Revision 88249c56
Added by Andreas Kohlbecker over 6 years ago
| cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/voter/SpecimenOrObservationBaseVoter.java | ||
|---|---|---|
| 8 | 8 |
*/ |
| 9 | 9 |
package eu.etaxonomy.cdm.persistence.hibernate.permission.voter; |
| 10 | 10 |
|
| 11 |
import java.util.Collection; |
|
| 12 |
import java.util.Set; |
|
| 13 |
import java.util.UUID; |
|
| 14 |
|
|
| 15 |
import org.springframework.security.access.ConfigAttribute; |
|
| 16 |
|
|
| 17 |
import eu.etaxonomy.cdm.hibernate.HibernateProxyHelper; |
|
| 11 | 18 |
import eu.etaxonomy.cdm.model.common.CdmBase; |
| 19 |
import eu.etaxonomy.cdm.model.occurrence.DerivedUnit; |
|
| 12 | 20 |
import eu.etaxonomy.cdm.model.occurrence.SpecimenOrObservationBase; |
| 21 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthority; |
|
| 13 | 22 |
|
| 14 | 23 |
/** |
| 24 |
* see https://dev.e-taxonomy.eu/redmine/issues/7018 |
|
| 25 |
* |
|
| 15 | 26 |
* @author a.kohlbecker |
| 16 | 27 |
* @date Feb 24, 2014 |
| 17 | 28 |
* |
| ... | ... | |
| 26 | 37 |
return SpecimenOrObservationBase.class; |
| 27 | 38 |
} |
| 28 | 39 |
|
| 40 |
/* (non-Javadoc) |
|
| 41 |
* @see eu.etaxonomy.cdm.persistence.hibernate.permission.voter.CdmPermissionVoter#furtherVotingDescisions(org.springframework.security.core.Authentication, java.lang.Object, java.util.Collection, eu.etaxonomy.cdm.persistence.hibernate.permission.voter.TaxonBaseVoter.ValidationResult) |
|
| 42 |
*/ |
|
| 43 |
@Override |
|
| 44 |
protected Integer furtherVotingDescisions(CdmAuthority CdmAuthority, Object object, Collection<ConfigAttribute> attributes, |
|
| 45 |
ValidationResult validationResult) {
|
|
| 46 |
|
|
| 47 |
boolean isUuidMatchInOriginals = CdmAuthority.hasTargetUuid() && propagateGrantsFromOriginal(CdmAuthority.getTargetUUID(), (SpecimenOrObservationBase)object); |
|
| 48 |
if ( isUuidMatchInOriginals && validationResult.isClassMatch && validationResult.isPermissionMatch){
|
|
| 49 |
logger.debug("permission, class and uuid in originals are matching => ACCESS_GRANTED");
|
|
| 50 |
return ACCESS_GRANTED; |
|
| 51 |
} |
|
| 52 |
return null; |
|
| 53 |
} |
|
| 54 |
|
|
| 55 |
/** |
|
| 56 |
* @param targetUuid |
|
| 57 |
* @param sob |
|
| 58 |
* @return |
|
| 59 |
*/ |
|
| 60 |
private boolean propagateGrantsFromOriginal(UUID targetUuid, SpecimenOrObservationBase<?> sob){
|
|
| 61 |
|
|
| 62 |
if (targetUuid.equals(sob.getUuid())) {
|
|
| 63 |
return true; |
|
| 64 |
} else {
|
|
| 65 |
if(sob instanceof DerivedUnit) {
|
|
| 66 |
Set<SpecimenOrObservationBase> originals = HibernateProxyHelper.deproxy(sob, DerivedUnit.class).getOriginals(); |
|
| 67 |
if(originals.size() == 1){
|
|
| 68 |
SpecimenOrObservationBase original = originals.iterator().next(); |
|
| 69 |
return propagateGrantsFromOriginal(targetUuid, original); |
|
| 70 |
} |
|
| 71 |
} |
|
| 72 |
} |
|
| 73 |
return false; |
|
| 74 |
} |
|
| 75 |
|
|
| 29 | 76 |
/* (non-Javadoc) |
| 30 | 77 |
* @see eu.etaxonomy.cdm.persistence.hibernate.permission.voter.CdmPermissionVoter#isOrpahn(eu.etaxonomy.cdm.model.common.CdmBase) |
| 31 | 78 |
*/ |
| 32 | 79 |
@Override |
| 33 | 80 |
public boolean isOrpahn(CdmBase object) {
|
| 34 |
// the permission to delete a SpecimenOrObservationBase is not granted on base of hierachical |
|
| 35 |
