From: Patrick Schmitz <pschmitz@berkeley.edu>
Date: Tue, 6 Mar 2012 01:08:30 +0000 (-0800)
Subject: CSPACE-4875 Filled out the kw search support, returning list of items by serviceGroup... 
X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=5b6f64e3e9040c8ea0a6810cb3a76629c5189e10;p=tmp%2Fjakarta-migration.git

CSPACE-4875 Filled out the kw search support, returning list of items by serviceGroup. Also supports the meta-group "common". Added security filter to this and to the refObjs call so only searches in services the current user has rights to.
---

diff --git a/services/common/src/main/cspace/config/services/tenants/tenant-bindings-proto.xml b/services/common/src/main/cspace/config/services/tenants/tenant-bindings-proto.xml
index 382565066..296bffd47 100644
--- a/services/common/src/main/cspace/config/services/tenants/tenant-bindings-proto.xml
+++ b/services/common/src/main/cspace/config/services/tenants/tenant-bindings-proto.xml
@@ -68,7 +68,8 @@
 				 but provides tools like keyword search across many types of services. 
 		  -->
     <tenant:serviceBindings id="servicegroups" name="servicegroups" type="utility" version="0.1">
-           <!-- other URI paths through which this service could be accessed -->
+      <service:repositoryDomain xmlns:service="http://collectionspace.org/services/common/service">default-domain</service:repositoryDomain>
+      <service:documentHandler xmlns:service="http://collectionspace.org/services/common/service">org.collectionspace.services.servicegroup.nuxeo.ServiceGroupDocumentModelHandler</service:documentHandler>
     </tenant:serviceBindings>
     <!-- end servicegroup service meta-data -->
 
diff --git a/services/common/src/main/java/org/collectionspace/services/common/context/ServiceBindingUtils.java b/services/common/src/main/java/org/collectionspace/services/common/context/ServiceBindingUtils.java
index eae2b3da6..bdbead40a 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/context/ServiceBindingUtils.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/context/ServiceBindingUtils.java
@@ -157,5 +157,19 @@ public class ServiceBindingUtils {
     				"getMappedFieldInDoc: Problem fetching: "+propName+" logicalfieldName: "+logicalFieldName+" docModel: "+docModel, ce);
     	}
     } 
+    
+    private static ArrayList<String> commonServiceTypes = null;
+    
+    public static ArrayList<String> getCommonServiceTypes() {
+    	if(commonServiceTypes == null) {
+    		commonServiceTypes = new ArrayList<String>();
+    		commonServiceTypes.add(SERVICE_TYPE_AUTHORITY);
+    		commonServiceTypes.add(SERVICE_TYPE_OBJECT);
+    		commonServiceTypes.add(SERVICE_TYPE_PROCEDURE);
+    	}
+    	return commonServiceTypes;
+    }
+    
+
 
 }
diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java
index 92ff4be67..76156efad 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java
@@ -23,11 +23,18 @@
 package org.collectionspace.services.common.security;
 
 import java.security.MessageDigest;
+import java.util.ArrayList;
 import java.util.List;
 import java.io.UnsupportedEncodingException;
 import java.net.URISyntaxException;
 import java.util.StringTokenizer;
 
+import org.collectionspace.services.authorization.AuthZ;
+import org.collectionspace.services.authorization.CSpaceResource;
+import org.collectionspace.services.authorization.URIResourceImpl;
+import org.collectionspace.services.common.service.ServiceBindingType;
+import org.collectionspace.services.common.service.ServiceObjectType;
+
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.UriInfo;
 
