mirror of
https://github.com/sismics/docs.git
synced 2024-11-22 14:07:55 +01:00
#18: ACL check for groups
This commit is contained in:
parent
6012cdd9a5
commit
de3f055323
@ -105,12 +105,12 @@ public class AclDao {
|
|||||||
* @param targetId ACL target entity ID
|
* @param targetId ACL target entity ID
|
||||||
* @return True if the document is accessible
|
* @return True if the document is accessible
|
||||||
*/
|
*/
|
||||||
public boolean checkPermission(String sourceId, PermType perm, String targetId) {
|
public boolean checkPermission(String sourceId, PermType perm, List<String> targetIdList) {
|
||||||
EntityManager em = ThreadLocalContext.get().getEntityManager();
|
EntityManager em = ThreadLocalContext.get().getEntityManager();
|
||||||
Query q = em.createQuery("select a from Acl a where a.sourceId = :sourceId and a.perm = :perm and a.targetId = :targetId and a.deleteDate is null");
|
Query q = em.createQuery("select a from Acl a where a.sourceId = :sourceId and a.perm = :perm and a.targetId in (:targetIdList) and a.deleteDate is null");
|
||||||
q.setParameter("sourceId", sourceId);
|
q.setParameter("sourceId", sourceId);
|
||||||
q.setParameter("perm", perm);
|
q.setParameter("perm", perm);
|
||||||
q.setParameter("targetId", targetId);
|
q.setParameter("targetIdList", targetIdList);
|
||||||
|
|
||||||
// We have a matching permission
|
// We have a matching permission
|
||||||
if (q.getResultList().size() > 0) {
|
if (q.getResultList().size() > 0) {
|
||||||
|
@ -90,20 +90,20 @@ public class DocumentDao {
|
|||||||
* @param userId User ID
|
* @param userId User ID
|
||||||
* @return Document
|
* @return Document
|
||||||
*/
|
*/
|
||||||
public DocumentDto getDocument(String id, PermType perm, String userId) {
|
public DocumentDto getDocument(String id, PermType perm, List<String> targetIdList) {
|
||||||
EntityManager em = ThreadLocalContext.get().getEntityManager();
|
EntityManager em = ThreadLocalContext.get().getEntityManager();
|
||||||
StringBuilder sb = new StringBuilder("select d.DOC_ID_C, d.DOC_TITLE_C, d.DOC_DESCRIPTION_C, d.DOC_SUBJECT_C, d.DOC_IDENTIFIER_C, d.DOC_PUBLISHER_C, d.DOC_FORMAT_C, d.DOC_SOURCE_C, d.DOC_TYPE_C, d.DOC_COVERAGE_C, d.DOC_RIGHTS_C, d.DOC_CREATEDATE_D, d.DOC_LANGUAGE_C, ");
|
StringBuilder sb = new StringBuilder("select d.DOC_ID_C, d.DOC_TITLE_C, d.DOC_DESCRIPTION_C, d.DOC_SUBJECT_C, d.DOC_IDENTIFIER_C, d.DOC_PUBLISHER_C, d.DOC_FORMAT_C, d.DOC_SOURCE_C, d.DOC_TYPE_C, d.DOC_COVERAGE_C, d.DOC_RIGHTS_C, d.DOC_CREATEDATE_D, d.DOC_LANGUAGE_C, ");
|
||||||
sb.append(" (select count(s.SHA_ID_C) from T_SHARE s, T_ACL ac where ac.ACL_SOURCEID_C = d.DOC_ID_C and ac.ACL_TARGETID_C = s.SHA_ID_C and ac.ACL_DELETEDATE_D is null and s.SHA_DELETEDATE_D is null), ");
|
