public Permissions(Permissions ps) { users = ps.getUsers(); groups = ps.getGroups(); }
public static Map<String, Object> getPermissionsAsPreCalculatedFields(Permissions permissions) { Map<String, Object> ret = new HashMap<>(); for (Entry<PermissionType, Set<String>> entry : permissions.getUsers().entrySet()) { String key = RodaConstants.INDEX_PERMISSION_USERS_PREFIX + entry.getKey(); List<String> value = new ArrayList<>(entry.getValue()); ret.put(key, value); } for (Entry<PermissionType, Set<String>> entry : permissions.getGroups().entrySet()) { String key = RodaConstants.INDEX_PERMISSION_GROUPS_PREFIX + entry.getKey(); List<String> value = new ArrayList<>(entry.getValue()); ret.put(key, value); } return ret; }
public static void setPermissions(Permissions permissions, final SolrInputDocument ret) { for (Entry<PermissionType, Set<String>> entry : permissions.getUsers().entrySet()) { String key = RodaConstants.INDEX_PERMISSION_USERS_PREFIX + entry.getKey(); List<String> value = new ArrayList<>(entry.getValue()); ret.addField(key, value); } for (Entry<PermissionType, Set<String>> entry : permissions.getGroups().entrySet()) { String key = RodaConstants.INDEX_PERMISSION_GROUPS_PREFIX + entry.getKey(); List<String> value = new ArrayList<>(entry.getValue()); ret.addField(key, value); } }
public static void checkDIPPermissions(User user, IndexedDIP dip, PermissionType permissionType) throws AuthorizationDeniedException { if (isAdministrator(user)) { return; } Set<String> users = dip.getPermissions().getUsers().get(permissionType); Set<String> groups = dip.getPermissions().getGroups().get(permissionType); LOGGER.debug("Checking if user '{}' has permissions to {} dip {} (object read permissions: {} & {})", user.getId(), permissionType, dip.getId(), users, groups); if (!users.contains(user.getId()) && iterativeDisjoint(groups, user.getGroups())) { throw new AuthorizationDeniedException( "The user '" + user.getId() + "' does not have permissions to " + permissionType); } }
public static void checkAIPPermissions(User user, IndexedAIP aip, PermissionType permissionType) throws AuthorizationDeniedException { if (isAdministrator(user)) { return; } Set<String> users = aip.getPermissions().getUsers().get(permissionType); Set<String> groups = aip.getPermissions().getGroups().get(permissionType); LOGGER.debug("Checking if user '{}' has permissions to {} object {} (object read permissions: {} & {})", user.getId(), permissionType, aip.getId(), users, groups); if (!users.contains(user.getId()) && iterativeDisjoint(groups, user.getGroups())) { throw new AuthorizationDeniedException( "The user '" + user.getId() + "' does not have permissions to " + permissionType); } }
private static <T extends IsIndexed> void checkDIPObjectPermissions(User user, T obj, Function<T, String> toDIP, PermissionType permissionType) throws AuthorizationDeniedException { if (isAdministrator(user)) { return; } String dipId = toDIP.apply(obj); IndexedDIP dip; try { dip = RodaCoreFactory.getIndexService().retrieve(IndexedDIP.class, dipId, RodaConstants.DIP_PERMISSIONS_FIELDS_TO_RETURN); } catch (NotFoundException | GenericException e) { throw new AuthorizationDeniedException("Could not check permissions of object " + obj, e); } Set<String> users = dip.getPermissions().getUsers().get(permissionType); Set<String> groups = dip.getPermissions().getGroups().get(permissionType); LOGGER.debug("Checking if user '{}' has permissions to {} object {} (object read permissions: {} & {})", user.getId(), permissionType, dip.getId(), users, groups); if (!users.contains(user.getId()) && iterativeDisjoint(groups, user.getGroups())) { throw new AuthorizationDeniedException( "The user '" + user.getId() + "' does not have permissions to " + permissionType); } }
private static <T extends IsIndexed> void checkAIPObjectPermissions(User user, T obj, Function<T, String> toAIP, PermissionType permissionType) throws AuthorizationDeniedException { if (isAdministrator(user)) { return; } String aipId = toAIP.apply(obj); IndexedAIP aip; try { aip = RodaCoreFactory.getIndexService().retrieve(IndexedAIP.class, aipId, RodaConstants.AIP_PERMISSIONS_FIELDS_TO_RETURN); } catch (NotFoundException | GenericException e) { throw new AuthorizationDeniedException("Could not check permissions of object " + obj, e); } Set<String> users = aip.getPermissions().getUsers().get(permissionType); Set<String> groups = aip.getPermissions().getGroups().get(permissionType); LOGGER.debug("Checking if user '{}' has permissions to {} object {} (object read permissions: {} & {})", user.getId(), permissionType, aip.getId(), users, groups); if (!users.contains(user.getId()) && iterativeDisjoint(groups, user.getGroups())) { throw new AuthorizationDeniedException( "The user '" + user.getId() + "' does not have permissions to " + permissionType); } }