diff --git a/src/core/services-impl/src/main/java/it/geosolutions/geostore/services/ResourceServiceImpl.java b/src/core/services-impl/src/main/java/it/geosolutions/geostore/services/ResourceServiceImpl.java index 1f8f4dd5..59541e9b 100644 --- a/src/core/services-impl/src/main/java/it/geosolutions/geostore/services/ResourceServiceImpl.java +++ b/src/core/services-impl/src/main/java/it/geosolutions/geostore/services/ResourceServiceImpl.java @@ -59,12 +59,14 @@ import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.ArrayList; +import java.util.Collections; import java.util.Date; import java.util.LinkedList; import java.util.List; import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; +import java.util.stream.Collectors; /** * Class ResourceServiceImpl. @@ -88,32 +90,44 @@ public class ResourceServiceImpl implements ResourceService { private SecurityDAO securityDAO; - /** @param securityDAO the securityDAO to set */ + /** + * @param securityDAO the securityDAO to set + */ public void setSecurityDAO(SecurityDAO securityDAO) { this.securityDAO = securityDAO; } - /** @param storedDataDAO the storedDataDAO to set */ + /** + * @param storedDataDAO the storedDataDAO to set + */ public void setStoredDataDAO(StoredDataDAO storedDataDAO) { this.storedDataDAO = storedDataDAO; } - /** @param resourceDAO */ + /** + * @param resourceDAO + */ public void setResourceDAO(ResourceDAO resourceDAO) { this.resourceDAO = resourceDAO; } - /** @param attributeDAO */ + /** + * @param attributeDAO + */ public void setAttributeDAO(AttributeDAO attributeDAO) { this.attributeDAO = attributeDAO; } - /** @param categoryDAO the categoryDAO to set */ + /** + * @param categoryDAO the categoryDAO to set + */ public void setCategoryDAO(CategoryDAO categoryDAO) { this.categoryDAO = categoryDAO; } - /** @param userGroupDAO the userGroupDAO to set */ + /** + * @param userGroupDAO the userGroupDAO to set + */ public void setUserGroupDAO(UserGroupDAO userGroupDAO) { this.userGroupDAO = userGroupDAO; } @@ -175,7 +189,7 @@ public long insert(Resource resource) if (rules != null) { for (SecurityRule securityRule : rules) { if ((securityRule.getUser() != null || securityRule.getUsername() != null) - && securityRule.isCanWrite()) { + && securityRule.isCanWrite()) { final String owner = securityRule.getUser() != null ? securityRule.getUser().getName() @@ -304,7 +318,7 @@ private void validateResourceName(Resource resource, boolean isUpdate) throws DuplicatedResourceNameServiceEx { Resource existentResource = resourceDAO.findByName(resource.getName()); if (existentResource != null - && !(isUpdate && existentResource.getId().equals(resource.getId()))) { + && !(isUpdate && existentResource.getId().equals(resource.getId()))) { String validResourceName = suggestValidResourceName(resource.getName()); throw new DuplicatedResourceNameServiceEx(validResourceName); @@ -492,72 +506,81 @@ public long getCountByFilter(SearchFilter filter) } /** - * @param list + * @param resources * @return List */ - private List convertToShortList(List list, User authUser) { - List swList = new LinkedList<>(); - for (Resource resource : list) { - ShortResource shortResource = new ShortResource(resource); - - // /////////////////////////////////////////////////////////////////////// - // This fragment checks if the authenticated user can modify and delete - // the loaded resource (and associated attributes and stored data). - // This to inform the client in HTTP response result. - // /////////////////////////////////////////////////////////////////////// - boolean resourceCanBeListed = true; - if (authUser != null) { - if (authUser.getRole().equals(Role.ADMIN)) { - shortResource.setCanEdit(true); - shortResource.setCanDelete(true); - } else { - boolean authUserIsOwner = false; - for (SecurityRule rule : resource.getSecurity()) { - User owner = rule.getUser(); - UserGroup userGroup = rule.getGroup(); - if (owner != null) { - if (owner.getId().equals(authUser.getId())) { - authUserIsOwner = true; - if (rule.isCanWrite()) { - shortResource.setCanEdit(true); - shortResource.setCanDelete(true); - - break; - } - } - } else if (userGroup != null) { - List groups = extractGroupNames(authUser.getGroups()); - if (groups.contains(userGroup.getGroupName())) { - if (rule.isCanWrite()) { - shortResource.setCanEdit(true); - shortResource.setCanDelete(true); - - break; - } - } - } - } - if (!authUserIsOwner) resourceCanBeListed = resource.isAdvertised(); + private List convertToShortList(List resources, User user) { + return resources.stream() + .filter(r -> isResourceCanBeListed(user, r)) + .map(r -> createShortResourceWithPermissions(user, r)) + .collect(Collectors.toList()); + } + + private boolean isResourceCanBeListed(User user, Resource resource) { + if (user != null + && (user.getRole().equals(Role.ADMIN) || isUserResourceOwner(user, resource))) { + return true; + } + return resource.isAdvertised(); + } + + private boolean isUserResourceOwner(User user, Resource resource) { + for (SecurityRule securityRule : resource.getSecurity()) { + User owner = securityRule.getUser(); + if (owner != null) { + if (owner.getId().equals(user.getId())) { + return true; } - } else { - resourceCanBeListed = resource.isAdvertised(); } + } + return false; + } - if (resourceCanBeListed) swList.add(shortResource); + private ShortResource createShortResourceWithPermissions(User user, Resource resource) { + ShortResource shortResource = new ShortResource(resource); + + if (user != null) { + Resource resourceWithPermissions = addPermissionsToResource(user, resource); + shortResource.setCanEdit(resourceWithPermissions.isCanEdit()); + shortResource.setCanDelete(resourceWithPermissions.isCanDelete()); } - return swList; + return shortResource; } - public static List extractGroupNames(Set groups) { - List groupNames = new ArrayList(); - if (groups == null) { - return groupNames; + /** + * Checks if the user can modify and delete the loaded resource (and associated attributes and + * stored data). This to inform the client in HTTP response result. + */ + public Resource addPermissionsToResource(User user, Resource resource) { + boolean resourceRulesPermitUserEdit = resource.getSecurity().stream().anyMatch(rule -> canUserEditResource(rule, user)); + if (user.getRole().equals(Role.ADMIN) || resourceRulesPermitUserEdit) { + resource.setCanEdit(true); + resource.setCanDelete(true); + } + return resource; + } + + private boolean canUserEditResource(SecurityRule rule, User user) { + User ruleUser = rule.getUser(); + if (ruleUser != null) { + return ruleUser.getId().equals(user.getId()) && rule.isCanWrite(); + } + + UserGroup ruleGroup = rule.getGroup(); + if (ruleGroup != null) { + List userGroupsNames = extractGroupsNames(user.getGroups()); + return userGroupsNames.contains(ruleGroup.getGroupName()) && rule.isCanWrite(); } - for (UserGroup ug : groups) { - groupNames.add(ug.getGroupName()); + + return false; + } + + private static List extractGroupsNames(Set groups) { + if (groups == null) { + return Collections.emptyList(); } - return groupNames; + return groups.stream().map(UserGroup::getGroupName).collect(Collectors.toList()); } /*