[server] More methods implemented

1 files changed, 104 insertions, 7 deletions

diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java
index 51041df9..fc3241a9 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java
@@ -1,8 +1,13 @@
 package org.openslx.bwlp.sat.permissions;
 
 import java.sql.SQLException;
+import java.util.Map;
 
 import org.openslx.bwlp.sat.database.mappers.DbImage;
+import org.openslx.bwlp.sat.database.mappers.DbOrganization;
+import org.openslx.bwlp.sat.database.mappers.DbUser;
+import org.openslx.bwlp.sat.database.models.LocalOrganization;
+import org.openslx.bwlp.sat.database.models.LocalUser;
 import org.openslx.bwlp.thrift.iface.AuthorizationError;
 import org.openslx.bwlp.thrift.iface.ImagePermissions;
 import org.openslx.bwlp.thrift.iface.ImageSummaryRead;
@@ -11,17 +16,18 @@ import org.openslx.bwlp.thrift.iface.TAuthorizationException;
 import org.openslx.bwlp.thrift.iface.TInternalServerError;
 import org.openslx.bwlp.thrift.iface.TNotFoundException;
 import org.openslx.bwlp.thrift.iface.UserInfo;
+import org.openslx.util.TimeoutHashMap;
 
 public class User {
 
-	public enum Permission {
+	public static enum Permission {
 		LINK,
 		DOWNLOAD,
 		EDIT,
 		ADMIN
 	}
 
-	private static boolean canActionImage(UserInfo ui, Permission checkPerm,
+	private static boolean canActionImage(UserInfo user, Permission checkPerm,
 			ImagePermissions... imagePermissions) {
 		for (ImagePermissions perm : imagePermissions) {
 			if (perm == null)
@@ -35,14 +41,99 @@ public class User {
 			if (checkPerm == Permission.ADMIN)
 				return perm.admin;
 		}
-		return isSuperUser(ui);
+		return false;
+	}
+
+	/**
+	 * Cache local user data, might be called quite often.
+	 */
+	private static final Map<String, LocalUser> localUserCache = new TimeoutHashMap<>(60000);
+
+	private static LocalUser getLocalUser(UserInfo user) {
+		synchronized (localUserCache) {
+			LocalUser local = localUserCache.get(user.userId);
+			if (local != null)
+				return local;
+		}
+		LocalUser localData;
+		try {
+			localData = DbUser.getLocalData(user);
+		} catch (SQLException e) {
+			return null;
+		}
+		if (localData == null)
+			return null;
+		synchronized (localUserCache) {
+			localUserCache.put(user.userId, localData);
+		}
+		return localData;
 	}
 
-	public static boolean isSuperUser(UserInfo ui) {
-		// TODO: for superuser override, read from DB
+	/**
+	 * Cache local organization data, might be called quite often.
+	 */
+	private static final Map<String, LocalOrganization> localOrganizationCache = new TimeoutHashMap<>(60000);
+
+	private static LocalOrganization getLocalOrganization(String organizationId) {
+		synchronized (localOrganizationCache) {
+			LocalOrganization local = localOrganizationCache.get(organizationId);
+			if (local != null)
+				return local;
+		}
+		LocalOrganization localData;
+		try {
+			localData = DbOrganization.getLocalData(organizationId);
+		} catch (SQLException e) {
+			return null;
+		}
+		if (localData == null)
+			return null;
+		synchronized (localOrganizationCache) {
+			localOrganizationCache.put(organizationId, localData);
+		}
+		return localData;
+	}
+
+	/**
+	 * Check if given user is a local super user.
+	 * 
+	 * @param user
+	 * @return
+	 */
+	public static boolean isSuperUser(UserInfo user) {
+		LocalUser localData = getLocalUser(user);
+		return localData != null && localData.isSuperUser;
+	}
+
+	/**
+	 * Check if given user is allowed to login to this satellite.
+	 * 
+	 * @param user user to check login permission for
+	 * @return true if user is allowed to login to this satellite
+	 */
+	public static boolean canLogin(UserInfo user) {
+		LocalUser localData = getLocalUser(user);
+		if (localData != null)
+			return localData.canLogin; // User locally known, use user-specific permission
+		LocalOrganization local = getLocalOrganization(user.organizationId);
+		// User unknown, check per-organization login permission
+		if (local == null)
+			return false;
+		if (local.canLogin)
+			return true;
+		// Special case: If user is not allowed to login, check if there are no allowed
+		// organizations yet. If so, automatically allow the organization of this user.
+		try {
+			if (DbOrganization.getLoginAllowedOrganizations().isEmpty()) {
+				DbOrganization.setCanLogin(user.organizationId, true);
+				return true;
+			}
+		} catch (SQLException e) {
+			// Ignore
+		}
 		return false;
 	}
-	
+
 	/**
 	 * Check if the given user has the given permission for the image identified
 	 * by the given image base id.
@@ -55,15 +146,21 @@ public class User {
 	 */
 	public static boolean hasImageBasePermission(UserInfo user, String imageBaseId, Permission permission)
 			throws TInternalServerError, TNotFoundException {
+		// Students can download only, so return false right away if we're not checking for download
+		if (user.role == Role.STUDENT && permission != Permission.DOWNLOAD)
+			return false;
+		// Check general permissions
 		ImageSummaryRead localImage;
 		try {
 			localImage = DbImage.getImageSummary(user, imageBaseId);
 		} catch (SQLException e) {
 			throw new TInternalServerError();
 		}
+		// Owner has all permissions
 		if (localImage.ownerId.equals(user.userId))
 			return true;
-		return canActionImage(user, permission, localImage.userPermissions, localImage.defaultPermissions);
+		return canActionImage(user, permission, localImage.userPermissions, localImage.defaultPermissions)
+				|| isSuperUser(user);
 	}
 
 	/**