mirror of
https://github.com/sismics/docs.git
synced 2024-11-25 15:17:57 +01:00
#83: Handles tags as source ACL in GET /document/list
This commit is contained in:
parent
542ab737a2
commit
09a53d5c4e
@ -28,7 +28,6 @@ public class AclDao {
|
||||
* @param acl ACL
|
||||
* @param userId User ID
|
||||
* @return New ID
|
||||
* @throws Exception
|
||||
*/
|
||||
public String create(Acl acl, String userId) {
|
||||
// Create the UUID
|
||||
@ -82,7 +81,7 @@ public class AclDao {
|
||||
List<Object[]> l = q.getResultList();
|
||||
|
||||
// Assemble results
|
||||
List<AclDto> aclDtoList = new ArrayList<AclDto>();
|
||||
List<AclDto> aclDtoList = new ArrayList<>();
|
||||
for (Object[] o : l) {
|
||||
int i = 0;
|
||||
AclDto aclDto = new AclDto();
|
||||
@ -92,7 +91,7 @@ public class AclDao {
|
||||
String userName = (String) o[i++];
|
||||
String shareId = (String) o[i++];
|
||||
String shareName = (String) o[i++];
|
||||
String groupName = (String) o[i++];
|
||||
String groupName = (String) o[i];
|
||||
if (userName != null) {
|
||||
aclDto.setTargetName(userName);
|
||||
aclDto.setTargetType(AclTargetType.USER.name());
|
||||
@ -114,11 +113,12 @@ public class AclDao {
|
||||
* Check if a source is accessible to a target.
|
||||
*
|
||||
* @param sourceId ACL source entity ID
|
||||
* @parm perm Necessary permission
|
||||
* @param targetId ACL target entity ID
|
||||
* @param perm Necessary permission
|
||||
* @param targetIdList List of targets
|
||||
* @return True if the document is accessible
|
||||
*/
|
||||
public boolean checkPermission(String sourceId, PermType perm, List<String> targetIdList) {
|
||||
// TODO Handle tags as source for ACL
|
||||
EntityManager em = ThreadLocalContext.get().getEntityManager();
|
||||
Query q = em.createQuery("select a from Acl a where a.sourceId = :sourceId and a.perm = :perm and a.targetId in (:targetIdList) and a.deleteDate is null");
|
||||
q.setParameter("sourceId", sourceId);
|
||||
@ -126,11 +126,7 @@ public class AclDao {
|
||||
q.setParameter("targetIdList", targetIdList);
|
||||
|
||||
// We have a matching permission
|
||||
if (q.getResultList().size() > 0) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
return q.getResultList().size() > 0;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -40,7 +40,6 @@ public class DocumentDao {
|
||||
* @param document Document
|
||||
* @param userId User ID
|
||||
* @return New ID
|
||||
* @throws Exception
|
||||
*/
|
||||
public String create(Document document, String userId) {
|
||||
// Create the UUID
|
||||
@ -87,10 +86,11 @@ public class DocumentDao {
|
||||
*
|
||||
* @param id Document ID
|
||||
* @param perm Permission needed
|
||||
* @param userId User ID
|
||||
* @param targetIdList List of targets
|
||||
* @return Document
|
||||
*/
|
||||
public DocumentDto getDocument(String id, PermType perm, List<String> targetIdList) {
|
||||
// TODO Handle tags as source for ACL
|
||||
EntityManager em = ThreadLocalContext.get().getEntityManager();
|
||||
StringBuilder sb = new StringBuilder("select distinct d.DOC_ID_C, d.DOC_TITLE_C, d.DOC_DESCRIPTION_C, d.DOC_SUBJECT_C, d.DOC_IDENTIFIER_C, d.DOC_PUBLISHER_C, d.DOC_FORMAT_C, d.DOC_SOURCE_C, d.DOC_TYPE_C, d.DOC_COVERAGE_C, d.DOC_RIGHTS_C, d.DOC_CREATEDATE_D, d.DOC_LANGUAGE_C, ");
|
||||
sb.append(" (select count(s.SHA_ID_C) from T_SHARE s, T_ACL ac where ac.ACL_SOURCEID_C = d.DOC_ID_C and ac.ACL_TARGETID_C = s.SHA_ID_C and ac.ACL_DELETEDATE_D is null and s.SHA_DELETEDATE_D is null), ");
|
||||
@ -106,7 +106,7 @@ public class DocumentDao {
|
||||
q.setParameter("perm", perm.name());
|
||||
q.setParameter("targetIdList", targetIdList);
|
||||
|
||||
Object[] o = null;
|
||||
Object[] o;
|
||||
try {
|
||||
o = (Object[]) q.getSingleResult();
|
||||
} catch (NoResultException e) {
|
||||
@ -130,7 +130,7 @@ public class DocumentDao {
|
||||
