diff --git a/src/main/java/caosdb/server/entity/container/TransactionContainer.java b/src/main/java/caosdb/server/entity/container/TransactionContainer.java
index 58cdb8d953ecf60c3ee49380ea7e2407f8348a39..ff799a4df5eb74a0d15e48a990e735af609925ec 100644
--- a/src/main/java/caosdb/server/entity/container/TransactionContainer.java
+++ b/src/main/java/caosdb/server/entity/container/TransactionContainer.java
@@ -158,6 +158,13 @@ public class TransactionContainer extends Container<Entity> implements ToElement
return this.owner;
}
+ /**
+ * Get the first entity from this container which has this name.
+ *
+ * <p>Return null if no matching is in this container.
+ *
+ * @param name
+ */
public EntityInterface getEntityByName(final String name) {
for (final EntityInterface e : this) {
if (e.hasName() && e.getName().equals(name)) {
diff --git a/src/main/java/caosdb/server/jobs/core/CheckDatatypePresent.java b/src/main/java/caosdb/server/jobs/core/CheckDatatypePresent.java
index 7948900d28bb876c15d75e28e29766af4255af91..69d36f42fa2f457b05dcc394659b5c088976bff4 100644
--- a/src/main/java/caosdb/server/jobs/core/CheckDatatypePresent.java
+++ b/src/main/java/caosdb/server/jobs/core/CheckDatatypePresent.java
@@ -48,10 +48,11 @@ public final class CheckDatatypePresent extends EntityJob {
@Override
public final void run() {
try {
- resolveId(getEntity());
// inherit datatype
if (!getEntity().hasDatatype()) {
+ resolveId(getEntity());
+
inheritDatatypeFromAbstractEntity();
// still no data type ??? try to get it from parent...
@@ -199,7 +200,9 @@ public final class CheckDatatypePresent extends EntityJob {
if (!entity.hasId() && entity.hasName()) {
try {
entity.setId(retrieveValidIDByName(entity.getName()));
- entity.setEntityStatus(EntityStatus.VALID);
+ if (entity.getEntityStatus() != EntityStatus.UNQUALIFIED) {
+ entity.setEntityStatus(EntityStatus.VALID);
+ }
} catch (final EntityDoesNotExistException exc) {
entity.addError(ServerMessages.ENTITY_DOES_NOT_EXIST);
} catch (final EntityWasNotUniqueException exc) {
diff --git a/src/main/java/caosdb/server/jobs/core/CheckNamePresent.java b/src/main/java/caosdb/server/jobs/core/CheckNamePresent.java
index 813c7dc88bab149204b5410a45bffd654339f8be..d63a9cc54d4c413a0c827a562afa023b610ff872 100644
--- a/src/main/java/caosdb/server/jobs/core/CheckNamePresent.java
+++ b/src/main/java/caosdb/server/jobs/core/CheckNamePresent.java
@@ -42,6 +42,7 @@ public class CheckNamePresent extends EntityJob {
break;
case SHOULD:
getEntity().addWarning(ServerMessages.ENTITY_HAS_NO_NAME);
+ break;
default:
break;
}
diff --git a/src/main/java/caosdb/server/jobs/extension/AWIBoxLoan.java b/src/main/java/caosdb/server/jobs/extension/AWIBoxLoan.java
index 900042d34d62ca305d65d55aa49a823b38f26f47..9255a351b9bd2ff2da812e13f80c8509089946e7 100644
--- a/src/main/java/caosdb/server/jobs/extension/AWIBoxLoan.java
+++ b/src/main/java/caosdb/server/jobs/extension/AWIBoxLoan.java
@@ -1,23 +1,31 @@
package caosdb.server.jobs.extension;
+import static caosdb.server.permissions.Role.ANONYMOUS_ROLE;
+
import caosdb.server.CaosDBServer;
import caosdb.server.accessControl.UserSources;
import caosdb.server.entity.Entity;
import caosdb.server.entity.EntityInterface;
import caosdb.server.entity.Message;
+import caosdb.server.entity.Role;
import caosdb.server.entity.wrapper.Property;
import caosdb.server.jobs.ContainerJob;
