Search in sources :

Example 1 with MCRUserInformation

use of org.mycore.common.MCRUserInformation in project mycore by MyCoRe-Org.

the class MCRUserInformationLookupTest method testLookupString.

@Test
public final void testLookupString() {
    MCRUserInformationLookup lookup = new MCRUserInformationLookup();
    assertNull("User information should not be available", lookup.lookup("id"));
    MCRSession mcrSession = MCRSessionMgr.getCurrentSession();
    assertEquals(MCRSystemUserInformation.getGuestInstance().getUserID(), lookup.lookup("id"));
    assertNull("Guest user should have no role", lookup.lookup("role:admin:editor:submitter"));
    mcrSession.setUserInformation(new MCRUserInformation() {

        @Override
        public boolean isUserInRole(String role) {
            return !role.startsWith("a");
        }

        @Override
        public String getUserID() {
            return "junit";
        }

        @Override
        public String getUserAttribute(String attribute) {
            return null;
        }
    });
    String[] testRoles = { "admin", "editor", "submitter" };
    String expRole = testRoles[1];
    assertTrue("Current user should be in role " + expRole, mcrSession.getUserInformation().isUserInRole(expRole));
    assertEquals(expRole, lookup.lookup("role:" + Arrays.asList(testRoles).stream().collect(Collectors.joining(","))));
}
Also used : MCRSession(org.mycore.common.MCRSession) MCRUserInformation(org.mycore.common.MCRUserInformation) Test(org.junit.Test)

Example 2 with MCRUserInformation

use of org.mycore.common.MCRUserInformation in project mycore by MyCoRe-Org.

the class MCRRestAPIUploadHelper method uploadObject.

/**
 * uploads a MyCoRe Object
 * based upon:
 * http://puspendu.wordpress.com/2012/08/23/restful-webservice-file-upload-with-jersey/
 *
 * @param info - the Jersey UriInfo object
 * @param request - the HTTPServletRequest object
 * @param uploadedInputStream - the inputstream from HTTP Post request
 * @param fileDetails - the file information from HTTP Post request
 * @return a Jersey Response object
 * @throws MCRRestAPIException
 */
public static Response uploadObject(UriInfo info, HttpServletRequest request, InputStream uploadedInputStream, FormDataContentDisposition fileDetails) throws MCRRestAPIException {
    SignedJWT signedJWT = MCRJSONWebTokenUtil.retrieveAuthenticationToken(request);
    java.nio.file.Path fXML = null;
    try (MCRJPATransactionWrapper mtw = new MCRJPATransactionWrapper()) {
        SAXBuilder sb = new SAXBuilder();
        Document docOut = sb.build(uploadedInputStream);
        MCRObjectID mcrID = MCRObjectID.getInstance(docOut.getRootElement().getAttributeValue("ID"));
        if (mcrID.getNumberAsInteger() == 0) {
            mcrID = MCRObjectID.getNextFreeId(mcrID.getBase());
        }
        fXML = UPLOAD_DIR.resolve(mcrID + ".xml");
        docOut.getRootElement().setAttribute("ID", mcrID.toString());
        docOut.getRootElement().setAttribute("label", mcrID.toString());
        XMLOutputter xmlOut = new XMLOutputter(Format.getPrettyFormat());
        try (BufferedWriter bw = Files.newBufferedWriter(fXML, StandardCharsets.UTF_8)) {
            xmlOut.output(docOut, bw);
        }
        MCRSession mcrSession = MCRSessionMgr.getCurrentSession();
        MCRUserInformation currentUser = mcrSession.getUserInformation();
        MCRUserInformation apiUser = MCRUserManager.getUser(MCRJSONWebTokenUtil.retrieveUsernameFromAuthenticationToken(signedJWT));
        mcrSession.setUserInformation(apiUser);
        // handles "create" as well
        MCRObjectCommands.updateFromFile(fXML.toString(), false);
        mcrSession.setUserInformation(currentUser);
        return Response.created(info.getBaseUriBuilder().path("v1/objects/" + mcrID).build()).type("application/xml; charset=UTF-8").header(HEADER_NAME_AUTHORIZATION, MCRJSONWebTokenUtil.createJWTAuthorizationHeader(signedJWT)).build();
    } catch (Exception e) {
        LOGGER.error("Unable to Upload file: {}", String.valueOf(fXML), e);
        throw new MCRRestAPIException(Status.BAD_REQUEST, new MCRRestAPIError(MCRRestAPIError.CODE_WRONG_PARAMETER, "Unable to Upload file: " + String.valueOf(fXML), e.getMessage()));
    } finally {
        if (fXML != null) {
            try {
                Files.delete(fXML);
            } catch (IOException e) {
                LOGGER.error("Unable to delete temporary workflow file: {}", String.valueOf(fXML), e);
            }
        }
    }
}
Also used : XMLOutputter(org.jdom2.output.XMLOutputter) SAXBuilder(org.jdom2.input.SAXBuilder) MCRRestAPIException(org.mycore.restapi.v1.errors.MCRRestAPIException) MCRRestAPIError(org.mycore.restapi.v1.errors.MCRRestAPIError) SignedJWT(com.nimbusds.jwt.SignedJWT) IOException(java.io.IOException) Document(org.jdom2.Document) MCRPersistenceException(org.mycore.common.MCRPersistenceException) MCRRestAPIException(org.mycore.restapi.v1.errors.MCRRestAPIException) MCRAccessException(org.mycore.access.MCRAccessException) IOException(java.io.IOException) BufferedWriter(java.io.BufferedWriter) MCRSession(org.mycore.common.MCRSession) MCRObjectID(org.mycore.datamodel.metadata.MCRObjectID) MCRUserInformation(org.mycore.common.MCRUserInformation)

