import java.io.File;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.Marshaller;
-import org.collectionspace.services.authorization.perms.Permission;
+
+import org.collectionspace.services.client.TenantClient;
+import org.collectionspace.authentication.AuthN;
import org.collectionspace.authentication.AuthN;
+
+import org.collectionspace.services.authorization.perms.Permission;
import org.collectionspace.services.authorization.PermissionRole;
import org.collectionspace.services.authorization.PermissionValue;
import org.collectionspace.services.authorization.perms.PermissionsList;
import org.collectionspace.services.authorization.PermissionsRolesList;
-import org.collectionspace.services.client.TenantClient;
+
import org.collectionspace.services.authorization.Role;
import org.collectionspace.services.authorization.RoleValue;
import org.collectionspace.services.authorization.RolesList;
import org.collectionspace.services.authorization.SubjectType;
+
import org.collectionspace.services.common.authorization_mgt.AuthorizationCommon;
import org.collectionspace.services.common.config.ServicesConfigReaderImpl;
import org.collectionspace.services.common.config.TenantBindingConfigReaderImpl;
import org.collectionspace.services.common.security.SecurityUtils;
import org.collectionspace.services.common.storage.jpa.JPATransactionContext;
+
import org.collectionspace.services.config.service.ServiceBindingType;
import org.collectionspace.services.config.tenant.TenantBindingType;
}
private Permission buildAdminPermission(String tenantId, String resourceName) {
- String description = "Generated admin permission.";
+ String description = AuthN.GENERATED_STR + "admin permission.";
return AuthorizationCommon.createPermission(tenantId, resourceName, description, AuthorizationCommon.ACTIONGROUP_CRUDL_NAME, true);
}
private Permission buildReaderPermission(String tenantId, String resourceName) {
- String description = "Generated read-only (RL) permission.";
+ String description = AuthN.GENERATED_STR + "read-only (RL) permission.";
return AuthorizationCommon.createPermission(tenantId, resourceName, description, AuthorizationCommon.ACTIONGROUP_RL_NAME, true);
}
private Permission buildReadWritePermission(String tenantId, String resourceName) {
- String description = "Generated read-write (CRUL) permission.";
+ String description = AuthN.GENERATED_STR + "read-write (CRUL) permission.";
return AuthorizationCommon.createPermission(tenantId, resourceName, description, AuthorizationCommon.ACTIONGROUP_CRUL_NAME, true);
}
import java.util.HashMap;
import java.util.List;
import javax.persistence.NoResultException;
+import javax.persistence.NonUniqueResultException;
import org.collectionspace.services.common.document.DocumentException;
import org.collectionspace.services.common.document.DocumentNotFoundException;
import org.collectionspace.services.authorization.perms.EffectType;
import org.collectionspace.services.authorization.perms.Permission;
import org.collectionspace.services.authorization.perms.PermissionAction;
+
import org.collectionspace.services.authorization.storage.PermissionStorageConstants;
import org.collectionspace.services.authorization.storage.RoleStorageConstants;
+
import org.collectionspace.services.authorization.PermissionResource;
import org.collectionspace.services.authorization.PermissionRole;
import org.collectionspace.services.authorization.PermissionRoleRel;
* Try to find a persisted Permission record using a PermissionValue instance.
*
*/
- static private Permission lookupPermission(JPATransactionContext jpaTransactionContext, PermissionValue permissionValue, String tenantId) throws DocumentException {
- Permission result = null;
-
- String actionGroup = permissionValue.getActionGroup() != null ? permissionValue.getActionGroup().trim() : null;
- String resourceName = permissionValue.getResourceName() != null ? permissionValue.getResourceName().trim() : null;
- String permissionId = permissionValue.getPermissionId() != null ? permissionValue.getPermissionId().trim() : null;
- //
- // If we have a permission ID, use it to try to lookup the persisted permission
- //
- if (permissionId != null && !permissionId.isEmpty()) {
- try {
- result = (Permission)JpaStorageUtils.getEntityByDualKeys(
- jpaTransactionContext,
- Permission.class.getName(),
- PermissionStorageConstants.ID, permissionId,
- PermissionStorageConstants.TENANT_ID, tenantId);
- } catch (Throwable e) {
- String msg = String.format("Searched for but couldn't find a permission with CSID='%s'.",
- permissionId);
- logger.trace(msg);
- }
- } else if (Tools.notBlank(resourceName) && Tools.notBlank(actionGroup)) {
- //
- // If there was no permission ID, then we can try to find the permission with the resource name and action group tuple
