#83: Handles tags as source ACL in GET /document/list

This commit is contained in:
jendib 2016-04-30 01:52:24 +02:00
parent 542ab737a2
commit 09a53d5c4e
5 changed files with 28 additions and 31 deletions

View File

@ -28,7 +28,6 @@ public class AclDao {
* @param acl ACL
* @param userId User ID
* @return New ID
* @throws Exception
*/
public String create(Acl acl, String userId) {
// Create the UUID
@ -82,7 +81,7 @@ public class AclDao {
List<Object[]> l = q.getResultList();
// Assemble results
List<AclDto> aclDtoList = new ArrayList<AclDto>();
List<AclDto> aclDtoList = new ArrayList<>();
for (Object[] o : l) {
int i = 0;
AclDto aclDto = new AclDto();
@ -92,7 +91,7 @@ public class AclDao {
String userName = (String) o[i++];
String shareId = (String) o[i++];
String shareName = (String) o[i++];
String groupName = (String) o[i++];
String groupName = (String) o[i];
if (userName != null) {
aclDto.setTargetName(userName);
aclDto.setTargetType(AclTargetType.USER.name());
@ -114,11 +113,12 @@ public class AclDao {
* Check if a source is accessible to a target.
*
* @param sourceId ACL source entity ID
* @parm perm Necessary permission
* @param targetId ACL target entity ID
* @param perm Necessary permission
* @param targetIdList List of targets
* @return True if the document is accessible
*/
public boolean checkPermission(String sourceId, PermType perm, List<String> targetIdList) {
// TODO Handle tags as source for ACL
EntityManager em = ThreadLocalContext.get().getEntityManager();
Query q = em.createQuery("select a from Acl a where a.sourceId = :sourceId and a.perm = :perm and a.targetId in (:targetIdList) and a.deleteDate is null");
q.setParameter("sourceId", sourceId);
@ -126,11 +126,7 @@ public class AclDao {
q.setParameter("targetIdList", targetIdList);
// We have a matching permission
if (q.getResultList().size() > 0) {
return true;
}
return false;
return q.getResultList().size() > 0;
}
/**

