[server] Validate lecture/imageversion dates, conditionally set isTemplate

5 files changed, 131 insertions, 17 deletions

diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/RuntimeConfig.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/RuntimeConfig.java
new file mode 100644
index 00000000..ae9053a4
--- /dev/null
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/RuntimeConfig.java
@@ -0,0 +1,33 @@
+package org.openslx.bwlp.sat;
+
+import org.openslx.bwlp.sat.database.Paginator;
+import org.openslx.bwlp.thrift.iface.ImagePermissions;
+import org.openslx.bwlp.thrift.iface.LecturePermissions;
+import org.openslx.bwlp.thrift.iface.SatelliteConfig;
+
+public class RuntimeConfig {
+
+	private static final SatelliteConfig satConfig;
+
+	static {
+		satConfig = new SatelliteConfig();
+		satConfig.setDefaultImagePermissions(new ImagePermissions(true, true, false, false));
+		satConfig.setDefaultLecturePermissions(new LecturePermissions(false, false));
+		satConfig.setMaxImageValidityDays(200);
+		satConfig.setMaxLectureValidityDays(100);
+		satConfig.setPageSize(Paginator.PER_PAGE);
+	}
+
+	public static SatelliteConfig get() {
+		return satConfig.deepCopy();
+	}
+
+	public static long getMaxImageValidityMs() {
+		return satConfig.getMaxImageValidityDays() * 86400l * 1000l;
+	}
+
+	public static long getMaxLectureValidityMs() {
+		return satConfig.getMaxLectureValidityDays() * 86400l * 1000l;
+	}
+
+}
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java
index 98191bea..605dff1a 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java
@@ -245,7 +245,9 @@ public class DbImage {
 		try (MysqlConnection connection = Database.getConnection()) {
 			MysqlStatement stmt = connection.prepareStatement("UPDATE imagebase"
 					+ " SET displayname = :imagename, description = :description,"
-					+ " osid = :osid, virtid = :virtid, istemplate = :istemplate, canlinkdefault = :canlink,"
+					+ " osid = :osid, virtid = :virtid,"
+					+ (user == null || User.isSuperUser(user) ? " istemplate = :istemplate," : "")
+					+ " canlinkdefault = :canlink,"
 					+ " candownloaddefault = :candownload, caneditdefault = :canedit,"
 					+ " updaterid = :updaterid, updatetime = UNIX_TIMESTAMP(),"
 					+ " canadmindefault = :canadmin" + " WHERE imagebaseid = :baseid");
@@ -254,7 +256,11 @@ public class DbImage {
 			stmt.setString("description", image.description);
 			stmt.setInt("osid", image.osId);
 			stmt.setString("virtid", image.virtId);
-			stmt.setBoolean("istemplate", image.isTemplate);
+			try {
+				stmt.setBoolean("istemplate", image.isTemplate);
+			} catch (IllegalArgumentException e) {
+				// This might not exist in the query, so swallow the exception
+			}
 			stmt.setBoolean("canlink", image.defaultPermissions.link);
 			stmt.setBoolean("candownload", image.defaultPermissions.download);
 			stmt.setBoolean("canedit", image.defaultPermissions.edit);
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java
index a0ed9b94..187695b4 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java
@@ -285,6 +285,12 @@ public class User {
 		}
 	}
 
+	public static void canChangeImageExpireDateOrFail(UserInfo user) throws TAuthorizationException {
+		if (!isSuperUser(user))
+			throw new TAuthorizationException(AuthorizationError.NO_PERMISSION,
+					"Only the super user can change the expire date of images");
+	}
+
 	public static void setCombinedUserPermissions(ImageSummaryRead image, UserInfo user) {
 		if (hasAllImagePermissions(user, image.ownerId)) {
 			image.userPermissions = imageSu;
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java
index 7ce167e0..2a9d5d6f 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java
@@ -7,7 +7,7 @@ import java.util.Map;
 
