diff options
author | Simon Rettberg | 2015-06-30 18:21:47 +0200 |
---|---|---|
committer | Simon Rettberg | 2015-06-30 18:21:47 +0200 |
commit | a3cb5ed720dec67fd01759c631e69d6a988e3313 (patch) | |
tree | b47ffce0f885112950752d2462ec4cd92c3ea4e9 /dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java | |
parent | Fixed some comments and variable names (diff) | |
download | tutor-module-a3cb5ed720dec67fd01759c631e69d6a988e3313.tar.gz tutor-module-a3cb5ed720dec67fd01759c631e69d6a988e3313.tar.xz tutor-module-a3cb5ed720dec67fd01759c631e69d6a988e3313.zip |
[server] Refactored permission checking classes a bit
Diffstat (limited to 'dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java')
-rw-r--r-- | dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java | 89 |
1 files changed, 69 insertions, 20 deletions
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java index cab355a7..5cf28713 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java @@ -14,11 +14,11 @@ import org.openslx.bwlp.sat.database.mappers.DbUser; import org.openslx.bwlp.sat.fileserv.ActiveUpload; import org.openslx.bwlp.sat.fileserv.FileServer; import org.openslx.bwlp.sat.permissions.User; -import org.openslx.bwlp.sat.permissions.User.Permission; import org.openslx.bwlp.sat.thrift.cache.OperatingSystemList; import org.openslx.bwlp.sat.thrift.cache.OrganizationList; import org.openslx.bwlp.sat.thrift.cache.VirtualizerList; import org.openslx.bwlp.sat.util.Util; +import org.openslx.bwlp.thrift.iface.AuthorizationError; import org.openslx.bwlp.thrift.iface.ImageBaseWrite; import org.openslx.bwlp.thrift.iface.ImageDataError; import org.openslx.bwlp.thrift.iface.ImageDetailsRead; @@ -32,6 +32,7 @@ import org.openslx.bwlp.thrift.iface.LectureWrite; import org.openslx.bwlp.thrift.iface.OperatingSystem; import org.openslx.bwlp.thrift.iface.Organization; import org.openslx.bwlp.thrift.iface.SatelliteServer; +import org.openslx.bwlp.thrift.iface.ShareMode; import org.openslx.bwlp.thrift.iface.TAuthorizationException; import org.openslx.bwlp.thrift.iface.TImageDataException; import org.openslx.bwlp.thrift.iface.TInternalServerError; @@ -131,11 +132,12 @@ public class ServerHandler implements SatelliteServer.Iface { */ @Override - public List<ImageSummaryRead> getImageList(String userToken, List<String> tagSearch) + public List<ImageSummaryRead> getImageList(String userToken, List<String> tagSearch, int page) throws TAuthorizationException, TInternalServerError { UserInfo user = SessionManager.getOrFail(userToken); + User.canListImagesOrFail(user); try { - return DbImage.getAllVisible(user, tagSearch); + return DbImage.getAllVisible(user, tagSearch, page); } catch (SQLException e) { throw new TInternalServerError(); } @@ -145,6 +147,7 @@ public class ServerHandler implements SatelliteServer.Iface { public ImageDetailsRead getImageDetails(String userToken, String imageBaseId) throws TAuthorizationException, TNotFoundException, TInternalServerError { UserInfo user = SessionManager.getOrFail(userToken); + User.canSeeImageDetailsOrFail(user); try { return DbImage.getImageDetails(user, imageBaseId); } catch (SQLException e) { @@ -167,17 +170,36 @@ public class ServerHandler implements SatelliteServer.Iface { } @Override - public void updateImageBase(String userToken, String imageBaseId, ImageBaseWrite image) + public void updateImageBase(String userToken, String imageBaseId, ImageBaseWrite newData) throws TAuthorizationException, TInternalServerError, TNotFoundException, TImageDataException { UserInfo user = SessionManager.getOrFail(userToken); - User.hasImageBasePermissionOrFail(user, imageBaseId, Permission.EDIT); - if (!Util.isPrintable(image.imageName) || Util.isEmptyString(image.imageName)) + User.canEditBaseImageOrFail(user, imageBaseId); + // Check image name for invalid characters + if (!Util.isPrintable(newData.imageName) || Util.isEmptyString(newData.imageName)) throw new TImageDataException(ImageDataError.INVALID_DATA, "Invalid or empty name"); - // TODO: Should other fields be validated? Most fields should be protected by fk constraints, - // but the user would only get a generic error, with no hint at the actual problem. + // Check if image is marked for replication. If so, only allow changing the syncmode to FROZEN/DOWNLOAD try { - DbImage.updateImageMetadata(user, imageBaseId, image); - } catch (SQLException e) { + ImageSummaryRead imageSummary = DbImage.getImageSummary(user, imageBaseId); + if (imageSummary.shareMode == ShareMode.DOWNLOAD || imageSummary.shareMode == ShareMode.FROZEN) { + if (newData.shareMode != ShareMode.DOWNLOAD && newData.shareMode != ShareMode.FROZEN) { + throw new TImageDataException(ImageDataError.INVALID_SHARE_MODE, + "Cannot change share mode from remote to local"); + } else { + // Share mode is valid and changed, but ignore all other fields + DbImage.setShareMode(imageBaseId, newData); + return; + } + } else { + // Likewise, if share mode is local or publish, don't allow changing to FROZEN/DOWNLOAD + if (newData.shareMode != ShareMode.LOCAL && newData.shareMode != ShareMode.PUBLISH) { + throw new TImageDataException(ImageDataError.INVALID_SHARE_MODE, + "Cannot change share mode from local to remote"); + } + } + // TODO: Should other fields be validated? Most fields should be protected by fk