Commit 0faf415a authored by Matija Obreza's avatar Matija Obreza

Partners are publicly readable by default

- on application startup: make Partner and entities readable by EVERYONE
- Datasets and Subsets are created non-readable for EVERYONE, made readable if published
- admin action to make ACL entries for FaoInstitutes
parent 16b3feab
......@@ -21,6 +21,7 @@ import com.fasterxml.jackson.annotation.ObjectIdGenerators;
import org.genesys.blocks.model.SelfCleaning;
import org.genesys.blocks.model.UuidModel;
import org.genesys.blocks.security.model.AclAwareModel;
import org.genesys.blocks.util.ClassAclOid;
import org.genesys.catalog.model.traits.Descriptor;
import org.genesys.catalog.model.traits.DescriptorList;
import org.genesys.catalog.model.vocab.ControlledVocabulary;
......@@ -48,6 +49,8 @@ import java.util.Set;
@Document(indexName = "catalog")
public class Partner extends UuidModel implements SelfCleaning, AclAwareModel {
private static final ClassAclOid<Partner> PARENT_OID = ClassAclOid.forClass(Partner.class);
/** The Constant serialVersionUID. */
private static final long serialVersionUID = 7972197553356837382L;
......@@ -118,6 +121,11 @@ public class Partner extends UuidModel implements SelfCleaning, AclAwareModel {
private void preupdate() {
trimStringsToNull();
}
@Override
public AclAwareModel aclParentObject() {
return PARENT_OID;
}
/**
* Instantiates a new partner.
......
......@@ -193,6 +193,9 @@ public class DatasetServiceImpl implements DatasetService {
dataset = datasetRepository.save(dataset);
// Make dataset publicly not-readable
aclService.makePubliclyReadable(dataset, false);
try {
final Path datasetPath = Paths.get(datasetRepositoryPath, dataset.getUuid().toString());
final Partner partner = dataset.getOwner();
......@@ -702,6 +705,9 @@ public class DatasetServiceImpl implements DatasetService {
aclService.makePubliclyReadable(datasetFile, true);
}
}
// Make dataset publicly readable
aclService.makePubliclyReadable(loaded, true);
return lazyLoad(datasetRepository.save(loaded));
}
......@@ -767,6 +773,9 @@ public class DatasetServiceImpl implements DatasetService {
aclService.makePubliclyReadable(datasetFile, false);
}
}
// Make dataset publicly not-readable
aclService.makePubliclyReadable(loaded, false);
return lazyLoad(datasetRepository.save(loaded));
}
......
......@@ -139,4 +139,17 @@ public class AdminController {
aclService.cleanupAcl();
return true;
}
@PostMapping(value = "/institutes-acl")
public void aclMakeInstitutesPublic() throws Exception {
LOG.warn("Adding ACL for FaoInstitutes");
instituteRepository.findAll().forEach(institute -> {
// LOG.warn("Making FaoInstitute {} public", institute.getCode());
aclService.createOrUpdatePermissions(institute);
});
LOG.warn("Added ACL to existing FaoInstitutes");
}
}
......@@ -15,16 +15,25 @@
*/
package org.genesys2.server.component.listener;
import org.genesys.blocks.security.model.AclAwareModel;
import org.genesys.blocks.security.service.CustomAclService;
import org.genesys.blocks.util.ClassAclOid;
import org.genesys.blocks.util.CurrentApplicationContext;
import org.genesys.catalog.model.Partner;
import org.genesys.catalog.persistence.PartnerRepository;
import org.genesys.catalog.persistence.dataset.DatasetRepository;
import org.genesys2.server.component.security.AsAdminInvoker;
import org.genesys2.server.model.impl.FaoInstitute;
import org.genesys2.server.persistence.SubsetRepository;
import org.genesys2.server.persistence.kpi.ExecutionRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Component;
import com.google.common.collect.Lists;
/**
* Declare sorts of things that upgrade the existing database
*
......@@ -39,6 +48,9 @@ public class ApplicationUpgrades implements InitializingBean {
@Autowired
protected AsAdminInvoker asAdminInvoker;
@Autowired
protected CurrentApplicationContext springContext;
/*
* (non-Javadoc)
......@@ -47,6 +59,9 @@ public class ApplicationUpgrades implements InitializingBean {
@Override
public void afterPropertiesSet() throws Exception {
kpiEnsureACL();
aclEnsureClassOIDs();
aclMakePartnersPublic();
aclMakeDraftsPrivate();
}
@Autowired
......@@ -64,5 +79,60 @@ public class ApplicationUpgrades implements InitializingBean {
return true;
});
}
private void aclEnsureClassOIDs() throws Exception {
asAdminInvoker.invoke(() -> {
LOG.warn("Making some Entities publicly readable by default");
for (Class<? extends AclAwareModel> clazz : Lists.newArrayList(Partner.class, FaoInstitute.class)) {
LOG.warn("Making {} publicly readable by default", clazz.getName());
aclService.createOrUpdatePermissions(ClassAclOid.forClass(clazz));
aclService.makePubliclyReadable(ClassAclOid.forClass(clazz), true);
}
return true;
});
}
@Autowired
