WIP: acm grpc

src/main/java/org/caosdb/server/accessControl/AuthenticationUtils.java

@@ -29,6 +29,7 @@ import static org.caosdb.server.utils.Utils.URLDecodeWithUTF8;
 import java.sql.Timestamp;
 import java.util.Collection;
 import java.util.LinkedList;
+import org.apache.shiro.authz.AuthorizationInfo;
 import org.apache.shiro.subject.Subject;
 import org.caosdb.server.CaosDBServer;
 import org.caosdb.server.ServerProperties;
@@ -199,4 +200,8 @@ public class AuthenticationUtils {
         .getRealm()
         .equals(OneTimeAuthenticationToken.REALM_NAME);
   }
+
+  public static AuthorizationInfo getAuthorizationInfo(Subject user) {
+    return new CaosDBAuthorizingRealm().doGetAuthorizationInfo(user.getPrincipals());
+  }
 }

src/main/java/org/caosdb/server/accessControl/CaosDBRolePermissionResolver.java

@@ -49,6 +49,7 @@ public class CaosDBRolePermissionResolver {
         throw new AuthenticationException(e);
       }
     }
+
     return new CaosPermission(rules);
   }
 }

src/main/java/org/caosdb/server/grpc/GeneralInfoServiceImpl.java

@@ -21,7 +21,11 @@
 package org.caosdb.server.grpc;
 
 import io.grpc.stub.StreamObserver;
+import java.util.Collection;
+import java.util.LinkedList;
 import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.authz.Permission;
 import org.apache.shiro.subject.Subject;
 import org.caosdb.api.info.v1.GeneralInfoServiceGrpc.GeneralInfoServiceImplBase;
 import org.caosdb.api.info.v1.GetSessionInfoRequest;
@@ -31,7 +35,9 @@ import org.caosdb.api.info.v1.GetVersionInfoResponse;
 import org.caosdb.api.info.v1.VersionInfo;
 import org.caosdb.server.CaosDBServer;
 import org.caosdb.server.ServerProperties;
+import org.caosdb.server.accessControl.AuthenticationUtils;
 import org.caosdb.server.accessControl.Principal;
+import org.caosdb.server.permissions.CaosPermission;
 
 /**
  * Implementation of the GeneralInfoService.
@@ -83,6 +89,24 @@ public class GeneralInfoServiceImpl extends GeneralInfoServiceImplBase {
     response.setUsername(principal.getUsername());
     response.setRealm(principal.getRealm());
 
+    AuthorizationInfo authorizationInfo = AuthenticationUtils.getAuthorizationInfo(user);
+    Collection<String> roles = authorizationInfo.getRoles();
+    if (roles != null && !roles.isEmpty()) {
+      response.addAllRoles(roles);
+    }
+    Collection<String> permissions =
+        new LinkedList<String>(authorizationInfo.getStringPermissions());
+    for (Permission p : authorizationInfo.getObjectPermissions()) {
+      if (p instanceof CaosPermission) {
+        permissions.addAll(((CaosPermission) p).getStringPermissions(user));
+      } else {
+        permissions.add(p.toString());
+      }
+    }
+    if (permissions != null && !permissions.isEmpty()) {
+      response.addAllPermissions(permissions);
+    }
+
     responseObserver.onNext(response.build());
     responseObserver.onCompleted();
   }

src/main/java/org/caosdb/server/jobs/Schedule.java

@@ -97,8 +97,8 @@ public class Schedule {
             ? this.jobLists.get(jobclass.getAnnotation(JobAnnotation.class).stage().ordinal())
             : this.jobLists.get(TransactionStage.CHECK.ordinal());
     for (final ScheduledJob scheduledJob : jobs) {
-      if (jobclass.isInstance(scheduledJob.job)) {
-        if (scheduledJob.job.getEntity() == entity) {
+      if (jobclass.isInstance(scheduledJob.getJob())) {
+        if (scheduledJob.getJob().getEntity() == entity) {
           runJob(scheduledJob);
         }
       }

src/main/java/org/caosdb/server/jobs/ScheduledJob.java

@@ -31,11 +31,14 @@ package org.caosdb.server.jobs;
 public class ScheduledJob {
 
   long runtime = 0;
-  final Job job;
+  private final Job job;
   private long startTime = -1;
 
