Examples with WonAclEvalContext won.node.springsecurity.acl.WonAclEvalContext used on opensource projects

Example 1 with WonAclEvalContext

use of won.node.springsecurity.acl.WonAclEvalContext in project webofneeds by researchstudio-sat.

the class LinkedDataWebController method showDeepAtomPage.

/**
 * This request URL should be protected by WebID filter because the result
 * contains events data - which is data with restricted access. See
 * filterChainProxy in node-context.xml.
 *
 * @param identifier
 * @param model
 * @param response
 * @return
 */
// webmvc controller method
@RequestMapping("${uri.path.page}/atom/{identifier}/deep")
public String showDeepAtomPage(@PathVariable String identifier, Model model, HttpServletRequest request, HttpServletResponse response, @RequestParam(value = "layer-size", required = false) Integer layerSize) {
    try {
        URI atomURI = uriService.createAtomURIForId(identifier);
        WonAclEvalContext waeCtx = WonAclRequestHelper.getWonAclEvaluationContext(request);
        Dataset rdfDataset = linkedDataService.getAtomDataset(atomURI, true, layerSize, waeCtx);
        // TODO AUTH: extract acl graph and interpret
        // TODO AUTH: Research how to handle lower layers
        logger.warn("TODO: apply ACLs to atom/{identifier}/deep request!");
        if (rdfDataset == null || rdfDataset.isEmpty()) {
            Optional<AclEvalResult> result = waeCtx.getCombinedResults();
            if (result.isPresent()) {
                WonAclRequestHelper.setAuthInfoAsResponseHeader(response, result.get());
                response.setStatus(WonAclRequestHelper.getHttpStatusCodeForAclEvaluationResult(result.get()));
            }
        }
        model.addAttribute("rdfDataset", rdfDataset);
        model.addAttribute("resourceURI", atomURI.toString());
        model.addAttribute("dataURI", uriService.toDataURIIfPossible(atomURI).toString());
        return "rdfDatasetView";
    } catch (NoSuchAtomException | NoSuchConnectionException | NoSuchMessageException e) {
        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
        return "notFoundView";
    }
}

Example 2 with WonAclEvalContext

use of won.node.springsecurity.acl.WonAclEvalContext in project webofneeds by researchstudio-sat.

the class LinkedDataWebController method readConnectionsOfAtom.