 import org.apache.log4j.Logger;
 import org.apache.thrift.TException;
-import org.openslx.bwlp.sat.database.Paginator;
+import org.openslx.bwlp.sat.RuntimeConfig;
 import org.openslx.bwlp.sat.database.mappers.DbImage;
 import org.openslx.bwlp.sat.database.mappers.DbImagePermissions;
 import org.openslx.bwlp.sat.database.mappers.DbLecture;
@@ -19,6 +19,7 @@ import org.openslx.bwlp.sat.permissions.User;
 import org.openslx.bwlp.sat.thrift.cache.OperatingSystemList;
 import org.openslx.bwlp.sat.thrift.cache.OrganizationList;
 import org.openslx.bwlp.sat.thrift.cache.VirtualizerList;
+import org.openslx.bwlp.sat.util.Sanitizer;
 import org.openslx.bwlp.sat.util.Util;
 import org.openslx.bwlp.thrift.iface.AuthorizationError;
 import org.openslx.bwlp.thrift.iface.ImageBaseWrite;
@@ -39,6 +40,7 @@ import org.openslx.bwlp.thrift.iface.ShareMode;
 import org.openslx.bwlp.thrift.iface.TAuthorizationException;
 import org.openslx.bwlp.thrift.iface.TImageDataException;
 import org.openslx.bwlp.thrift.iface.TInternalServerError;
+import org.openslx.bwlp.thrift.iface.TInvalidDateParam;
 import org.openslx.bwlp.thrift.iface.TInvalidTokenException;
 import org.openslx.bwlp.thrift.iface.TNotFoundException;
 import org.openslx.bwlp.thrift.iface.TTransferRejectedException;
@@ -55,17 +57,6 @@ public class ServerHandler implements SatelliteServer.Iface {
 
 	private static final FileServer fileServer = FileServer.instance();
 
-	private static final SatelliteConfig satConfig;
-
-	static {
-		satConfig = new SatelliteConfig();
-		satConfig.setDefaultImagePermissions(new ImagePermissions(true, true, false, false));
-		satConfig.setDefaultLecturePermissions(new LecturePermissions(false, false));
-		satConfig.setMaxImageValidityDays(200);
-		satConfig.setMaxLectureValidityDays(100);
-		satConfig.setPageSize(Paginator.PER_PAGE);
-	}
-
 	@Override
 	public long getVersion() {
 		return Version.VERSION;
@@ -73,7 +64,7 @@ public class ServerHandler implements SatelliteServer.Iface {
 
 	@Override
 	public SatelliteConfig getConfiguration() {
-		return satConfig;
+		return RuntimeConfig.get();
 	}
 
 	/*
@@ -255,6 +246,7 @@ public class ServerHandler implements SatelliteServer.Iface {
 			}
 			// TODO: Should other fields be validated? Most fields should be protected by fk constraints,
 			// but the user would only get a generic error, with no hint at the actual problem.
+			// The update routine will make sure only the super user can change the template flag
 			DbImage.updateImageMetadata(user, imageBaseId, newData);
 		} catch (SQLException e1) {
 			throw new TInternalServerError();
@@ -350,10 +342,19 @@ public class ServerHandler implements SatelliteServer.Iface {
 	}
 
 	@Override
+	public void setImageVersionExpiry(String userToken, String imageBaseId, long expireTime)
+			throws TAuthorizationException, TNotFoundException, TInternalServerError, TInvalidDateParam,
+			TException {
+		UserInfo user = SessionManager.getOrFail(userToken);
+		User.canChangeImageExpireDateOrFail(user);
+	}
+
+	@Override
 	public String createLecture(String userToken, LectureWrite lecture) throws TAuthorizationException,
-			TInternalServerError {
+			TInternalServerError, TInvalidDateParam {
 		UserInfo user = SessionManager.getOrFail(userToken);
 		User.canCreateLectureOrFail(user);
+		Sanitizer.handleLectureDates(lecture);
 		try {
 			return DbLecture.create(user, lecture);
 		} catch (SQLException e) {
@@ -363,9 +364,10 @@ public class ServerHandler implements SatelliteServer.Iface {
 