import caosdb.server.jobs.JobAnnotation;
import caosdb.server.jobs.core.CheckNoAdditionalPropertiesPresent;
import caosdb.server.jobs.core.CheckNoOverridesPresent;
import caosdb.server.jobs.core.CheckPropValid;
+import caosdb.server.permissions.EntityACL;
+import caosdb.server.permissions.EntityACLFactory;
+import caosdb.server.permissions.EntityPermission;
import caosdb.server.query.Query;
import caosdb.server.transaction.Insert;
import caosdb.server.transaction.Update;
import caosdb.server.utils.EntityStatus;
import caosdb.server.utils.ServerMessages;
import caosdb.server.utils.Utils;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
@JobAnnotation(transaction = caosdb.server.transaction.WriteTransaction.class, loadAlways = true)
public class AWIBoxLoan extends ContainerJob {
@@ -27,6 +35,12 @@ public class AWIBoxLoan extends ContainerJob {
private static final Message BOX_HAS_LOAN =
new Message(
"This box cannot be be requested right now because it appears to have a Loan property attached to it. This usually means, that the box is already requested or borrowed by someone.");
+ private static final Message PROPERTY_NOT_ALLOWED_REQUEST_RETURN =
+ new Message(
+ "It is not allowed to update this property during a return request as an anonymous user.");
+ private static final Message MULTIPLE_PROPERTIES =
+ new Message(
+ "This property appears multiple times in this return request and is marked for an update. This is not allowed for an anonymous user.");
@Override
protected void run() {
@@ -37,9 +51,41 @@ public class AWIBoxLoan extends ContainerJob {
|| isRequestReturnSetUser()
|| isRequestReturnUpdateLoan())) {
addError(ServerMessages.AUTHORIZATION_ERROR);
+ return;
+ }
+
+ // special ACL for boxes, loans and persons
+ if (getTransaction() instanceof Insert) {
+ for (EntityInterface e : getContainer()) {
+ if (isBoxRecord(e)) {
+ e.setEntityACL(EntityACL.combine(e.getEntityACL(), getBoxACL()));
+ } else if (isLoanRecord(e)) {
+ e.setEntityACL(EntityACL.combine(e.getEntityACL(), getLoanACL()));
+ } else if (isPersonRecord(e)) {
+ e.setEntityACL(EntityACL.combine(e.getEntityACL(), getPersonACL()));
+ }
+ }
}
}
+ EntityACL getPersonACL() {
+ // same as loan acl - property updates are allowed for anonymous.
+ return getLoanACL();
+ }
+
+ EntityACL getLoanACL() {
+ EntityACLFactory f = new EntityACLFactory();
+ f.grant(ANONYMOUS_ROLE, false, EntityPermission.UPDATE_ADD_PROPERTY);
+ f.grant(ANONYMOUS_ROLE, false, EntityPermission.UPDATE_REMOVE_PROPERTY);
+ return f.create();
+ }
+
+ EntityACL getBoxACL() {
+ EntityACLFactory f = new EntityACLFactory();
+ f.grant(ANONYMOUS_ROLE, false, EntityPermission.UPDATE_ADD_PROPERTY);
+ return f.create();
+ }
+
boolean isAnonymous() {
return getUser().hasRole(UserSources.ANONYMOUS_ROLE);
}
@@ -49,7 +95,7 @@ public class AWIBoxLoan extends ContainerJob {
if (getTransaction() instanceof Update) {
// Container has only loan elements with special properties
for (EntityInterface e : getContainer()) {
- if (!isLoan(e) || !hasOnlyAllowedLoanProperties4RequestReturn(e)) {
+ if (!isLoanRecord(e) || !hasOnlyAllowedLoanProperties4RequestReturn(e)) {
return false;
}
setReturnRequestedDate(e);
@@ -73,7 +119,7 @@ public class AWIBoxLoan extends ContainerJob {
e.addError(BOX_HAS_LOAN);
return true;
}
- if (!isBox(e) || !hasOnlyAllowedBoxProperties4RequestLoan(e)) {