Example 3 with MCRUserInformation

use of org.mycore.common.MCRUserInformation in project mycore by MyCoRe-Org.

the class MCRRestAPIUploadHelper method uploadDerivate.

/**
 * creates or updates a MyCoRe derivate
 * @param info - the Jersey UriInfo object
 * @param request - the HTTPServletRequest object
 * @param mcrObjID - the MyCoRe Object ID
 * @param label - the label of the new derivate
 * @param overwriteOnExistingLabel, if true an existing MyCoRe derivate with the given label will be returned
 * @return a Jersey Response object
 * @throws MCRRestAPIException
 */
public static Response uploadDerivate(UriInfo info, HttpServletRequest request, String mcrObjID, String label, boolean overwriteOnExistingLabel) throws MCRRestAPIException {
    Response response = Response.status(Status.INTERNAL_SERVER_ERROR).build();
    SignedJWT signedJWT = MCRJSONWebTokenUtil.retrieveAuthenticationToken(request);
    // File fXML = null;
    MCRObjectID mcrObjIDObj = MCRObjectID.getInstance(mcrObjID);
    try (MCRJPATransactionWrapper mtw = new MCRJPATransactionWrapper()) {
        MCRSession session = MCRServlet.getSession(request);
        MCRUserInformation currentUser = session.getUserInformation();
        MCRUserInformation apiUser = MCRUserManager.getUser(MCRJSONWebTokenUtil.retrieveUsernameFromAuthenticationToken(signedJWT));
        session.setUserInformation(apiUser);
        MCRObject mcrObj = MCRMetadataManager.retrieveMCRObject(mcrObjIDObj);
        MCRObjectID derID = null;
        if (overwriteOnExistingLabel) {
            for (MCRMetaLinkID derLink : mcrObj.getStructure().getDerivates()) {
                if (label.equals(derLink.getXLinkLabel()) || label.equals(derLink.getXLinkTitle())) {
                    derID = derLink.getXLinkHrefID();
                }
            }
        }
        if (derID == null) {
            derID = MCRObjectID.getNextFreeId(mcrObjIDObj.getProjectId() + "_derivate");
            MCRDerivate mcrDerivate = new MCRDerivate();
            mcrDerivate.setLabel(label);
            mcrDerivate.setId(derID);
            mcrDerivate.setSchema("datamodel-derivate.xsd");
            mcrDerivate.getDerivate().setLinkMeta(new MCRMetaLinkID("linkmeta", mcrObjIDObj, null, null));
            mcrDerivate.getDerivate().setInternals(new MCRMetaIFS("internal", UPLOAD_DIR.resolve(derID.toString()).toString()));
            MCRMetadataManager.create(mcrDerivate);
            MCRMetadataManager.addOrUpdateDerivateToObject(mcrObjIDObj, new MCRMetaLinkID("derobject", derID, null, label));
        }
        response = Response.created(info.getBaseUriBuilder().path("v1/objects/" + mcrObjID + "/derivates/" + derID).build()).type("application/xml; charset=UTF-8").header(HEADER_NAME_AUTHORIZATION, MCRJSONWebTokenUtil.createJWTAuthorizationHeader(signedJWT)).build();
        session.setUserInformation(currentUser);
    } catch (Exception e) {
        LOGGER.error("Exeption while uploading derivate", e);
    }
    return response;
}
Also used : Response(javax.ws.rs.core.Response) MCRSession(org.mycore.common.MCRSession) MCRObject(org.mycore.datamodel.metadata.MCRObject) MCRMetaLinkID(org.mycore.datamodel.metadata.MCRMetaLinkID) MCRDerivate(org.mycore.datamodel.metadata.MCRDerivate) SignedJWT(com.nimbusds.jwt.SignedJWT) MCRObjectID(org.mycore.datamodel.metadata.MCRObjectID) MCRMetaIFS(org.mycore.datamodel.metadata.MCRMetaIFS) MCRUserInformation(org.mycore.common.MCRUserInformation) MCRPersistenceException(org.mycore.common.MCRPersistenceException) MCRRestAPIException(org.mycore.restapi.v1.errors.MCRRestAPIException) MCRAccessException(org.mycore.access.MCRAccessException) IOException(java.io.IOException)