documentDto.setLanguage((String) o[i++]);
|
||||
documentDto.setShared(((Number) o[i++]).intValue() > 0);
|
||||
documentDto.setFileCount(((Number) o[i++]).intValue());
|
||||
documentDto.setCreator((String) o[i++]);
|
||||
documentDto.setCreator((String) o[i]);
|
||||
return documentDto;
|
||||
}
|
||||
|
||||
@ -200,12 +200,11 @@ public class DocumentDao {
|
||||
* @param paginatedList List of documents (updated by side effects)
|
||||
* @param criteria Search criteria
|
||||
* @param sortCriteria Sort criteria
|
||||
* @return List of documents
|
||||
* @throws Exception
|
||||
*/
|
||||
public void findByCriteria(PaginatedList<DocumentDto> paginatedList, DocumentCriteria criteria, SortCriteria sortCriteria) throws Exception {
|
||||
Map<String, Object> parameterMap = new HashMap<String, Object>();
|
||||
List<String> criteriaList = new ArrayList<String>();
|
||||
Map<String, Object> parameterMap = new HashMap<>();
|
||||
List<String> criteriaList = new ArrayList<>();
|
||||
|
||||
StringBuilder sb = new StringBuilder("select distinct d.DOC_ID_C c0, d.DOC_TITLE_C c1, d.DOC_DESCRIPTION_C c2, d.DOC_CREATEDATE_D c3, d.DOC_LANGUAGE_C c4, ");
|
||||
sb.append(" (select count(s.SHA_ID_C) from T_SHARE s, T_ACL ac where ac.ACL_SOURCEID_C = d.DOC_ID_C and ac.ACL_TARGETID_C = s.SHA_ID_C and ac.ACL_DELETEDATE_D is null and s.SHA_DELETEDATE_D is null) c5, ");
|
||||
@ -215,7 +214,9 @@ public class DocumentDao {
|
||||
// Adds search criteria
|
||||
if (criteria.getTargetIdList() != null) {
|
||||
// Read permission is enough for searching
|
||||
sb.append(" join T_ACL a on a.ACL_SOURCEID_C = d.DOC_ID_C and a.ACL_TARGETID_C in (:targetIdList) and a.ACL_PERM_C = 'READ' and a.ACL_DELETEDATE_D is null ");
|
||||
sb.append(" left join T_ACL a on a.ACL_TARGETID_C in (:targetIdList) and a.ACL_SOURCEID_C = d.DOC_ID_C and a.ACL_PERM_C = 'READ' and a.ACL_DELETEDATE_D is null ");
|
||||
sb.append(" left join T_ACL a2 on a2.ACL_TARGETID_C in (:targetIdList) and a2.ACL_SOURCEID_C in (select dta.DOT_IDTAG_C from T_DOCUMENT_TAG dta where dta.DOT_IDDOCUMENT_C = d.DOC_ID_C) and a2.ACL_PERM_C = 'READ' and a2.ACL_DELETEDATE_D is null ");
|
||||
criteriaList.add("(a.ACL_ID_C is not null or a2.ACL_ID_C is not null)");
|
||||
parameterMap.put("targetIdList", criteria.getTargetIdList());
|
||||
}
|
||||
if (!Strings.isNullOrEmpty(criteria.getSearch()) || !Strings.isNullOrEmpty(criteria.getFullSearch())) {
|
||||
@ -239,7 +240,7 @@ public class DocumentDao {
|
||||
if (criteria.getTagIdList() != null && !criteria.getTagIdList().isEmpty()) {
|
||||
int index = 0;
|
||||
for (String tagId : criteria.getTagIdList()) {
|
||||
sb.append(" join T_DOCUMENT_TAG dt" + index + " on dt" + index + ".DOT_IDDOCUMENT_C = d.DOC_ID_C and dt" + index + ".DOT_IDTAG_C = :tagId" + index + " and dt" + index + ".DOT_DELETEDATE_D is null ");
|
||||
sb.append(String.format(" join T_DOCUMENT_TAG dt%d on dt%d.DOT_IDDOCUMENT_C = d.DOC_ID_C and dt%d.DOT_IDTAG_C = :tagId%d and dt%d.DOT_DELETEDATE_D is null ", index, index, index, index, index));
|
||||
parameterMap.put("tagId" + index, tagId);
|
||||
index++;
|
||||
}
|
||||
@ -278,7 +279,7 @@ public class DocumentDao {
|
||||
documentDto.setCreateTimestamp(((Timestamp) o[i++]).getTime());
|
||||
documentDto.setLanguage((String) o[i++]);
|
||||
documentDto.setShared(((Number) o[i++]).intValue() > 0);
|
||||
documentDto.setFileCount(((Number) o[i++]).intValue());
|
||||
documentDto.setFileCount(((Number) o[i]).intValue());
|
||||
documentDtoList.add(documentDto);
|
||||
}
|
||||
|
||||
|
@ -48,7 +48,7 @@ public class AclResource extends BaseResource {
|
||||
* @param sourceId Source ID
|
||||
* @param permStr Permission
|
||||
* @param targetName Target name
|
||||
* @param type ACL type
|
||||
* @param typeStr ACL type
|
||||
* @return Response
|
||||
*/
|
||||
@PUT
|
||||
|
@ -71,7 +71,7 @@ public class TestAclResource extends BaseJerseyTest {