sb.append(" (select count(s.SHA_ID_C) from T_SHARE s, T_ACL ac where ac.ACL_SOURCEID_C = d.DOC_ID_C and ac.ACL_TARGETID_C = s.SHA_ID_C and ac.ACL_DELETEDATE_D is null and s.SHA_DELETEDATE_D is null), ");
|
||||||
sb.append(" (select count(f.FIL_ID_C) from T_FILE f where f.FIL_DELETEDATE_D is null and f.FIL_IDDOC_C = d.DOC_ID_C), ");
|
sb.append(" (select count(f.FIL_ID_C) from T_FILE f where f.FIL_DELETEDATE_D is null and f.FIL_IDDOC_C = d.DOC_ID_C), ");
|
||||||
sb.append(" u.USE_USERNAME_C ");
|
sb.append(" u.USE_USERNAME_C ");
|
||||||
sb.append(" from T_DOCUMENT d, T_USER u ");
|
sb.append(" from T_DOCUMENT d, T_USER u ");
|
||||||
sb.append(" join T_ACL a on a.ACL_SOURCEID_C = d.DOC_ID_C and a.ACL_TARGETID_C = :userId and a.ACL_PERM_C = :perm and a.ACL_DELETEDATE_D is null ");
|
sb.append(" join T_ACL a on a.ACL_SOURCEID_C = d.DOC_ID_C and a.ACL_TARGETID_C in (:targetIdList) and a.ACL_PERM_C = :perm and a.ACL_DELETEDATE_D is null ");
|
||||||
sb.append(" where d.DOC_IDUSER_C = u.USE_ID_C and d.DOC_ID_C = :id and d.DOC_DELETEDATE_D is null ");
|
sb.append(" where d.DOC_IDUSER_C = u.USE_ID_C and d.DOC_ID_C = :id and d.DOC_DELETEDATE_D is null ");
|
||||||
|
|
||||||
Query q = em.createNativeQuery(sb.toString());
|
Query q = em.createNativeQuery(sb.toString());
|
||||||
q.setParameter("id", id);
|
q.setParameter("id", id);
|
||||||
q.setParameter("perm", perm.name());
|
q.setParameter("perm", perm.name());
|
||||||
q.setParameter("userId", userId);
|
q.setParameter("targetIdList", targetIdList);
|
||||||
|
|
||||||
Object[] o = null;
|
Object[] o = null;
|
||||||
try {
|
try {
|
||||||
@ -212,10 +212,10 @@ public class DocumentDao {
|
|||||||
sb.append(" from T_DOCUMENT d ");
|
sb.append(" from T_DOCUMENT d ");
|
||||||
|
|
||||||
// Adds search criteria
|
// Adds search criteria
|
||||||
if (criteria.getUserId() != null) {
|
if (criteria.getTargetIdList() != null) {
|
||||||
// Read permission is enough for searching
|
// Read permission is enough for searching
|
||||||
sb.append(" join T_ACL a on a.ACL_SOURCEID_C = d.DOC_ID_C and a.ACL_TARGETID_C = :userId and a.ACL_PERM_C = 'READ' and a.ACL_DELETEDATE_D is null ");
|
sb.append(" join T_ACL a on a.ACL_SOURCEID_C = d.DOC_ID_C and a.ACL_TARGETID_C in (:targetIdList) and a.ACL_PERM_C = 'READ' and a.ACL_DELETEDATE_D is null ");
|
||||||
parameterMap.put("userId", criteria.getUserId());
|
parameterMap.put("targetIdList", criteria.getTargetIdList());
|
||||||
}
|
}
|
||||||
if (!Strings.isNullOrEmpty(criteria.getSearch()) || !Strings.isNullOrEmpty(criteria.getFullSearch())) {
|
if (!Strings.isNullOrEmpty(criteria.getSearch()) || !Strings.isNullOrEmpty(criteria.getFullSearch())) {
|
||||||
LuceneDao luceneDao = new LuceneDao();
|
LuceneDao luceneDao = new LuceneDao();
|
||||||
|
@ -11,9 +11,9 @@ import java.util.List;
|
|||||||
*/
|
*/
|
||||||
public class DocumentCriteria {
|
public class DocumentCriteria {
|
||||||
/**
|
/**
|
||||||
* User ID.
