Skip to content

Commit

Permalink
Refactored resource short list conversion.
Browse files Browse the repository at this point in the history
  • Loading branch information
@axl8713
axl8713 committed Jan 15, 2025
1 parent 7b99b60 commit 3362bf5
Showing 1 changed file with 86 additions and 63 deletions.
149 changes: 86 additions & 63 deletions ...re/services-impl/src/main/java/it/geosolutions/geostore/services/ResourceServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,12 +59,14 @@
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;

/**
* Class ResourceServiceImpl.
Expand All @@ -88,32 +90,44 @@ public class ResourceServiceImpl implements ResourceService {

private SecurityDAO securityDAO;

/** @param securityDAO the securityDAO to set */
/**
* @param securityDAO the securityDAO to set
*/
public void setSecurityDAO(SecurityDAO securityDAO) {
this.securityDAO = securityDAO;
}

/** @param storedDataDAO the storedDataDAO to set */
/**
* @param storedDataDAO the storedDataDAO to set
*/
public void setStoredDataDAO(StoredDataDAO storedDataDAO) {
this.storedDataDAO = storedDataDAO;
}

/** @param resourceDAO */
/**
* @param resourceDAO
*/
public void setResourceDAO(ResourceDAO resourceDAO) {
this.resourceDAO = resourceDAO;
}

/** @param attributeDAO */
/**
* @param attributeDAO
*/
public void setAttributeDAO(AttributeDAO attributeDAO) {
this.attributeDAO = attributeDAO;
}

/** @param categoryDAO the categoryDAO to set */
/**
* @param categoryDAO the categoryDAO to set
*/
public void setCategoryDAO(CategoryDAO categoryDAO) {
this.categoryDAO = categoryDAO;
}

/** @param userGroupDAO the userGroupDAO to set */
/**
* @param userGroupDAO the userGroupDAO to set
*/
public void setUserGroupDAO(UserGroupDAO userGroupDAO) {
this.userGroupDAO = userGroupDAO;
}
Expand Down Expand Up @@ -175,7 +189,7 @@ public long insert(Resource resource)
if (rules != null) {
for (SecurityRule securityRule : rules) {
if ((securityRule.getUser() != null || securityRule.getUsername() != null)
&& securityRule.isCanWrite()) {
&& securityRule.isCanWrite()) {
final String owner =
securityRule.getUser() != null
? securityRule.getUser().getName()
Expand Down Expand Up @@ -304,7 +318,7 @@ private void validateResourceName(Resource resource, boolean isUpdate)
throws DuplicatedResourceNameServiceEx {
Resource existentResource = resourceDAO.findByName(resource.getName());
if (existentResource != null
&& !(isUpdate && existentResource.getId().equals(resource.getId()))) {
&& !(isUpdate && existentResource.getId().equals(resource.getId()))) {
String validResourceName = suggestValidResourceName(resource.getName());

throw new DuplicatedResourceNameServiceEx(validResourceName);
Expand Down Expand Up @@ -492,72 +506,81 @@ public long getCountByFilter(SearchFilter filter)
}

/**
* @param list
* @param resources
* @return List<ShortResource>
*/
private List<ShortResource> convertToShortList(List<Resource> list, User authUser) {
List<ShortResource> swList = new LinkedList<>();
for (Resource resource : list) {
ShortResource shortResource = new ShortResource(resource);

// ///////////////////////////////////////////////////////////////////////
// This fragment checks if the authenticated user can modify and delete
// the loaded resource (and associated attributes and stored data).
// This to inform the client in HTTP response result.
// ///////////////////////////////////////////////////////////////////////
boolean resourceCanBeListed = true;
if (authUser != null) {
if (authUser.getRole().equals(Role.ADMIN)) {
shortResource.setCanEdit(true);
shortResource.setCanDelete(true);
} else {
boolean authUserIsOwner = false;
for (SecurityRule rule : resource.getSecurity()) {
User owner = rule.getUser();
UserGroup userGroup = rule.getGroup();
if (owner != null) {
if (owner.getId().equals(authUser.getId())) {
authUserIsOwner = true;
if (rule.isCanWrite()) {
shortResource.setCanEdit(true);
shortResource.setCanDelete(true);

break;
}
}
} else if (userGroup != null) {
List<String> groups = extractGroupNames(authUser.getGroups());
if (groups.contains(userGroup.getGroupName())) {
if (rule.isCanWrite()) {
shortResource.setCanEdit(true);
shortResource.setCanDelete(true);

break;
}
}
}
}
if (!authUserIsOwner) resourceCanBeListed = resource.isAdvertised();
private List<ShortResource> convertToShortList(List<Resource> resources, User user) {
return resources.stream()
.filter(r -> isResourceCanBeListed(user, r))
.map(r -> createShortResourceWithPermissions(user, r))
.collect(Collectors.toList());
}

private boolean isResourceCanBeListed(User user, Resource resource) {
if (user != null
&& (user.getRole().equals(Role.ADMIN) || isUserResourceOwner(user, resource))) {
return true;
}
return resource.isAdvertised();
}

private boolean isUserResourceOwner(User user, Resource resource) {
for (SecurityRule securityRule : resource.getSecurity()) {
User owner = securityRule.getUser();
if (owner != null) {
if (owner.getId().equals(user.getId())) {
return true;
}
} else {
resourceCanBeListed = resource.isAdvertised();
}
}
return false;
}

if (resourceCanBeListed) swList.add(shortResource);
private ShortResource createShortResourceWithPermissions(User user, Resource resource) {
ShortResource shortResource = new ShortResource(resource);

if (user != null) {
Resource resourceWithPermissions = addPermissionsToResource(user, resource);
shortResource.setCanEdit(resourceWithPermissions.isCanEdit());
shortResource.setCanDelete(resourceWithPermissions.isCanDelete());
}

return swList;
return shortResource;
}

public static List<String> extractGroupNames(Set<UserGroup> groups) {
List<String> groupNames = new ArrayList<String>();
if (groups == null) {
return groupNames;
/**
* Checks if the user can modify and delete the loaded resource (and associated attributes and
* stored data). This to inform the client in HTTP response result.
*/
public Resource addPermissionsToResource(User user, Resource resource) {
boolean resourceRulesPermitUserEdit = resource.getSecurity().stream().anyMatch(rule -> canUserEditResource(rule, user));
if (user.getRole().equals(Role.ADMIN) || resourceRulesPermitUserEdit) {
resource.setCanEdit(true);
resource.setCanDelete(true);
}
return resource;
}

private boolean canUserEditResource(SecurityRule rule, User user) {
User ruleUser = rule.getUser();
if (ruleUser != null) {
return ruleUser.getId().equals(user.getId()) && rule.isCanWrite();
}

UserGroup ruleGroup = rule.getGroup();
if (ruleGroup != null) {
List<String> userGroupsNames = extractGroupsNames(user.getGroups());
return userGroupsNames.contains(ruleGroup.getGroupName()) && rule.isCanWrite();
}
for (UserGroup ug : groups) {
groupNames.add(ug.getGroupName());

return false;
}

private static List<String> extractGroupsNames(Set<UserGroup> groups) {
if (groups == null) {
return Collections.emptyList();
}
return groupNames;
return groups.stream().map(UserGroup::getGroupName).collect(Collectors.toList());
}

/*
Expand Down

0 comments on commit 3362bf5

Please sign in to comment.