public static void checkAIPPermissions(User user, IndexedAIP aip, PermissionType permissionType) throws AuthorizationDeniedException { if (isAdministrator(user)) { return; } Set<String> users = aip.getPermissions().getUsers().get(permissionType); Set<String> groups = aip.getPermissions().getGroups().get(permissionType); LOGGER.debug("Checking if user '{}' has permissions to {} object {} (object read permissions: {} & {})", user.getId(), permissionType, aip.getId(), users, groups); if (!users.contains(user.getId()) && iterativeDisjoint(groups, user.getGroups())) { throw new AuthorizationDeniedException( "The user '" + user.getId() + "' does not have permissions to " + permissionType); } }
private static <T extends IsIndexed> void checkAIPObjectPermissions(User user, T obj, Function<T, String> toAIP, PermissionType permissionType) throws AuthorizationDeniedException { if (isAdministrator(user)) { return; } String aipId = toAIP.apply(obj); IndexedAIP aip; try { aip = RodaCoreFactory.getIndexService().retrieve(IndexedAIP.class, aipId, RodaConstants.AIP_PERMISSIONS_FIELDS_TO_RETURN); } catch (NotFoundException | GenericException e) { throw new AuthorizationDeniedException("Could not check permissions of object " + obj, e); } Set<String> users = aip.getPermissions().getUsers().get(permissionType); Set<String> groups = aip.getPermissions().getGroups().get(permissionType); LOGGER.debug("Checking if user '{}' has permissions to {} object {} (object read permissions: {} & {})", user.getId(), permissionType, aip.getId(), users, groups); if (!users.contains(user.getId()) && iterativeDisjoint(groups, user.getGroups())) { throw new AuthorizationDeniedException( "The user '" + user.getId() + "' does not have permissions to " + permissionType); } }
/** * Constructs a new {@link IndexedAIP} cloning the one given by argument. * * @param other * the {@link IndexedAIP} to be cloned. */ public IndexedAIP(IndexedAIP other) { this(other.getId(), other.getState(), other.getType(), other.getLevel(), other.getTitle(), other.getDateInitial(), other.getDateFinal(), other.getDescription(), other.getParentID(), other.getAncestors(), other.getPermissions(), other.getNumberOfSubmissionFiles(), other.getNumberOfDocumentationFiles(), other.getNumberOfSchemaFiles(), other.getHasRepresentations(), other.getGhost()); }