diff options
5 files changed, 189 insertions, 60 deletions
diff --git a/dozentenmodulserver/setup/sat-01-schema.sql b/dozentenmodulserver/setup/sat-01-schema.sql index 1d800901..3dbf5317 100644 --- a/dozentenmodulserver/setup/sat-01-schema.sql +++ b/dozentenmodulserver/setup/sat-01-schema.sql @@ -175,6 +175,7 @@ CREATE TABLE IF NOT EXISTS `lecture` ( `displayname` varchar(100) NOT NULL, `description` text NOT NULL, `imageversionid` char(36) CHARACTER SET ascii COLLATE ascii_bin NOT NULL COMMENT 'We reference a specific image version here, not the base image.\nOn update of an image, we update the lecture table for all matching lectures that used the current image version.\nThis way, a tutor can explicitly switch back to an older version of an image.', + `autoupdate` tinyint(1) NOT NULL, `isenabled` tinyint(1) NOT NULL, `starttime` bigint(20) NOT NULL, `endtime` bigint(20) NOT NULL, @@ -320,8 +321,8 @@ ALTER TABLE `lecturepermission` ADD CONSTRAINT `fk_lecturepermission_2` FOREIGN KEY (`userid`) REFERENCES `user` (`userid`) ON UPDATE CASCADE ON DELETE CASCADE; ALTER TABLE `os_x_virt` - ADD CONSTRAINT `fk_os_x_virt_1` FOREIGN KEY (`osid`) REFERENCES `operatingsystem` (`osid`) ON DELETE CASCADE ON DELETE CASCADE, - ADD CONSTRAINT `fk_os_x_virt_2` FOREIGN KEY (`virtid`) REFERENCES `virtualizer` (`virtid`) ON DELETE CASCADE ON DELETE CASCADE; + ADD CONSTRAINT `fk_os_x_virt_1` FOREIGN KEY (`osid`) REFERENCES `operatingsystem` (`osid`) ON UPDATE CASCADE ON DELETE CASCADE, + ADD CONSTRAINT `fk_os_x_virt_2` FOREIGN KEY (`virtid`) REFERENCES `virtualizer` (`virtid`) ON UPDATE CASCADE ON DELETE CASCADE; ALTER TABLE `user` ADD CONSTRAINT `fk_user_1` FOREIGN KEY (`organizationid`) REFERENCES `organization` (`organizationid`) ON UPDATE CASCADE; diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java index 37baf447..51daed49 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java @@ -31,19 +31,6 @@ public class DbImage { } } - public static ImageSummaryRead getImageSummaryFromVersionId(UserInfo user, String imageVersionId) - throws TNotFoundException, SQLException { - try (MysqlConnection connection = Database.getConnection()) { - final String imageBaseId = getBaseIdForVersionId(connection, imageVersionId); - if (imageBaseId == null) - throw new TNotFoundException(); - return getImageSummary(connection, user, imageBaseId); - } catch (SQLException e) { - LOGGER.error("Query failed in DbImage.getImageSummaryFromVersionId()", e); - throw e; - } - } - /** * Get list of all images visible to the given user, optionally filtered by * the given list of tags. @@ -181,6 +168,31 @@ public class DbImage { return versionList; } + /** + * Get the UUID of the image base belonging to the given image version UUID. + * Returns <code>null</code> if the UUID does not exist. + * + * @param imageVersionId + * @return + * @throws SQLException + */ + public static String getBaseIdForVersionId(String imageVersionId) throws SQLException { + try (MysqlConnection connection = Database.getConnection()) { + return getBaseIdForVersionId(connection, imageVersionId); + } catch (SQLException e) { + LOGGER.error("Query failed in DbImage.getBaseIdForVersionId()", e); + throw e; + } + } + + /** + * Get the UUID of the image base belonging to the given image version UUID. + * Returns <code>null</code> if the UUID does not exist. + * + * @param imageVersionId + * @return + * @throws SQLException + */ private static String getBaseIdForVersionId(MysqlConnection connection, String imageVersionId) throws SQLException { MysqlStatement stmt = connection.prepareStatement("SELECT imagebaseid FROM imageversion" diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImagePermissions.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImagePermissions.java index e254b085..9f089b42 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImagePermissions.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImagePermissions.java @@ -2,11 +2,19 @@ package org.openslx.bwlp.sat.database.mappers; import java.sql.ResultSet; import java.sql.SQLException; +import java.util.HashMap; +import java.util.Map; +import org.apache.log4j.Logger; +import org.openslx.bwlp.sat.database.Database; +import org.openslx.bwlp.sat.database.MysqlConnection; +import org.openslx.bwlp.sat.database.MysqlStatement; import org.openslx.bwlp.thrift.iface.ImagePermissions; public class DbImagePermissions { + private static final Logger LOGGER = Logger.getLogger(DbImagePermissions.class); + /** * Build an instance of {@link ImagePermissions} by reading the given * columns from the given {@link ResultSet}. If there are no permissions @@ -61,4 +69,36 @@ public class DbImagePermissions { return fromResultSet(rs, "canlinkdefault", "candownloaddefault", "caneditdefault", "canadmindefault"); } + /** + * Get permissions for the given image. IF <code>adminOnly</code> is true, + * only users with admin permissions will be returned. + * + * @param imageBaseId UUID of image + * @param adminOnly Only return users with admin permission + * @return + * @throws SQLException + */ + public static Map<String, ImagePermissions> getForImageBase(String imageBaseId, boolean adminOnly) + throws SQLException { + try (MysqlConnection connection = Database.getConnection()) { + MysqlStatement stmt = connection.prepareStatement("SELECT userid, canlink, candownload, canedit, canadmin" + + " FROM imagepermission WHERE imagebaseid = :imagebaseid"); + stmt.setString("imagebaseid", imageBaseId); + ResultSet rs = stmt.executeQuery(); + Map<String, ImagePermissions> list = new HashMap<>(); + while (rs.next()) { + boolean admin = rs.getBoolean("canadmin"); + if (adminOnly && !admin) + continue; + ImagePermissions perm = new ImagePermissions(rs.getBoolean("canlink"), + rs.getBoolean("candownload"), rs.getBoolean("canedit"), admin); + list.put(rs.getString("userid"), perm); + } + return list; + } catch (SQLException e) { + LOGGER.error("Query failed in DbImagePermissions.getForImageBase()", e); + throw e; + } + } + } diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java index 1a22d074..51041df9 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java @@ -6,6 +6,7 @@ import org.openslx.bwlp.sat.database.mappers.DbImage; import org.openslx.bwlp.thrift.iface.AuthorizationError; import org.openslx.bwlp.thrift.iface.ImagePermissions; import org.openslx.bwlp.thrift.iface.ImageSummaryRead; +import org.openslx.bwlp.thrift.iface.Role; import org.openslx.bwlp.thrift.iface.TAuthorizationException; import org.openslx.bwlp.thrift.iface.TInternalServerError; import org.openslx.bwlp.thrift.iface.TNotFoundException; @@ -38,10 +39,10 @@ public class User { } public static boolean isSuperUser(UserInfo ui) { - // TODO: for superuser override + // TODO: for superuser override, read from DB return false; } - + /** * Check if the given user has the given permission for the image identified * by the given image base id. @@ -49,19 +50,36 @@ public class User { * @param user * @param imageBaseId * @param permission - * @throws TAuthorizationException * @throws TInternalServerError * @throws TNotFoundException */ - public static void hasImageBasePermissionOrFail(UserInfo user, String imageBaseId, Permission permission) - throws TAuthorizationException, TInternalServerError, TNotFoundException { + public static boolean hasImageBasePermission(UserInfo user, String imageBaseId, Permission permission) + throws TInternalServerError, TNotFoundException { ImageSummaryRead localImage; try { localImage = DbImage.getImageSummary(user, imageBaseId); } catch (SQLException e) { throw new TInternalServerError(); } - if (!canActionImage(user, permission, localImage.userPermissions, localImage.defaultPermissions)) { + if (localImage.ownerId.equals(user.userId)) + return true; + return canActionImage(user, permission, localImage.userPermissions, localImage.defaultPermissions); + } + + /** + * Check if the given user has the given permission for the image identified + * by the given image base id. + * + * @param user + * @param imageBaseId + * @param permission + * @throws TAuthorizationException + * @throws TInternalServerError + * @throws TNotFoundException + */ + public static void hasImageBasePermissionOrFail(UserInfo user, String imageBaseId, Permission permission) + throws TAuthorizationException, TInternalServerError, TNotFoundException { + if (!hasImageBasePermission(user, imageBaseId, permission)) { throw new TAuthorizationException(AuthorizationError.NO_PERMISSION, "Required permission: " + permission.toString()); } @@ -74,22 +92,54 @@ public class User { * @param user * @param imageVersionId * @param permission - * @throws TAuthorizationException * @throws TInternalServerError * @throws TNotFoundException */ - public static void hasImageVersionPermissionOrFail(UserInfo user, String imageVersionId, - Permission permission) throws TAuthorizationException, TInternalServerError, TNotFoundException { - ImageSummaryRead localImage; + public static boolean hasImageVersionPermission(UserInfo user, String imageVersionId, + Permission permission) throws TInternalServerError, TNotFoundException { try { - localImage = DbImage.getImageSummaryFromVersionId(user, imageVersionId); + String imageBaseId = DbImage.getBaseIdForVersionId(imageVersionId); + if (imageBaseId == null) + throw new TNotFoundException(); + return hasImageBasePermission(user, imageBaseId, permission); } catch (SQLException e) { throw new TInternalServerError(); } - if (!canActionImage(user, permission, localImage.userPermissions, localImage.defaultPermissions)) { + } + + /** + * Check if the given user has the given permission for the image identified + * by the given image version id. + * + * @param user + * @param imageVersionId + * @param permission + * @throws TAuthorizationException + * @throws TInternalServerError + * @throws TNotFoundException + */ + public static void hasImageVersionPermissionOrFail(UserInfo user, String imageVersionId, + Permission permission) throws TAuthorizationException, TInternalServerError, TNotFoundException { + if (!hasImageVersionPermission(user, imageVersionId, permission)) { throw new TAuthorizationException(AuthorizationError.NO_PERMISSION, "Required permission: " + permission.toString()); } } + /** + * Checks whether the given user is allowed to create new images. + * + * @param user {@link UserInfo} instance representing the user in question + * @return true or false + */ + public static boolean canCreateImage(UserInfo user) { + return user.role == Role.TUTOR; + } + + public static void canCreateImageOrFail(UserInfo user) throws TAuthorizationException { + if (!canCreateImage(user)) + throw new TAuthorizationException(AuthorizationError.NO_PERMISSION, + "No permission to create new image"); + } + } diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java index 40155972..7e743e14 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java @@ -6,8 +6,8 @@ import java.util.List; import java.util.Map; import org.apache.log4j.Logger; -import org.apache.thrift.TException; import org.openslx.bwlp.sat.database.mappers.DbImage; +import org.openslx.bwlp.sat.database.mappers.DbImagePermissions; import org.openslx.bwlp.sat.database.mappers.DbUser; import org.openslx.bwlp.sat.fileserv.ActiveUpload; import org.openslx.bwlp.sat.fileserv.FileServer; @@ -46,20 +46,23 @@ public class ServerHandler implements SatelliteServer.Iface { private static final FileServer fileServer = FileServer.instance(); @Override - public long getVersion() throws TException { + public long getVersion() { return Version.VERSION; } + /* + * File Transfer + */ + @Override public TransferInformation requestImageVersionUpload(String userToken, String imageBaseId, long fileSize, - List<ByteBuffer> blockHashes) throws TTransferRejectedException, TAuthorizationException, - TException { + List<ByteBuffer> blockHashes) throws TTransferRejectedException, TAuthorizationException { // TODO Auto-generated method stub return null; } @Override - public void cancelUpload(String uploadToken) throws TException { + public void