// permission propagation, therefore it is save to treat all entities as orphan. |
|
| 81 |
// we always return true here to allow deleting the reference |
|
| 36 | 82 |
return true; |
| 37 | 83 |
} |
| 38 | 84 |
|
| cdmlib-persistence/src/test/java/eu/etaxonomy/cdm/persistence/hibenate/permission/SpecimenOrObservationBaseVoterTest.java | ||
|---|---|---|
| 1 |
/** |
|
| 2 |
* Copyright (C) 2017 EDIT |
|
| 3 |
* European Distributed Institute of Taxonomy |
|
| 4 |
* http://www.e-taxonomy.eu |
|
| 5 |
* |
|
| 6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
| 7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
| 8 |
*/ |
|
| 9 |
package eu.etaxonomy.cdm.persistence.hibenate.permission; |
|
| 10 |
|
|
| 11 |
import java.util.Arrays; |
|
| 12 |
import java.util.EnumSet; |
|
| 13 |
|
|
| 14 |
import org.junit.Ignore; |
|
| 15 |
import org.junit.Test; |
|
| 16 |
import org.springframework.security.access.AccessDecisionVoter; |
|
| 17 |
|
|
| 18 |
import eu.etaxonomy.cdm.model.occurrence.DerivationEvent; |
|
| 19 |
import eu.etaxonomy.cdm.model.occurrence.DerivationEventType; |
|
| 20 |
import eu.etaxonomy.cdm.model.occurrence.DerivedUnit; |
|
| 21 |
import eu.etaxonomy.cdm.model.occurrence.FieldUnit; |
|
| 22 |
import eu.etaxonomy.cdm.model.occurrence.SpecimenOrObservationType; |
|
| 23 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; |
|
| 24 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthority; |
|
| 25 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmPermissionClass; |
|
| 26 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.voter.SpecimenOrObservationBaseVoter; |
|
| 27 |
|
|
| 28 |
/** |
|
| 29 |
* @author a.kohlbecker |
|
| 30 |
* @since 16.10.2017 |
|
| 31 |
* |
|
| 32 |
*/ |
|
| 33 |
public class SpecimenOrObservationBaseVoterTest extends AbstractCdmPermissionVoterTest {
|
|
| 34 |
|
|
| 35 |
|
|
| 36 |
private static final EnumSet<CRUD> UPDATE = EnumSet.of(CRUD.UPDATE); |
|
| 37 |
|
|
| 38 |
private SpecimenOrObservationBaseVoter voter = new SpecimenOrObservationBaseVoter(); |
|
| 39 |
|
|
| 40 |
private FieldUnit fuA; |
|
| 41 |
|
|
| 42 |
private FieldUnit fuB; |
|
| 43 |
|
|
| 44 |
private DerivedUnit duA; |
|
| 45 |
|
|
| 46 |
private DerivedUnit duB; |
|
| 47 |
|
|
| 48 |
private DerivedUnit duAB; |
|
| 49 |
|
|
| 50 |
private DerivedUnit du2; |
|
| 51 |
|
|
| 52 |
@Test |
|
| 53 |
public void testSimplePerEntityPermission(){
|
|
| 54 |
|
|
| 55 |
DerivedUnit du = DerivedUnit.NewInstance(SpecimenOrObservationType.DerivedUnit); |
|
| 56 |
|
|
| 57 |
int vote = voter.vote(authentication( |
|
| 58 |
new CdmAuthority(du, UPDATE) |
|
| 59 |
), |
|
| 60 |
du, |
|
| 61 |
Arrays.asList(new CdmAuthority(CdmPermissionClass.SPECIMENOROBSERVATIONBASE, UPDATE)) |
|
| 62 |
); |
|
| 63 |
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, vote); |
|
| 64 |
} |
|
| 65 |
|
|
| 66 |
@Test |
|
| 67 |
public void testSimplePerOriginalPermission(){
|
|
| 68 |
|
|
| 69 |
DerivedUnit du1 = DerivedUnit.NewInstance(SpecimenOrObservationType.DerivedUnit); |
|
| 70 |
|
|
| 71 |
DerivedUnit du2 = DerivedUnit.NewInstance(SpecimenOrObservationType.DerivedUnit); |
|
| 72 |
|
|
| 73 |
FieldUnit fuA = FieldUnit.NewInstance(); |
|
| 74 |
|
|
| 75 |
DerivationEvent.NewSimpleInstance(fuA, du1, null); |
|
| 76 |
DerivationEvent.NewSimpleInstance(du1, du2, null); |
|
| 77 |
|
|
| 78 |
