#83: Handles tags as source ACL in GET /document/list

2024-06-29 13:01:23 +02:00 · 2016-04-30 01:52:24 +02:00 · 2016-04-30 01:52:24 +02:00 · 09a53d5c4e
commit 09a53d5c4e
parent 542ab737a2
5 changed files with 28 additions and 31 deletions
--- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/AclDao.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/AclDao.java
@ -28,7 +28,6 @@ public class AclDao {
     * @param acl ACL
     * @param userId User ID
     * @return New ID
     * @throws Exception
     */
    public String create(Acl acl, String userId) {
        // Create the UUID
@ -82,7 +81,7 @@ public class AclDao {
        List<Object[]> l = q.getResultList();
        // Assemble results
-        List<AclDto> aclDtoList = new ArrayList<AclDto>();
+        List<AclDto> aclDtoList = new ArrayList<>();
        for (Object[] o : l) {
            int i = 0;
            AclDto aclDto = new AclDto();
@ -92,7 +91,7 @@ public class AclDao {
            String userName = (String) o[i++];
            String shareId = (String) o[i++];
            String shareName = (String) o[i++];
-            String groupName = (String) o[i++];
+            String groupName = (String) o[i];
            if (userName != null) {
                aclDto.setTargetName(userName);
                aclDto.setTargetType(AclTargetType.USER.name());
@ -114,11 +113,12 @@ public class AclDao {
     * Check if a source is accessible to a target.
     * 
     * @param sourceId ACL source entity ID
-     * @parm perm Necessary permission
+     * @param perm Necessary permission
-     * @param targetId ACL target entity ID
+     * @param targetIdList List of targets
     * @return True if the document is accessible
     */
    public boolean checkPermission(String sourceId, PermType perm, List<String> targetIdList) {
        // TODO Handle tags as source for ACL
        EntityManager em = ThreadLocalContext.get().getEntityManager();
        Query q = em.createQuery("select a from Acl a where a.sourceId = :sourceId and a.perm = :perm and a.targetId in (:targetIdList) and a.deleteDate is null");
        q.setParameter("sourceId", sourceId);
@ -126,11 +126,7 @@ public class AclDao {
        q.setParameter("targetIdList", targetIdList);
        // We have a matching permission
-        if (q.getResultList().size() > 0) {
+        return q.getResultList().size() > 0;
            return true;
        }
        return false;
    }
    /**
--- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/DocumentDao.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/DocumentDao.java
@ -40,7 +40,6 @@ public class DocumentDao {
     * @param document Document
     * @param userId User ID
     * @return New ID
     * @throws Exception
     */
    public String create(Document document, String userId) {
        // Create the UUID
@ -87,10 +86,11 @@ public class DocumentDao {
     * 
     * @param id Document ID
     * @param perm Permission needed
-     * @param userId User ID
+     * @param targetIdList List of targets
     * @return Document
     */
    public DocumentDto getDocument(String id, PermType perm, List<String> targetIdList) {
        // TODO Handle tags as source for ACL
        EntityManager em = ThreadLocalContext.get().getEntityManager();
        StringBuilder sb = new StringBuilder("select distinct d.DOC_ID_C, d.DOC_TITLE_C, d.DOC_DESCRIPTION_C, d.DOC_SUBJECT_C, d.DOC_IDENTIFIER_C, d.DOC_PUBLISHER_C, d.DOC_FORMAT_C, d.DOC_SOURCE_C, d.DOC_TYPE_C, d.DOC_COVERAGE_C, d.DOC_RIGHTS_C, d.DOC_CREATEDATE_D, d.DOC_LANGUAGE_C, ");
        sb.append(" (select count(s.SHA_ID_C) from T_SHARE s, T_ACL ac where ac.ACL_SOURCEID_C = d.DOC_ID_C and ac.ACL_TARGETID_C = s.SHA_ID_C and ac.ACL_DELETEDATE_D is null and s.SHA_DELETEDATE_D is null), ");
@ -106,7 +106,7 @@ public class DocumentDao {
        q.setParameter("perm", perm.name());
        q.setParameter("targetIdList", targetIdList);
-        Object[] o = null;
+        Object[] o;
        try {
            o = (Object[]) q.getSingleResult();
        } catch (NoResultException e) {
@ -130,7 +130,7 @@ public class DocumentDao {
        documentDto.setLanguage((String) o[i++]);
