use of won.protocol.model.MessageEvent in project webofneeds by researchstudio-sat.
the class WonAclAccessDecisionVoter method voteForMessageRequest.
public int voteForMessageRequest(String webId, AuthToken authToken, URI resourceUri, FilterInvocation filterInvocation, Supplier<Integer> legacyImpl) {
// if we're requesting a message, we have to check access for each message
// container
// that it is in
Map<URI, Set<OperationRequest>> opReqs = new HashMap<>();
Map<URI, Graph> aclGraphs = new HashMap<>();
Map<URI, Integer> legacyResults = new HashMap<>();
URI messageUri = WonMessageUriHelper.toGenericMessageURI(resourceUri, uriService.getMessageResourceURIPrefix());
List<MessageEvent> msgs = messageEventRepository.findByMessageURI(messageUri);
for (MessageEvent msg : msgs) {
URI parent = msg.getParentURI();
URI atomUri = uriService.getAtomURIofSubURI(parent);
Optional<Atom> atom = atomService.getAtom(atomUri);
if (!atom.isPresent()) {
return ACCESS_DENIED;
}
if (!aclGraphs.containsKey(atomUri)) {
Optional<Graph> aclGraph = atom.get().getAclGraph();
if (aclGraph.isEmpty()) {
legacyResults.put(atomUri, legacyImpl.get());
continue;
}
aclGraphs.put(atomUri, aclGraph.get());
}
if (!atom.isPresent()) {
continue;
}
OperationRequest operationRequest = new OperationRequest();
if (authToken != null) {
operationRequest.addBearsToken(authToken);
}
operationRequest.setRequestor(URI.create(webId));
operationRequest.setReqAtomState(toAuthAtomState(atom.get().getState()));
operationRequest.setReqAtom(atomUri);
operationRequest.setOperationSimpleOperationExpression(OP_READ);
if (uriService.isConnectionURI(parent)) {
Optional<Connection> con = connectionRepository.findOneByConnectionURI(parent);
if (con == null) {
continue;
}
operationRequest.setReqPosition(POSITION_CONNECTION_MESSAGE);
operationRequest.setReqConnectionMessage(msg.getMessageURI());
operationRequest.setReqConnection(con.get().getConnectionURI());
operationRequest.setReqSocket(con.get().getSocketURI());
operationRequest.setReqSocketType(con.get().getTypeURI());
operationRequest.setReqConnectionState(toAuthConnectionState(con.get().getState()));
operationRequest.setReqConnectionTargetAtom(con.get().getTargetAtomURI());
} else if (uriService.isAtomURI(parent)) {
operationRequest.setReqPosition(POSITION_ATOM_MESSAGE);
} else {
legacyResults.put(atomUri, legacyImpl.get());
continue;
}
if (!opReqs.containsKey(atomUri)) {
Set<OperationRequest> ors = new HashSet<>();
ors.add(operationRequest);
opReqs.put(atomUri, ors);
} else {
opReqs.get(atomUri).add(operationRequest);
}
}
Set<AclEvalResult> aclEvalResults = new HashSet<>();
for (URI atomUri : aclGraphs.keySet()) {
Graph aclGraph = aclGraphs.get(atomUri);
for (OperationRequest opReq : opReqs.get(atomUri)) {
aclEvalResults.add(wonAclEvaluatorFactory.create(aclGraph).decide(opReq));
}
}
Optional<AclEvalResult> aclEvalResult = aclEvalResults.stream().reduce(WonAclEvaluator::mergeAclEvalResults);
Integer legacyResult = legacyResults.values().stream().reduce((left, right) -> {
if (left.equals(right)) {
return left;
}
if (left.equals(ACCESS_GRANTED) || right.equals(ACCESS_GRANTED)) {
return ACCESS_GRANTED;
} else if (left.equals(ACCESS_ABSTAIN) || right.equals(ACCESS_ABSTAIN)) {
return ACCESS_ABSTAIN;
}
return ACCESS_DENIED;
}).orElse(ACCESS_ABSTAIN);
if (legacyResult.equals(ACCESS_GRANTED) || (aclEvalResult.isPresent() && aclEvalResult.get().getDecision().equals(DecisionValue.ACCESS_GRANTED))) {
return ACCESS_GRANTED;
} else {
if (aclEvalResult.isPresent()) {
setAuthInfoIfDenied(filterInvocation, aclEvalResult.get());
}
return ACCESS_DENIED;
}
}
Aggregations