/**
 * Get the RDF for the connections of the specified atom.
 *
 * @param request
 * @param identifier
 * @param deep If true, connection data is added to the model (not only
 * connection URIs). Default: false.
 * @param page taken into account only if client supports paging; in that case
 * the specified page is returned
 * @param resumeBefore taken into account only if client supports paging; in
 * that case the page with connections URIs that precede the connection having
 * resumeBefore is returned
 * @param resumeAfter taken into account only if client supports paging; in that
 * case the page with connections URIs that follow the connection having
 * resumeAfter are returned
 * @param type only connection events of the given type are considered when
 * ordering returned connections. Default: all event types.
 * @param timestamp only connection events that where created before the given
 * time are considered when ordering returned connections. Default: current
 * time.
 * @return
 */
@RequestMapping(value = "${uri.path.data}/atom/{identifier}/c", method = RequestMethod.GET, produces = { "application/ld+json", "application/trig", "application/n-quads" })
public ResponseEntity<Dataset> readConnectionsOfAtom(HttpServletRequest request, HttpServletResponse response, @PathVariable(value = "identifier") String identifier, @RequestParam(value = "socket", required = false) String socket, @RequestParam(value = "targetSocket", required = false) String targetSocket, @RequestParam(value = "deep", defaultValue = "false") boolean deep, @RequestParam(value = "p", required = false) Integer page, @RequestParam(value = "resumebefore", required = false) String resumeBefore, @RequestParam(value = "resumeafter", required = false) String resumeAfter, @RequestParam(value = "type", required = false) String type, @RequestParam(value = "timeof", required = false) String timestamp, @RequestParam(value = "state", required = false) String state) {
    logger.debug("readConnectionsOfAtom() called");
    // TODO: pass aclevaluator and operationRequest down to linkeddataservice as an
    // additional filter
    URI atomUri = uriService.createAtomURIForId(identifier);
    Dataset rdfDataset;
    HttpHeaders headers = new HttpHeaders();
    Integer preferedSize = getPreferredSize(request);
    URI connectionsURI = URI.create(atomUri.toString() + "/c");
    try {
        ConnectionState connectionState = getConnectionState(state);
        WonMessageType eventsType = getMessageType(type);
        DateParameter dateParam = new DateParameter(timestamp);
        String passableQuery = getPassableQueryMap("type", type, "timeof", dateParam.getTimestamp(), "deep", Boolean.toString(deep));
        // paging, return everything:
        if (socket != null && targetSocket != null) {
            rdfDataset = linkedDataService.listConnection(URI.create(socket), URI.create(targetSocket), deep);
        } else if (preferedSize == null) {
            // does not support date and type filtering for clients that do not support
            // paging
            rdfDataset = linkedDataService.listConnections(atomUri, deep, true, connectionState).getContent();
        // if no page or resume parameter is specified, display the latest connections:
        } else if (page == null && resumeBefore == null && resumeAfter == null) {
            AtomInformationService.PagedResource<Dataset, Connection> resource = linkedDataService.listConnections(1, atomUri, preferedSize, eventsType, dateParam.getDate(), deep, true, connectionState);
            rdfDataset = resource.getContent();
            addPagedConnectionResourceInSequenceHeader(headers, connectionsURI, resource, passableQuery);
        } else if (page != null) {
            AtomInformationService.PagedResource<Dataset, Connection> resource = linkedDataService.listConnections(page, atomUri, preferedSize, eventsType, dateParam.getDate(), deep, true, connectionState);
            rdfDataset = resource.getContent();
            addPagedConnectionResourceInSequenceHeader(headers, connectionsURI, resource, page, passableQuery);
        } else {
            // before the specified event id:
            if (resumeBefore != null) {
                URI resumeConnURI;
                try {
                    resumeConnURI = new URI(resumeBefore);
                } catch (URISyntaxException e) {
                    throw new IllegalArgumentException("resumeBefore must be a full, valid connection URI");
                }
                AtomInformationService.PagedResource<Dataset, Connection> resource = linkedDataService.listConnectionsAfter(atomUri, resumeConnURI, preferedSize, eventsType, dateParam.getDate(), deep, true, connectionState);
                rdfDataset = resource.getContent();
                addPagedConnectionResourceInSequenceHeader(headers, connectionsURI, resource, passableQuery);
            // resume after parameter specified - display the connections with activities
            // after the specified event id:
            } else {
                // if (resumeAfter != null)
                URI resumeConnURI;
                try {
                    resumeConnURI = new URI(resumeAfter);
                } catch (URISyntaxException e) {
                    throw new IllegalArgumentException("resumeAfter must be a full, valid connection URI");
                }
                AtomInformationService.PagedResource<Dataset, Connection> resource = linkedDataService.listConnectionsBefore(atomUri, resumeConnURI, preferedSize, eventsType, dateParam.getDate(), deep, true, connectionState);
                rdfDataset = resource.getContent();
                addPagedConnectionResourceInSequenceHeader(headers, connectionsURI, resource, passableQuery);
            }
        }
        WonAclEvalContext ec = WonAclRequestHelper.getWonAclEvaluationContext(request);
        // check if the dataset contains any connections
        if (ec.isModeFilter() && !RdfUtils.toStatementStream(rdfDataset).anyMatch(p -> p.getPredicate().equals(RDFS.member))) {
            // the dataset may be empty because no connections are allowed
            // we don't have a position for all connections in the ACL, so we say: if the
            // user
            // is allowed to see the top level, we show the empty container, otherwise deny
            OperationRequest or = ec.getOperationRequest();
            or.setReqPosition(POSITION_ROOT);
            AclEvalResult result = ec.decideAndRemember(or);
            if (ACCESS_DENIED.equals(result.getDecision())) {
                int statusCode = HttpStatus.FORBIDDEN.value();
                Optional<AclEvalResult> accResult = WonAclRequestHelper.getWonAclEvaluationContext(request).getCombinedResults();
                if (accResult.isPresent()) {
                    WonAclRequestHelper.setAuthInfoAsResponseHeader(response, accResult.get());
                    statusCode = WonAclRequestHelper.getHttpStatusCodeForAclEvaluationResult(accResult.get());
                }
                HttpStatus status = HttpStatus.valueOf(statusCode);
                logger.debug("sending status {}", status);
                // append the required headers
                addMutableResourceHeaders(headers);
                addLocationHeaderIfNecessary(headers, URI.create(request.getRequestURI()), connectionsURI);
                return new ResponseEntity<>(null, headers, status);
            }
        }
        // append the required headers
        addMutableResourceHeaders(headers);
        addLocationHeaderIfNecessary(headers, URI.create(request.getRequestURI()), connectionsURI);
        addCORSHeader(headers);
        return new ResponseEntity<>(rdfDataset, headers, HttpStatus.OK);
    } catch (ParseException e) {
        logger.warn("could not parse timestamp into Date:{}", timestamp);
        return new ResponseEntity<>(HttpStatus.NOT_FOUND);
    } catch (NoSuchAtomException e) {
        logger.warn("did not find atom {}", e.getUnknownAtomURI());
        return new ResponseEntity<>(HttpStatus.NOT_FOUND);
    } catch (NoSuchConnectionException e) {
        logger.warn("did not find connection that should be connected to atom. connection:{}", e.getUnknownConnectionURI());
        return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
    }
}