int vote = voter.vote(authentication( |
|
| 79 |
new CdmAuthority(fuA, UPDATE) |
|
| 80 |
), |
|
| 81 |
du1, |
|
| 82 |
Arrays.asList(new CdmAuthority(CdmPermissionClass.SPECIMENOROBSERVATIONBASE, UPDATE)) |
|
| 83 |
); |
|
| 84 |
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, vote); |
|
| 85 |
} |
|
| 86 |
|
|
| 87 |
public void testMultipleOriginalsGrantForCommonOriginal(){
|
|
| 88 |
|
|
| 89 |
buildDerivationGraph(); |
|
| 90 |
|
|
| 91 |
|
|
| 92 |
int vote = voter.vote(authentication( |
|
| 93 |
new CdmAuthority(duAB, UPDATE) |
|
| 94 |
), |
|
| 95 |
du2, |
|
| 96 |
Arrays.asList(new CdmAuthority(CdmPermissionClass.SPECIMENOROBSERVATIONBASE, UPDATE)) |
|
| 97 |
); |
|
| 98 |
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, vote); |
|
| 99 |
|
|
| 100 |
} |
|
| 101 |
|
|
| 102 |
@Test |
|
| 103 |
public void testMultipleOriginalsGrantForOneRootOnly(){
|
|
| 104 |
|
|
| 105 |
buildDerivationGraph(); |
|
| 106 |
|
|
| 107 |
int vote = voter.vote(authentication( |
|
| 108 |
new CdmAuthority(fuA, UPDATE) |
|
| 109 |
), |
|
| 110 |
du2, |
|
| 111 |
Arrays.asList(new CdmAuthority(CdmPermissionClass.SPECIMENOROBSERVATIONBASE, UPDATE)) |
|
| 112 |
); |
|
| 113 |
assertEquals(AccessDecisionVoter.ACCESS_DENIED, vote); |
|
| 114 |
|
|
| 115 |
} |
|
| 116 |
|
|
| 117 |
@Test |
|
| 118 |
@Ignore // see https://dev.e-taxonomy.eu/redmine/issues/7020 |
|
| 119 |
public void testMultipleOriginalsGrantForAllRoots(){
|
|
| 120 |
|
|
| 121 |
buildDerivationGraph(); |
|
| 122 |
|
|
| 123 |
int vote = voter.vote(authentication( |
|
| 124 |
new CdmAuthority(fuA, UPDATE), |
|
| 125 |
new CdmAuthority(fuB, UPDATE) |
|
| 126 |
), |
|
| 127 |
du2, |
|
| 128 |
Arrays.asList(new CdmAuthority(CdmPermissionClass.SPECIMENOROBSERVATIONBASE, UPDATE)) |
|
| 129 |
); |
|
| 130 |
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, vote); |
|
| 131 |
} |
|
| 132 |
|
|
| 133 |
|
|
| 134 |
/** |
|
| 135 |
* Builds a derivation graph having two roots. |
|
| 136 |
* |
|
| 137 |
<pre> |
|
| 138 |
fuA -- duA |
|
| 139 |
\ |
|
| 140 |
duAB -- du2 |
|
| 141 |
/ |
|
| 142 |
fuB -- duB |
|
| 143 |
</pre> |
|
| 144 |
* |
|
| 145 |
*/ |
|
| 146 |
protected void buildDerivationGraph() {
|
|
| 147 |
|
|
| 148 |
fuA = FieldUnit.NewInstance(); |
|
| 149 |
fuB = FieldUnit.NewInstance(); |
|
| 150 |
|
|
| 151 |
duA = DerivedUnit.NewInstance(SpecimenOrObservationType.DerivedUnit); |
|
| 152 |
duB = DerivedUnit.NewInstance(SpecimenOrObservationType.DerivedUnit); |
|
| 153 |
|
|
| 154 |
duAB = DerivedUnit.NewInstance(SpecimenOrObservationType.DerivedUnit); |
|
| 155 |
|
|
| 156 |
du2 = DerivedUnit.NewInstance(SpecimenOrObservationType.DerivedUnit); |
|
| 157 |
|
|
| 158 |
DerivationEvent.NewSimpleInstance(fuA, duA, null); |
|
| 159 |
DerivationEvent.NewSimpleInstance(fuB, duB, null); |
|
| 160 |
|
|
| 161 |
DerivationEvent groupingEvent = DerivationEvent.NewInstance(DerivationEventType.GROUPING()); |
|
| 162 |
groupingEvent.addOriginal(duA); |
|
| 163 |
groupingEvent.addOriginal(duB); |
|
| 164 |
groupingEvent.addDerivative(duAB); |
|
| 165 |
|
|
| 166 |
DerivationEvent.NewSimpleInstance(duAB, du2, null); |
|
| 167 |
} |
|
| 168 |
|
|
| 169 |
} |
|
Also available in: Unified diff
fix #7018 ref #7020 simple permission voter and authorities for SpecimenOrObservationBase implemented, more complex voter implementation postponed