+ if (!isBoxRecord(e) || !hasOnlyAllowedBoxProperties4RequestLoan(e)) {
return false;
}
}
@@ -119,7 +165,7 @@ public class AWIBoxLoan extends ContainerJob {
if (getTransaction() instanceof Insert) {
// Container has only loan elements
for (EntityInterface e : getContainer()) {
- if (!isLoan(e)) {
+ if (!isLoanRecord(e)) {
return false;
}
setLoanRequestDate(e);
@@ -151,7 +197,7 @@ public class AWIBoxLoan extends ContainerJob {
// Container has only one element, user
if ((getTransaction() instanceof Update || getTransaction() instanceof Insert)
&& getContainer().size() == 1
- && isUser(getContainer().get(0))
+ && isPersonRecord(getContainer().get(0))
&& checkUniqueName(getContainer().get(0))
&& checkEmail(getContainer().get(0))) {
appendJob(getContainer().get(0), CheckNoAdditionalPropertiesPresent.class);
@@ -180,7 +226,7 @@ public class AWIBoxLoan extends ContainerJob {
Query q =
new Query(
"FIND "
- + getUserID().toString()
+ + getPersonID().toString()
+ " WITH "
+ getFirstNameId().toString()
+ "='"
@@ -200,43 +246,50 @@ public class AWIBoxLoan extends ContainerJob {
return false;
}
- /** Has single user parent. */
- boolean isUser(Entity entity) {
+ /** Is Record and has single user parent. */
+ boolean isPersonRecord(EntityInterface entity) {
return entity.getParents().size() == 1
- && retrieveValidIDByName(entity.getParents().get(0).getName()) == getUserID();
+ && retrieveValidIDByName(entity.getParents().get(0).getName()) == getPersonID();
}
- /** Has single box parent. */
- boolean isBox(EntityInterface e) {
- return e.getParents().size() == 1
+ /** Is Record an has single box parent. */
+ boolean isBoxRecord(EntityInterface e) {
+ return e.getRole() == Role.Record
+ && e.getParents().size() == 1
&& retrieveValidIDByName(e.getParents().get(0).getName()) == getBoxId();
}
- /** has single loan parent */
- private boolean isLoan(EntityInterface e) {
- return e.getParents().size() == 1
+ /** Is Record and has single loan parent */
+ private boolean isLoanRecord(EntityInterface e) {
+ return e.getRole() == Role.Record
+ && e.getParents().size() == 1
&& retrieveValidIDByName(e.getParents().get(0).getName()) == getLoanId();
}
/**
* Has only 5/6 new/updated properties: content, returnRequested, destination, Borrower, comment
* (optional), location
+ *
+ * @throws Message
*/
boolean hasOnlyAllowedLoanProperties4RequestReturn(EntityInterface e) {
runJobFromSchedule(e, CheckPropValid.class);
+ appendJob(e, CheckNoOverridesPresent.class);
+ Set<Integer> found = new HashSet<>();
for (Property p : e.getProperties()) {
if (p.getEntityStatus() == EntityStatus.QUALIFIED) { // this means update
- if (p.getId() == getContentId()) {
-
- } else if (p.getId() == getDestinationId()) {
-
- } else if (p.getId() == getBorrowerId()) {
-
- } else if (p.getId() == getCommentId()) {
-
- } else if (p.getId() == getLocationId()) {
-
+ if (found.contains(p.getId())) {
+ p.addError(MULTIPLE_PROPERTIES);
+ return false;
+ }
+ found.add(p.getId());
+ if (!(p.getId() == getContentId()
+ || p.getId() == getDestinationId()
+ || p.getId() == getBorrowerId()
+ || p.getId() == getCommentId()
+ || p.getId() == getLocationId())) {
+ p.addError(PROPERTY_NOT_ALLOWED_REQUEST_RETURN);
+ return false; // this is not a property which may be updated by anonymous.
}
- return false; // this is not a property which may be updated by anonymous.