cancelUpload(String uploadToken) { ActiveUpload upload = fileServer.getUploadByToken(uploadToken); if (upload != null) upload.cancel(); @@ -67,52 +70,64 @@ public class ServerHandler implements SatelliteServer.Iface { } @Override - public UploadStatus queryUploadStatus(String uploadToken) throws TInvalidTokenException, TException { + public UploadStatus queryUploadStatus(String uploadToken) throws TInvalidTokenException { // TODO Auto-generated method stub return null; } @Override public TransferInformation requestDownload(String userToken, String imageVersionId) - throws TAuthorizationException, TException { + throws TAuthorizationException { // TODO Auto-generated method stub return null; } @Override - public void cancelDownload(String downloadToken) throws TException { + public void cancelDownload(String downloadToken) { // TODO Auto-generated method stub } + /* + * Authentication/Validation + */ + @Override - public boolean isAuthenticated(String userToken) throws TException { + public boolean isAuthenticated(String userToken) { return SessionManager.get(userToken) != null; } @Override - public void invalidateSession(String userToken) throws TException { + public void invalidateSession(String userToken) { SessionManager.remove(userToken); } + /* + * Query basic information which doesn't require authentication + */ + @Override - public List<OperatingSystem> getOperatingSystems() throws TException { + public List<OperatingSystem> getOperatingSystems() { return OperatingSystemList.get(); } @Override - public List<Virtualizer> getVirtualizers() throws TException { + public List<Virtualizer> getVirtualizers() { return VirtualizerList.get(); } @Override - public List<Organization> getAllOrganizations() throws TException { + public List<Organization> getAllOrganizations() { return OrganizationList.get(); } + /* + * Everything below required at least a valid session + */ + @Override public List<ImageSummaryRead> getImageList(String userToken, List<String> tagSearch) - throws TAuthorizationException, TException { + throws TAuthorizationException, TInternalServerError { UserInfo user = SessionManager.getOrFail(userToken); try { return DbImage.getAllVisible(user, tagSearch); @@ -123,7 +138,7 @@ public class ServerHandler implements SatelliteServer.Iface { @Override public ImageDetailsRead getImageDetails(String userToken, String imageBaseId) - throws TAuthorizationException, TNotFoundException, TException { + throws TAuthorizationException, TNotFoundException, TInternalServerError { UserInfo user = SessionManager.getOrFail(userToken); try { return DbImage.getImageDetails(user, imageBaseId); @@ -133,8 +148,16 @@ public class ServerHandler implements SatelliteServer.Iface { } @Override + public boolean createImage(String userToken, String imageName) throws TAuthorizationException { + UserInfo user = SessionManager.getOrFail(userToken); + User.canCreateImageOrFail(user); + // TODO: Create image + return true; + } + + @Override public boolean updateImageBase(String userToken, String imageBaseId, ImageBaseWrite image) - throws TAuthorizationException, TException { + throws TAuthorizationException, TInternalServerError, TNotFoundException { UserInfo user = SessionManager.getOrFail(userToken); User.hasImageBasePermissionOrFail(user, imageBaseId, Permission.EDIT); // TODO: Permissions cleared; Now update image base data @@ -143,7 +166,7 @@ public class ServerHandler implements SatelliteServer.Iface { @Override public boolean updateImageVersion(String userToken, String imageVersionId, ImageVersionWrite image) - throws TAuthorizationException, TException { + throws TAuthorizationException, TInternalServerError, TNotFoundException { UserInfo user = SessionManager.getOrFail(userToken); User.hasImageVersionPermissionOrFail(user, imageVersionId, Permission.EDIT); // TODO: Permissions cleared; Now update image version data @@ -152,7 +175,7 @@ public class ServerHandler implements SatelliteServer.Iface { @Override public boolean deleteImageVersion(String