Revision 88249c56
Added by Andreas Kohlbecker over 6 years ago
cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/voter/SpecimenOrObservationBaseVoter.java | ||
---|---|---|
8 | 8 |
*/ |
9 | 9 |
package eu.etaxonomy.cdm.persistence.hibernate.permission.voter; |
10 | 10 |
|
11 |
import java.util.Collection; |
|
12 |
import java.util.Set; |
|
13 |
import java.util.UUID; |
|
14 |
|
|
15 |
import org.springframework.security.access.ConfigAttribute; |
|
16 |
|
|
17 |
import eu.etaxonomy.cdm.hibernate.HibernateProxyHelper; |
|
11 | 18 |
import eu.etaxonomy.cdm.model.common.CdmBase; |
19 |
import eu.etaxonomy.cdm.model.occurrence.DerivedUnit; |
|
12 | 20 |
import eu.etaxonomy.cdm.model.occurrence.SpecimenOrObservationBase; |
21 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthority; |
|
13 | 22 |
|
14 | 23 |
/** |
24 |
* see https://dev.e-taxonomy.eu/redmine/issues/7018 |
|
25 |
* |
|
15 | 26 |
* @author a.kohlbecker |
16 | 27 |
* @date Feb 24, 2014 |
17 | 28 |
* |
... | ... | |
26 | 37 |
return SpecimenOrObservationBase.class; |
27 | 38 |
} |
28 | 39 |
|
40 |
/* (non-Javadoc) |
|
41 |
* @see eu.etaxonomy.cdm.persistence.hibernate.permission.voter.CdmPermissionVoter#furtherVotingDescisions(org.springframework.security.core.Authentication, java.lang.Object, java.util.Collection, eu.etaxonomy.cdm.persistence.hibernate.permission.voter.TaxonBaseVoter.ValidationResult) |
|
42 |
*/ |
|
43 |
@Override |
|
44 |
protected Integer furtherVotingDescisions(CdmAuthority CdmAuthority, Object object, Collection<ConfigAttribute> attributes, |
|
45 |
ValidationResult validationResult) { |
|
46 |
|
|
47 |
boolean isUuidMatchInOriginals = CdmAuthority.hasTargetUuid() && propagateGrantsFromOriginal(CdmAuthority.getTargetUUID(), (SpecimenOrObservationBase)object); |
|
48 |
if ( isUuidMatchInOriginals && validationResult.isClassMatch && validationResult.isPermissionMatch){ |
|
49 |
logger.debug("permission, class and uuid in originals are matching => ACCESS_GRANTED"); |
|
50 |
return ACCESS_GRANTED; |
|
51 |
} |
|
52 |
return null; |
|
53 |
} |
|
54 |
|
|
55 |
/** |
|
56 |
* @param targetUuid |
|
57 |
* @param sob |
|
58 |
* @return |
|
59 |
*/ |
|
60 |
private boolean propagateGrantsFromOriginal(UUID targetUuid, SpecimenOrObservationBase<?> sob){ |
|
61 |
|
|
62 |
if (targetUuid.equals(sob.getUuid())) { |
|
63 |
return true; |
|
64 |
} else { |
|
65 |
if(sob instanceof DerivedUnit) { |
|
66 |
Set<SpecimenOrObservationBase> originals = HibernateProxyHelper.deproxy(sob, DerivedUnit.class).getOriginals(); |
|
67 |
if(originals.size() == 1){ |
|
68 |
SpecimenOrObservationBase original = originals.iterator().next(); |
|
69 |
return propagateGrantsFromOriginal(targetUuid, original); |
|
70 |
} |
|
71 |
} |
|
72 |
} |
|
73 |
return false; |
|
74 |
} |
|
75 |
|
|
29 | 76 |
/* (non-Javadoc) |
30 | 77 |
* @see eu.etaxonomy.cdm.persistence.hibernate.permission.voter.CdmPermissionVoter#isOrpahn(eu.etaxonomy.cdm.model.common.CdmBase) |
31 | 78 |
*/ |
32 | 79 |
@Override |
33 | 80 |
public boolean isOrpahn(CdmBase object) { |
34 |
// the permission to delete a SpecimenOrObservationBase is not granted on base of hierachical |
|
35 |