}
}
return true;
@@ -282,7 +335,7 @@ public class AWIBoxLoan extends ContainerJob {
return getIdOf("Loan");
}
- Integer getUserID() {
+ Integer getPersonID() {
return getIdOf("Person");
}
diff --git a/src/main/java/caosdb/server/permissions/AbstractEntityACLFactory.java b/src/main/java/caosdb/server/permissions/AbstractEntityACLFactory.java
index d9657d9ce7fd5e781f2643185554090f076af0f0..5d8174711c2dfd06798c5f5690b61540f55e5c56 100644
--- a/src/main/java/caosdb/server/permissions/AbstractEntityACLFactory.java
+++ b/src/main/java/caosdb/server/permissions/AbstractEntityACLFactory.java
@@ -26,26 +26,15 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
+import java.util.Map;
import java.util.Map.Entry;
-class EntityACLFactory extends AbstractEntityACLFactory<EntityACL> {
-
- @Override
- protected EntityACL create(final Collection<EntityACI> acis) {
- return new EntityACL(acis);
- }
-}
-
public abstract class AbstractEntityACLFactory<T extends EntityACL> {
- private final HashMap<ResponsibleAgent, Long> normal_grants =
- new HashMap<ResponsibleAgent, Long>();
- private final HashMap<ResponsibleAgent, Long> priority_grants =
- new HashMap<ResponsibleAgent, Long>();
- private final HashMap<ResponsibleAgent, Long> normal_denials =
- new HashMap<ResponsibleAgent, Long>();
- private final HashMap<ResponsibleAgent, Long> priority_denials =
- new HashMap<ResponsibleAgent, Long>();
+ private final Map<ResponsibleAgent, Long> normalGrants = new HashMap<>();
+ private final Map<ResponsibleAgent, Long> priorityGrants = new HashMap<>();
+ private final Map<ResponsibleAgent, Long> normalDenials = new HashMap<>();
+ private final Map<ResponsibleAgent, Long> priorityDenials = new HashMap<>();
public void grant(final ResponsibleAgent role, final int... permissionBitNumber) {
grant(role, false, permissionBitNumber);
@@ -120,23 +109,23 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
public void grant(
final ResponsibleAgent role, final boolean priority, final EntityPermission... permission) {
if (priority) {
- addACI(this.priority_grants, role, permission);
+ addACI(this.priorityGrants, role, permission);
} else {
- addACI(this.normal_grants, role, permission);
+ addACI(this.normalGrants, role, permission);
}
}
public void deny(
final ResponsibleAgent role, final boolean priority, final EntityPermission... permission) {
if (priority) {
- addACI(this.priority_denials, role, permission);
+ addACI(this.priorityDenials, role, permission);
} else {
- addACI(this.normal_denials, role, permission);
+ addACI(this.normalDenials, role, permission);
}
}
private static void addACI(
- final HashMap<ResponsibleAgent, Long> map,
+ final Map<ResponsibleAgent, Long> map,
final ResponsibleAgent role,
final EntityPermission permission) {
long bitSet = permission.getBitSet();
@@ -149,7 +138,7 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
}
private static void addACI(
- final HashMap<ResponsibleAgent, Long> map,
+ final Map<ResponsibleAgent, Long> map,
final ResponsibleAgent role,
final EntityPermission[] permission) {
for (final EntityPermission p : permission) {
@@ -158,7 +147,7 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
}
private EntityACI[] toEntityACIArray(
- final HashMap<ResponsibleAgent, Long> map, final long modBitSet) {
+ final Map<ResponsibleAgent, Long> map, final long modBitSet) {
final EntityACI[] ret = new EntityACI[map.size()];
int i = 0;
for (final Entry<ResponsibleAgent, Long> e : map.entrySet()) {
@@ -169,54 +158,51 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
public T create() {
normalize();
- final ArrayList<EntityACI> acis = new ArrayList<EntityACI>();
- Collections.addAll(acis, toEntityACIArray(this.normal_grants, 0));
