission.setDisplay(remoteShareModel.getClient().getEmail());
return accessPermission;
}
use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.
the class FolderContents method getAndFilterFolderPermissions.
/**
* The permission(s) enabling the share for user
* is(are) included. If the user is an admin then all the permissions are included, otherwise only those pertaining
* to the user are included.
* <p>e.g. if a folder F is shared with groups A and B and the user is a non-admin belonging to group B, folder
* F will be included in the list of folders returned but will only include permissions for group B
*
* @param userId identifier for user making request
* @param folder Folder whose permissions are to be retrieved
* @return list of filtered permissions
*/
protected List<AccessPermission> getAndFilterFolderPermissions(String userId, Folder folder) {
List<AccessPermission> permissions = permissionsController.retrieveSetFolderPermission(folder, false);
if (accountController.isAdministrator(userId) || folder.getOwnerEmail().equalsIgnoreCase(userId)) {
return permissions;
}
Account account = DAOFactory.getAccountDAO().getByEmail(userId);
// filter permissions
ArrayList<AccessPermission> filteredPermissions = new ArrayList<>();
for (AccessPermission accessPermission : permissions) {
// account either has direct write permissions
if (accessPermission.getArticle() == AccessPermission.Article.ACCOUNT && accessPermission.getArticleId() == account.getId()) {
filteredPermissions.add(accessPermission);
continue;
}
if (account.getGroups() == null || account.getGroups().isEmpty())
continue;
// or belongs to a group that has the write permissions
if (accessPermission.getArticle() == AccessPermission.Article.GROUP) {
Group group = DAOFactory.getGroupDAO().get(accessPermission.getArticleId());
if (group == null)
continue;
if (account.getGroups().contains(group)) {
filteredPermissions.add(accessPermission);
}
}
}
return filteredPermissions;
}
Aggregations