View File

@ -40,7 +40,6 @@ public class DocumentDao {
* @param document Document
* @param userId User ID
* @return New ID
* @throws Exception
*/
public String create(Document document, String userId) {
// Create the UUID
@ -87,10 +86,11 @@ public class DocumentDao {
*
* @param id Document ID
* @param perm Permission needed
* @param userId User ID
* @param targetIdList List of targets
* @return Document
*/
public DocumentDto getDocument(String id, PermType perm, List<String> targetIdList) {
// TODO Handle tags as source for ACL
EntityManager em = ThreadLocalContext.get().getEntityManager();
StringBuilder sb = new StringBuilder("select distinct d.DOC_ID_C, d.DOC_TITLE_C, d.DOC_DESCRIPTION_C, d.DOC_SUBJECT_C, d.DOC_IDENTIFIER_C, d.DOC_PUBLISHER_C, d.DOC_FORMAT_C, d.DOC_SOURCE_C, d.DOC_TYPE_C, d.DOC_COVERAGE_C, d.DOC_RIGHTS_C, d.DOC_CREATEDATE_D, d.DOC_LANGUAGE_C, ");
sb.append(" (select count(s.SHA_ID_C) from T_SHARE s, T_ACL ac where ac.ACL_SOURCEID_C = d.DOC_ID_C and ac.ACL_TARGETID_C = s.SHA_ID_C and ac.ACL_DELETEDATE_D is null and s.SHA_DELETEDATE_D is null), ");
@ -106,7 +106,7 @@ public class DocumentDao {
q.setParameter("perm", perm.name());
q.setParameter("targetIdList", targetIdList);
Object[] o = null;
Object[] o;
try {
o = (Object[]) q.getSingleResult();
} catch (NoResultException e) {
@ -130,7 +130,7 @@ public class DocumentDao {
documentDto.setLanguage((String) o[i++]);
documentDto.setShared(((Number) o[i++]).intValue() > 0);
documentDto.setFileCount(((Number) o[i++]).intValue());
documentDto.setCreator((String) o[i++]);
documentDto.setCreator((String) o[i]);
return documentDto;
}
@ -200,12 +200,11 @@ public class DocumentDao {
* @param paginatedList List of documents (updated by side effects)
* @param criteria Search criteria
* @param sortCriteria Sort criteria
* @return List of documents
* @throws Exception
*/
public void findByCriteria(PaginatedList<DocumentDto> paginatedList, DocumentCriteria criteria, SortCriteria sortCriteria) throws Exception {
Map<String, Object> parameterMap = new HashMap<String, Object>();
List<String> criteriaList = new ArrayList<String>();
Map<String, Object> parameterMap = new HashMap<>();
List<String> criteriaList = new ArrayList<>();
StringBuilder sb = new StringBuilder("select distinct d.DOC_ID_C c0, d.DOC_TITLE_C c1, d.DOC_DESCRIPTION_C c2, d.DOC_CREATEDATE_D c3, d.DOC_LANGUAGE_C c4, ");
sb.append(" (select count(s.SHA_ID_C) from T_SHARE s, T_ACL ac where ac.ACL_SOURCEID_C = d.DOC_ID_C and ac.ACL_TARGETID_C = s.SHA_ID_C and ac.ACL_DELETEDATE_D is null and s.SHA_DELETEDATE_D is null) c5, ");
@ -215,7 +214,9 @@ public class DocumentDao {
// Adds search criteria
if (criteria.getTargetIdList() != null) {
// Read permission is enough for searching
sb.append(" join T_ACL a on a.ACL_SOURCEID_C = d.DOC_ID_C and a.ACL_TARGETID_C in (:targetIdList) and a.ACL_PERM_C = 'READ' and a.ACL_DELETEDATE_D is null ");
sb.append(" left join T_ACL a on a.ACL_TARGETID_C in (:targetIdList) and a.ACL_SOURCEID_C = d.DOC_ID_C and a.ACL_PERM_C = 'READ' and a.ACL_DELETEDATE_D is null ");
sb.append(" left join T_ACL a2 on a2.ACL_TARGETID_C in (:targetIdList) and a2.ACL_SOURCEID_C in (select dta.DOT_IDTAG_C from T_DOCUMENT_TAG dta where dta.DOT_IDDOCUMENT_C = d.DOC_ID_C) and a2.ACL_PERM_C = 'READ' and a2.ACL_DELETEDATE_D is null ");
criteriaList.add("(a.ACL_ID_C is not null or a2.ACL_ID_C is not null)");
parameterMap.put("targetIdList", criteria.getTargetIdList());
}
if (!Strings.isNullOrEmpty(criteria.getSearch()) || !Strings.isNullOrEmpty(criteria.getFullSearch())) {
@ -239,7 +240,7 @@ public class DocumentDao {
if (criteria.getTagIdList() != null && !criteria.getTagIdList().isEmpty()) {
int index = 0;
for (String tagId : criteria.getTagIdList()) {
sb.append(" join T_DOCUMENT_TAG dt" + index + " on dt" + index + ".DOT_IDDOCUMENT_C = d.DOC_ID_C and dt" + index + ".DOT_IDTAG_C = :tagId" + index + " and dt" + index + ".DOT_DELETEDATE_D is null ");
sb.append(String.format(" join T_DOCUMENT_TAG dt%d on dt%d.DOT_IDDOCUMENT_C = d.DOC_ID_C and dt%d.DOT_IDTAG_C = :tagId%d and dt%d.DOT_DELETEDATE_D is null ", index, index, index, index, index));
parameterMap.put("tagId" + index, tagId);
index++;
}
@ -278,7 +279,7 @@ public class DocumentDao {
documentDto.setCreateTimestamp(((Timestamp) o[i++]).getTime());
documentDto.setLanguage((String) o[i++]);
documentDto.setShared(((Number) o[i++]).intValue() > 0);
documentDto.setFileCount(((Number) o[i++]).intValue());
documentDto.setFileCount(((Number) o[i]).intValue());
documentDtoList.add(documentDto);
}