- Collections.addAll(acis, toEntityACIArray(this.normal_denials, Long.MIN_VALUE));
- Collections.addAll(acis, toEntityACIArray(this.priority_grants, EntityACL.MIN_PRIORITY_BITSET));
+ final ArrayList<EntityACI> acis = new ArrayList<>();
+ Collections.addAll(acis, toEntityACIArray(this.normalGrants, 0));
+ Collections.addAll(acis, toEntityACIArray(this.normalDenials, Long.MIN_VALUE));
+ Collections.addAll(acis, toEntityACIArray(this.priorityGrants, EntityACL.MIN_PRIORITY_BITSET));
Collections.addAll(
acis,
- toEntityACIArray(this.priority_denials, Long.MIN_VALUE | EntityACL.MIN_PRIORITY_BITSET));
+ toEntityACIArray(this.priorityDenials, Long.MIN_VALUE | EntityACL.MIN_PRIORITY_BITSET));
return create(acis);
}
private void normalize() {
- for (final Entry<ResponsibleAgent, Long> set : this.priority_denials.entrySet()) {
- if (this.priority_grants.containsKey(set.getKey())) {
- this.priority_grants.put(
- set.getKey(), this.priority_grants.get(set.getKey()) & ~set.getValue());
+ for (final Entry<ResponsibleAgent, Long> set : this.priorityDenials.entrySet()) {
+ if (this.priorityGrants.containsKey(set.getKey())) {
+ this.priorityGrants.put(
+ set.getKey(), this.priorityGrants.get(set.getKey()) & ~set.getValue());
}
- if (this.normal_denials.containsKey(set.getKey())) {
- this.normal_denials.put(
- set.getKey(), this.normal_denials.get(set.getKey()) & ~set.getValue());
+ if (this.normalDenials.containsKey(set.getKey())) {
+ this.normalDenials.put(
+ set.getKey(), this.normalDenials.get(set.getKey()) & ~set.getValue());
}
- if (this.normal_grants.containsKey(set.getKey())) {
- this.normal_grants.put(
- set.getKey(), this.normal_grants.get(set.getKey()) & ~set.getValue());
+ if (this.normalGrants.containsKey(set.getKey())) {
+ this.normalGrants.put(set.getKey(), this.normalGrants.get(set.getKey()) & ~set.getValue());
}
}
- for (final Entry<ResponsibleAgent, Long> set : this.priority_grants.entrySet()) {
- if (this.normal_denials.containsKey(set.getKey())) {
- this.normal_denials.put(
- set.getKey(), this.normal_denials.get(set.getKey()) & ~set.getValue());
+ for (final Entry<ResponsibleAgent, Long> set : this.priorityGrants.entrySet()) {
+ if (this.normalDenials.containsKey(set.getKey())) {
+ this.normalDenials.put(
+ set.getKey(), this.normalDenials.get(set.getKey()) & ~set.getValue());
}
- if (this.normal_grants.containsKey(set.getKey())) {
- this.normal_grants.put(
- set.getKey(), this.normal_grants.get(set.getKey()) & ~set.getValue());
+ if (this.normalGrants.containsKey(set.getKey())) {
+ this.normalGrants.put(set.getKey(), this.normalGrants.get(set.getKey()) & ~set.getValue());
}
}
- for (final Entry<ResponsibleAgent, Long> set : this.normal_denials.entrySet()) {
- if (this.normal_grants.containsKey(set.getKey())) {
- this.normal_grants.put(
- set.getKey(), this.normal_grants.get(set.getKey()) & ~set.getValue());
+ for (final Entry<ResponsibleAgent, Long> set : this.normalDenials.entrySet()) {
+ if (this.normalGrants.containsKey(set.getKey())) {
+ this.normalGrants.put(set.getKey(), this.normalGrants.get(set.getKey()) & ~set.getValue());
}
}
}
public void clear() {
- this.normal_grants.clear();
- this.normal_denials.clear();
- this.priority_grants.clear();
- this.priority_denials.clear();
+ this.normalGrants.clear();
+ this.normalDenials.clear();
+ this.priorityGrants.clear();
+ this.priorityDenials.clear();
}
protected abstract T create(Collection<EntityACI> acis);
diff --git a/src/main/java/caosdb/server/permissions/EntityACL.java b/src/main/java/caosdb/server/permissions/EntityACL.java
index 79008947823e9625283c03e1dd539328a58fef7f..86346bdfa3c3846e7951e41268e117ec2a99aaab 100644