Example 4 with MCRUserInformation

use of org.mycore.common.MCRUserInformation in project mycore by MyCoRe-Org.

the class MCRRestAPIUploadHelper method deleteAllFiles.

/**
 * deletes all files inside a given derivate
 * @param info - the Jersey UriInfo object
 * @param request - the HTTPServletRequest object
 * @param pathParamMcrObjID - the MyCoRe Object ID
 * @param pathParamMcrDerID - the MyCoRe Derivate ID
 * @return a Jersey Response Object
 * @throws MCRRestAPIException
 */
public static Response deleteAllFiles(UriInfo info, HttpServletRequest request, String pathParamMcrObjID, String pathParamMcrDerID) throws MCRRestAPIException {
    Response response = Response.status(Status.INTERNAL_SERVER_ERROR).build();
    SignedJWT signedJWT = MCRJSONWebTokenUtil.retrieveAuthenticationToken(request);
    SortedMap<String, String> parameter = new TreeMap<>();
    parameter.put("mcrObjectID", pathParamMcrObjID);
    parameter.put("mcrDerivateID", pathParamMcrDerID);
    String base64Signature = request.getHeader("X-MyCoRe-RestAPI-Signature");
    if (base64Signature == null) {
    // ToDo error handling
    }
    if (verifyPropertiesWithSignature(parameter, base64Signature, MCRJSONWebTokenUtil.retrievePublicKeyFromAuthenticationToken(signedJWT))) {
        try (MCRJPATransactionWrapper mtw = new MCRJPATransactionWrapper()) {
            // MCRSession session = MCRServlet.getSession(request);
            MCRSession session = MCRSessionMgr.getCurrentSession();
            MCRUserInformation currentUser = session.getUserInformation();
            MCRUserInformation apiUser = MCRUserManager.getUser(MCRJSONWebTokenUtil.retrieveUsernameFromAuthenticationToken(signedJWT));
            session.setUserInformation(apiUser);
            MCRObjectID objID = MCRObjectID.getInstance(pathParamMcrObjID);
            MCRObjectID derID = MCRObjectID.getInstance(pathParamMcrDerID);
            // MCRAccessManager.checkPermission uses CACHE, which seems to be dirty from other calls
            MCRAccessManager.invalidPermissionCache(derID.toString(), PERMISSION_WRITE);
            if (MCRAccessManager.checkPermission(derID.toString(), PERMISSION_WRITE)) {
                MCRDerivate der = MCRMetadataManager.retrieveMCRDerivate(derID);
                final MCRPath rootPath = MCRPath.getPath(der.getId().toString(), "/");
                try {
                    Files.walkFileTree(rootPath, MCRRecursiveDeleter.instance());
                    Files.createDirectory(rootPath);
                } catch (IOException e) {
                    LOGGER.error(e);
                }
            }
            session.setUserInformation(currentUser);
            response = Response.created(info.getBaseUriBuilder().path("v1/objects/" + objID + "/derivates/" + derID + "/contents").build()).type("application/xml; charset=UTF-8").header(HEADER_NAME_AUTHORIZATION, MCRJSONWebTokenUtil.createJWTAuthorizationHeader(signedJWT)).build();
        }
    } else {
        throw new MCRRestAPIException(Status.FORBIDDEN, new MCRRestAPIError(MCRRestAPIError.CODE_INVALID_DATA, "Delete failed.", "The submitted data could not be validated."));
    }
    return response;
}
Also used : MCRRestAPIException(org.mycore.restapi.v1.errors.MCRRestAPIException) MCRRestAPIError(org.mycore.restapi.v1.errors.MCRRestAPIError) MCRDerivate(org.mycore.datamodel.metadata.MCRDerivate) SignedJWT(com.nimbusds.jwt.SignedJWT) IOException(java.io.IOException) TreeMap(java.util.TreeMap) Response(javax.ws.rs.core.Response) MCRSession(org.mycore.common.MCRSession) MCRObjectID(org.mycore.datamodel.metadata.MCRObjectID) MCRPath(org.mycore.datamodel.niofs.MCRPath) MCRUserInformation(org.mycore.common.MCRUserInformation)

Example 5 with MCRUserInformation

use of org.mycore.common.MCRUserInformation in project mycore by MyCoRe-Org.

the class MCRRestAPIUploadHelper method uploadFile.

