Commit fedc2947 authored by Matija Obreza's avatar Matija Obreza

Disabled ACL upgrades

parent 69ea35c0
......@@ -15,24 +15,8 @@
*/
package org.genesys2.server.component.listener;
import java.nio.file.Path;
import org.genesys.blocks.security.model.AclSid;
import org.genesys.blocks.security.serialization.Permissions;
import org.genesys.blocks.security.service.CustomAclService;
import org.genesys.blocks.util.CurrentApplicationContext;
import org.genesys.catalog.model.dataset.Dataset;
import org.genesys.catalog.model.traits.Descriptor;
import org.genesys.catalog.persistence.PartnerRepository;
import org.genesys.catalog.persistence.dataset.DatasetRepository;
import org.genesys.catalog.persistence.traits.DescriptorListRepository;
import org.genesys.catalog.persistence.traits.DescriptorRepository;
import org.genesys.catalog.service.DatasetService;
import org.genesys.filerepository.model.RepositoryFolder;
import org.genesys.filerepository.service.RepositoryService;
import org.genesys2.server.component.security.AsAdminInvoker;
import org.genesys2.server.persistence.SubsetRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
......@@ -40,8 +24,6 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.TransactionDefinition;
import org.springframework.transaction.TransactionStatus;
import org.springframework.transaction.support.TransactionCallbackWithoutResult;
import org.springframework.transaction.support.TransactionTemplate;
/**
......@@ -83,26 +65,26 @@ public class ApplicationUpgrades implements InitializingBean {
// aclEnsureClassOIDs();
// aclMakePartnersPublic();
// upgradeShortFiltrerCodeFromV1ToV2();
aclMakePartnerSIDs();
aclUpdateCatalogSecurity();
// aclMakePartnerSIDs();
// aclUpdateCatalogSecurity();
}
public interface IAction {
void run() throws Exception;
}
private void executeInTransaction(IAction action) {
transactionTemplate.execute(new TransactionCallbackWithoutResult() {
protected void doInTransactionWithoutResult(TransactionStatus status) {
try {
action.run();
} catch (Throwable e) {
status.setRollbackOnly();
LOG.error("Error execution application upgrade: {}", e.getMessage(), e);
}
}
});
}
// private void executeInTransaction(IAction action) {
// transactionTemplate.execute(new TransactionCallbackWithoutResult() {
// protected void doInTransactionWithoutResult(TransactionStatus status) {
// try {
// action.run();
// } catch (Throwable e) {
// status.setRollbackOnly();
// LOG.error("Error execution application upgrade: {}", e.getMessage(), e);
// }
// }
// });
// }
// @Autowired
// private ShortFilterRepository shortFilterRepository;
......@@ -155,101 +137,106 @@ public class ApplicationUpgrades implements InitializingBean {
// });
// }
@Autowired
private PartnerRepository partnerRepository;
@Autowired
private CustomAclService aclService;
private void aclMakePartnerSIDs() throws Exception {
asAdminInvoker.invoke(() -> {
partnerRepository.findAll().forEach(partner -> {
LOG.warn("Ensuring ACL SID for Partner {}", partner.getShortName());
executeInTransaction(() -> {
aclService.ensureAuthoritySid(partner.getAuthorityName());
});
});
return true;
});
}
// @Autowired
// private PartnerRepository partnerRepository;
//
// @Autowired
// private CustomAclService aclService;
//
// private void aclMakePartnerSIDs() throws Exception {
// asAdminInvoker.invoke(() -> {
// partnerRepository.findAll().forEach(partner -> {
// LOG.warn("Ensuring ACL SID for Partner {}", partner.getShortName());
// executeInTransaction(() -> {
// aclService.ensureAuthoritySid(partner.getAuthorityName());
// });
// });
// return true;
// });
// }
@Autowired
private DatasetRepository datasetRepository;
@Autowired
private SubsetRepository subsetRepository;
@Autowired
private DescriptorRepository descriptorRepository;
@Autowired
private DescriptorListRepository descriptorListRepository;
@Autowired
private DatasetService datasetService;
@Autowired
private RepositoryService repositoryService;
private void aclUpdateCatalogSecurity() throws Exception {
asAdminInvoker.invoke(() -> {
datasetRepository.findAll().forEach(dataset -> {
executeInTransaction(() -> {
Dataset ds = datasetRepository.findOne(dataset.getId());
LOG.warn("Fixing ACL for dataset {}", ds.getTitle());
aclService.setAclParent(ds, null);
if (ds.getOwner() == null) {
LOG.warn("No owner for id={} {}", ds.getId(), ds.getTitle());
return;
}
final AclSid sid = aclService.getAuthoritySid(ds.getOwner().getAuthorityName());
aclService.setPermissions(ds, sid, new Permissions().grantAll());
aclService.makePubliclyReadable(ds, ds.isPublished());
Path dsPath = datasetService.getDatasetRepositoryFolder(ds);
RepositoryFolder folder = repositoryService.getFolder(dsPath);