// permission propagation, therefore it is save to treat all entities as orphan. |
|
81 |
// we always return true here to allow deleting the reference |
|
36 | 82 |
return true; |
37 | 83 |
} |
38 | 84 |
|
cdmlib-persistence/src/test/java/eu/etaxonomy/cdm/persistence/hibenate/permission/SpecimenOrObservationBaseVoterTest.java | ||
---|---|---|
1 |
/** |
|
2 |
* Copyright (C) 2017 EDIT |
|
3 |
* European Distributed Institute of Taxonomy |
|
4 |
* http://www.e-taxonomy.eu |
|
5 |
* |
|
6 |
* The contents of this file are subject to the Mozilla Public License Version 1.1 |
|
7 |
* See LICENSE.TXT at the top of this package for the full license terms. |
|
8 |
*/ |
|
9 |
package eu.etaxonomy.cdm.persistence.hibenate.permission; |
|
10 |
|
|
11 |
import java.util.Arrays; |
|
12 |
import java.util.EnumSet; |
|
13 |
|
|
14 |
import org.junit.Ignore; |
|
15 |
import org.junit.Test; |
|
16 |
import org.springframework.security.access.AccessDecisionVoter; |
|
17 |
|
|
18 |
import eu.etaxonomy.cdm.model.occurrence.DerivationEvent; |
|
19 |
import eu.etaxonomy.cdm.model.occurrence.DerivationEventType; |
|
20 |
import eu.etaxonomy.cdm.model.occurrence.DerivedUnit; |
|
21 |
import eu.etaxonomy.cdm.model.occurrence.FieldUnit; |
|
22 |
import eu.etaxonomy.cdm.model.occurrence.SpecimenOrObservationType; |
|
23 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; |
|
24 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthority; |
|
25 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmPermissionClass; |
|
26 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.voter.SpecimenOrObservationBaseVoter; |
|
27 |
|
|
28 |
/** |
|
29 |
* @author a.kohlbecker |
|
30 |
* @since 16.10.2017 |
|
31 |
* |
|
32 |
*/ |
|
33 |
public class SpecimenOrObservationBaseVoterTest extends AbstractCdmPermissionVoterTest { |
|
34 |
|
|
35 |
|
|
36 |
private static final EnumSet<CRUD> UPDATE = EnumSet.of(CRUD.UPDATE); |
|
37 |
|
|
38 |
private SpecimenOrObservationBaseVoter voter = new SpecimenOrObservationBaseVoter(); |
|
39 |
|
|
40 |
private FieldUnit fuA; |
|
41 |
|
|
42 |
private FieldUnit fuB; |
|
43 |
|
|
44 |
private DerivedUnit duA; |
|
45 |
|
|
46 |
private DerivedUnit duB; |
|
47 |
|
|
48 |
private DerivedUnit duAB; |
|
49 |
|
|
50 |
private DerivedUnit du2; |
|
51 |
|
|
52 |
@Test |
|
53 |
public void testSimplePerEntityPermission(){ |
|
54 |
|
|
55 |
DerivedUnit du = DerivedUnit.NewInstance(SpecimenOrObservationType.DerivedUnit); |
|
56 |
|
|
57 |
int vote = voter.vote(authentication( |
|
58 |
new CdmAuthority(du, UPDATE) |
|
59 |
), |
|
60 |
du, |
|
61 |
Arrays.asList(new CdmAuthority(CdmPermissionClass.SPECIMENOROBSERVATIONBASE, UPDATE)) |
|
62 |
); |
|
63 |
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, vote); |
|
64 |
} |
|
65 |
|
|
66 |
@Test |
|
67 |
public void testSimplePerOriginalPermission(){ |
|
68 |
|
|
69 |
DerivedUnit du1 = DerivedUnit.NewInstance(SpecimenOrObservationType.DerivedUnit); |
|
70 |
|
|
71 |
DerivedUnit du2 = DerivedUnit.NewInstance(SpecimenOrObservationType.DerivedUnit); |
|
72 |
|
|
73 |
FieldUnit fuA = FieldUnit.NewInstance(); |
|
74 |
|
|
75 |
DerivationEvent.NewSimpleInstance(fuA, du1, null); |
|
76 |
DerivationEvent.NewSimpleInstance(du1, du2, null); |