--- a/src/main/java/caosdb/server/permissions/EntityACL.java
+++ b/src/main/java/caosdb/server/permissions/EntityACL.java
@@ -32,7 +32,6 @@ import java.util.ArrayList;
import java.util.BitSet;
import java.util.Collection;
import java.util.Collections;
-import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
@@ -53,7 +52,7 @@ public class EntityACL {
if (acl != null) {
this.acl = acl;
} else {
- this.acl = new ArrayList<EntityACI>();
+ this.acl = new ArrayList<>();
}
}
@@ -68,7 +67,7 @@ public class EntityACL {
}
EntityACL(final EntityACI... aci) {
- this.acl = new ArrayList<EntityACI>();
+ this.acl = new ArrayList<>();
for (final EntityACI a : aci) {
this.acl.add(a);
}
@@ -88,7 +87,7 @@ public class EntityACL {
}
public static final Set<EntityPermission> getPermissionsFromBitSet(final long bitSet) {
- final HashSet<EntityPermission> ret = new HashSet<EntityPermission>();
+ final Set<EntityPermission> ret = new HashSet<>();
final boolean[] ba = convertToArray(bitSet);
for (int i = 0; i < 62; i++) {
if (ba[i]) {
@@ -104,9 +103,9 @@ public class EntityACL {
return true;
}
if (permission instanceof EntityPermission) {
- final ArrayList<EntityACI> acl = new ArrayList<EntityACI>(this.acl);
- acl.addAll(GLOBAL_PERMISSIONS.acl);
- final Set<EntityPermission> permissions = getPermissionsFor(subject, acl);
+ final List<EntityACI> localAcl = new ArrayList<>(this.acl);
+ localAcl.addAll(GLOBAL_PERMISSIONS.acl);
+ final Set<EntityPermission> permissions = getPermissionsFor(subject, localAcl);
return permissions.contains(permission);
}
return false;
@@ -114,15 +113,13 @@ public class EntityACL {
public static final Set<EntityPermission> getPermissionsFor(
final Subject subject, final Collection<EntityACI> entityACL) {
- final ArrayList<Long> acl = new ArrayList<Long>();
+ final List<Long> acl = new ArrayList<>();
final List<ResponsibleAgent> owners = getOwners(entityACL);
- final ArrayList<Long> forOthers = new ArrayList<Long>();
+ final List<Long> forOthers = new ArrayList<>();
for (final EntityACI aci : entityACL) {
- if (aci.getResponsibleAgent().equals(OWNER_ROLE)) {
- if (subjectIsOwner(subject, owners)) {
- acl.add(aci.getBitSet());
- break;
- }
+ if (aci.getResponsibleAgent().equals(OWNER_ROLE) && subjectIsOwner(subject, owners)) {
+ acl.add(aci.getBitSet());
+ break;
}
if (subjectHasRole(subject, aci.getResponsibleAgent())) {
acl.add(aci.getBitSet());
@@ -157,9 +154,8 @@ public class EntityACL {
private static boolean subjectIsOwner(
final Subject subject, final List<ResponsibleAgent> owners) {
for (final ResponsibleAgent owner : owners) {
- if (owner instanceof Role && subject.hasRole(owner.toString())) {
- return true;
- } else if (owner instanceof Principal && subject.getPrincipal().equals(owner)) {
+ if ((owner instanceof Role && subject.hasRole(owner.toString()))
+ || (owner instanceof Principal && subject.getPrincipal().equals(owner))) {
return true;
}
}
@@ -171,7 +167,7 @@ public class EntityACL {
}
public static final List<ResponsibleAgent> getOwners(final Collection<EntityACI> acl) {
- final ArrayList<ResponsibleAgent> owners = new ArrayList<ResponsibleAgent>();
+ final List<ResponsibleAgent> owners = new ArrayList<>();
for (final EntityACI aci : acl) {
if (isOwnerBitSet(aci.getBitSet()) && !aci.getResponsibleAgent().equals(OWNER_ROLE)) {
owners.add(aci.getResponsibleAgent());
@@ -187,15 +183,15 @@ public class EntityACL {
public static final long getResultingACL(final Collection<Long> acl) {
long allowance = 0;
long denial = Long.MIN_VALUE;
- long priority_allowance = 0;
- long priority_denial = Long.MIN_VALUE;
+ long priorityAllowance = 0;
+ long priorityDenial = Long.MIN_VALUE;
