Search in sources :

Example 11 with AccessPermission

use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.

the class FolderContents method getContents.

/**
     * Retrieves the folder specified in the parameter and contents
     *
     * @param userId         unique identifier for user making request. If null, folder must have public read privs
     * @param folderId       unique identifier for folder to be retrieved
     * @param pageParameters paging parameters
     * @return wrapper around list of folder entries if folder is found, null otherwise
     * @throws PermissionException if user does not have read permissions on folder
     */
public FolderDetails getContents(String userId, long folderId, PageParameters pageParameters) {
    Folder folder = folderDAO.get(folderId);
    if (folder == null)
        return null;
    // should have permission to read folder
    folderAuthorization.expectRead(userId, folder);
    if (folder.getType() == FolderType.REMOTE)
        return getRemoteContents(userId, folder, pageParameters);
    boolean visibleOnly = folder.getType() != FolderType.TRANSFERRED;
    FolderDetails details = folder.toDataTransferObject();
    // all local entries at this point
    long folderSize = folderDAO.getFolderSize(folderId, pageParameters.getFilter(), visibleOnly);
    details.setCount(folderSize);
    if (userId != null) {
        List<AccessPermission> permissions = getAndFilterFolderPermissions(userId, folder);
        details.setAccessPermissions(permissions);
        boolean canEdit = permissionsController.hasWritePermission(userId, folder);
        details.setCanEdit(canEdit);
    }
    details.setPublicReadAccess(permissionsController.isPublicVisible(folder));
    Account owner = DAOFactory.getAccountDAO().getByEmail(folder.getOwnerEmail());
    if (owner != null)
        details.setOwner(owner.toDataTransferObject());
    // retrieve folder contents
    List<Entry> results = folderDAO.retrieveFolderContents(folderId, pageParameters, visibleOnly);
    for (Entry entry : results) {
        PartData info = ModelToInfoFactory.createTableViewData(userId, entry, false);
        details.getEntries().add(info);
    }
    return details;
}
Also used : AccessPermission(org.jbei.ice.lib.dto.access.AccessPermission) PartData(org.jbei.ice.lib.dto.entry.PartData) FolderDetails(org.jbei.ice.lib.dto.folder.FolderDetails)

Example 12 with AccessPermission

use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.

the class FolderPermissions method createPermission.

/**
     * Creates a new access permission record to enable read or write privileges for a folder.
     * User initiating request must have write privileges for the folder
     *
     * @param accessPermission details about access permissions to create
     * @return access permission data transfer object with unique record identifier
     * @throws IllegalArgumentException if the <code>accessPermission</code> object is null
     * @throws PermissionException      if specified user does not have write privileges
     *                                  on specified folder.
     */
public AccessPermission createPermission(AccessPermission accessPermission) {
    if (accessPermission == null)
        throw new IllegalArgumentException("Cannot add null permission");
    // check if permission for remote folder is being created
    if (accessPermission.getArticle() == AccessPermission.Article.REMOTE) {
        return createRemotePermission(accessPermission);
    }
    // verify write authorization
    authorization.expectWrite(userId, folder);
    // permission object
    Permission permission = new Permission();
    permission.setFolder(folder);
    if (accessPermission.getArticle() == AccessPermission.Article.GROUP) {
        Group group = DAOFactory.getGroupDAO().get(accessPermission.getArticleId());
        if (group == null) {
            String errorMessage = "Could not assign group with id " + accessPermission.getArticleId() + " to folder";
            Logger.error(errorMessage);
            throw new IllegalArgumentException(errorMessage);
        }
        permission.setGroup(group);
    } else {
        Account account = accountDAO.get(accessPermission.getArticleId());
        if (account == null) {
            String errorMessage = "Could not assign account with id " + accessPermission.getArticleId() + " to folder";
            Logger.error(errorMessage);
            throw new IllegalArgumentException(errorMessage);
        }
        permission.setAccount(account);
    }
    permission.setCanRead(accessPermission.isCanRead());
    permission.setCanWrite(accessPermission.isCanWrite());
    AccessPermission created = permissionDAO.create(permission).toDataTransferObject();
    // todo : on remote folder as well
    if (folder.getType() == FolderType.PRIVATE) {
        folder.setType(FolderType.SHARED);
        folder.setModificationTime(new Date());
        dao.update(folder);
    }
    PermissionsController permissionsController = new PermissionsController();
    // propagate permission
    if (folder.isPropagatePermissions()) {
        permissionsController.propagateFolderPermissions(userId, folder, true);
    }
    return created;
}
Also used : AccessPermission(org.jbei.ice.lib.dto.access.AccessPermission) AccessPermission(org.jbei.ice.lib.dto.access.AccessPermission) Date(java.util.Date) PermissionsController(org.jbei.ice.lib.access.PermissionsController)