|
* ACL target ID list.
|
||||||
*/
|
*/
|
||||||
private String userId;
|
private List<String> targetIdList;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Search query.
|
* Search query.
|
||||||
@ -55,12 +55,12 @@ public class DocumentCriteria {
|
|||||||
*/
|
*/
|
||||||
private String creatorId;
|
private String creatorId;
|
||||||
|
|
||||||
public String getUserId() {
|
public List<String> getTargetIdList() {
|
||||||
return userId;
|
return targetIdList;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setUserId(String userId) {
|
public void setTargetIdList(List<String> targetIdList) {
|
||||||
this.userId = userId;
|
this.targetIdList = targetIdList;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getSearch() {
|
public String getSearch() {
|
||||||
|
@ -1,7 +1,11 @@
|
|||||||
package com.sismics.security;
|
package com.sismics.security;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
import org.joda.time.DateTimeZone;
|
import org.joda.time.DateTimeZone;
|
||||||
|
|
||||||
|
import com.google.common.collect.Lists;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Anonymous principal.
|
* Anonymous principal.
|
||||||
*
|
*
|
||||||
@ -47,12 +51,12 @@ public class AnonymousPrincipal implements IPrincipal {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Setter of dateTimeZone.
|
|
||||||
*
|
|
||||||
* @param dateTimeZone dateTimeZone
|
|
||||||
*/
|
|
||||||
public void setDateTimeZone(DateTimeZone dateTimeZone) {
|
public void setDateTimeZone(DateTimeZone dateTimeZone) {
|
||||||
this.dateTimeZone = dateTimeZone;
|
this.dateTimeZone = dateTimeZone;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<String> getGroupIdList() {
|
||||||
|
return Lists.newArrayList();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
package com.sismics.security;
|
package com.sismics.security;
|
||||||
|
|
||||||
import java.security.Principal;
|
import java.security.Principal;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
import org.joda.time.DateTimeZone;
|
import org.joda.time.DateTimeZone;
|
||||||
|
|
||||||
@ -24,6 +25,14 @@ public interface IPrincipal extends Principal {
|
|||||||
*/
|
*/
|
||||||
public String getId();
|
public String getId();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the list of group ID of the connected user,
|
||||||
|
* or an empty list if the user is anonymous.
|
||||||
|
*
|
||||||
|
* @return List of group ID
|
||||||
|
*/
|
||||||
|
public List<String> getGroupIdList();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the timezone of the principal.
|
* Returns the timezone of the principal.
|
||||||
*
|
*
|
||||||
|
@ -1,9 +1,12 @@
|
|||||||
package com.sismics.security;
|
package com.sismics.security;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
import org.joda.time.DateTimeZone;
|
import org.joda.time.DateTimeZone;
|
||||||
|
|
||||||
|
import jersey.repackaged.com.google.common.collect.Lists;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Authenticated users principal.
|
* Authenticated users principal.
|
||||||
*
|
*
|
||||||
@ -56,11 +59,6 @@ public class UserPrincipal implements IPrincipal {
|
|||||||
return id;
|
return id;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Setter of id.
|
|
||||||
*
|
|
||||||
* @param id id
|
|
||||||
*/
|
|
||||||
public void setId(String id) {
|
public void setId(String id) {
|
||||||
this.id = id;
|
this.id = id;
|
||||||
}
|
}
|
||||||
@ -70,11 +68,6 @@ public class UserPrincipal implements IPrincipal {
|
|||||||
return name;
|
return name;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Setter of name.
|
|
||||||
*
|
|
||||||
* @param name name
|
|
||||||
*/
|
|
||||||
public void setName(String name) {
|
public void setName(String name) {
|
||||||
this.name = name;
|
this.name = name;
|
||||||
}
|
}
|
||||||
@ -84,11 +77,6 @@ public class UserPrincipal implements IPrincipal {
|
|||||||
return dateTimeZone;
|
return dateTimeZone;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Setter of dateTimeZone.