        documentDto.setShared(((Number) o[i++]).intValue() > 0);
        documentDto.setFileCount(((Number) o[i++]).intValue());
-        documentDto.setCreator((String) o[i++]);
+        documentDto.setCreator((String) o[i]);
        return documentDto;
    }
@ -200,12 +200,11 @@ public class DocumentDao {
     * @param paginatedList List of documents (updated by side effects)
     * @param criteria Search criteria
     * @param sortCriteria Sort criteria
     * @return List of documents
     * @throws Exception
     */
    public void findByCriteria(PaginatedList<DocumentDto> paginatedList, DocumentCriteria criteria, SortCriteria sortCriteria) throws Exception {
-        Map<String, Object> parameterMap = new HashMap<String, Object>();
+        Map<String, Object> parameterMap = new HashMap<>();
-        List<String> criteriaList = new ArrayList<String>();
+        List<String> criteriaList = new ArrayList<>();
        StringBuilder sb = new StringBuilder("select distinct d.DOC_ID_C c0, d.DOC_TITLE_C c1, d.DOC_DESCRIPTION_C c2, d.DOC_CREATEDATE_D c3, d.DOC_LANGUAGE_C c4, ");
        sb.append(" (select count(s.SHA_ID_C) from T_SHARE s, T_ACL ac where ac.ACL_SOURCEID_C = d.DOC_ID_C and ac.ACL_TARGETID_C = s.SHA_ID_C and ac.ACL_DELETEDATE_D is null and s.SHA_DELETEDATE_D is null) c5, ");
@ -215,7 +214,9 @@ public class DocumentDao {
        // Adds search criteria
        if (criteria.getTargetIdList() != null) {
            // Read permission is enough for searching
-            sb.append(" join T_ACL a on a.ACL_SOURCEID_C = d.DOC_ID_C and a.ACL_TARGETID_C in (:targetIdList) and a.ACL_PERM_C = 'READ' and a.ACL_DELETEDATE_D is null ");
+            sb.append(" left join T_ACL a on a.ACL_TARGETID_C in (:targetIdList) and a.ACL_SOURCEID_C = d.DOC_ID_C and a.ACL_PERM_C = 'READ' and a.ACL_DELETEDATE_D is null ");
            sb.append(" left join T_ACL a2 on a2.ACL_TARGETID_C in (:targetIdList) and a2.ACL_SOURCEID_C in (select dta.DOT_IDTAG_C from T_DOCUMENT_TAG dta where dta.DOT_IDDOCUMENT_C = d.DOC_ID_C) and a2.ACL_PERM_C = 'READ' and a2.ACL_DELETEDATE_D is null ");
            criteriaList.add("(a.ACL_ID_C is not null or a2.ACL_ID_C is not null)");
            parameterMap.put("targetIdList", criteria.getTargetIdList());
        }
        if (!Strings.isNullOrEmpty(criteria.getSearch()) || !Strings.isNullOrEmpty(criteria.getFullSearch())) {
@ -239,7 +240,7 @@ public class DocumentDao {
        if (criteria.getTagIdList() != null && !criteria.getTagIdList().isEmpty()) {
            int index = 0;
            for (String tagId : criteria.getTagIdList()) {
-                sb.append(" join T_DOCUMENT_TAG dt" + index + " on dt" + index + ".DOT_IDDOCUMENT_C = d.DOC_ID_C and dt" + index + ".DOT_IDTAG_C = :tagId" + index + " and dt" + index + ".DOT_DELETEDATE_D is null ");
+                sb.append(String.format(" join T_DOCUMENT_TAG dt%d on dt%d.DOT_IDDOCUMENT_C = d.DOC_ID_C and dt%d.DOT_IDTAG_C = :tagId%d and dt%d.DOT_DELETEDATE_D is null ", index, index, index, index, index));
                parameterMap.put("tagId" + index, tagId);
                index++;
            }
@ -278,7 +279,7 @@ public class DocumentDao {
            documentDto.setCreateTimestamp(((Timestamp) o[i++]).getTime());
            documentDto.setLanguage((String) o[i++]);
            documentDto.setShared(((Number) o[i++]).intValue() > 0);
-            documentDto.setFileCount(((Number) o[i++]).intValue());
+            documentDto.setFileCount(((Number) o[i]).intValue());
            documentDtoList.add(documentDto);
        }
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/AclResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/AclResource.java
@ -48,7 +48,7 @@ public class AclResource extends BaseResource {
     * @param sourceId Source ID
     * @param permStr Permission
     * @param targetName Target name
-     * @param type ACL type
+     * @param typeStr ACL type
     * @return Response
     */
    @PUT
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestAclResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestAclResource.java
