Mercurial > hg > LGDataverses

annotate src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java @ 14:be7787c36e58 default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
new: nofity LGSercies for deleted files
author Zoe Hong <zhong@mpiwg-berlin.mpg.de>
date Mon, 02 Nov 2015 16:41:23 +0100
parents a50cf11e5178
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
10
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
1 package edu.harvard.iq.dataverse;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
2
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
3 import edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
4 import edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUserServiceBean;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
5 import edu.harvard.iq.dataverse.authorization.users.GuestUser;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
6 import edu.harvard.iq.dataverse.authorization.Permission;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
7 import edu.harvard.iq.dataverse.authorization.RoleAssignee;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
8 import edu.harvard.iq.dataverse.authorization.groups.Group;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
9 import edu.harvard.iq.dataverse.authorization.groups.GroupServiceBean;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
10 import edu.harvard.iq.dataverse.authorization.groups.impl.builtin.AuthenticatedUsers;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
11 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
12 import edu.harvard.iq.dataverse.authorization.users.User;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
13 import edu.harvard.iq.dataverse.engine.command.Command;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
14 import java.util.EnumSet;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
15 import java.util.Map;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
16 import java.util.Set;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
17 import java.util.logging.Logger;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
18 import javax.ejb.EJB;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
19 import javax.ejb.Stateless;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
20 import javax.inject.Inject;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
21 import javax.inject.Named;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
22 import java.util.HashSet;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
23 import java.util.List;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
24 import javax.persistence.EntityManager;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
25 import javax.persistence.PersistenceContext;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
26 import static edu.harvard.iq.dataverse.engine.command.CommandHelper.CH;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
27 import java.util.LinkedList;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
28 import javax.persistence.Query;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
29
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
30 /**
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
31 * Your one-stop-shop for deciding which user can do what action on which
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
32 * objects (TM). Note that this bean accesses the permissions/user assignment on
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
33 * a read-only basis. Changing the permissions a user has is done via roles and
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
34 * groups, over at {@link DataverseRoleServiceBean}.
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
35 *
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
36 * @author michael
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
37 */
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
38 @Stateless
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
39 @Named
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
40 public class PermissionServiceBean {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
41
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
42 private static final Logger logger = Logger.getLogger(PermissionServiceBean.class.getName());
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
43
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
44 @EJB
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
45 BuiltinUserServiceBean userService;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
46
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
47 @EJB
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
48 AuthenticationServiceBean authenticationService;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
49
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
50 @EJB
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
51 DataverseRoleServiceBean roleService;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
52
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
53 @EJB
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
54 RoleAssigneeServiceBean roleAssigneeService;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
55
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
56 @EJB
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
57 DataverseServiceBean dataverseService;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
58
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
59 @PersistenceContext
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
60 EntityManager em;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
61
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
62 @EJB
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
63 GroupServiceBean groupService;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
64
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
65 @Inject
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
66 DataverseSession session;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
67
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
68 public class PermissionQuery {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
69
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
70 final RoleAssignee user;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
71 final DvObject subject;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
72
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
73 public PermissionQuery(RoleAssignee user, DvObject subject) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
74 this.user = user;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
75 this.subject = subject;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
76 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
77
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
78 public PermissionQuery user(User anotherUser) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
79 return new PermissionQuery(anotherUser, subject);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
80 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
81
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
82 public boolean canIssue(Class<? extends Command> cmd) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
83 return isUserAllowedOn(user, cmd, subject);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
84 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
85
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
86 /**
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
87 * "Fast and loose" query mechanism, allowing to pass the command class
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
88 * name. Command is assumed to live in
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
89 * {@code edu.harvard.iq.dataverse.engine.command.impl.}
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
90 *
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
91 * @deprecated
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
92 * @param commandName
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
93 * @return {@code true} iff the user has the permissions required by the
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
94 * command on the object.