|
|
||||||
*
|
|
||||||
* @param dateTimeZone dateTimeZone
|
|
||||||
*/
|
|
||||||
public void setDateTimeZone(DateTimeZone dateTimeZone) {
|
public void setDateTimeZone(DateTimeZone dateTimeZone) {
|
||||||
this.dateTimeZone = dateTimeZone;
|
this.dateTimeZone = dateTimeZone;
|
||||||
}
|
}
|
||||||
@ -98,31 +86,21 @@ public class UserPrincipal implements IPrincipal {
|
|||||||
return email;
|
return email;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Setter of email.
|
|
||||||
*
|
|
||||||
* @param email email
|
|
||||||
*/
|
|
||||||
public void setEmail(String email) {
|
public void setEmail(String email) {
|
||||||
this.email = email;
|
this.email = email;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Getter of baseFunctionSet.
|
|
||||||
*
|
|
||||||
* @return baseFunctionSet
|
|
||||||
*/
|
|
||||||
public Set<String> getBaseFunctionSet() {
|
public Set<String> getBaseFunctionSet() {
|
||||||
return baseFunctionSet;
|
return baseFunctionSet;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Setter of baseFunctionSet.
|
|
||||||
*
|
|
||||||
* @param baseFunctionSet baseFunctionSet
|
|
||||||
*/
|
|
||||||
public void setBaseFunctionSet(Set<String> baseFunctionSet) {
|
public void setBaseFunctionSet(Set<String> baseFunctionSet) {
|
||||||
this.baseFunctionSet = baseFunctionSet;
|
this.baseFunctionSet = baseFunctionSet;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<String> getGroupIdList() {
|
||||||
|
// TODO Real groups
|
||||||
|
return Lists.newArrayList("members");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -14,6 +14,7 @@ import javax.ws.rs.PathParam;
|
|||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
|
import com.google.common.collect.Lists;
|
||||||
import com.sismics.docs.core.constant.AclTargetType;
|
import com.sismics.docs.core.constant.AclTargetType;
|
||||||
import com.sismics.docs.core.constant.PermType;
|
import com.sismics.docs.core.constant.PermType;
|
||||||
import com.sismics.docs.core.dao.jpa.AclDao;
|
import com.sismics.docs.core.dao.jpa.AclDao;
|
||||||
@ -51,6 +52,7 @@ public class AclResource extends BaseResource {
|
|||||||
throw new ForbiddenClientException();
|
throw new ForbiddenClientException();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO Allow group input
|
||||||
// Validate input
|
// Validate input
|
||||||
ValidationUtil.validateRequired(sourceId, "source");
|
ValidationUtil.validateRequired(sourceId, "source");
|
||||||
PermType perm = PermType.valueOf(ValidationUtil.validateLength(permStr, "perm", 1, 30, false));
|
PermType perm = PermType.valueOf(ValidationUtil.validateLength(permStr, "perm", 1, 30, false));
|
||||||
@ -65,7 +67,7 @@ public class AclResource extends BaseResource {
|
|||||||
|
|
||||||
// Check permission on the source by the principal
|
// Check permission on the source by the principal
|
||||||
AclDao aclDao = new AclDao();
|
AclDao aclDao = new AclDao();
|
||||||
if (!aclDao.checkPermission(sourceId, PermType.WRITE, principal.getId())) {
|
if (!aclDao.checkPermission(sourceId, PermType.WRITE, getTargetIdList(null))) {
|
||||||
throw new ForbiddenClientException();
|
throw new ForbiddenClientException();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -76,7 +78,7 @@ public class AclResource extends BaseResource {
|
|||||||
acl.setTargetId(user.getId());