/**
 * uploads a file into a given derivate
 * @param info - the Jersey UriInfo object
 * @param request - the HTTPServletRequest object
 * @param pathParamMcrObjID - a MyCoRe Object ID
 * @param pathParamMcrDerID - a MyCoRe Derivate ID
 * @param uploadedInputStream - the inputstream from HTTP Post request
 * @param fileDetails - the file information from HTTP Post request
 * @param formParamPath - the path of the file inside the derivate
 * @param formParamMaindoc - true, if this file should be marked as maindoc
 * @param formParamUnzip - true, if the upload is zip file that should be unzipped inside the derivate
 * @param formParamMD5 - the MD5 sum of the uploaded file
 * @param formParamSize - the size of the uploaded file
 * @return a Jersey Response object
 * @throws MCRRestAPIException
 */
public static Response uploadFile(UriInfo info, HttpServletRequest request, String pathParamMcrObjID, String pathParamMcrDerID, InputStream uploadedInputStream, FormDataContentDisposition fileDetails, String formParamPath, boolean formParamMaindoc, boolean formParamUnzip, String formParamMD5, Long formParamSize) throws MCRRestAPIException {
    SignedJWT signedJWT = MCRJSONWebTokenUtil.retrieveAuthenticationToken(request);
    SortedMap<String, String> parameter = new TreeMap<>();
    parameter.put("mcrObjectID", pathParamMcrObjID);
    parameter.put("mcrDerivateID", pathParamMcrDerID);
    parameter.put("path", formParamPath);
    parameter.put("maindoc", Boolean.toString(formParamMaindoc));
    parameter.put("unzip", Boolean.toString(formParamUnzip));
    parameter.put("md5", formParamMD5);
    parameter.put("size", Long.toString(formParamSize));
    String base64Signature = request.getHeader("X-MyCoRe-RestAPI-Signature");
    if (base64Signature == null) {
        throw new MCRRestAPIException(Status.UNAUTHORIZED, new MCRRestAPIError(MCRRestAPIError.CODE_INVALID_AUTHENCATION, "The submitted data could not be validated.", "Please provide a signature as HTTP header 'X-MyCoRe-RestAPI-Signature'."));
    }
    if (verifyPropertiesWithSignature(parameter, base64Signature, MCRJSONWebTokenUtil.retrievePublicKeyFromAuthenticationToken(signedJWT))) {
        try (MCRJPATransactionWrapper mtw = new MCRJPATransactionWrapper()) {
            // MCRSession session = MCRServlet.getSession(request);
            MCRSession session = MCRSessionMgr.getCurrentSession();
            MCRUserInformation currentUser = session.getUserInformation();
            MCRUserInformation apiUser = MCRUserManager.getUser(MCRJSONWebTokenUtil.retrieveUsernameFromAuthenticationToken(signedJWT));
            session.setUserInformation(apiUser);
            MCRObjectID objID = MCRObjectID.getInstance(pathParamMcrObjID);
            MCRObjectID derID = MCRObjectID.getInstance(pathParamMcrDerID);
            MCRAccessManager.invalidPermissionCache(derID.toString(), PERMISSION_WRITE);
            if (MCRAccessManager.checkPermission(derID.toString(), PERMISSION_WRITE)) {
                MCRDerivate der = MCRMetadataManager.retrieveMCRDerivate(derID);
                java.nio.file.Path derDir = null;
                String path = null;
                if (der.getOwnerID().equals(objID)) {
                    try {
                        derDir = UPLOAD_DIR.resolve(derID.toString());
                        if (Files.exists(derDir)) {
                            Files.walkFileTree(derDir, MCRRecursiveDeleter.instance());
                        }
                        path = formParamPath.replace("\\", "/").replace("../", "");
                        while (path.startsWith("/")) {
                            path = path.substring(1);
                        }
                        MCRDirectory difs = MCRDirectory.getRootDirectory(derID.toString());
                        if (difs == null) {
                            difs = new MCRDirectory(derID.toString());
                        }
                        der.getDerivate().getInternals().setIFSID(difs.getID());
                        der.getDerivate().getInternals().setSourcePath(derDir.toString());
                        if (formParamUnzip) {
                            String maindoc = null;
                            try (ZipInputStream zis = new ZipInputStream(new BufferedInputStream(uploadedInputStream))) {
                                ZipEntry entry;
                                while ((entry = zis.getNextEntry()) != null) {