private PartnerRepository partnerRepository;
private void aclMakePartnersPublic() throws Exception {
asAdminInvoker.invoke(() -> {
LOG.warn("Making Partners publicly readable");
partnerRepository.findAll().forEach(partner -> {
LOG.warn("Making Partner {} publicly readable", partner.getShortName());
aclService.createOrUpdatePermissions(partner);
});
return true;
});
}
@Autowired
private DatasetRepository datasetRepository;
@Autowired
private SubsetRepository subsetRepository;
private void aclMakeDraftsPrivate() throws Exception {
asAdminInvoker.invoke(() -> {
LOG.warn("Making non-published Datasets and Subsets private, and published publicly readable");
datasetRepository.findAll().forEach(dataset -> {
LOG.warn("Setting ACL for Dataset {}", dataset.getTitle());
aclService.makePubliclyReadable(dataset, dataset.isPublished());
});
subsetRepository.findAll().forEach(subset -> {
LOG.warn("Setting ACL for Subset {}", subset.getTitle());
aclService.makePubliclyReadable(subset, subset.isPublished());
});
LOG.warn("Datasets and Subsets are protected.");
return true;
});
}
}
......@@ -34,6 +34,7 @@ import org.genesys.blocks.model.BasicModel;
import org.genesys.blocks.model.EntityId;
import org.genesys.blocks.model.JsonViews;
import org.genesys.blocks.security.model.AclAwareModel;
import org.genesys.blocks.util.ClassAclOid;
import org.genesys.catalog.model.Partner;
import org.genesys.custom.elasticsearch.IgnoreField;
import org.genesys2.server.model.genesys.PDCIStatistics;
......@@ -52,6 +53,8 @@ import com.fasterxml.jackson.databind.ObjectMapper;
@Table(name = "faoinstitute", uniqueConstraints = @UniqueConstraint(columnNames = { "code" }), indexes = { @Index(columnList = "code", name = "code_FAOINSTITUTE") })
public class FaoInstitute extends BasicModel implements GeoReferencedEntity, AclAwareModel, EntityId {
private static final ClassAclOid<FaoInstitute> DEFAULT_PARENT_OID = ClassAclOid.forClass(FaoInstitute.class);
private static final long serialVersionUID = -8773002513838748431L;
private static final int LEN_ACRONYM = 50;
......@@ -140,7 +143,7 @@ public class FaoInstitute extends BasicModel implements GeoReferencedEntity, Acl
@Override
public AclAwareModel aclParentObject(){
return this.owner;
return this.owner == null ? DEFAULT_PARENT_OID : this.owner;
}
public FaoInstitute() {
......
......@@ -498,4 +498,16 @@ public class AdminController {
aclService.cleanupAcl();
return "redirect:/admin/";
}
@PostMapping(value = "/institutes-acl")
public void aclMakeInstitutesPublic() throws Exception {
LOG.warn("Adding ACL for FaoInstitutes");
instituteRepository.findAll().forEach(institute -> {
// LOG.warn("Making FaoInstitute {} public", institute.getCode());
aclService.createOrUpdatePermissions(institute);
});
LOG.warn("Added ACL to existing FaoInstitutes");
}
}
......@@ -32,6 +32,7 @@ import javax.validation.Valid;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.StopWatch;
import org.genesys.blocks.security.service.CustomAclService;
import org.genesys2.server.component.security.SecurityUtils;
import org.genesys2.server.exception.InvalidApiUsageException;
import org.genesys2.server.exception.NotFoundElement;
......@@ -117,6 +118,9 @@ public class SubsetServiceImpl implements SubsetService {
@Autowired
private PlatformTransactionManager transactionManager;
@Autowired
private CustomAclService aclService;
/**
* {@inheritDoc}
*/
......@@ -169,7 +173,13 @@ public class SubsetServiceImpl implements SubsetService {
final Subset subset = new Subset();
copyValues(subset, source);
subset.setState(PublishState.DRAFT);
return lazyLoad(subsetRepository.save(subset));
Subset loaded = subsetRepository.save(subset);
// Make Subset publicly not-readable
aclService.makePubliclyReadable(loaded, false);
return lazyLoad(loaded);
}
/**
......@@ -404,6 +414,9 @@ public class SubsetServiceImpl implements SubsetService {
}
loaded.setState(PublishState.PUBLISHED);
// Make dataset publicly readable
aclService.makePubliclyReadable(loaded, true);
return lazyLoad(subsetRepository.save(loaded));
}
......@@ -449,6 +462,9 @@ public class SubsetServiceImpl implements SubsetService {
}
loaded.setState(PublishState.DRAFT);
// Make Subset publicly not-readable
aclService.makePubliclyReadable(loaded, false);
return lazyLoad(subsetRepository.save(loaded));
}
......
......@@ -189,5 +189,11 @@
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
</form>
<form method="post" action="<c:url value="/admin/institutes-acl" />">
<input type="submit" class="btn btn-default" class="btn btn-default" value="Make FaoInstitutes ACL" />
<!-- CSRF protection -->
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
</form>
</body>
</html>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment