#159: add temporary READ ACL for route step

This commit is contained in:
Benjamin Gamard 2018-02-01 11:48:02 +01:00
parent 503cfff82e
commit c9adff5a25
12 changed files with 106 additions and 30 deletions

View File

@ -0,0 +1,18 @@
package com.sismics.docs.core.constant;
/**
* ACL type.
*
* @author bgamard
*/
public enum AclType {
/**
* User created ACL.
*/
USER,
/**
* ACL created by the routing module.
*/
ROUTING
}

View File

@ -1,14 +1,7 @@
package com.sismics.docs.core.dao.jpa;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import javax.persistence.EntityManager;
import javax.persistence.Query;
import com.sismics.docs.core.constant.AclTargetType;
import com.sismics.docs.core.constant.AclType;
import com.sismics.docs.core.constant.AuditLogType;
import com.sismics.docs.core.constant.PermType;
import com.sismics.docs.core.dao.jpa.dto.AclDto;
@ -16,6 +9,13 @@ import com.sismics.docs.core.model.jpa.Acl;
import com.sismics.docs.core.util.AuditLogUtil;
import com.sismics.util.context.ThreadLocalContext;
import javax.persistence.EntityManager;
import javax.persistence.Query;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.UUID;
/**
* ACL DAO.
*
@ -65,7 +65,7 @@ public class AclDao {
* @return ACL DTO list
*/
@SuppressWarnings("unchecked")
public List<AclDto> getBySourceId(String sourceId) {
public List<AclDto> getBySourceId(String sourceId, AclType type) {
EntityManager em = ThreadLocalContext.get().getEntityManager();
StringBuilder sb = new StringBuilder("select a.ACL_ID_C, a.ACL_PERM_C, a.ACL_TARGETID_C, ");
sb.append(" u.USE_USERNAME_C, s.SHA_ID_C, s.SHA_NAME_C, g.GRP_NAME_C ");
@ -73,11 +73,12 @@ public class AclDao {
sb.append(" left join T_USER u on u.USE_ID_C = a.ACL_TARGETID_C ");
sb.append(" left join T_SHARE s on s.SHA_ID_C = a.ACL_TARGETID_C ");
sb.append(" left join T_GROUP g on g.GRP_ID_C = a.ACL_TARGETID_C ");
sb.append(" where a.ACL_DELETEDATE_D is null and a.ACL_SOURCEID_C = :sourceId ");
sb.append(" where a.ACL_DELETEDATE_D is null and a.ACL_SOURCEID_C = :sourceId and a.ACL_TYPE_C = :type ");
// Perform the query
Query q = em.createNativeQuery(sb.toString());
q.setParameter("sourceId", sourceId);
q.setParameter("type", type.name());
List<Object[]> l = q.getResultList();
// Assemble results
@ -141,26 +142,29 @@ public class AclDao {
* @param perm Permission
* @param targetId Target ID
* @param userId User ID
* @param type Type
*/
@SuppressWarnings("unchecked")
public void delete(String sourceId, PermType perm, String targetId, String userId) {
public void delete(String sourceId, PermType perm, String targetId, String userId, AclType type) {
EntityManager em = ThreadLocalContext.get().getEntityManager();
// Create audit log
Query q = em.createQuery("from Acl a where a.sourceId = :sourceId and a.perm = :perm and a.targetId = :targetId");
Query q = em.createQuery("from Acl a where a.sourceId = :sourceId and a.perm = :perm and a.targetId = :targetId and a.type = :type");
q.setParameter("sourceId", sourceId);
q.setParameter("perm", perm);
q.setParameter("targetId", targetId);
q.setParameter("type", type);
List<Acl> aclList = q.getResultList();
for (Acl acl : aclList) {
AuditLogUtil.create(acl, AuditLogType.DELETE, userId);
}
// Soft delete the ACLs
q = em.createQuery("update Acl a set a.deleteDate = :dateNow where a.sourceId = :sourceId and a.perm = :perm and a.targetId = :targetId");
q = em.createQuery("update Acl a set a.deleteDate = :dateNow where a.sourceId = :sourceId and a.perm = :perm and a.targetId = :targetId and a.type = :type");
q.setParameter("sourceId", sourceId);
q.setParameter("perm", perm);
q.setParameter("targetId", targetId);
q.setParameter("type", type);
q.setParameter("dateNow", new Date());
q.executeUpdate();
}

View File

@ -1,6 +1,7 @@
package com.sismics.docs.core.model.jpa;
import com.google.common.base.MoreObjects;
import com.sismics.docs.core.constant.AclType;
import com.sismics.docs.core.constant.PermType;
import javax.persistence.*;
@ -28,7 +29,12 @@ public class Acl implements Loggable {
@Enumerated(EnumType.STRING)
private PermType perm;
// TODO Add ACL type enum: USER, ROUTING
/**
* ACL type.
*/
@Column(name = "ACL_TYPE_C", length = 30, nullable = false)
@Enumerated(EnumType.STRING)
private AclType type;
/**
* ACL source ID.
@ -80,6 +86,15 @@ public class Acl implements Loggable {
this.targetId = targetId;
}
public AclType getType() {
return type;
}
public Acl setType(AclType type) {
this.type = type;
return this;
}
@Override
public Date getDeleteDate() {
return deleteDate;
@ -96,6 +111,7 @@ public class Acl implements Loggable {
.add("perm", perm)
.add("sourceId", sourceId)
.add("targetId", targetId)
.add("type", type)
.toString();
}

View File

@ -1,7 +1,11 @@
package com.sismics.docs.core.util;
import com.sismics.docs.core.constant.AclType;
import com.sismics.docs.core.constant.PermType;
import com.sismics.docs.core.dao.jpa.AclDao;
import com.sismics.docs.core.dao.jpa.RouteDao;
import com.sismics.docs.core.dao.jpa.RouteStepDao;
import com.sismics.docs.core.model.jpa.Acl;
import com.sismics.docs.core.model.jpa.Route;
import com.sismics.docs.core.model.jpa.RouteStep;
@ -38,4 +42,29 @@ public class RoutingUtil {
return null;
}
/**
* Update routing ACLs according to the current route step.
*
* @param sourceId Source ID
* @param currentStep Current route step
* @param previousStep Previous route step
* @param userId User ID
*/
public static void updateAcl(String sourceId, RouteStep currentStep, RouteStep previousStep, String userId) {
AclDao aclDao = new AclDao();
if (previousStep != null) {
// Remove the previous ACL
aclDao.delete(sourceId, PermType.READ, previousStep.getTargetId(), userId, AclType.ROUTING);
}
// Create a temporary READ ACL
Acl acl = new Acl();
acl.setPerm(PermType.READ);
acl.setType(AclType.ROUTING);
acl.setSourceId(sourceId);
acl.setTargetId(currentStep.getTargetId());
aclDao.create(acl, userId);
}
}

