diff options
author | Simon Rettberg | 2015-06-23 19:10:48 +0200 |
---|---|---|
committer | Simon Rettberg | 2015-06-23 19:10:48 +0200 |
commit | 8ad025dd99468f71d2fa5c49e0bcf359b055ec97 (patch) | |
tree | 6208ff7d598116e36b21882e5a018a99d2506103 /dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions | |
parent | fix bwLehrpool logo not beeing read from the resources (diff) | |
download | tutor-module-8ad025dd99468f71d2fa5c49e0bcf359b055ec97.tar.gz tutor-module-8ad025dd99468f71d2fa5c49e0bcf359b055ec97.tar.xz tutor-module-8ad025dd99468f71d2fa5c49e0bcf359b055ec97.zip |
[server] More methods implemented
Diffstat (limited to 'dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions')
-rw-r--r-- | dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java | 111 |
1 files changed, 104 insertions, 7 deletions
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java index 51041df9..fc3241a9 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java @@ -1,8 +1,13 @@ package org.openslx.bwlp.sat.permissions; import java.sql.SQLException; +import java.util.Map; import org.openslx.bwlp.sat.database.mappers.DbImage; +import org.openslx.bwlp.sat.database.mappers.DbOrganization; +import org.openslx.bwlp.sat.database.mappers.DbUser; +import org.openslx.bwlp.sat.database.models.LocalOrganization; +import org.openslx.bwlp.sat.database.models.LocalUser; import org.openslx.bwlp.thrift.iface.AuthorizationError; import org.openslx.bwlp.thrift.iface.ImagePermissions; import org.openslx.bwlp.thrift.iface.ImageSummaryRead; @@ -11,17 +16,18 @@ import org.openslx.bwlp.thrift.iface.TAuthorizationException; import org.openslx.bwlp.thrift.iface.TInternalServerError; import org.openslx.bwlp.thrift.iface.TNotFoundException; import org.openslx.bwlp.thrift.iface.UserInfo; +import org.openslx.util.TimeoutHashMap; public class User { - public enum Permission { + public static enum Permission { LINK, DOWNLOAD, EDIT, ADMIN } - private static boolean canActionImage(UserInfo ui, Permission checkPerm, + private static boolean canActionImage(UserInfo user, Permission checkPerm, ImagePermissions... imagePermissions) { for (ImagePermissions perm : imagePermissions) { if (perm == null) @@ -35,14 +41,99 @@ public class User { if (checkPerm == Permission.ADMIN) return perm.admin; } - return isSuperUser(ui); + return false; + } + + /** + * Cache local user data, might be called quite often. + */ + private static final Map<String, LocalUser> localUserCache = new TimeoutHashMap<>(60000); + + private static LocalUser getLocalUser(UserInfo user) { + synchronized (localUserCache) { + LocalUser local = localUserCache.get(user.userId); + if (local != null) + return local; + } + LocalUser localData; + try { + localData = DbUser.getLocalData(user); + } catch (SQLException e) { + return null; + } + if (localData == null) + return null; + synchronized (localUserCache) { + localUserCache.put(user.userId, localData); + } + return localData; } - public static boolean isSuperUser(UserInfo ui) { - // TODO: for superuser override, read from DB + /** + * Cache local organization data, might be called quite often. + */ + private static final Map<String, LocalOrganization> localOrganizationCache = new TimeoutHashMap<>(60000); + + private static LocalOrganization getLocalOrganization(String organizationId) { + synchronized (localOrganizationCache) { + LocalOrganization local = localOrganizationCache.get(organizationId); + if (local != null) + return local; + } + LocalOrganization localData; + try { + localData = DbOrganization.getLocalData(organizationId); + } catch (SQLException e) { + return null; + } + if (localData == null) + return null; + synchronized (localOrganizationCache) { + localOrganizationCache.put(organizationId, localData); + } + return localData; + } + + /** + * Check if given user is a local super user. + * + * @param user + * @return + */ + public static boolean isSuperUser(UserInfo user) { + LocalUser localData = getLocalUser(user); + return localData != null && localData.isSuperUser; + } + + /** + * Check if given user is allowed to login to this satellite. + * + * @param user user to check login permission for + * @return true if user is allowed to login to this satellite + */ + public static boolean canLogin(UserInfo user) { + LocalUser localData = getLocalUser(user); + if (localData != null) + return localData.canLogin; // User locally known, use user-specific permission + LocalOrganization local = getLocalOrganization(user.organizationId); + // User unknown, check per-organization login permission + if (local == null) + return false; + if (local.canLogin) + return true; + // Special case: If user is not allowed to login, check if there are no allowed + // organizations yet. If so, automatically allow the organization of this user. + try { + if (DbOrganization.getLoginAllowedOrganizations().isEmpty()) { + DbOrganization.setCanLogin(user.organizationId, true); + return true; + } + } catch (SQLException e) { + // Ignore + } return false; } - + /** * Check if the given user has the given permission for the image identified * by the given image base id. @@ -55,15 +146,21 @@ public class User { */ public static boolean hasImageBasePermission(UserInfo user, String imageBaseId, Permission permission) throws TInternalServerError, TNotFoundException { + // Students can download only, so return false right away if we're not checking for download + if (user.role == Role.STUDENT && permission != Permission.DOWNLOAD) + return false; + // Check general permissions ImageSummaryRead localImage; try { localImage = DbImage.getImageSummary(user, imageBaseId); } catch (SQLException e) { throw new TInternalServerError(); } + // Owner has all permissions if (localImage.ownerId.equals(user.userId)) return true; - return canActionImage(user, permission, localImage.userPermissions, localImage.defaultPermissions); + return canActionImage(user, permission, localImage.userPermissions, localImage.defaultPermissions) + || isSuperUser(user); } /** |