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
95 * @throws ClassNotFoundException
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
96 */
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
97 @Deprecated
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
98 public boolean canIssueCommand(String commandName) throws ClassNotFoundException {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
99 return isUserAllowedOn(user,
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
100 (Class<? extends Command>) Class.forName("edu.harvard.iq.dataverse.engine.command.impl." + commandName), subject);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
101 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
102
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
103 public Set<Permission> get() {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
104 return permissionsFor(user, subject);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
105 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
106
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
107 public boolean has(Permission p) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
108 return get().contains(p);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
109 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
110
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
111 public boolean has(String pName) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
112 return get().contains(Permission.valueOf(pName));
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
113 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
114
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
115 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
116
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
117 public List<RoleAssignment> assignmentsOn(DvObject d) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
118 return em.createNamedQuery("RoleAssignment.listByDefinitionPointId", RoleAssignment.class)
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
119 .setParameter("definitionPointId", d.getId()).getResultList();
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
120 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
121
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
122 /**
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
123 * Returns the set of permission a user has over a dataverse object.
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
124 * This method takes into consideration group memberships as well.
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
125 * @param ra The role assignee.
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
126 * @param d The {@link DvObject} on which the user wants to operate
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
127 * @return the set of permissions {@code u} has over {@code d}.
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
128 */
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
129 public Set<Permission> permissionsFor(RoleAssignee ra, DvObject d) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
130
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
131 Set<Permission> permissions = EnumSet.noneOf(Permission.class);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
132
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
133 // Add permissions specifically given to the user
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
134 permissions.addAll( permissionsForSingleRoleAssignee(ra,d) );
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
135 Set<Group> groupsRaBelongsTo = groupService.groupsFor(ra,d);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
136 // Add permissions gained from groups
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
137 for ( Group g : groupsRaBelongsTo ) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
138 permissions.addAll( permissionsForSingleRoleAssignee(g,d) );
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
139 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
140
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
141 return permissions;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
142 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
143
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
144 public Set<Permission> permissionsForSingleRoleAssignee(RoleAssignee ra, DvObject d) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
145 // super user check
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
146 // @todo for 4.0, we are allowing superusers all permissions
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
147 // for secure data, we may need to restrict some of the permissions
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
148 if (ra instanceof AuthenticatedUser && ((AuthenticatedUser) ra).isSuperuser()) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
149 return EnumSet.allOf(Permission.class);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
150 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
151
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
152 Set<Permission> retVal = EnumSet.noneOf(Permission.class);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
153
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
154 if (d instanceof DataFile) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
155 // unrestricted files that are part of a release dataset
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
156 // automatically get download permission for everybody:
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
157 // -- L.A. 4.0 beta12
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
158
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
159 DataFile df = (DataFile)d;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
160
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
161 if (!df.isRestricted()) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
162 //logger.info("restricted? - nope.");
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
163 if (df.getOwner().getReleasedVersion() != null) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
164 //logger.info("file belongs to a dataset with a released version.");
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
165 if (df.getOwner().getReleasedVersion().getFileMetadatas() != null) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
166 //logger.info("going through the list of filemetadatas that belong to the released version.");
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
167 for (FileMetadata fm : df.getOwner().getReleasedVersion().getFileMetadatas()) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
168 if (df.equals(fm.getDataFile())) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
169 //logger.info("yep, found a match!");
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
170 retVal.add(Permission.DownloadFile);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
171 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
172 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
173 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
174 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
175 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
176 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
177
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
178 for (RoleAssignment asmnt : assignmentsFor(ra, d)) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
179 retVal.addAll(asmnt.getRole().permissions());
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
180 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
181
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
182 return retVal;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
183 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
184
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
185 /**
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
186 * Returns all the role assignments that are effective for {@code ra} over
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
187 * {@code d}. Traverses the containment hierarchy of the {@code d}.
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
188 * @param ra The role assignee whose role assignemnts we look for.
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
189 * @param d The dataverse object over which the roles are assigned
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
190 * @return A set of all the role assignments for {@code ra} over {@code d}.
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
191 */
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
192 public Set<RoleAssignment> assignmentsFor(RoleAssignee ra, DvObject d) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
193 Set<RoleAssignment> assignments = new HashSet<>();
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
194 while (d != null) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
195 assignments.addAll(roleService.directRoleAssignments(ra, d));
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
196 if (d instanceof Dataverse && ((Dataverse) d).isEffectivelyPermissionRoot()) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
197 return assignments;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
198 } else {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
199 d = d.getOwner();
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
200 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
201 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
202
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
203 return assignments;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
204 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
205
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
206 /**
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
207 * For commands with no named dvObjects, this allows a quick check whether
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
208 * a user can issue the command on the dataverse or not.