                                    LOGGER.debug("Unzipping: {}", entry.getName());
                                    java.nio.file.Path target = derDir.resolve(entry.getName());
                                    Files.createDirectories(target.getParent());
                                    Files.copy(zis, target, StandardCopyOption.REPLACE_EXISTING);
                                    if (maindoc == null && !entry.isDirectory()) {
                                        maindoc = entry.getName();
                                    }
                                }
                            } catch (IOException e) {
                                LOGGER.error(e);
                            }
                            MCRFileImportExport.importFiles(derDir.toFile(), difs);
                            if (formParamMaindoc) {
                                der.getDerivate().getInternals().setMainDoc(maindoc);
                            }
                        } else {
                            java.nio.file.Path saveFile = derDir.resolve(path);
                            Files.createDirectories(saveFile.getParent());
                            Files.copy(uploadedInputStream, saveFile, StandardCopyOption.REPLACE_EXISTING);
                            // delete old file
                            MCRFileImportExport.importFiles(derDir.toFile(), difs);
                            if (formParamMaindoc) {
                                der.getDerivate().getInternals().setMainDoc(path);
                            }
                        }
                        MCRMetadataManager.update(der);
                        Files.walkFileTree(derDir, MCRRecursiveDeleter.instance());
                    } catch (IOException | MCRPersistenceException | MCRAccessException e) {
                        LOGGER.error(e);
                        throw new MCRRestAPIException(Status.INTERNAL_SERVER_ERROR, new MCRRestAPIError(MCRRestAPIError.CODE_INTERNAL_ERROR, "Internal error", e.getMessage()));
                    }
                }
                session.setUserInformation(currentUser);
                return Response.created(info.getBaseUriBuilder().path("v1/objects/" + objID + "/derivates/" + derID + "/contents").build()).type("application/xml; charset=UTF-8").header(HEADER_NAME_AUTHORIZATION, MCRJSONWebTokenUtil.createJWTAuthorizationHeader(signedJWT)).build();
            }
        }
    }
    throw new MCRRestAPIException(Status.FORBIDDEN, new MCRRestAPIError(MCRRestAPIError.CODE_INVALID_DATA, "File upload failed.", "The submitted data could not be validated."));
}
Also used : MCRRestAPIException(org.mycore.restapi.v1.errors.MCRRestAPIException) ZipEntry(java.util.zip.ZipEntry) MCRRestAPIError(org.mycore.restapi.v1.errors.MCRRestAPIError) MCRAccessException(org.mycore.access.MCRAccessException) MCRDerivate(org.mycore.datamodel.metadata.MCRDerivate) SignedJWT(com.nimbusds.jwt.SignedJWT) IOException(java.io.IOException) TreeMap(java.util.TreeMap) ZipInputStream(java.util.zip.ZipInputStream) MCRSession(org.mycore.common.MCRSession) MCRDirectory(org.mycore.datamodel.ifs.MCRDirectory) BufferedInputStream(java.io.BufferedInputStream) MCRObjectID(org.mycore.datamodel.metadata.MCRObjectID) MCRUserInformation(org.mycore.common.MCRUserInformation) MCRPersistenceException(org.mycore.common.MCRPersistenceException)

Aggregations

MCRUserInformation (org.mycore.common.MCRUserInformation)19 MCRSession (org.mycore.common.MCRSession)9 MCRObjectID (org.mycore.datamodel.metadata.MCRObjectID)6 SignedJWT (com.nimbusds.jwt.SignedJWT)5 MCRRestAPIException (org.mycore.restapi.v1.errors.MCRRestAPIException)5 IOException (java.io.IOException)4 HashMap (java.util.HashMap)4 Test (org.junit.Test)4 MCRAccessException (org.mycore.access.MCRAccessException)4 MCRPersistenceException (org.mycore.common.MCRPersistenceException)4 MCRRestAPIError (org.mycore.restapi.v1.errors.MCRRestAPIError)4 MCRUser (org.mycore.user2.MCRUser)4 Response (javax.ws.rs.core.Response)3 Document (org.jdom2.Document)3 XMLOutputter (org.jdom2.output.XMLOutputter)3 MCRDerivate (org.mycore.datamodel.metadata.MCRDerivate)3 MCRShibbolethUserInformation (org.mycore.user2.login.MCRShibbolethUserInformation)3 TreeMap (java.util.TreeMap)2 MCRException (org.mycore.common.MCRException)2 BufferedInputStream (java.io.BufferedInputStream)1