|
acl.setTargetId(user.getId());
|
||||||
|
|
||||||
// Avoid duplicates
|
// Avoid duplicates
|
||||||
if (!aclDao.checkPermission(acl.getSourceId(), acl.getPerm(), acl.getTargetId())) {
|
if (!aclDao.checkPermission(acl.getSourceId(), acl.getPerm(), Lists.newArrayList(acl.getTargetId()))) {
|
||||||
aclDao.create(acl, principal.getId());
|
aclDao.create(acl, principal.getId());
|
||||||
|
|
||||||
// Returns the ACL
|
// Returns the ACL
|
||||||
@ -114,7 +116,7 @@ public class AclResource extends BaseResource {
|
|||||||
|
|
||||||
// Check permission on the source by the principal
|
// Check permission on the source by the principal
|
||||||
AclDao aclDao = new AclDao();
|
AclDao aclDao = new AclDao();
|
||||||
if (!aclDao.checkPermission(sourceId, PermType.WRITE, principal.getId())) {
|
if (!aclDao.checkPermission(sourceId, PermType.WRITE, getTargetIdList(null))) {
|
||||||
throw new ForbiddenClientException();
|
throw new ForbiddenClientException();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -163,6 +165,8 @@ public class AclResource extends BaseResource {
|
|||||||
.add("username", userDto.getUsername()));
|
.add("username", userDto.getUsername()));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO Returns groups too
|
||||||
|
|
||||||
JsonObjectBuilder response = Json.createObjectBuilder()
|
JsonObjectBuilder response = Json.createObjectBuilder()
|
||||||
.add("users", users);
|
.add("users", users);
|
||||||
return Response.ok().entity(response.build()).build();
|
return Response.ok().entity(response.build()).build();
|
||||||
|
@ -49,7 +49,7 @@ public class AuditLogResource extends BaseResource {
|
|||||||
} else {
|
} else {
|
||||||
// Check ACL on the document
|
// Check ACL on the document
|
||||||
AclDao aclDao = new AclDao();
|
AclDao aclDao = new AclDao();
|
||||||
if (!aclDao.checkPermission(documentId, PermType.READ, principal.getId())) {
|
if (!aclDao.checkPermission(documentId, PermType.READ, getTargetIdList(null))) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
criteria.setDocumentId(documentId);
|
criteria.setDocumentId(documentId);
|
||||||
|
@ -1,12 +1,14 @@
|
|||||||
package com.sismics.docs.rest.resource;
|
package com.sismics.docs.rest.resource;
|
||||||
|
|
||||||
import java.security.Principal;
|
import java.security.Principal;
|
||||||
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.core.Context;
|
import javax.ws.rs.core.Context;
|
||||||
|
|
||||||
|
import com.google.common.collect.Lists;
|
||||||
import com.sismics.docs.rest.constant.BaseFunction;
|
import com.sismics.docs.rest.constant.BaseFunction;
|
||||||
import com.sismics.rest.exception.ForbiddenClientException;
|
import com.sismics.rest.exception.ForbiddenClientException;
|
||||||
import com.sismics.security.IPrincipal;
|
import com.sismics.security.IPrincipal;
|
||||||
@ -77,4 +79,21 @@ public abstract class BaseResource {
|
|||||||
Set<String> baseFunctionSet = ((UserPrincipal) principal).getBaseFunctionSet();
|
Set<String> baseFunctionSet = ((UserPrincipal) principal).getBaseFunctionSet();
|
||||||
return baseFunctionSet != null && baseFunctionSet.contains(baseFunction.name());
|
return baseFunctionSet != null && baseFunctionSet.contains(baseFunction.name());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a list of ACL target ID.