View File

@ -1,6 +1,7 @@
create table T_ROUTE_MODEL ( RTM_ID_C varchar(36) not null, RTM_NAME_C varchar(50) not null, RTM_STEPS_C varchar(5000) not null, RTM_CREATEDATE_D datetime not null, RTM_DELETEDATE_D datetime, primary key (RTM_ID_C) );
create cached table T_ROUTE ( RTE_ID_C varchar(36) not null, RTE_IDDOCUMENT_C varchar(36) not null, RTE_NAME_C varchar(50) not null, RTE_CREATEDATE_D datetime not null, RTE_DELETEDATE_D datetime, primary key (RTE_ID_C) );
create cached table T_ROUTE_STEP ( RTP_ID_C varchar(36) not null, RTP_IDROUTE_C varchar(36) not null, RTP_NAME_C varchar(200) not null, RTP_TYPE_C varchar(50) not null, RTP_TRANSITION_C varchar(50), RTP_COMMENT_C varchar(500), RTP_IDTARGET_C varchar(36) not null, RTP_ORDER_N int not null, RTP_CREATEDATE_D datetime not null, RTP_ENDDATE_D datetime, RTP_DELETEDATE_D datetime, primary key (RTP_ID_C) );;
create cached table T_ROUTE_STEP ( RTP_ID_C varchar(36) not null, RTP_IDROUTE_C varchar(36) not null, RTP_NAME_C varchar(200) not null, RTP_TYPE_C varchar(50) not null, RTP_TRANSITION_C varchar(50), RTP_COMMENT_C varchar(500), RTP_IDTARGET_C varchar(36) not null, RTP_ORDER_N int not null, RTP_CREATEDATE_D datetime not null, RTP_ENDDATE_D datetime, RTP_DELETEDATE_D datetime, primary key (RTP_ID_C) );
alter table T_ACL add column ACL_TYPE_C varchar(30) not null default 'USER';
alter table T_ROUTE add constraint FK_RTE_IDDOCUMENT_C foreign key (RTE_IDDOCUMENT_C) references T_DOCUMENT (DOC_ID_C) on delete restrict on update restrict;
alter table T_ROUTE_STEP add constraint FK_RTP_IDROUTE_C foreign key (RTP_IDROUTE_C) references T_ROUTE (RTE_ID_C) on delete restrict on update restrict;

View File

@ -1,5 +1,6 @@
package com.sismics.rest.util;
import com.sismics.docs.core.constant.AclType;
import com.sismics.docs.core.constant.PermType;
import com.sismics.docs.core.dao.jpa.AclDao;
import com.sismics.docs.core.dao.jpa.dto.AclDto;
@ -24,7 +25,7 @@ public class AclUtil {
*/
public static void addAcls(JsonObjectBuilder json, String sourceId, List<String> targetIdList) {
AclDao aclDao = new AclDao();
List<AclDto> aclDtoList = aclDao.getBySourceId(sourceId);
List<AclDto> aclDtoList = aclDao.getBySourceId(sourceId, AclType.USER);
JsonArrayBuilder aclList = Json.createArrayBuilder();
for (AclDto aclDto : aclDtoList) {
aclList.add(Json.createObjectBuilder()

View File

@ -2,6 +2,7 @@ package com.sismics.docs.rest.resource;
import com.google.common.collect.Lists;
import com.sismics.docs.core.constant.AclTargetType;
import com.sismics.docs.core.constant.AclType;
import com.sismics.docs.core.constant.PermType;
import com.sismics.docs.core.dao.jpa.*;
import com.sismics.docs.core.dao.jpa.criteria.GroupCriteria;
@ -90,6 +91,7 @@ public class AclResource extends BaseResource {
acl.setSourceId(sourceId);
acl.setPerm(perm);
acl.setTargetId(targetId);
acl.setType(AclType.USER);
// Avoid duplicates
if (!aclDao.checkPermission(acl.getSourceId(), acl.getPerm(), Lists.newArrayList(acl.getTargetId()))) {
@ -164,7 +166,7 @@ public class AclResource extends BaseResource {
}
// Delete the ACL
aclDao.delete(sourceId, perm, targetId, principal.getId());
aclDao.delete(sourceId, perm, targetId, principal.getId(), AclType.USER);
// Always return OK
JsonObjectBuilder response = Json.createObjectBuilder()