View File

@ -48,7 +48,7 @@ public class AclResource extends BaseResource {
* @param sourceId Source ID
* @param permStr Permission
* @param targetName Target name
* @param type ACL type
* @param typeStr ACL type
* @return Response
*/
@PUT

View File

@ -71,7 +71,7 @@ public class TestAclResource extends BaseJerseyTest {
String acl2Id = json.getString("id");
// Add an ACL WRITE for acl2 with acl1
json = target().path("/acl").request()
target().path("/acl").request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
.put(Entity.form(new Form()
.param("source", document1Id)
@ -80,7 +80,7 @@ public class TestAclResource extends BaseJerseyTest {
.param("type", "USER")), JsonObject.class);
// Add an ACL WRITE for acl2 with acl1 (again)
json = target().path("/acl").request()
target().path("/acl").request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
.put(Entity.form(new Form()
.param("source", document1Id)
@ -99,7 +99,7 @@ public class TestAclResource extends BaseJerseyTest {
String aclGroup2Id = json.getString("id");
// Add an ACL WRITE for aclGroup2 with acl1
json = target().path("/acl").request()
target().path("/acl").request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
.put(Entity.form(new Form()
.param("source", document1Id)

View File

@ -87,7 +87,7 @@ public class TestDocumentResource extends BaseJerseyTest {
Assert.assertNotNull(document2Id);
// Add a file
String file1Id = null;
String file1Id;
try (InputStream is = Resources.getResource("file/Einstein-Roosevelt-letter.png").openStream()) {
StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "Einstein-Roosevelt-letter.png");
try (FormDataMultiPart multiPart = new FormDataMultiPart()) {
@ -103,7 +103,7 @@ public class TestDocumentResource extends BaseJerseyTest {
}
// Share this document
json = target().path("/share").request()
target().path("/share").request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, document1Token)
.put(Entity.form(new Form().param("id", document1Id)), JsonObject.class);
@ -148,7 +148,7 @@ public class TestDocumentResource extends BaseJerseyTest {
Assert.assertNotNull(document3Id);
// Add a file
String file3Id = null;
String file3Id;
try (InputStream is = Resources.getResource("file/Einstein-Roosevelt-letter.png").openStream()) {
StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "Einstein-Roosevelt-letter.png");
try (FormDataMultiPart multiPart = new FormDataMultiPart()) {
@ -393,7 +393,7 @@ public class TestDocumentResource extends BaseJerseyTest {
Assert.assertNotNull(document1Id);
// Add a PDF file
String file1Id = null;
String file1Id;
try (InputStream is = Resources.getResource("file/document.odt").openStream()) {
StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "document.odt");
try (FormDataMultiPart multiPart = new FormDataMultiPart()) {
@ -452,7 +452,7 @@ public class TestDocumentResource extends BaseJerseyTest {
Assert.assertNotNull(document1Id);
// Add a PDF file
String file1Id = null;
String file1Id;
try (InputStream is = Resources.getResource("file/document.docx").openStream()) {
StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "document.docx");
try (FormDataMultiPart multiPart = new FormDataMultiPart()) {
@ -511,7 +511,7 @@ public class TestDocumentResource extends BaseJerseyTest {
Assert.assertNotNull(document1Id);
// Add a PDF file
String file1Id = null;
String file1Id;
try (InputStream is = Resources.getResource("file/wikipedia.pdf").openStream()) {
StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "wikipedia.pdf");
try (FormDataMultiPart multiPart = new FormDataMultiPart()) {