|
||||||
|
*
|
||||||
|
* @param shareId Share ID (optional)
|
||||||
|
* @return List of ACL target ID
|
||||||
|
*/
|
||||||
|
protected List<String> getTargetIdList(String shareId) {
|
||||||
|
List<String> targetIdList = Lists.newArrayList(principal.getGroupIdList());
|
||||||
|
if (principal.getId() != null) {
|
||||||
|
targetIdList.add(principal.getId());
|
||||||
|
}
|
||||||
|
if (shareId != null) {
|
||||||
|
targetIdList.add(shareId);
|
||||||
|
}
|
||||||
|
return targetIdList;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -51,7 +51,7 @@ public class CommentResource extends BaseResource {
|
|||||||
|
|
||||||
// Read access on doc gives access to write comments
|
// Read access on doc gives access to write comments
|
||||||
DocumentDao documentDao = new DocumentDao();
|
DocumentDao documentDao = new DocumentDao();
|
||||||
if (documentDao.getDocument(documentId, PermType.READ, principal.getId()) == null) {
|
if (documentDao.getDocument(documentId, PermType.READ, getTargetIdList(null)) == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -97,7 +97,7 @@ public class CommentResource extends BaseResource {
|
|||||||
if (!comment.getUserId().equals(principal.getId())) {
|
if (!comment.getUserId().equals(principal.getId())) {
|
||||||
// Get the associated document
|
// Get the associated document
|
||||||
DocumentDao documentDao = new DocumentDao();
|
DocumentDao documentDao = new DocumentDao();
|
||||||
if (documentDao.getDocument(comment.getDocumentId(), PermType.WRITE, principal.getId()) == null) {
|
if (documentDao.getDocument(comment.getDocumentId(), PermType.WRITE, getTargetIdList(null)) == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -125,7 +125,7 @@ public class CommentResource extends BaseResource {
|
|||||||
|
|
||||||
// Read access on doc gives access to read comments
|
// Read access on doc gives access to read comments
|
||||||
DocumentDao documentDao = new DocumentDao();
|
DocumentDao documentDao = new DocumentDao();
|
||||||
if (documentDao.getDocument(documentId, PermType.READ, shareId == null ? principal.getId() : shareId) == null) {
|
if (documentDao.getDocument(documentId, PermType.READ, getTargetIdList(shareId)) == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -94,7 +94,7 @@ public class DocumentResource extends BaseResource {
|
|||||||
|
|
||||||
DocumentDao documentDao = new DocumentDao();
|
DocumentDao documentDao = new DocumentDao();
|
||||||
AclDao aclDao = new AclDao();
|
AclDao aclDao = new AclDao();
|
||||||
DocumentDto documentDto = documentDao.getDocument(documentId, PermType.READ, shareId == null ? principal.getId() : shareId);
|
DocumentDto documentDto = documentDao.getDocument(documentId, PermType.READ, getTargetIdList(shareId));
|
||||||
if (documentDto == null) {
|
if (documentDto == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
@ -148,7 +148,8 @@ public class DocumentResource extends BaseResource {
|
|||||||
.add("type", aclDto.getTargetType()));
|
.add("type", aclDto.getTargetType()));
|
||||||
|
|
||||||
if (!principal.isAnonymous()
|
if (!principal.isAnonymous()
|
||||||
&& aclDto.getTargetId().equals(principal.getId())
|
&& (aclDto.getTargetId().equals(principal.getId())
|
||||||
|
|| principal.getGroupIdList().contains(aclDto.getTargetId()))
|
||||||
&& aclDto.getPerm() == PermType.WRITE) {
|
&& aclDto.getPerm() == PermType.WRITE) {
|
||||||
// The document is writable for the current user
|
// The document is writable for the current user
|
||||||
writable = true;
|
writable = true;
|
||||||
@ -205,7 +206,7 @@ public class DocumentResource extends BaseResource {
|
|||||||
|
|
||||||
// Get document and check read permission
|
// Get document and check read permission
|
||||||
DocumentDao documentDao = new DocumentDao();
|
DocumentDao documentDao = new DocumentDao();
|
||||||
final DocumentDto documentDto = documentDao.getDocument(documentId, PermType.READ, shareId == null ? principal.getId() : shareId);
|
final DocumentDto documentDto = documentDao.getDocument(documentId, PermType.READ, getTargetIdList(shareId));
|
||||||
if (documentDto == null) {
|
if (documentDto == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
@ -268,7 +269,7 @@ public class DocumentResource extends BaseResource {
|
|||||||
PaginatedList<DocumentDto> paginatedList = PaginatedLists.create(limit, offset);
|
PaginatedList<DocumentDto> paginatedList = PaginatedLists.create(limit, offset);
|
||||||
SortCriteria sortCriteria = new SortCriteria(sortColumn, asc);
|
SortCriteria sortCriteria = new SortCriteria(sortColumn, asc);
|
||||||
DocumentCriteria documentCriteria = parseSearchQuery(search);
|
DocumentCriteria documentCriteria = parseSearchQuery(search);
|
||||||
documentCriteria.setUserId(principal.getId());
|
documentCriteria.setTargetIdList(getTargetIdList(null));
|
||||||
try {
|
try {
|
||||||
documentDao.findByCriteria(paginatedList, documentCriteria, sortCriteria);
|
documentDao.findByCriteria(paginatedList, documentCriteria, sortCriteria);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
@ -564,7 +565,7 @@ public class DocumentResource extends BaseResource {
|
|||||||
|
|
||||||
// Check write permission
|
// Check write permission
|
||||||
AclDao aclDao = new AclDao();
|
AclDao aclDao = new AclDao();
|
||||||
if (!aclDao.checkPermission(id, PermType.WRITE, principal.getId())) {
|
if (!aclDao.checkPermission(id, PermType.WRITE, getTargetIdList(null))) {
|
||||||
throw new ForbiddenClientException();
|
throw new ForbiddenClientException();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -676,7 +677,7 @@ public class DocumentResource extends BaseResource {
|
|||||||
// Get the document
|
// Get the document
|
||||||
DocumentDao documentDao = new DocumentDao();
|
DocumentDao documentDao = new DocumentDao();
|
||||||
FileDao fileDao = new FileDao();
|
FileDao fileDao = new FileDao();
|
||||||
DocumentDto documentDto = documentDao.getDocument(id, PermType.WRITE, principal.getId());
|
DocumentDto documentDto = documentDao.getDocument(id, PermType.WRITE, getTargetIdList(null));
|
||||||
if (documentDto == null) {
|
if (documentDto == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
|
@ -98,7 +98,7 @@ public class FileResource extends BaseResource {
|
|||||||
documentId = null;
|
documentId = null;
|
||||||
} else {
|
} else {
|
||||||
DocumentDao documentDao = new DocumentDao();
|
DocumentDao documentDao = new DocumentDao();
|
||||||
documentDto = documentDao.getDocument(documentId, PermType.WRITE, principal.getId());
|
documentDto = documentDao.getDocument(documentId, PermType.WRITE, getTargetIdList(null));
|
||||||
if (documentDto == null) {
|
if (documentDto == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
@ -213,7 +213,7 @@ public class FileResource extends BaseResource {
|
|||||||
DocumentDao documentDao = new DocumentDao();
|
DocumentDao documentDao = new DocumentDao();
|
||||||
FileDao fileDao = new FileDao();
|
FileDao fileDao = new FileDao();
|
||||||
File file = fileDao.getFile(id, principal.getId());
|
File file = fileDao.getFile(id, principal.getId());
|
||||||
DocumentDto documentDto = documentDao.getDocument(documentId, PermType.WRITE, principal.getId());
|
DocumentDto documentDto = documentDao.getDocument(documentId, PermType.WRITE, getTargetIdList(null));
|
||||||
if (file == null || documentDto == null) {
|
if (file == null || documentDto == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
@ -276,7 +276,7 @@ public class FileResource extends BaseResource {
|
|||||||
|
|
||||||
// Get the document
|
// Get the document
|
||||||
DocumentDao documentDao = new DocumentDao();
|
DocumentDao documentDao = new DocumentDao();
|
||||||
if (documentDao.getDocument(documentId, PermType.WRITE, principal.getId()) == null) {
|
if (documentDao.getDocument(documentId, PermType.WRITE, getTargetIdList(null)) == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -312,7 +312,7 @@ public class FileResource extends BaseResource {
|
|||||||
// Check document visibility
|
// Check document visibility
|
||||||
if (documentId != null) {
|
if (documentId != null) {
|
||||||
AclDao aclDao = new AclDao();
|
AclDao aclDao = new AclDao();
|
||||||
if (!aclDao.checkPermission(documentId, PermType.READ, shareId == null ? principal.getId() : shareId)) {
|
if (!aclDao.checkPermission(documentId, PermType.READ, getTargetIdList(shareId))) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
} else if (!authenticated) {
|
} else if (!authenticated) {
|
||||||
@ -370,7 +370,7 @@ public class FileResource extends BaseResource {
|
|||||||
// But not ours
|
// But not ours
|
||||||
throw new ForbiddenClientException();
|
throw new ForbiddenClientException();
|
||||||
}
|
}
|
||||||
} else if ((documentDto = documentDao.getDocument(file.getDocumentId(), PermType.WRITE, principal.getId())) == null) {
|
} else if ((documentDto = documentDao.getDocument(file.getDocumentId(), PermType.WRITE, getTargetIdList(null))) == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -445,7 +445,7 @@ public class FileResource extends BaseResource {
|
|||||||
} else {
|
} else {
|
||||||
// Check document accessibility
|
// Check document accessibility
|
||||||
AclDao aclDao = new AclDao();
|
AclDao aclDao = new AclDao();
|
||||||
if (!aclDao.checkPermission(file.getDocumentId(), PermType.READ, shareId == null ? principal.getId() : shareId)) {
|
if (!aclDao.checkPermission(file.getDocumentId(), PermType.READ, getTargetIdList(shareId))) {
|
||||||
throw new ForbiddenClientException();
|
throw new ForbiddenClientException();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -519,7 +519,7 @@ public class FileResource extends BaseResource {
|
|||||||
|
|
||||||
// Get the document
|
// Get the document
|
||||||
DocumentDao documentDao = new DocumentDao();
|
DocumentDao documentDao = new DocumentDao();
|
||||||
DocumentDto documentDto = documentDao.getDocument(documentId, PermType.READ, shareId == null ? principal.getId() : shareId);
|
DocumentDto documentDto = documentDao.getDocument(documentId, PermType.READ, getTargetIdList(shareId));
|
||||||
if (documentDto == null) {
|
if (documentDto == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
|
@ -53,7 +53,7 @@ public class ShareResource extends BaseResource {
|
|||||||
|
|
||||||
// Get the document
|
// Get the document
|
||||||
DocumentDao documentDao = new DocumentDao();
|
DocumentDao documentDao = new DocumentDao();
|
||||||
if (documentDao.getDocument(documentId, PermType.WRITE, principal.getId()) == null) {
|
if (documentDao.getDocument(documentId, PermType.WRITE, getTargetIdList(null)) == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -102,7 +102,7 @@ public class ShareResource extends BaseResource {
|
|||||||
}
|
}
|
||||||
|
|
||||||
Acl acl = aclList.get(0);
|
Acl acl = aclList.get(0);
|
||||||
if (!aclDao.checkPermission(acl.getSourceId(), PermType.WRITE, principal.getId())) {
|
if (!aclDao.checkPermission(acl.getSourceId(), PermType.WRITE, getTargetIdList(null))) {
|
||||||
throw new ClientException("DocumentNotFound", MessageFormat.format("Document not found: {0}", acl.getSourceId()));
|
throw new ClientException("DocumentNotFound", MessageFormat.format("Document not found: {0}", acl.getSourceId()));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user