|
77 |
|
|
78 |
int vote = voter.vote(authentication( |
|
79 |
new CdmAuthority(fuA, UPDATE) |
|
80 |
), |
|
81 |
du1, |
|
82 |
Arrays.asList(new CdmAuthority(CdmPermissionClass.SPECIMENOROBSERVATIONBASE, UPDATE)) |
|
83 |
); |
|
84 |
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, vote); |
|
85 |
} |
|
86 |
|
|
87 |
public void testMultipleOriginalsGrantForCommonOriginal(){ |
|
88 |
|
|
89 |
buildDerivationGraph(); |
|
90 |
|
|
91 |
|
|
92 |
int vote = voter.vote(authentication( |
|
93 |
new CdmAuthority(duAB, UPDATE) |
|
94 |
), |
|
95 |
du2, |
|
96 |
Arrays.asList(new CdmAuthority(CdmPermissionClass.SPECIMENOROBSERVATIONBASE, UPDATE)) |
|
97 |
); |
|
98 |
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, vote); |
|
99 |
|
|
100 |
} |
|
101 |
|
|
102 |
@Test |
|
103 |
public void testMultipleOriginalsGrantForOneRootOnly(){ |
|
104 |
|
|
105 |
buildDerivationGraph(); |
|
106 |
|
|
107 |
int vote = voter.vote(authentication( |
|
108 |
new CdmAuthority(fuA, UPDATE) |
|
109 |
), |
|
110 |
du2, |
|
111 |
Arrays.asList(new CdmAuthority(CdmPermissionClass.SPECIMENOROBSERVATIONBASE, UPDATE)) |
|
112 |
); |
|
113 |
assertEquals(AccessDecisionVoter.ACCESS_DENIED, vote); |
|
114 |
|
|
115 |
} |
|
116 |
|
|
117 |
@Test |
|
118 |
@Ignore // see https://dev.e-taxonomy.eu/redmine/issues/7020 |
|
119 |
public void testMultipleOriginalsGrantForAllRoots(){ |
|
120 |
|
|
121 |
buildDerivationGraph(); |
|
122 |
|
|
123 |
int vote = voter.vote(authentication( |
|
124 |
new CdmAuthority(fuA, UPDATE), |
|
125 |
new CdmAuthority(fuB, UPDATE) |
|
126 |
), |
|
127 |
du2, |
|
128 |
Arrays.asList(new CdmAuthority(CdmPermissionClass.SPECIMENOROBSERVATIONBASE, UPDATE)) |
|
129 |
); |
|
130 |
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, vote); |
|
131 |
} |
|
132 |
|
|
133 |
|
|
134 |
/** |
|
135 |
* Builds a derivation graph having two roots. |
|
136 |
* |
|
137 |
<pre> |
|
138 |
fuA -- duA |
|
139 |
\ |
|
140 |
duAB -- du2 |
|
141 |
/ |
|
142 |
fuB -- duB |
|
143 |
</pre> |
|
144 |
* |
|
145 |
*/ |
|
146 |
protected void buildDerivationGraph() { |
|
147 |
|
|
148 |
fuA = FieldUnit.NewInstance(); |
|
149 |
fuB = FieldUnit.NewInstance(); |
|
150 |
|
|
151 |
duA = DerivedUnit.NewInstance(SpecimenOrObservationType.DerivedUnit); |
|
152 |
duB = DerivedUnit.NewInstance(SpecimenOrObservationType.DerivedUnit); |
|
153 |
|
|
154 |
duAB = DerivedUnit.NewInstance(SpecimenOrObservationType.DerivedUnit); |
|
155 |
|
|
156 |
du2 = DerivedUnit.NewInstance(SpecimenOrObservationType.DerivedUnit); |
|
157 |
|
|
158 |
DerivationEvent.NewSimpleInstance(fuA, duA, null); |
|
159 |
DerivationEvent.NewSimpleInstance(fuB, duB, null); |
|
160 |
|
|
161 |
DerivationEvent groupingEvent = DerivationEvent.NewInstance(DerivationEventType.GROUPING()); |
|
162 |
groupingEvent.addOriginal(duA); |
|
163 |
groupingEvent.addOriginal(duB); |
|
164 |
groupingEvent.addDerivative(duAB); |
|
165 |
|
|
166 |
DerivationEvent.NewSimpleInstance(duAB, du2, null); |
|
167 |
} |
|
168 |
|
|
169 |
} |
Also available in: Unified diff
fix #7018 ref #7020 simple permission voter and authorities for SpecimenOrObservationBase implemented, more complex voter implementation postponed