@@ -188,6 +195,21 @@ public class SecurityUtils {
 		return result;
 	}
     
+	public static List<ServiceBindingType> getReadableServiceBindingsForCurrentUser(
+			List<ServiceBindingType> serviceBindings) {
+		ArrayList<ServiceBindingType> readableList = 
+				new ArrayList<ServiceBindingType>(serviceBindings.size());
+		AuthZ authZ = AuthZ.get();
+    	for(ServiceBindingType binding:serviceBindings) {
+    		String resourceName = binding.getName().toLowerCase();
+    		CSpaceResource res = new URIResourceImpl(resourceName, "GET");
+    		if (authZ.isAccessAllowed(res) == true) {
+    			readableList.add(binding);
+    		}
+    	}
+    	return readableList;
+	}
+    
     /**
      * Checks if is entity is action as a proxy for all sub-resources.
      *
diff --git a/services/common/src/main/java/org/collectionspace/services/common/vocabulary/RefNameServiceUtils.java b/services/common/src/main/java/org/collectionspace/services/common/vocabulary/RefNameServiceUtils.java
index b0272b0a8..92a016006 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/vocabulary/RefNameServiceUtils.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/vocabulary/RefNameServiceUtils.java
@@ -58,6 +58,7 @@ import org.collectionspace.services.common.document.DocumentWrapper;
 import org.collectionspace.services.common.repository.RepositoryClient;
 import org.collectionspace.services.nuxeo.client.java.DocHandlerBase;
 import org.collectionspace.services.nuxeo.client.java.RepositoryJavaClientImpl;
+import org.collectionspace.services.common.security.SecurityUtils;
 import org.collectionspace.services.common.service.ServiceBindingType;
 import org.collectionspace.services.jaxb.AbstractCommonList;
 import org.collectionspace.services.nuxeo.util.NuxeoUtils;
@@ -329,6 +330,8 @@ public class RefNameServiceUtils {
         	logger.error("RefNameServiceUtils.getAuthorityRefDocs: No services bindings found, cannot proceed!");
             return null;
         }
+        // Filter the list for current user rights
+        servicebindings = SecurityUtils.getReadableServiceBindingsForCurrentUser(servicebindings);
         
         // Need to escape the quotes in the refName
         // TODO What if they are already escaped?
diff --git a/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/DocHandlerBase.java b/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/DocHandlerBase.java
index 91ae0a9b2..8d13e45c7 100644
--- a/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/DocHandlerBase.java
+++ b/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/DocHandlerBase.java
@@ -69,6 +69,9 @@ public abstract class DocHandlerBase<T> extends RemoteDocumentModelHandlerImpl<T
     private AbstractCommonList commonList;
     
     protected static final int NUM_STANDARD_LIST_RESULT_FIELDS = 3;
+    protected static final String STANDARD_LIST_CSID_FIELD = "csid";
+    protected static final String STANDARD_LIST_URI_FIELD = "uri";
+    protected static final String STANDARD_LIST_UPDATED_AT_FIELD = "updatedAt";
 
     @Override
     public AbstractCommonList getCommonPartList() {
@@ -184,9 +187,9 @@ public abstract class DocHandlerBase<T> extends RemoteDocumentModelHandlerImpl<T
         List<ListResultField> resultsFields = getListItemsArray();
         int nFields = resultsFields.size()+NUM_STANDARD_LIST_RESULT_FIELDS;
         String fields[] = new String[nFields];
-        fields[0] = "csid";
-        fields[1] = "uri";
-        fields[2] = "updatedAt";
+        fields[0] = STANDARD_LIST_CSID_FIELD;
+        fields[1] = STANDARD_LIST_URI_FIELD;
+        fields[2] = STANDARD_LIST_UPDATED_AT_FIELD;
         for(int i=NUM_STANDARD_LIST_RESULT_FIELDS;i<nFields;i++) {
         	ListResultField field = resultsFields.get(i-NUM_STANDARD_LIST_RESULT_FIELDS); 
         	fields[i]=field.getElement();
@@ -197,10 +200,10 @@ public abstract class DocHandlerBase<T> extends RemoteDocumentModelHandlerImpl<T
         while(iter.hasNext()){
             DocumentModel docModel = iter.next();
             String id = NuxeoUtils.getCsid(docModel);
-            item.put(fields[0], id);
+            item.put(STANDARD_LIST_CSID_FIELD, id);
             String uri = getUri(docModel);
-            item.put(fields[1], uri);
-            item.put(fields[2], getUpdatedAtAsString(docModel));
+            item.put(STANDARD_LIST_URI_FIELD, uri);
+            item.put(STANDARD_LIST_UPDATED_AT_FIELD, getUpdatedAtAsString(docModel));
 
             for (ListResultField field : resultsFields ){
             	String schema = field.getSchema();
diff --git a/services/servicegroup/service/src/main/java/org/collectionspace/services/servicegroup/ServiceGroupResource.java b/services/servicegroup/service/src/main/java/org/collectionspace/services/servicegroup/ServiceGroupResource.java
index 648ec8d57..7f89309b7 100644
--- a/services/servicegroup/service/src/main/java/org/collectionspace/services/servicegroup/ServiceGroupResource.java
+++ b/services/servicegroup/service/src/main/java/org/collectionspace/services/servicegroup/ServiceGroupResource.java
@@ -39,19 +39,30 @@ import org.collectionspace.services.common.ServiceMain;
 import org.collectionspace.services.common.ServiceMessages;
 import org.collectionspace.services.common.api.Tools;
 import org.collectionspace.services.common.config.TenantBindingConfigReaderImpl;
+import org.collectionspace.services.common.context.MultipartServiceContextFactory;
 import org.collectionspace.services.common.context.RemoteServiceContextFactory;
+import org.collectionspace.services.common.context.ServiceBindingUtils;
 import org.collectionspace.services.common.context.ServiceContext;
 import org.collectionspace.services.common.context.ServiceContextFactory;
+import org.collectionspace.services.common.document.DocumentException;
 import org.collectionspace.services.common.document.DocumentFilter;
 import org.collectionspace.services.common.document.DocumentHandler;
 import org.collectionspace.services.common.document.DocumentNotFoundException;
+import org.collectionspace.services.common.document.DocumentWrapper;
 import org.collectionspace.services.common.query.QueryManager;
+import org.collectionspace.services.common.repository.RepositoryClient;
+import org.collectionspace.services.common.repository.RepositoryClientFactory;
 import org.collectionspace.services.common.service.ServiceBindingType;
 import org.collectionspace.services.common.service.ServiceObjectType;
 import org.collectionspace.services.nuxeo.client.java.CommonList;
 import org.collectionspace.services.nuxeo.util.NuxeoUtils;
+import org.collectionspace.services.servicegroup.nuxeo.ServiceGroupDocumentModelHandler;
 import org.nuxeo.ecm.core.api.DocumentModel;
 import org.nuxeo.ecm.core.api.DocumentModelList;
+import org.nuxeo.ecm.core.api.model.PropertyException;
+import org.nuxeo.ecm.core.api.repository.RepositoryInstance;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
@@ -68,7 +79,9 @@ import javax.ws.rs.core.UriInfo;
 @Produces({"application/xml"})
 @Consumes({"application/xml"})
 public class ServiceGroupResource extends AbstractCollectionSpaceResourceImpl {
-	
+
+    protected final Logger logger = LoggerFactory.getLogger(this.getClass());
+    
     @Override
     public String getServiceName(){
         return ServiceGroupClient.SERVICE_NAME;
@@ -96,10 +109,50 @@ public class ServiceGroupResource extends AbstractCollectionSpaceResourceImpl {
 
     @Override
     public ServiceContextFactory<PoxPayloadIn, PoxPayloadOut> getServiceContextFactory() {
-        return RemoteServiceContextFactory.get();
+        return MultipartServiceContextFactory.get();
     }
 
 
+    //======================= GET without specifier: List  =====================================
+    @GET
+    public AbstractCommonList getList(@Context UriInfo ui) {
+        try {
+            CommonList commonList = new CommonList();
+            AbstractCommonList list = (AbstractCommonList)commonList;
+	        ServiceContext<PoxPayloadIn, PoxPayloadOut> ctx = createServiceContext();
+	    	String commonSchema = ctx.getCommonPartLabel();
+	    	ArrayList<String> svcGroups = new ArrayList<String>();
+	    	svcGroups.add("procedure");
+	    	svcGroups.add("object");
+	    	svcGroups.add("authority");
+	    	// Fetch the list of groups from the tenant-bindings config, and prepare a list item
+	    	// for each one.
+	        // We always declare this a full list, of the size that we are returning. 
+	    	// Not quite in the spirit of what paging means, but tells callers not to ask for more.
+	    	list.setPageNum(0);
+	    	list.setPageSize(svcGroups.size());
+	        list.setItemsInPage(svcGroups.size());
+	        list.setTotalItems(svcGroups.size());
+	        String fields[] = new String[2];
+	        fields[0] = ServiceGroupListItemJAXBSchema.NAME;
+	        fields[1] = ServiceGroupListItemJAXBSchema.URI;
+	        commonList.setFieldsReturned(fields);
+			HashMap<String,String> item = new HashMap<String,String>();
+	        for(String groupName:svcGroups){
+	            item.put(ServiceGroupListItemJAXBSchema.NAME, groupName);
+	            String uri = "/" + getServiceName().toLowerCase() + "/" + groupName;
+	            item.put(ServiceGroupListItemJAXBSchema.URI, uri);
+	            commonList.addItem(item);
+	            item.clear();
+	        }
+	        return list;
+        } catch (Exception e) {
+            throw bigReThrow(e, ServiceMessages.LIST_FAILED);
+        }
+        
+    }
+
+    
     //======================= GET ====================================================
     // NOTE that csid is not a good name for the specifier, but if we name it anything else, 
     // our AuthZ gets confused!!!
@@ -115,7 +168,14 @@ public class ServiceGroupResource extends AbstractCollectionSpaceResourceImpl {
             TenantBindingConfigReaderImpl tReader =
                     ServiceMain.getInstance().getTenantBindingConfigReader();
             // We need to get all the procedures, authorities, and objects.
-            List<ServiceBindingType> servicebindings = tReader.getServiceBindingsByType(ctx.getTenantId(), groupname);
+	        ArrayList<String> groupsList = null;  
+	        if("common".equalsIgnoreCase(groupname)) {
+	        	groupsList = ServiceBindingUtils.getCommonServiceTypes();
+	        } else {
+	        	groupsList = new ArrayList<String>();
+	        	groupsList.add(groupname);
+	        }
+            List<ServiceBindingType> servicebindings = tReader.getServiceBindingsByType(ctx.getTenantId(), groupsList);
             if (servicebindings == null || servicebindings.isEmpty()) {
             	// 404 if there are no mappings.
                 Response response = Response.status(Response.Status.NOT_FOUND).entity(
@@ -151,44 +211,33 @@ public class ServiceGroupResource extends AbstractCollectionSpaceResourceImpl {
     }
 
 
-    //======================= GET without specifier: List  =====================================
     @GET
-    public AbstractCommonList getList(@Context UriInfo ui) {
+    @Path("{csid}/items")
+    public AbstractCommonList getItems(
+            @Context UriInfo ui,
+            @PathParam("csid") String serviceGroupName) {
+        ensureCSID(serviceGroupName, ResourceBase.READ);
+        AbstractCommonList list = null;
         try {
-            CommonList commonList = new CommonList();
-            AbstractCommonList list = (AbstractCommonList)commonList;
+            MultivaluedMap<String, String> queryParams = ui.getQueryParameters();
+            String keywords = queryParams.getFirst(IQueryManager.SEARCH_TYPE_KEYWORDS_KW);
 	        ServiceContext<PoxPayloadIn, PoxPayloadOut> ctx = createServiceContext();
-	    	String commonSchema = ctx.getCommonPartLabel();
-	    	ArrayList<String> svcGroups = new ArrayList<String>();
-	    	svcGroups.add("procedure");
-	    	svcGroups.add("object");
-	    	svcGroups.add("authority");
-	    	// Fetch the list of groups from the tenant-bindings config, and prepare a list item
-	    	// for each one.
-	        // We always declare this a full list, of the size that we are returning. 
-	    	// Not quite in the spirit of what paging means, but tells callers not to ask for more.
-	    	list.setPageNum(0);
-	    	list.setPageSize(svcGroups.size());
-	        list.setItemsInPage(svcGroups.size());
-	        list.setTotalItems(svcGroups.size());
-	        String fields[] = new String[2];
-	        fields[0] = ServiceGroupListItemJAXBSchema.NAME;
-	        fields[1] = ServiceGroupListItemJAXBSchema.URI;
-	        commonList.setFieldsReturned(fields);
-			HashMap<String,String> item = new HashMap<String,String>();
-	        for(String groupName:svcGroups){
-	            item.put(ServiceGroupListItemJAXBSchema.NAME, groupName);
-	            String uri = "/" + getServiceName().toLowerCase() + "/" + groupName;
-	            item.put(ServiceGroupListItemJAXBSchema.URI, uri);
-	            commonList.addItem(item);
-	            item.clear();
+	        ServiceGroupDocumentModelHandler handler = (ServiceGroupDocumentModelHandler)
+	        				createDocumentHandler(ctx);
+	        ArrayList<String> groupsList = null;  
+	        if("common".equalsIgnoreCase(serviceGroupName)) {
+	        	groupsList = ServiceBindingUtils.getCommonServiceTypes();
+	        } else {
+	        	groupsList = new ArrayList<String>();
+	        	groupsList.add(serviceGroupName);
 	        }
-	        return list;
+            list = handler.getItemsForGroup(ctx, groupsList, keywords);
         } catch (Exception e) {
-            throw bigReThrow(e, ServiceMessages.LIST_FAILED);
+            throw bigReThrow(e, ServiceMessages.READ_FAILED, serviceGroupName);
         }
-        
+
+        return list;
     }
 
-    
+
 }