if (folder != null) {
aclService.setAclParent(folder, ds);
// aclService.makePubliclyReadable(folder, dataset.isPublished());
}
});
});
return true;
});
asAdminInvoker.invoke(() -> {
executeInTransaction(() -> {
subsetRepository.findAll().forEach(subset -> {
LOG.warn("Fixing ACL for subset {}", subset.getTitle());
aclService.setAclParent(subset, null);
final AclSid sid = aclService.getAuthoritySid(subset.getOwner().getAuthorityName());
aclService.setPermissions(subset, sid, new Permissions().grantAll());
aclService.makePubliclyReadable(subset, subset.isPublished());
});
});
return true;
});
asAdminInvoker.invoke(() -> {
descriptorRepository.findAll().forEach(descriptor -> {
executeInTransaction(() -> {
Descriptor d = descriptorRepository.findOne(descriptor.getId());
LOG.warn("Fixing ACL for descriptor {}", d.getTitle());
aclService.setAclParent(d, null);
final AclSid sid = aclService.getAuthoritySid(d.getOwner().getAuthorityName());
aclService.setPermissions(d, sid, new Permissions().grantAll());
aclService.makePubliclyReadable(d, d.isPublished());
});
});
return true;
});
asAdminInvoker.invoke(() -> {
executeInTransaction(() -> {
descriptorListRepository.findAll().forEach(descriptorList -> {
LOG.warn("Fixing ACL for descriptor list {}", descriptorList.getTitle());
aclService.setAclParent(descriptorList, null);
final AclSid sid = aclService.getAuthoritySid(descriptorList.getOwner().getAuthorityName());
aclService.setPermissions(descriptorList, sid, new Permissions().grantAll());
aclService.makePubliclyReadable(descriptorList, descriptorList.isPublished());
});
});
return true;
});
}
// @Autowired
// private DatasetRepository datasetRepository;
// @Autowired
// private SubsetRepository subsetRepository;
// @Autowired
// private DescriptorRepository descriptorRepository;
// @Autowired
// private DescriptorListRepository descriptorListRepository;
// @Autowired
// private DatasetService datasetService;
// @Autowired
// private RepositoryService repositoryService;
//
// private void aclUpdateCatalogSecurity() throws Exception {
// asAdminInvoker.invoke(() -> {
// datasetRepository.findAll().forEach(dataset -> {
// executeInTransaction(() -> {
// Dataset ds = datasetRepository.findOne(dataset.getId());
// LOG.warn("Fixing ACL for dataset {}", ds.getTitle());
// aclService.setAclParent(ds, null);
// if (ds.getOwner() == null) {
// LOG.warn("No owner for id={} {}", ds.getId(), ds.getTitle());
// return;
// }
// final AclSid sid =
// aclService.getAuthoritySid(ds.getOwner().getAuthorityName());
// aclService.setPermissions(ds, sid, new Permissions().grantAll());
// aclService.makePubliclyReadable(ds, ds.isPublished());
//
// Path dsPath = datasetService.getDatasetRepositoryFolder(ds);
// RepositoryFolder folder = repositoryService.getFolder(dsPath);
// if (folder != null) {
// aclService.setAclParent(folder, ds);
// // aclService.makePubliclyReadable(folder, dataset.isPublished());
// }
// });
// });
// return true;
// });
//
// asAdminInvoker.invoke(() -> {
// executeInTransaction(() -> {
// subsetRepository.findAll().forEach(subset -> {
// LOG.warn("Fixing ACL for subset {}", subset.getTitle());
// aclService.setAclParent(subset, null);
// final AclSid sid =
// aclService.getAuthoritySid(subset.getOwner().getAuthorityName());
// aclService.setPermissions(subset, sid, new Permissions().grantAll());
// aclService.makePubliclyReadable(subset, subset.isPublished());
// });
// });
// return true;
// });
//
// asAdminInvoker.invoke(() -> {
// descriptorRepository.findAll().forEach(descriptor -> {
// executeInTransaction(() -> {
// Descriptor d = descriptorRepository.findOne(descriptor.getId());
// LOG.warn("Fixing ACL for descriptor {}", d.getTitle());
// aclService.setAclParent(d, null);
// final AclSid sid =
// aclService.getAuthoritySid(d.getOwner().getAuthorityName());
// aclService.setPermissions(d, sid, new Permissions().grantAll());
// aclService.makePubliclyReadable(d, d.isPublished());
// });
// });
// return true;
// });
//
// asAdminInvoker.invoke(() -> {
// executeInTransaction(() -> {
// descriptorListRepository.findAll().forEach(descriptorList -> {
// LOG.warn("Fixing ACL for descriptor list {}", descriptorList.getTitle());
// aclService.setAclParent(descriptorList, null);
// final AclSid sid =
// aclService.getAuthoritySid(descriptorList.getOwner().getAuthorityName());
// aclService.setPermissions(descriptorList, sid, new Permissions().grantAll());
// aclService.makePubliclyReadable(descriptorList,
// descriptorList.isPublished());
// });
// });
// return true;
// });
// }
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment