BUG: anonymous permissions

22f4f4df · Timm Fitschen · bab515e5 · 22f4f4df · 22f4f4df · 22f4f4df
Unverified Commit 22f4f4df authored 6 years ago by Timm Fitschen
--- a/src/main/java/caosdb/server/jobs/core/Atomic.java
+++ b/src/main/java/caosdb/server/jobs/core/Atomic.java
@@ -27,11 +27,15 @@ import caosdb.server.entity.EntityInterface;
 import caosdb.server.jobs.ContainerJob;
 import caosdb.server.jobs.JobAnnotation;
 import caosdb.server.jobs.JobExecutionTime;
+import caosdb.server.transaction.WriteTransaction;
 import caosdb.server.utils.EntityStatus;
 import caosdb.server.utils.Observable;
 import caosdb.server.utils.ServerMessages;
-@JobAnnotation(time = JobExecutionTime.POST_CHECK)
+@JobAnnotation(
+    time = JobExecutionTime.POST_CHECK,
+    transaction = WriteTransaction.class,
+    loadAlways = true)
 public class Atomic extends ContainerJob {
  private boolean doCheck() {

--- a/src/main/java/caosdb/server/jobs/extension/AWIBoxLoan.java
+++ b/src/main/java/caosdb/server/jobs/extension/AWIBoxLoan.java
@@ -8,6 +8,7 @@ import caosdb.server.datatype.SingleValue;
 import caosdb.server.entity.Entity;
 import caosdb.server.entity.EntityInterface;
 import caosdb.server.entity.Message;
+import caosdb.server.entity.Message.MessageType;
 import caosdb.server.entity.wrapper.Property;
 import caosdb.server.jobs.JobAnnotation;
 import caosdb.server.jobs.core.CheckNoAdditionalPropertiesPresent;
@@ -51,6 +52,9 @@ public class AWIBoxLoan extends AWIBoxLoanModel {
            || isRequestReturnSetUser()
            || isRequestReturnUpdateLoan())) {
      addError(ServerMessages.AUTHORIZATION_ERROR);
+      getContainer()
+          .addMessage(
+              new Message(MessageType.Info, 0, "Anonymous users have restricted permissions."));
      return;
    } else if (!(isRequestLoanSetUser()
        || isRequestLoanInsertLoan()
@@ -92,6 +96,7 @@ public class AWIBoxLoan extends AWIBoxLoanModel {
  EntityACL getBoxACL() {
    EntityACLFactory f = new EntityACLFactory();
    f.grant(ANONYMOUS_ROLE, false, EntityPermission.UPDATE_ADD_PROPERTY);
+    f.grant(ANONYMOUS_ROLE, false, EntityPermission.UPDATE_REMOVE_PROPERTY);
    return f.create();
  }
@@ -127,11 +132,12 @@ public class AWIBoxLoan extends AWIBoxLoanModel {
      for (EntityInterface e : getContainer()) {
        if (boxHasLoanProperty(e)) {
          e.addError(BOX_HAS_LOAN);
-          return true;
+          return false;
        }
        if (!isBoxRecord(e) || !hasOnlyAllowedBoxProperties4RequestLoan(e)) {
          return false;
        }
+        appendJob(e, CheckNoAdditionalPropertiesPresent.class);
      }
      return true;
    }
@@ -152,12 +158,8 @@ public class AWIBoxLoan extends AWIBoxLoanModel {
  boolean hasOnlyAllowedBoxProperties4RequestLoan(EntityInterface e) {
    int count = 0;
    for (Property p : e.getProperties()) {
-      if (p.getEntityStatus() == EntityStatus.QUALIFIED) { // this means update
+      if (p.getEntityStatus() == EntityStatus.QUALIFIED && Objects.equals(p.getId(), getLoanId())) {
-        if (Objects.equals(p.getId(), getLoanId())) {
        count++;
-          continue;
-        }
-        return false; // this is not a Loan.
      }
    }

--- a/src/main/java/caosdb/server/jobs/extension/AWIBoxLoanModel.java
+++ b/src/main/java/caosdb/server/jobs/extension/AWIBoxLoanModel.java
@@ -21,7 +21,7 @@ public abstract class AWIBoxLoanModel extends ContainerJob {
  boolean isBoxRecord(EntityInterface e) {
    return e.getRole() == Role.Record
        && e.getParents().size() == 1
-        && Objects.equals(retrieveValidIDByName(e.getParents().get(0).getName()), getBoxId());
+        && Objects.equals(e.getParents().get(0).getId(), getBoxId());
  }
  /** Is Record and has single loan parent */

--- a/src/main/java/caosdb/server/permissions/EntityACL.java
+++ b/src/main/java/caosdb/server/permissions/EntityACL.java
@@ -60,6 +60,8 @@ public class EntityACL {
    final EntityACLFactory f = new EntityACLFactory();
    f.grant(OWNER_ROLE, "*");
    f.grant(OTHER_ROLE, "RETRIEVE:*");
+    f.grant(Role.ANONYMOUS_ROLE, "RETRIEVE:*");
+    f.grant(Role.ANONYMOUS_ROLE, "USE:*");
    f.deny(OTHER_ROLE, "UPDATE:*");
    f.deny(OTHER_ROLE, "DELETE");
    f.deny(OTHER_ROLE, true, "EDIT:ACL");

--- a/src/main/java/caosdb/server/transaction/Transaction.java
+++ b/src/main/java/caosdb/server/transaction/Transaction.java
@@ -38,7 +38,6 @@ import caosdb.server.jobs.Job;
 import caosdb.server.jobs.JobExecutionTime;
 import caosdb.server.jobs.Schedule;
 import caosdb.server.jobs.core.AccessControl;
-import caosdb.server.jobs.core.Atomic;
 import caosdb.server.jobs.core.CheckDatatypePresent;
 import caosdb.server.jobs.core.CheckEntityACLRoles;
 import caosdb.server.jobs.core.Mode;
@@ -86,9 +85,6 @@ public abstract class Transaction<C extends TransactionContainer> extends Abstra
    this.schedule.add(loadContainerFlags);
    this.schedule.runJob(loadContainerFlags);
-    // all transactions are atomic
-    this.schedule.add(Job.getJob(Atomic.class.getSimpleName(), Mode.MUST, null, this));
    // AccessControl
    this.schedule.add(Job.getJob(AccessControl.class.getSimpleName(), Mode.MUST, null, this));
    this.schedule.add(Job.getJob(CheckEntityACLRoles.class.getSimpleName(), Mode.MUST, null, this));

--- a/src/test/java/caosdb/server/jobs/extension/TestAWIBoxLoan.java
+++ b/src/test/java/caosdb/server/jobs/extension/TestAWIBoxLoan.java
@@ -271,7 +271,7 @@ public class TestAWIBoxLoan {
    assertEquals(EntityStatus.QUALIFIED, j.getContainer().getStatus());
    j.run();
-    assertEquals(1, j.getContainer().getMessages().size());
+    assertEquals(2, j.getContainer().getMessages().size());
    assertEquals(EntityStatus.UNQUALIFIED, j.getContainer().getStatus());
  }
 }