 	@Override
 	public void updateLecture(String userToken, String lectureId, LectureWrite lecture)
-			throws TAuthorizationException, TNotFoundException, TInternalServerError {
+			throws TAuthorizationException, TNotFoundException, TInternalServerError, TInvalidDateParam {
 		UserInfo user = SessionManager.getOrFail(userToken);
 		User.canEditLectureOrFail(user, lectureId);
+		Sanitizer.handleLectureDates(lecture);
 		try {
 			DbLecture.update(user, lectureId, lecture);
 		} catch (SQLException e) {
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Sanitizer.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Sanitizer.java
new file mode 100644
index 00000000..5dd3b64e
--- /dev/null
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Sanitizer.java
@@ -0,0 +1,67 @@
+package org.openslx.bwlp.sat.util;
+
+import org.openslx.bwlp.sat.RuntimeConfig;
+import org.openslx.bwlp.thrift.iface.DateParamError;
+import org.openslx.bwlp.thrift.iface.LectureWrite;
+import org.openslx.bwlp.thrift.iface.TInvalidDateParam;
+
+public class Sanitizer {
+
+	/**
+	 * One day in milliseconds
+	 */
+	private final static long ONE_DAY = 86400l * 1000l;
+
+	/**
+	 * How far in the past can a date lie? Currently 180 days, no idea if anyone
+	 * would ever need this feature, but don't error out right away
+	 */
+	private static final long LOWER_CUTOFF = 180l * ONE_DAY;
+
+	private static final long MAX_IMAGE_EXPIRY = 10l * 365l * ONE_DAY;
+
+	/**
+	 * Sanitize start and end date of lecture.
+	 * 
+	 * @param lecture Lecture to sanitize
+	 * @throws TInvalidDateParam If start or end date have invalid values
+	 */
+	public static void handleLectureDates(LectureWrite lecture) throws TInvalidDateParam {
+		if (lecture.startTime > lecture.endTime)
+			throw new TInvalidDateParam(DateParamError.NEGATIVE_RANGE, "Start date past end date");
+		final long now = System.currentTimeMillis();
+		long lowLimit = now - LOWER_CUTOFF;
+		if (lecture.startTime < lowLimit)
+			throw new TInvalidDateParam(DateParamError.TOO_LOW, "Start date lies in the past");
+		if (lecture.endTime < lowLimit)
+			throw new TInvalidDateParam(DateParamError.TOO_LOW, "End date lies in the past");
+		long highLimit = now + RuntimeConfig.getMaxLectureValidityMs();
+		if (lecture.startTime > highLimit)
+			throw new TInvalidDateParam(DateParamError.TOO_HIGH, "Start date lies too far in the future");
+		// Bonus: If the end date is just a little bit off, silently correct it, since it might be clock
+		// inaccuracies between server and client
+		if (lecture.endTime > highLimit) {
+			if (lecture.endTime - ONE_DAY > highLimit)
+				throw new TInvalidDateParam(DateParamError.TOO_HIGH, "End date lies too far in the future");
+			lecture.endTime = highLimit;
+		}
+	}
+
+	/**
+	 * Check if given image expiry date is valid. Be liberal here, since only
+	 * the super user can set it, and they should know what they're doing.
+	 * 
+	 * @param unixTimestamp timestamp to check
+	 * @throws TInvalidDateParam If the date is invalid
+	 */
+	public static void handleImageExpiryDate(long unixTimestamp) throws TInvalidDateParam {
+		final long now = System.currentTimeMillis();
+		long lowLimit = now - LOWER_CUTOFF;
+		if (unixTimestamp < lowLimit)
+			throw new TInvalidDateParam(DateParamError.TOO_LOW, "Expiry date lies in the past");
+		long highLimit = now + MAX_IMAGE_EXPIRY;
+		if (unixTimestamp > highLimit)
+			throw new TInvalidDateParam(DateParamError.TOO_HIGH, "Expiry date lies too far in the future");
+	}
+
+}