-  ScheduledJob(final Job j) {
-    this.job = j;
+  ScheduledJob(final Job job) {
+    if (job == null) {
+      throw new NullPointerException("job was null.");
+    }
+    this.job = job;
   }
 
   void run() {
@@ -85,4 +88,8 @@ public class ScheduledJob {
   public boolean skip() {
     return this.job.getTarget().skipJob();
   }
+
+  public Job getJob() {
+    return job;
+  }
 }

src/main/java/org/caosdb/server/permissions/CaosPermission.java

@@ -22,12 +22,11 @@
  */
 package org.caosdb.server.permissions;
 
+import java.util.Collection;
 import java.util.HashSet;
-import java.util.Map;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authz.Permission;
 import org.apache.shiro.subject.Subject;
-import org.eclipse.jetty.util.ajax.JSON;
 
 public class CaosPermission extends HashSet<PermissionRule> implements Permission {
 
@@ -35,16 +34,33 @@ public class CaosPermission extends HashSet<PermissionRule> implements Permissio
     super(rules);
   }
 
-  public CaosPermission() {}
+  public Collection<String> getStringPermissions(Subject subject) {
+    HashSet<String> grant = new HashSet<>();
+    HashSet<String> prio_grant = new HashSet<>();
+    HashSet<String> deny = new HashSet<>();
+    HashSet<String> prio_deny = new HashSet<>();
 
-  public static CaosPermission parseJSON(final String json) {
-    final CaosPermission ret = new CaosPermission();
-    @SuppressWarnings("unchecked")
-    final Map<String, String>[] rules = (Map<String, String>[]) JSON.parse(json);
-    for (final Map<String, String> rule : rules) {
-      ret.add(PermissionRule.parse(rule));
+    for (PermissionRule r : this) {
+      String p = subject == null ? r.getPermission() : r.getPermission(subject).toString();
+      if (r.isGrant()) {
+        if (r.isPriority()) {
+          prio_grant.add(p);
+        } else {
+          grant.add(p);
+        }
+      } else {
+        if (r.isPriority()) {
+          prio_deny.add(p);
+        } else {
+          deny.add(p);
+        }
+      }
     }
-    return ret;
+
+    grant.removeAll(deny);
+    grant.addAll(prio_grant);
+    grant.removeAll(prio_deny);
+    return grant;
   }
 
   private static final long serialVersionUID = 2136265443788256009L;

src/main/java/org/caosdb/server/resource/AbstractCaosDBServerResource.java

@@ -251,6 +251,7 @@ public abstract class AbstractCaosDBServerResource extends ServerResource {
     try {
       return httpPostInChildClass(entity);
     } catch (final Throwable t) {
+      t.printStackTrace();
       return handleThrowable(t);
     }
   }

src/main/java/org/caosdb/server/transaction/RetrieveRoleTransaction.java

@@ -51,12 +51,14 @@ public class RetrieveRoleTransaction extends AccessControlTransaction {
     if (this.role == null) {
       throw ServerMessages.ROLE_DOES_NOT_EXIST;
     }
-    Iterator<ProtoUser> iterator = this.role.users.iterator();
-    while (iterator.hasNext()) {
-      ProtoUser user = iterator.next();
-      if (!currentUser.isPermitted(
-          ACMPermissions.PERMISSION_RETRIEVE_USER_ROLES(user.realm, user.name))) {
-        iterator.remove();
+    if (this.role.users != null) {
+      Iterator<ProtoUser> iterator = this.role.users.iterator();
+      while (iterator.hasNext()) {
+        ProtoUser user = iterator.next();
+        if (!currentUser.isPermitted(
+            ACMPermissions.PERMISSION_RETRIEVE_USER_ROLES(user.realm, user.name))) {
+          iterator.remove();
+        }
       }
     }
   }