From 972bffbb217bcaed9d0a00a123d30b7ff3c20a5c Mon Sep 17 00:00:00 2001
From: Timm Fitschen <t.fitschen@indiscale.com>
Date: Mon, 6 Dec 2021 12:09:05 +0100
Subject: [PATCH] EHN: simplify CheckPropValid and add usefull info when
 permission denied

---
 src/main/java/org/caosdb/server/jobs/Job.java     |  8 +++-----
 .../caosdb/server/jobs/core/CheckPropValid.java   | 15 +++++++--------
 2 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/src/main/java/org/caosdb/server/jobs/Job.java b/src/main/java/org/caosdb/server/jobs/Job.java
index 2de6b085..9bca9eb2 100644
--- a/src/main/java/org/caosdb/server/jobs/Job.java
+++ b/src/main/java/org/caosdb/server/jobs/Job.java
@@ -27,7 +27,7 @@ import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Set;
-import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authz.AuthorizationException;
 import org.apache.shiro.authz.Permission;
 import org.apache.shiro.subject.Subject;
 import org.caosdb.server.CaosDBException;
@@ -301,10 +301,8 @@ public abstract class Job {
   }
 
   protected final void checkPermission(final EntityInterface entity, final Permission permission)
-      throws Message {
-    if (!entity.getEntityACL().isPermitted(SecurityUtils.getSubject(), permission)) {
-      throw ServerMessages.AUTHORIZATION_ERROR;
-    }
+      throws AuthorizationException {
+    entity.checkPermission(permission);
   }
 
   /**
diff --git a/src/main/java/org/caosdb/server/jobs/core/CheckPropValid.java b/src/main/java/org/caosdb/server/jobs/core/CheckPropValid.java
index 390deedd..112692c8 100644
--- a/src/main/java/org/caosdb/server/jobs/core/CheckPropValid.java
+++ b/src/main/java/org/caosdb/server/jobs/core/CheckPropValid.java
@@ -25,6 +25,7 @@ package org.caosdb.server.jobs.core;
 import static org.caosdb.server.utils.ServerMessages.ENTITY_DOES_NOT_EXIST;
 
 import com.google.common.base.Objects;
+import org.apache.shiro.authz.AuthorizationException;
 import org.caosdb.server.database.exceptions.EntityDoesNotExistException;
 import org.caosdb.server.database.exceptions.EntityWasNotUniqueException;
 import org.caosdb.server.entity.EntityInterface;
@@ -124,11 +125,14 @@ public class CheckPropValid extends EntityJob {
           }
         }
       } catch (final Message m) {
-        addError(property, m);
+        property.addError(m);
+      } catch (AuthorizationException e) {
+        property.addError(ServerMessages.AUTHORIZATION_ERROR);
+        property.addInfo(e.getMessage());
       } catch (final EntityDoesNotExistException e) {
-        addError(property, ENTITY_DOES_NOT_EXIST);
+        property.addError(ENTITY_DOES_NOT_EXIST);
       } catch (final EntityWasNotUniqueException e) {
-        addError(property, ServerMessages.ENTITY_NAME_DUPLICATES);
+        property.addError(ServerMessages.ENTITY_NAME_DUPLICATES);
       }
     }
 
@@ -147,11 +151,6 @@ public class CheckPropValid extends EntityJob {
     checkPermission(property, EntityPermission.USE_AS_PROPERTY);
   }
 
-  private void addError(final EntityInterface property, final Message m) {
-    property.addError(m);
-    property.setEntityStatus(EntityStatus.UNQUALIFIED);
-  }
-
   private static void deriveOverrideStatus(final Property child, final EntityInterface parent) {
     if (!Objects.equal(child.getName(), parent.getName())) {
       if (child.hasName()) {
-- 
GitLab