for (final long aci : acl) {
if (isPriorityBitSet(aci)) {
if (isDenial(aci)) {
- priority_denial = priority_denial | aci;
+ priorityDenial = priorityDenial | aci;
} else {
- priority_allowance = priority_allowance | aci;
+ priorityAllowance = priorityAllowance | aci;
}
} else {
if (isDenial(aci)) {
@@ -205,7 +201,7 @@ public class EntityACL {
}
}
}
- return ((allowance & ~denial) | (priority_allowance & ~MIN_PRIORITY_BITSET)) & ~priority_denial;
+ return ((allowance & ~denial) | (priorityAllowance & ~MIN_PRIORITY_BITSET)) & ~priorityDenial;
}
public static final boolean isPriorityBitSet(final long bitSet) {
@@ -254,13 +250,13 @@ public class EntityACL {
}
public static final EntityACL getPriorityEntityACL(final EntityACL acl) {
- final ArrayList<EntityACI> priority_acl = new ArrayList<EntityACI>();
+ final List<EntityACI> priorityAcl = new ArrayList<>();
for (final EntityACI aci : acl.acl) {
if (isPriorityBitSet(aci.getBitSet())) {
- priority_acl.add(aci);
+ priorityAcl.add(aci);
}
}
- return new EntityACL(priority_acl);
+ return new EntityACL(priorityAcl);
}
public static final EntityACL parseFromElement(final Element e) {
@@ -322,7 +318,7 @@ public class EntityACL {
}
public static final EntityACL combine(final EntityACL... acls) {
- final ArrayList<EntityACI> newACL = new ArrayList<EntityACI>();
+ final List<EntityACI> newACL = new ArrayList<>();
for (final EntityACL acl : acls) {
newACL.addAll(acl.acl);
}
@@ -341,11 +337,11 @@ public class EntityACL {
public boolean equals(final Object obj) {
if (obj instanceof EntityACL) {
final EntityACL that = (EntityACL) obj;
- final HashSet<EntityACI> that_acis = new HashSet<EntityACI>();
- that_acis.addAll(that.acl);
- final HashSet<EntityACI> this_acis = new HashSet<EntityACI>();
- this_acis.addAll(this.acl);
- return that_acis.equals(this_acis);
+ final Set<EntityACI> thatAcis = new HashSet<>();
+ thatAcis.addAll(that.acl);
+ final Set<EntityACI> thisAcis = new HashSet<>();
+ thisAcis.addAll(this.acl);
+ return thatAcis.equals(thisAcis);
}
return false;
}
@@ -361,7 +357,7 @@ public class EntityACL {
public static EntityACL fromJSON(final String input) {
final Object parse = JSON.parse(input);
- final ArrayList<EntityACI> acl = new ArrayList<EntityACI>();
+ final List<EntityACI> acl = new ArrayList<>();
if (parse.getClass().isArray()) {
final Object[] array = (Object[]) parse;
for (final Object aci : array) {
@@ -386,7 +382,7 @@ public class EntityACL {
}
public static String toJSON(final EntityACL acl) {
- final ArrayList<HashMap<String, Object>> list = new ArrayList<HashMap<String, Object>>();
+ final List<Map<String, Object>> list = new ArrayList<>();
for (final EntityACI aci : acl.acl) {
list.add(aci.toMap());
diff --git a/src/main/java/caosdb/server/permissions/EntityACLFactory.java b/src/main/java/caosdb/server/permissions/EntityACLFactory.java
new file mode 100644
index 0000000000000000000000000000000000000000..eeacb1260729f78f490e592891c0a93a334b42fa
--- /dev/null
+++ b/src/main/java/caosdb/server/permissions/EntityACLFactory.java
@@ -0,0 +1,11 @@
+package caosdb.server.permissions;
+
+import java.util.Collection;
+
+public class EntityACLFactory extends AbstractEntityACLFactory<EntityACL> {
+
+ @Override
+ protected EntityACL create(final Collection<EntityACI> acis) {
+ return new EntityACL(acis);
+ }
+}
diff --git a/src/main/java/caosdb/server/permissions/EntityPermission.java b/src/main/java/caosdb/server/permissions/EntityPermission.java
index c4fd82245d32a488a4e2155e2c3171441f4a2d30..7fae8a76a8cc87cbfb2525c34102d5418d58e94e 100644
--- a/src/main/java/caosdb/server/permissions/EntityPermission.java
+++ b/src/main/java/caosdb/server/permissions/EntityPermission.java