Example 13 with AccessPermission

use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.

the class FolderPermissions method enablePublicReadAccess.

public boolean enablePublicReadAccess() {
    AccessPermission permission = new AccessPermission();
    permission.setType(AccessPermission.Type.READ_FOLDER);
    permission.setTypeId(folder.getId());
    permission.setArticle(AccessPermission.Article.GROUP);
    GroupController groupController = new GroupController();
    permission.setArticleId(groupController.createOrRetrievePublicGroup().getId());
    return createPermission(permission) != null;
}
Also used : GroupController(org.jbei.ice.lib.group.GroupController) AccessPermission(org.jbei.ice.lib.dto.access.AccessPermission)

Example 14 with AccessPermission

use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.

the class FolderPermissions method createRemotePermission.

/**
     * Creates an access folder permission for a remote user
     *
     * @param accessPermission access details
     * @return wrapper around the unique identifier for the remote permission created
     * @throws IllegalArgumentException if the partner record cannot be retrieved
     */
public AccessPermission createRemotePermission(AccessPermission accessPermission) {
    RegistryPartner partner = accessPermission.getPartner();
    RemotePartner remotePartner = remotePartnerDAO.get(partner.getId());
    if (remotePartner == null) {
        String errorMessage = "Could not find remote partner for remote permission";
        Logger.error(errorMessage);
        throw new IllegalArgumentException(errorMessage);
    }
    // todo : must be owner?
    authorization.expectWrite(userId, folder);
    String remoteUserId = accessPermission.getUserId();
    String token = tokenHash.generateSalt();
    // send token and also verify user Id
    accessPermission.setSecret(token);
    AccountTransfer accountTransfer = new AccountTransfer();
    accountTransfer.setEmail(userId);
    accessPermission.setAccount(accountTransfer);
    accessPermission.setDisplay(folder.getName());
    accessPermission.setTypeId(folder.getId());
    if (!sendToken(accessPermission, remotePartner))
        // something happened with the send; likely user id is invalid
        return null;
    // create local client record mapping to remote
    RemoteClientModel remoteClientModel = getOrCreateRemoteClient(remoteUserId, remotePartner);
    // create remote share record storing the secret
    // todo : use folder uuid instead of folder id ?
    String secret = tokenHash.encrypt(folder.getId() + remotePartner.getUrl() + remoteUserId, token);
    RemoteShareModel remoteShare = new RemoteShareModel();
    remoteShare.setClient(remoteClientModel);
    remoteShare.setSecret(secret);
    Account account = accountDAO.getByEmail(userId);
    remoteShare.setSharer(account);
    remoteShare = remoteShareModelDAO.create(remoteShare);
    // create permission object
    Permission permission = createPermissionModel(accessPermission, remoteShare);
    accessPermission.setId(remoteShare.getId());
    accessPermission.setArticleId(permission.getId());
    accessPermission.setArticle(AccessPermission.Article.REMOTE);
    RemoteShareModel remoteShareModel = permission.getRemoteShare();
    accessPermission.setPartner(remoteShareModel.getClient().getRemotePartner().toDataTransferObject());
    accessPermission.setDisplay(remoteShareModel.getClient().getEmail());
    return accessPermission;
}
Also used : RegistryPartner(org.jbei.ice.lib.dto.web.RegistryPartner) AccessPermission(org.jbei.ice.lib.dto.access.AccessPermission) AccountTransfer(org.jbei.ice.lib.account.AccountTransfer)