userToken, String imageVersionId) - throws TAuthorizationException, TNotFoundException, TException { + throws TAuthorizationException, TNotFoundException, TInternalServerError { UserInfo user = SessionManager.getOrFail(userToken); User.hasImageVersionPermissionOrFail(user, imageVersionId, Permission.ADMIN); // TODO: Permissions cleared; Now mark image for deletion (set expire time in the past...) @@ -162,7 +185,7 @@ public class ServerHandler implements SatelliteServer.Iface { @Override public boolean writeImagePermissions(String userToken, String imageBaseId, Map<String, ImagePermissions> permissions) throws TAuthorizationException, TNotFoundException, - TException { + TInternalServerError { UserInfo user = SessionManager.getOrFail(userToken); User.hasImageBasePermissionOrFail(user, imageBaseId, Permission.ADMIN); // TODO: Permissions cleared; Now update image base data @@ -171,70 +194,73 @@ public class ServerHandler implements SatelliteServer.Iface { @Override public Map<String, ImagePermissions> getImagePermissions(String userToken, String imageBaseId) - throws TAuthorizationException, TNotFoundException, TException { + throws TAuthorizationException, TNotFoundException, TInternalServerError { UserInfo user = SessionManager.getOrFail(userToken); - // TODO Auto-generated method stub - return null; + boolean adminOnly = !User.hasImageBasePermission(user, imageBaseId, Permission.ADMIN); + try { + return DbImagePermissions.getForImageBase(imageBaseId, adminOnly); + } catch (SQLException e) { + throw new TInternalServerError(); + } } @Override - public String createLecture(String userToken, LectureWrite lecture) throws TAuthorizationException, - TException { + public String createLecture(String userToken, LectureWrite lecture) throws TAuthorizationException { // TODO Auto-generated method stub return null; } @Override public boolean updateLecture(String userToken, String lectureId, LectureWrite lecture) - throws TAuthorizationException, TNotFoundException, TException { + throws TAuthorizationException, TNotFoundException { // TODO Auto-generated method stub return false; } @Override - public List<LectureSummary> getLectureList(String userToken) throws TAuthorizationException, TException { + public List<LectureSummary> getLectureList(String userToken) throws TAuthorizationException { // TODO Auto-generated method stub return null; } @Override public LectureRead getLectureDetails(String userToken, String lectureId) throws TAuthorizationException, - TNotFoundException, TException { + TNotFoundException { // TODO Auto-generated method stub return null; } @Override public List<LectureSummary> getLecturesByImageVersion(String userToken, String imageVersionId) - throws TAuthorizationException, TNotFoundException, TException { + throws TAuthorizationException, TNotFoundException { // TODO Auto-generated method stub return null; } @Override public boolean deleteLecture(String userToken, String lectureId) throws TAuthorizationException, - TNotFoundException, TException { + TNotFoundException { // TODO Auto-generated method stub return false; } @Override public boolean writeLecturePermissions(String userToken, String lectureId, - Map<String, LecturePermissions> permissions) throws TAuthorizationException, TNotFoundException, - TException { + Map<String, LecturePermissions> permissions) throws TAuthorizationException, TNotFoundException { // TODO Auto-generated method stub return false; } @Override public Map<String, LecturePermissions> getLecturePermissions(String userToken, String lectureId) - throws TAuthorizationException, TNotFoundException, TException { + throws TAuthorizationException, TNotFoundException { // TODO Auto-generated method stub return null; } @Override - public List<UserInfo> getUserList(String userToken, int page) throws TAuthorizationException, TException { + public List<UserInfo> getUserList(String userToken, int page) throws TAuthorizationException, + TInternalServerError { try { return DbUser.getAll(page); } catch (SQLException e) { |