@@ -22,9 +22,11 @@
*/
package caosdb.server.permissions;
+import caosdb.server.CaosDBException;
import caosdb.server.entity.xml.ToElementable;
import java.util.ArrayList;
import java.util.HashSet;
+import java.util.List;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -33,7 +35,7 @@ import org.jdom2.Element;
public class EntityPermission extends Permission {
private static final long serialVersionUID = 1L;
- private static ArrayList<EntityPermission> instances = new ArrayList<EntityPermission>();
+ private static List<EntityPermission> instances = new ArrayList<>();
private final int bitNumber;
public static ToElementable getAllEntityPermissions() {
@@ -59,11 +61,11 @@ public class EntityPermission extends Permission {
super(shortName, description);
this.bitNumber = bitNumber;
if (bitNumber > 61) {
- throw new RuntimeException(
+ throw new CaosDBException(
"This bitNumber is too big. This implementation only handles bitNumbers up to 61.");
}
if (instances.contains(this)) {
- throw new RuntimeException("This EntityPermission is defined yet.");
+ throw new CaosDBException("This EntityPermission is defined yet.");
} else {
instances.add(this);
}
@@ -72,7 +74,7 @@ public class EntityPermission extends Permission {
public static Set<EntityPermission> getPermissionsPerWildCard(final String s) {
final Pattern pattern = Pattern.compile(s.replaceAll("\\*", ".*"));
- final HashSet<EntityPermission> ret = new HashSet<EntityPermission>();
+ final Set<EntityPermission> ret = new HashSet<>();
for (final EntityPermission p : instances) {
final Matcher m = pattern.matcher(p.getShortName());
if (m.matches()) {
diff --git a/src/main/java/caosdb/server/permissions/Role.java b/src/main/java/caosdb/server/permissions/Role.java
index eed068fc6bed1f8a3e5fd18bcdc6ef30bb9447a1..70e1a61f754b4beeffe8f8fe203b42842d49cb6d 100644
--- a/src/main/java/caosdb/server/permissions/Role.java
+++ b/src/main/java/caosdb/server/permissions/Role.java
@@ -22,6 +22,7 @@
*/
package caosdb.server.permissions;
+import caosdb.server.accessControl.UserSources;
import java.util.HashMap;
import org.jdom2.Attribute;
import org.jdom2.Element;
@@ -30,6 +31,7 @@ public class Role implements ResponsibleAgent {
public static final Role OWNER_ROLE = new Role("?OWNER?");
public static final Role OTHER_ROLE = new Role("?OTHER?");
+ public static final Role ANONYMOUS_ROLE = new Role(UserSources.ANONYMOUS_ROLE);
private final String role;
diff --git a/update_box_loan_acl.py b/update_box_loan_acl.py
new file mode 100644
index 0000000000000000000000000000000000000000..c49dd01eb1adf8b266ec2f8af3ce417a20e59c12
--- /dev/null
+++ b/update_box_loan_acl.py
@@ -0,0 +1,37 @@
+#!/usr/bin/env python3
+
+import sys
+import caosdb as db
+
+boxes = db.execute_query("FIND RECORD Box")
+persons = db.execute_query("FIND RECORD Person")
+loans = db.execute_query("FIND RECORD LOAN")
+
+num = len(boxes) + len(persons) + len(loans)
+i = 0
+
+def progress():
+ global i
+ i += 1
+ sys.stdout.write("\rprocessing {i}/{num} entities, {perc}%".format(i=i,num=num, perc=float(100*i)/float(num)))
+ sys.stdout.flush()
+
+for Box in boxes:
+ progress()
+ box.retrieve_acl()
+ box.grant(role="anonymous", permissions="UPDATE:PROPERTY:ADD")
+ box.update_acl()
+
+for person in persons:
+ progress()
+ person.retrieve_acl()
+ person.grant(role="anonymous", permissions="UPDATE:PROPERTY:ADD")
+ person.grant(role="anonymous", permissions="UPDATE:PROPERTY:REMOVE")
+ person.update_acl()
+
+for loan in loans:
+ progress()
+ loan.retrieve_acl()
+ loan.grant(role="anonymous", permissions="UPDATE:PROPERTY:ADD")
+ loan.grant(role="anonymous", permissions="UPDATE:PROPERTY:REMOVE")
+ loan.update_acl()