@ -71,7 +71,7 @@ public class TestAclResource extends BaseJerseyTest {
        String acl2Id = json.getString("id");
        // Add an ACL WRITE for acl2 with acl1
-        json = target().path("/acl").request()
+        target().path("/acl").request()
                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
                .put(Entity.form(new Form()
                        .param("source", document1Id)
@ -80,7 +80,7 @@ public class TestAclResource extends BaseJerseyTest {
                        .param("type", "USER")), JsonObject.class);
        // Add an ACL WRITE for acl2 with acl1 (again)
-        json = target().path("/acl").request()
+        target().path("/acl").request()
                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
                .put(Entity.form(new Form()
                        .param("source", document1Id)
@ -99,7 +99,7 @@ public class TestAclResource extends BaseJerseyTest {
        String aclGroup2Id = json.getString("id");
        // Add an ACL WRITE for aclGroup2 with acl1
-        json = target().path("/acl").request()
+        target().path("/acl").request()
                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
                .put(Entity.form(new Form()
                        .param("source", document1Id)
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestDocumentResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestDocumentResource.java
@ -87,7 +87,7 @@ public class TestDocumentResource extends BaseJerseyTest {
        Assert.assertNotNull(document2Id);
        // Add a file
-        String file1Id = null;
+        String file1Id;
        try (InputStream is = Resources.getResource("file/Einstein-Roosevelt-letter.png").openStream()) {
            StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "Einstein-Roosevelt-letter.png");
            try (FormDataMultiPart multiPart = new FormDataMultiPart()) {
@ -103,7 +103,7 @@ public class TestDocumentResource extends BaseJerseyTest {
        }
        // Share this document
-        json = target().path("/share").request()
+        target().path("/share").request()
                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, document1Token)
                .put(Entity.form(new Form().param("id", document1Id)), JsonObject.class);
@ -148,7 +148,7 @@ public class TestDocumentResource extends BaseJerseyTest {
        Assert.assertNotNull(document3Id);
        // Add a file
-        String file3Id = null;
+        String file3Id;
        try (InputStream is = Resources.getResource("file/Einstein-Roosevelt-letter.png").openStream()) {
            StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "Einstein-Roosevelt-letter.png");
            try (FormDataMultiPart multiPart = new FormDataMultiPart()) {
@ -393,7 +393,7 @@ public class TestDocumentResource extends BaseJerseyTest {
        Assert.assertNotNull(document1Id);
        // Add a PDF file
-        String file1Id = null;
+        String file1Id;
        try (InputStream is = Resources.getResource("file/document.odt").openStream()) {
            StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "document.odt");
            try (FormDataMultiPart multiPart = new FormDataMultiPart()) {
@ -452,7 +452,7 @@ public class TestDocumentResource extends BaseJerseyTest {
        Assert.assertNotNull(document1Id);
        // Add a PDF file
-        String file1Id = null;
+        String file1Id;
        try (InputStream is = Resources.getResource("file/document.docx").openStream()) {
            StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "document.docx");
            try (FormDataMultiPart multiPart = new FormDataMultiPart()) {
@ -511,7 +511,7 @@ public class TestDocumentResource extends BaseJerseyTest {
        Assert.assertNotNull(document1Id);
        // Add a PDF file
-        String file1Id = null;
+        String file1Id;
        try (InputStream is = Resources.getResource("file/wikipedia.pdf").openStream()) {
            StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "wikipedia.pdf");
            try (FormDataMultiPart multiPart = new FormDataMultiPart()) {