Example 15 with AccessPermission

use of org.jbei.ice.lib.dto.access.AccessPermission in project ice by JBEI.

the class FolderContents method getAndFilterFolderPermissions.

/**
     * The permission(s) enabling the share for user
     * is(are) included. If the user is an admin then all the permissions are included, otherwise only those pertaining
     * to the user are included.
     * <p>e.g. if a folder F is shared with groups A and B and the user is a non-admin belonging to group B, folder
     * F will be included in the list of folders returned but will only include permissions for group B
     *
     * @param userId identifier for user making request
     * @param folder Folder whose permissions are to be retrieved
     * @return list of filtered permissions
     */
protected List<AccessPermission> getAndFilterFolderPermissions(String userId, Folder folder) {
    List<AccessPermission> permissions = permissionsController.retrieveSetFolderPermission(folder, false);
    if (accountController.isAdministrator(userId) || folder.getOwnerEmail().equalsIgnoreCase(userId)) {
        return permissions;
    }
    Account account = DAOFactory.getAccountDAO().getByEmail(userId);
    // filter permissions
    ArrayList<AccessPermission> filteredPermissions = new ArrayList<>();
    for (AccessPermission accessPermission : permissions) {
        // account either has direct write permissions
        if (accessPermission.getArticle() == AccessPermission.Article.ACCOUNT && accessPermission.getArticleId() == account.getId()) {
            filteredPermissions.add(accessPermission);
            continue;
        }
        if (account.getGroups() == null || account.getGroups().isEmpty())
            continue;
        // or belongs to a group that has the write permissions
        if (accessPermission.getArticle() == AccessPermission.Article.GROUP) {
            Group group = DAOFactory.getGroupDAO().get(accessPermission.getArticleId());
            if (group == null)
                continue;
            if (account.getGroups().contains(group)) {
                filteredPermissions.add(accessPermission);
            }
        }
    }
    return filteredPermissions;
}
Also used : AccessPermission(org.jbei.ice.lib.dto.access.AccessPermission) ArrayList(java.util.ArrayList)

Aggregations

AccessPermission (org.jbei.ice.lib.dto.access.AccessPermission)34 Account (org.jbei.ice.storage.model.Account)8 Test (org.junit.Test)6 PermissionsController (org.jbei.ice.lib.access.PermissionsController)5 AccountTransfer (org.jbei.ice.lib.account.AccountTransfer)5 ArrayList (java.util.ArrayList)4 GroupController (org.jbei.ice.lib.group.GroupController)4 FolderDetails (org.jbei.ice.lib.dto.folder.FolderDetails)3 Group (org.jbei.ice.storage.model.Group)3 Permission (org.jbei.ice.storage.model.Permission)3 Date (java.util.Date)1 PartData (org.jbei.ice.lib.dto.entry.PartData)1 FolderAuthorization (org.jbei.ice.lib.dto.folder.FolderAuthorization)1 RegistryPartner (org.jbei.ice.lib.dto.web.RegistryPartner)1 EntryPermissionTask (org.jbei.ice.lib.entry.EntryPermissionTask)1 Collections (org.jbei.ice.lib.folder.collection.Collections)1 Folder (org.jbei.ice.storage.model.Folder)1 Plasmid (org.jbei.ice.storage.model.Plasmid)1 RemotePartner (org.jbei.ice.storage.model.RemotePartner)1 Strain (org.jbei.ice.storage.model.Strain)1