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
209 *
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
210 * @param u
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
211 * @param commandClass
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
212 * @param dvo
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
213 * @return
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
214 * @deprecated As commands have dynamic permissions now, it is not enough to look at the static permissions anymore.
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
215 * @see #isUserAllowedOn(edu.harvard.iq.dataverse.authorization.RoleAssignee, edu.harvard.iq.dataverse.engine.command.Command, edu.harvard.iq.dataverse.DvObject)
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
216 */
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
217 public boolean isUserAllowedOn(RoleAssignee u, Class<? extends Command> commandClass, DvObject dvo) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
218 Map<String, Set<Permission>> required = CH.permissionsRequired(commandClass);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
219 return isUserAllowedOn(u, required, dvo);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
220 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
221
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
222 public boolean isUserAllowedOn(RoleAssignee u, Command<?> command, DvObject dvo) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
223 Map<String, Set<Permission>> required = command.getRequiredPermissions();
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
224 return isUserAllowedOn(u, required, dvo);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
225 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
226
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
227 private boolean isUserAllowedOn(RoleAssignee u, Map<String, Set<Permission>> required, DvObject dvo) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
228 if (required.isEmpty() || required.get("") == null) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
229 logger.fine("IsUserAllowedOn: empty-true");
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
230 return true;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
231 } else {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
232 Set<Permission> grantedUserPermissions = permissionsFor(u, dvo);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
233 Set<Permission> requiredPermissionSet = required.get("");
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
234 return grantedUserPermissions.containsAll(requiredPermissionSet);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
235 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
236 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
237
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
238 public PermissionQuery userOn(RoleAssignee u, DvObject d) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
239 if (u == null) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
240 // get guest user for dataverse d
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
241 u = new GuestUser();
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
242 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
243 return new PermissionQuery(u, d);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
244 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
245
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
246 public PermissionQuery on(DvObject d) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
247 if (d == null) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
248 throw new IllegalArgumentException("Cannot query permissions on a null DvObject");
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
249 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
250 if (d.getId() == null) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
251 throw new IllegalArgumentException("Cannot query permissions on a DvObject with a null id.");
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
252 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
253 return userOn(session.getUser(), d);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
254 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
255
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
256 /**
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
257 * Go from (User, Permission) to a list of Dataverse objects that the user
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
258 * has the permission on.
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
259 *
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
260 * @param user
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
261 * @param permission
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
262 * @return The list of dataverses {@code user} has permission {@code permission} on.
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
263 */
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
264 public List<Dataverse> getDataversesUserHasPermissionOn(User user, Permission permission) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
265 /**
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
266 * @todo What about groups? And how can we make this more performant?
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
267 */
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
268 Query nativeQuery = em.createNativeQuery("SELECT id FROM dvobject WHERE dtype = 'Dataverse' and id in (select definitionpoint_id from roleassignment where assigneeidentifier in ('" + user.getIdentifier() + "'));");
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
269 List<Integer> dataverseIdsToCheck = nativeQuery.getResultList();
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
270 List<Dataverse> dataversesUserHasPermissionOn = new LinkedList<>();
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
271 for (int dvIdAsInt : dataverseIdsToCheck) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
272 Dataverse dataverse = dataverseService.find(Long.valueOf(dvIdAsInt));
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
273 if (userOn(user, dataverse).has(permission)) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
274 dataversesUserHasPermissionOn.add(dataverse);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
275 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
276 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
277 return dataversesUserHasPermissionOn;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
278 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
279
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
280 public List<AuthenticatedUser> getUsersWithPermissionOn(Permission permission, DvObject dvo) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
281 List<AuthenticatedUser> usersHasPermissionOn = new LinkedList<>();
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
282 Set<RoleAssignment> ras = roleService.rolesAssignments(dvo);
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
283 for (RoleAssignment ra : ras) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
284 if (ra.getRole().permissions().contains(permission)) {
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
285 RoleAssignee raee = roleAssigneeService.getRoleAssignee(ra.getAssigneeIdentifier());
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
286 usersHasPermissionOn.addAll(roleAssigneeService.getExplicitUsers(raee));
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
287 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
288 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
289
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
290 return usersHasPermissionOn;
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
291 }
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
292
a50cf11e5178 Rewrite LGDataverse completely upgrading to dataverse4.0
Zoe Hong <zhong@mpiwg-berlin.mpg.de>
parents:
diff changeset
293 }