ACL data cleanup on application startup

- Stale AclObjectIdentities and AclEntries are removed - Dataset, descriptor list and descriptor "owner" is set as ACL Parent Object

ACL data cleanup on application startup
- Stale AclObjectIdentities and AclEntries are removed - Dataset, descriptor list and descriptor "owner" is set as ACL Parent Object
61d656ab · Matija Obreza · 23d93f50 · 61d656ab
Commit 61d656ab authored Jul 05, 2018 by Matija Obreza
--- a/genesys-catalog-server/src/main/java/org/genesys/catalog/server/config/ApplicationStartup.java
+++ b/genesys-catalog-server/src/main/java/org/genesys/catalog/server/config/ApplicationStartup.java
@@ -15,6 +15,9 @@
 */
 package org.genesys.catalog.server.config;

+import java.util.List;
+
+import javax.persistence.EntityManager;
 import javax.transaction.Transactional;

 import org.apache.commons.lang3.StringUtils;
@@ -23,7 +26,12 @@ import org.genesys.blocks.oauth.model.OAuthRole;
 import org.genesys.blocks.oauth.persistence.OAuthClientRepository;
 import org.genesys.blocks.security.NotUniqueUserException;
 import org.genesys.blocks.security.UserException;
+import org.genesys.blocks.security.model.AclEntry;
+import org.genesys.blocks.security.model.AclObjectIdentity;
 import org.genesys.blocks.security.model.BasicUser;
+import org.genesys.blocks.security.model.QAclObjectIdentity;
+import org.genesys.blocks.security.persistence.AclEntryPersistence;
+import org.genesys.blocks.security.persistence.AclObjectIdentityPersistence;
 import org.genesys.blocks.security.service.PasswordPolicy.PasswordPolicyException;
 import org.genesys.catalog.model.dataset.Dataset;
 import org.genesys.catalog.model.traits.Descriptor;
@@ -32,6 +40,9 @@ import org.genesys.catalog.model.user.User;
 import org.genesys.catalog.model.user.UserRole;
 import org.genesys.catalog.model.vocab.ControlledVocabulary;
 import org.genesys.catalog.model.vocab.VocabularyTerm;
+import org.genesys.catalog.persistence.dataset.DatasetRepository;
+import org.genesys.catalog.persistence.traits.DescriptorListRepository;
+import org.genesys.catalog.persistence.traits.DescriptorRepository;
 import org.genesys.catalog.persistence.user.UserRepository;
 import org.genesys.catalog.server.service.ElasticsearchService;
 import org.genesys.catalog.service.UserService;
@@ -47,6 +58,7 @@ import org.springframework.context.event.ContextRefreshedEvent;
 import org.springframework.stereotype.Component;

 import com.google.common.collect.Sets;
+import com.querydsl.core.BooleanBuilder;

 /**
 * Run things at startup and after application context is initialized.
@@ -97,6 +109,8 @@ public class ApplicationStartup implements InitializingBean, ApplicationListener
 		}

 		startup();
+		cleanupAcl();
+		aclParentObject();
 	}

 	/**
@@ -165,6 +179,94 @@ public class ApplicationStartup implements InitializingBean, ApplicationListener
 		LOG.info("Startup initializer done.");
 	}

+	
+	@Autowired
+	private EntityManager entityManager;
+	@Autowired
+	private AclEntryPersistence aclEntryPersistence;
+	
+	private void cleanupAcl() {
+		Iterable<AclObjectIdentity> OIDs = aclObjectIdentityPersistence.findAll();
+		for (AclObjectIdentity OID : OIDs) {
+			try {
+				Class<?> clazz = Class.forName(OID.getAclClass().getAclClass());
+				Object entity = entityManager.find(clazz, OID.getObjectIdIdentity());
+				if (entity == null) {
+					LOG.info("{} with ID={} no longer exists, clearing ACL", clazz.getName(), OID.getObjectIdIdentity());
+					final List<AclEntry> aclEntries = aclEntryPersistence.findByObjectIdentity(OID);
+					if (aclEntries != null) {
+						aclEntryPersistence.delete(aclEntries);
+					}
+					aclObjectIdentityPersistence.delete(OID);
+				}
+			} catch (ClassNotFoundException e) {
+				LOG.error(e.getMessage(), e);
+			}
+		}
+	}
+	
+	@Autowired
+	private AclObjectIdentityPersistence aclObjectIdentityPersistence;
+	@Autowired
+	private DatasetRepository datasetRepository;
+	@Autowired
+	private DescriptorRepository descriptorRepository;
+	@Autowired
+	private DescriptorListRepository descriptorListRepository;
+
+	private void aclParentObject() {
+		Iterable<AclObjectIdentity> datasetOIDs = aclObjectIdentityPersistence.findAll(new BooleanBuilder().and(QAclObjectIdentity.aclObjectIdentity.aclClass.aclClass.eq(Dataset.class.getName())));
+		for (AclObjectIdentity datasetOID : datasetOIDs) {
+			Dataset dataset = datasetRepository.findOne(datasetOID.getObjectIdIdentity());
+			if (dataset == null) {
+				LOG.warn("No dataset with id {}", datasetOID.getObjectIdIdentity());
+				continue;
+			}
+			Partner owner = dataset.getOwner();
+			AclObjectIdentity ownerOID = aclObjectIdentityPersistence.findByObjectIdAndClassname(owner.getId(), Partner.class.getName());
+			if (ownerOID != null) {
+				LOG.info("Setting parent object of dataset {} to {}", dataset.getTitle(), owner.getShortName());
+				datasetOID.setParentObject(ownerOID);
+				datasetOID.setEntriesInheriting(true);
+			}
+		}
+		aclObjectIdentityPersistence.save(datasetOIDs);
+		
+		Iterable<AclObjectIdentity> descriptorOIDs = aclObjectIdentityPersistence.findAll(new BooleanBuilder().and(QAclObjectIdentity.aclObjectIdentity.aclClass.aclClass.eq(Descriptor.class.getName())));
+		for (AclObjectIdentity descriptorOID : descriptorOIDs) {
+			Descriptor descriptor = descriptorRepository.findOne(descriptorOID.getObjectIdIdentity());
+			if (descriptor == null) {
+				LOG.warn("No descriptor with id {}", descriptorOID.getObjectIdIdentity());
+				continue;
+			}
+			Partner owner = descriptor.getOwner();
+			AclObjectIdentity ownerOID = aclObjectIdentityPersistence.findByObjectIdAndClassname(owner.getId(), Partner.class.getName());
+			if (ownerOID != null) {
+				LOG.info("Setting parent object of descriptor {} to {}", descriptor.getTitle(), owner.getShortName());
+				descriptorOID.setParentObject(ownerOID);
+				descriptorOID.setEntriesInheriting(true);
+			}
+		}
+		aclObjectIdentityPersistence.save(descriptorOIDs);
+		
+		Iterable<AclObjectIdentity> descriptorListOIDs = aclObjectIdentityPersistence.findAll(new BooleanBuilder().and(QAclObjectIdentity.aclObjectIdentity.aclClass.aclClass.eq(DescriptorList.class.getName())));
+		for (AclObjectIdentity descriptorListOID : descriptorListOIDs) {
+			DescriptorList decriptorList = descriptorListRepository.findOne(descriptorListOID.getObjectIdIdentity());
+			if (decriptorList == null) {
+				LOG.warn("No descriptor list with id {}", descriptorListOID.getObjectIdIdentity());
+				continue;
+			}
+			Partner owner = decriptorList.getOwner();
+			AclObjectIdentity ownerOID = aclObjectIdentityPersistence.findByObjectIdAndClassname(owner.getId(), Partner.class.getName());
+			if (ownerOID != null) {
+				LOG.info("Setting parent object of descriptor list {} to {}", decriptorList.getTitle(), owner.getShortName());
+				descriptorListOID.setParentObject(ownerOID);
+				descriptorListOID.setEntriesInheriting(true);
+			}
+		}
+		aclObjectIdentityPersistence.save(descriptorListOIDs);
+	}
+
 	private void reindexElasticsearch() {
 		elasticsearch.reindex(Crop.class);
 		elasticsearch.reindex(Partner.class);