View File

@ -2,6 +2,7 @@ package com.sismics.docs.rest.resource;
import com.google.common.base.Joiner;
import com.google.common.base.Strings;
import com.sismics.docs.core.constant.AclType;
import com.sismics.docs.core.constant.Constants;
import com.sismics.docs.core.constant.PermType;
import com.sismics.docs.core.dao.jpa.*;
@ -173,7 +174,7 @@ public class DocumentResource extends BaseResource {
JsonArrayBuilder aclList = Json.createArrayBuilder();
for (TagDto tagDto : tagDtoList) {
AclDao aclDao = new AclDao();
List<AclDto> aclDtoList = aclDao.getBySourceId(tagDto.getId());
List<AclDto> aclDtoList = aclDao.getBySourceId(tagDto.getId(), AclType.USER);
for (AclDto aclDto : aclDtoList) {
aclList.add(Json.createObjectBuilder()
.add("perm", aclDto.getPerm().name())
@ -618,6 +619,7 @@ public class DocumentResource extends BaseResource {
AclDao aclDao = new AclDao();
Acl acl = new Acl();
acl.setPerm(PermType.READ);
acl.setType(AclType.USER);
acl.setSourceId(documentId);
acl.setTargetId(principal.getId());
aclDao.create(acl, principal.getId());
@ -625,6 +627,7 @@ public class DocumentResource extends BaseResource {
// Create write ACL
acl = new Acl();
acl.setPerm(PermType.WRITE);
acl.setType(AclType.USER);
acl.setSourceId(documentId);
acl.setTargetId(principal.getId());
aclDao.create(acl, principal.getId());

View File

@ -10,6 +10,7 @@ import com.sismics.docs.core.dao.jpa.RouteStepDao;
import com.sismics.docs.core.model.jpa.Route;
import com.sismics.docs.core.model.jpa.RouteModel;
import com.sismics.docs.core.model.jpa.RouteStep;
import com.sismics.docs.core.util.RoutingUtil;
import com.sismics.docs.core.util.SecurityUtil;
import com.sismics.rest.exception.ClientException;
import com.sismics.rest.exception.ForbiddenClientException;
@ -97,6 +98,12 @@ public class RouteResource extends BaseResource {
}
routeStepDao.create(routeStep);
if (i == 0) {
// Initialize ACL on the first step
RoutingUtil.updateAcl(documentId, routeStep, null, principal.getId());
// TODO Send an email to the targetId users
}
}
}

View File

@ -2,6 +2,7 @@ package com.sismics.docs.rest.resource;
import com.sismics.docs.core.constant.AclTargetType;
import com.sismics.docs.core.constant.AclType;
import com.sismics.docs.core.constant.PermType;
import com.sismics.docs.core.dao.jpa.AclDao;
import com.sismics.docs.core.dao.jpa.ShareDao;
@ -76,6 +77,7 @@ public class ShareResource extends BaseResource {
Acl acl = new Acl();
acl.setSourceId(documentId);
acl.setPerm(PermType.READ);
acl.setType(AclType.USER);
acl.setTargetId(share.getId());
aclDao.create(acl, principal.getId());

View File

@ -1,6 +1,7 @@
package com.sismics.docs.rest.resource;
import com.google.common.collect.Sets;
import com.sismics.docs.core.constant.AclType;
import com.sismics.docs.core.constant.PermType;
import com.sismics.docs.core.dao.jpa.AclDao;
import com.sismics.docs.core.dao.jpa.TagDao;
@ -205,6 +206,7 @@ public class TagResource extends BaseResource {
AclDao aclDao = new AclDao();
Acl acl = new Acl();
acl.setPerm(PermType.READ);
acl.setType(AclType.USER);
acl.setSourceId(id);
acl.setTargetId(principal.getId());
aclDao.create(acl, principal.getId());
@ -212,6 +214,7 @@ public class TagResource extends BaseResource {
// Create write ACL
acl = new Acl();
acl.setPerm(PermType.WRITE);
acl.setType(AclType.USER);
acl.setSourceId(id);
acl.setTargetId(principal.getId());
aclDao.create(acl, principal.getId());

View File

@ -57,16 +57,6 @@ public class TestRouteResource extends BaseJerseyTest {
.param("documentId", document1Id)
.param("routeModelId", routeModels.getJsonObject(0).getString("id"))), JsonObject.class);
// Add an ACL READ for admin with route1
// TODO Remove me when ACLs are automatically added on route step targets
target().path("/acl").request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, route1Token)
.put(Entity.form(new Form()
.param("source", document1Id)
.param("perm", "READ")
.param("target", "admin")
.param("type", "USER")), JsonObject.class);
// Get document 1 as route1
json = target().path("/document/" + document1Id).request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, route1Token)