- //
- try {
- result = (Permission)JpaStorageUtils.getEntityByDualKeys(
- jpaTransactionContext,
- Permission.class.getName(),
- PermissionStorageConstants.RESOURCE_NAME, permissionValue.getResourceName(),
- PermissionStorageConstants.ACTION_GROUP, permissionValue.getActionGroup(),
- tenantId);
- } catch (NoResultException e) {
- String msg = String.format("Searched for but couldn't find a permission for resource='%s', action group='%s', and tenant ID='%s'.",
- permissionValue.getResourceName(), permissionValue.getActionGroup(), tenantId);
- logger.trace(msg);
- }
- } else {
- String errMsg = String.format("Couldn't perform lookup of permission. Not enough information provided. Lookups requires a permission CSID or a resource name and action group tuple. The provided information was permission ID='%s', resourceName='%s', and actionGroup='%s'.",
- permissionId, resourceName, actionGroup);
- throw new DocumentException(errMsg);
- }
-
- if (result == null) {
- throw new DocumentNotFoundException(String.format("Could not find Permission resource with CSID='%s', actionGroup='%s', resourceName='%s'.",
- permissionId, actionGroup, resourceName));
- }
-
- return result;
- }
+ @SuppressWarnings("unchecked")
+ static private Permission lookupPermission(JPATransactionContext jpaTransactionContext,
+ PermissionValue permissionValue, String tenantId) throws DocumentException {
+ Permission result = null;
+
+ String actionGroup = permissionValue.getActionGroup() != null ? permissionValue.getActionGroup().trim() : null;
+ String resourceName = permissionValue.getResourceName() != null ? permissionValue.getResourceName().trim() : null;
+ String permissionId = permissionValue.getPermissionId() != null ? permissionValue.getPermissionId().trim() : null;
+ //
+ // If we have a permission ID, use it to try to lookup the persisted permission
+ //
+ if (permissionId != null && !permissionId.isEmpty()) {
+ try {
+ result = (Permission) JpaStorageUtils.getEntityByDualKeys(jpaTransactionContext,
+ Permission.class.getName(), PermissionStorageConstants.ID, permissionId,
+ PermissionStorageConstants.TENANT_ID, tenantId);
+ } catch (Throwable e) {
+ String msg = String.format("Searched for but couldn't find a permission with CSID='%s'.", permissionId);
+ logger.trace(msg);
+ }
+ } else if (Tools.notBlank(resourceName) && Tools.notBlank(actionGroup)) {
+ //
+ // If there was no permission ID, then we can try to find the permission with
+ // the resource name and action group tuple
+ //
+ try {
+ result = (Permission) JpaStorageUtils.getEntityByDualKeys(jpaTransactionContext,
+ Permission.class.getName(), PermissionStorageConstants.RESOURCE_NAME,
+ permissionValue.getResourceName(), PermissionStorageConstants.ACTION_GROUP,
+ permissionValue.getActionGroup(), tenantId);
+ } catch (NonUniqueResultException nue) {
+ //
+ // Duplicates can happen after a CSpace instance has been upgraded from v4.x to v5.0+
+ //
+ List<Permission> resultList = (List<Permission>) JpaStorageUtils.getEntityListByDualKeys(
+ jpaTransactionContext, Permission.class.getName(), PermissionStorageConstants.RESOURCE_NAME,
+ permissionValue.getResourceName(), PermissionStorageConstants.ACTION_GROUP,
+ permissionValue.getActionGroup(), tenantId);
+ logger.warn(String.format("Multiple permissions exist for resource '%s' and action group '%s'",
+ permissionValue.getResourceName(), permissionValue.getActionGroup()));
+ result = resultList.get(0);
+ for (Permission p : resultList) {
+ //
+ // If we find an auto-generated permission, we should use it instead.
+ //
+ if (p.getDescription() != null && p.getDescription().startsWith(AuthN.GENERATED_STR)) {
+ result = p;
+ break;
+ }
+ }
+ } catch (NoResultException e) {
+ String msg = String.format(
+ "Searched for but couldn't find a permission for resource='%s', action group='%s', and tenant ID='%s'.",
+ permissionValue.getResourceName(), permissionValue.getActionGroup(), tenantId);
+ logger.trace(msg);
+ }
+ } else {
+ String errMsg = String.format(
+ "Couldn't perform lookup of permission. Not enough information provided. Lookups requires a permission CSID or a resource name and action group tuple. The provided information was permission ID='%s', resourceName='%s', and actionGroup='%s'.",
+ permissionId, resourceName, actionGroup);
+ throw new DocumentException(errMsg);
+ }
+
+ if (result == null) {
+ throw new DocumentNotFoundException(String.format(
+ "Could not find Permission resource with CSID='%s', actionGroup='%s', resourceName='%s'.",
+ permissionId, actionGroup, resourceName));
+ }
+
+ return result;
+ }
+
/**
* Ensure the Role's permission relationships can be changed.
*
projects / tmp / jakarta-migration.git / commitdiff