constraints, + // but the user would only get a generic error, with no hint at the actual problem. + DbImage.updateImageMetadata(user, imageBaseId, newData); + } catch (SQLException e1) { throw new TInternalServerError(); } } @@ -186,10 +208,17 @@ public class ServerHandler implements SatelliteServer.Iface { public void updateImageVersion(String userToken, String imageVersionId, ImageVersionWrite image) throws TAuthorizationException, TInternalServerError, TNotFoundException { UserInfo user = SessionManager.getOrFail(userToken); - User.hasImageVersionPermissionOrFail(user, imageVersionId, Permission.EDIT); + User.canEditImageVersionOrFail(user, imageVersionId); try { + // Do not allow editing remote images + ImageSummaryRead imageSummary = DbImage.getImageSummary(user, + DbImage.getBaseIdForVersionId(imageVersionId)); + if (imageSummary.shareMode == ShareMode.DOWNLOAD || imageSummary.shareMode == ShareMode.FROZEN) { + throw new TAuthorizationException(AuthorizationError.NO_PERMISSION, + "Cannot edit image coming from master server"); + } DbImage.updateImageVersion(user, imageVersionId, image); - } catch (SQLException e) { + } catch (SQLException e1) { throw new TInternalServerError(); } } @@ -198,8 +227,17 @@ public class ServerHandler implements SatelliteServer.Iface { public void deleteImageVersion(String userToken, String imageVersionId) throws TAuthorizationException, TNotFoundException, TInternalServerError { UserInfo user = SessionManager.getOrFail(userToken); - User.hasImageVersionPermissionOrFail(user, imageVersionId, Permission.ADMIN); + User.canDeleteImageVersionOrFail(user, imageVersionId); try { + // Do not allow deleting remote images if share mode is set to "auto download" and + // the version to delete is the latest + ImageSummaryRead imageSummary = DbImage.getImageSummary(user, + DbImage.getBaseIdForVersionId(imageVersionId)); + if (imageSummary.shareMode == ShareMode.DOWNLOAD + && imageSummary.latestVersionId.equals(imageVersionId)) { + throw new TAuthorizationException(AuthorizationError.NO_PERMISSION, + "Cannot delete latest version of image if auto-download is enabled"); + } DbImage.markForDeletion(imageVersionId); } catch (SQLException e) { throw new TInternalServerError(); @@ -211,7 +249,7 @@ public class ServerHandler implements SatelliteServer.Iface { Map<String, ImagePermissions> permissions) throws TAuthorizationException, TNotFoundException, TInternalServerError { UserInfo user = SessionManager.getOrFail(userToken); - User.hasImageBasePermissionOrFail(user, imageBaseId, Permission.ADMIN); + User.canEditImagePermissionsOrFail(user, imageBaseId); try { DbImagePermissions.writeForImageBase(imageBaseId, permissions); } catch (SQLException e) { @@ -223,7 +261,7 @@ public class ServerHandler implements SatelliteServer.Iface { public Map<String, ImagePermissions> getImagePermissions(String userToken, String imageBaseId) throws TAuthorizationException, TNotFoundException, TInternalServerError { UserInfo user = SessionManager.getOrFail(userToken); - boolean adminOnly = !User.hasImageBasePermission(user, imageBaseId, Permission.ADMIN); + boolean adminOnly = !User.canEditImagePermissions(user, imageBaseId); try { return DbImagePermissions.getForImageBase(imageBaseId, adminOnly); } catch (SQLException e) { @@ -235,8 +273,13 @@ public class ServerHandler implements SatelliteServer.Iface { public void setImageOwner(String userToken, String imageBaseId, String newOwnerId) throws TAuthorizationException, TNotFoundException, TInternalServerError, TException { UserInfo user = SessionManager.getOrFail(userToken); - User.hasImageBasePermissionOrFail(user, imageBaseId, Permission.ADMIN); + User.canChangeImageOwnerOrFail(user, imageBaseId); try { + ImageSummaryRead imageSummary = DbImage.getImageSummary(user, imageBaseId); + if (imageSummary.shareMode == ShareMode.DOWNLOAD || imageSummary.shareMode == ShareMode.FROZEN) { + throw new TAuthorizationException(AuthorizationError.NO_PERMISSION, + "Cannot change owner of image that gets downloaded from master server"); + } DbImage.setImageOwner(imageBaseId, newOwnerId); } catch (SQLException e) { throw new TInternalServerError(); @@ -259,7 +302,7 @@ public class ServerHandler implements SatelliteServer.Iface { public void updateLecture(String userToken, String lectureId, LectureWrite lecture) throws TAuthorizationException, TNotFoundException, TInternalServerError { UserInfo user = SessionManager.getOrFail(userToken); - User.hasLecturePermissionOrFail(user, lectureId, Permission.EDIT); + User.canEditLectureOrFail(user, lectureId); try { DbLecture.update(user, lectureId, lecture); } catch (SQLException e) { @@ -268,9 +311,15 @@ public class ServerHandler implements SatelliteServer.Iface { } @Override - public List<LectureSummary> getLectureList(String userToken) throws TAuthorizationException { - // TODO Auto-generated method stub - return null; + public List<LectureSummary> getLectureList(String userToken, int page) throws TAuthorizationException, + TInternalServerError { + UserInfo user = SessionManager.getOrFail(userToken); + try { + // If user is student, getAll() will only return lectures where the current linked image is not restricted + return DbLecture.getAll(user, page); + } catch (SQLException e) { + throw new TInternalServerError(); + } } @Override |