Example 3 with WonAclEvalContext

use of won.node.springsecurity.acl.WonAclEvalContext in project webofneeds by researchstudio-sat.

the class LinkedDataWebController method readGrants.

@RequestMapping(value = "${uri.path.resource}/atom/{identifier}/grants", method = RequestMethod.GET, produces = { "application/ld+json", "application/trig", "application/n-quads" })
public ResponseEntity<Dataset> readGrants(HttpServletRequest request) {
    WonAclEvalContext ctx = WonAclRequestHelper.getWonAclEvaluationContext(request);
    Graph result = ctx.getGrants();
    if (result != null) {
        return new ResponseEntity<Dataset>(DatasetFactory.wrap(DatasetGraphFactory.create(result)), HttpStatus.OK);
    }
    return new ResponseEntity<Dataset>(DatasetFactory.createGeneral(), HttpStatus.NO_CONTENT);
}

Example 4 with WonAclEvalContext

use of won.node.springsecurity.acl.WonAclEvalContext in project webofneeds by researchstudio-sat.

the class LinkedDataWebController method showAtomPage.

// webmvc controller method
@RequestMapping("${uri.path.page}/atom/{identifier}")
@PreAuthorize("hasRole('ROLE_WEBID')")
public String showAtomPage(@PathVariable String identifier, Model model, HttpServletRequest request, HttpServletResponse response) {
    URI atomURI = uriService.createAtomURIForId(identifier);
    WonAclEvalContext waeCtx = WonAclRequestHelper.getWonAclEvaluationContext(request);
    Dataset rdfDataset = linkedDataService.getAtomDataset(atomURI, null, waeCtx).getData();
    if (rdfDataset == null || rdfDataset.isEmpty()) {
        Optional<AclEvalResult> result = waeCtx.getCombinedResults();
        if (result.isPresent()) {
            WonAclRequestHelper.setAuthInfoAsResponseHeader(response, result.get());
            response.setStatus(WonAclRequestHelper.getHttpStatusCodeForAclEvaluationResult(result.get()));
        }
        return "forbiddenView";
    }
    model.addAttribute("rdfDataset", rdfDataset);
    model.addAttribute("resourceURI", atomURI.toString());
    model.addAttribute("dataURI", uriService.toDataURIIfPossible(atomURI).toString());
    return "rdfDatasetView";
}

Example 5 with WonAclEvalContext

use of won.node.springsecurity.acl.WonAclEvalContext in project webofneeds by researchstudio-sat.

the class LinkedDataWebController method showGrantsPage.

@RequestMapping(value = "${uri.path.page}/atom/{identifier}/grants", method = RequestMethod.GET)
public String showGrantsPage(@PathVariable String identifier, Model model, HttpServletRequest request) {
    WonAclEvalContext ctx = WonAclRequestHelper.getWonAclEvaluationContext(request);
    Graph result = ctx.getGrants();
    URI resourceUri = WonRelativeUriHelper.createGrantsRequestURIForAtomURI(uriService.createAtomURIForId(identifier));
    Dataset rdfDataset = null;
    if (result != null) {
        rdfDataset = DatasetFactory.wrap(DatasetGraphFactory.create(result));
    } else {
        rdfDataset = DatasetFactory.createGeneral();
    }
    model.addAttribute("rdfDataset", rdfDataset);
    model.addAttribute("resourceURI", resourceUri.toString());
    model.addAttribute("dataURI", uriService.toDataURIIfPossible(resourceUri).toString());
    return "rdfDatasetView";
}