|
||||
String acl2Id = json.getString("id");
|
||||
|
||||
// Add an ACL WRITE for acl2 with acl1
|
||||
json = target().path("/acl").request()
|
||||
target().path("/acl").request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
|
||||
.put(Entity.form(new Form()
|
||||
.param("source", document1Id)
|
||||
@ -80,7 +80,7 @@ public class TestAclResource extends BaseJerseyTest {
|
||||
.param("type", "USER")), JsonObject.class);
|
||||
|
||||
// Add an ACL WRITE for acl2 with acl1 (again)
|
||||
json = target().path("/acl").request()
|
||||
target().path("/acl").request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
|
||||
.put(Entity.form(new Form()
|
||||
.param("source", document1Id)
|
||||
@ -99,7 +99,7 @@ public class TestAclResource extends BaseJerseyTest {
|
||||
String aclGroup2Id = json.getString("id");
|
||||
|
||||
// Add an ACL WRITE for aclGroup2 with acl1
|
||||
json = target().path("/acl").request()
|
||||
target().path("/acl").request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
|
||||
.put(Entity.form(new Form()
|
||||
.param("source", document1Id)
|
||||
|
@ -87,7 +87,7 @@ public class TestDocumentResource extends BaseJerseyTest {
|
||||
Assert.assertNotNull(document2Id);
|
||||
|
||||
// Add a file
|
||||
String file1Id = null;
|
||||
String file1Id;
|
||||
try (InputStream is = Resources.getResource("file/Einstein-Roosevelt-letter.png").openStream()) {
|
||||
StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "Einstein-Roosevelt-letter.png");
|
||||
try (FormDataMultiPart multiPart = new FormDataMultiPart()) {
|
||||
@ -103,7 +103,7 @@ public class TestDocumentResource extends BaseJerseyTest {
|
||||
}
|
||||
|
||||
// Share this document
|
||||
json = target().path("/share").request()
|
||||
target().path("/share").request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, document1Token)
|
||||
.put(Entity.form(new Form().param("id", document1Id)), JsonObject.class);
|
||||
|
||||
@ -148,7 +148,7 @@ public class TestDocumentResource extends BaseJerseyTest {
|
||||
Assert.assertNotNull(document3Id);
|
||||
|
||||
// Add a file
|
||||
String file3Id = null;
|
||||
String file3Id;
|
||||
try (InputStream is = Resources.getResource("file/Einstein-Roosevelt-letter.png").openStream()) {
|
||||
StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "Einstein-Roosevelt-letter.png");
|
||||
try (FormDataMultiPart multiPart = new FormDataMultiPart()) {
|
||||
@ -393,7 +393,7 @@ public class TestDocumentResource extends BaseJerseyTest {
|
||||
Assert.assertNotNull(document1Id);
|
||||
|
||||
// Add a PDF file
|
||||
String file1Id = null;
|
||||
String file1Id;
|
||||
try (InputStream is = Resources.getResource("file/document.odt").openStream()) {
|
||||
StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "document.odt");
|
||||
try (FormDataMultiPart multiPart = new FormDataMultiPart()) {
|
||||
@ -452,7 +452,7 @@ public class TestDocumentResource extends BaseJerseyTest {
|
||||
Assert.assertNotNull(document1Id);
|
||||
|
||||
// Add a PDF file
|
||||
String file1Id = null;
|
||||
String file1Id;
|
||||
try (InputStream is = Resources.getResource("file/document.docx").openStream()) {
|
||||
StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "document.docx");
|
||||
try (FormDataMultiPart multiPart = new FormDataMultiPart()) {
|
||||
@ -511,7 +511,7 @@ public class TestDocumentResource extends BaseJerseyTest {
|
||||
Assert.assertNotNull(document1Id);
|
||||
|
||||
// Add a PDF file
|
||||
String file1Id = null;
|
||||
String file1Id;
|
||||
try (InputStream is = Resources.getResource("file/wikipedia.pdf").openStream()) {
|
||||
StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "wikipedia.pdf");
|
||||
try (FormDataMultiPart multiPart = new FormDataMultiPart()) {
|
||||
|
Loading…
Reference in New Issue
Block a user