wip

src/main/java/org/caosdb/server/database/backend/transaction/RetrieveFullEntityTransaction.java

@@ -26,12 +26,11 @@ package org.caosdb.server.database.backend.transaction;
 
 import java.util.LinkedList;
 import java.util.List;
-import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.subject.Subject;
 import org.caosdb.server.database.BackendTransaction;
 import org.caosdb.server.database.exceptions.EntityDoesNotExistException;
 import org.caosdb.server.datatype.CollectionValue;
 import org.caosdb.server.datatype.IndexedSingleValue;
-import org.caosdb.server.accessControl.Principal;
 import org.caosdb.server.datatype.ReferenceValue;
 import org.caosdb.server.entity.EntityID;
 import org.caosdb.server.entity.EntityInterface;
@@ -61,17 +60,24 @@ import org.caosdb.server.utils.EntityStatus;
 public class RetrieveFullEntityTransaction extends BackendTransaction {
 
   private final Container<? extends EntityInterface> container;
-  private final Principal principal;
+  private final Subject subject;
 
   public RetrieveFullEntityTransaction(final EntityInterface entity) {
     final Container<EntityInterface> c = new Container<>();
     c.add(entity);
     this.container = c;
+    this.subject = null;
   }
 
-  public RetrieveFullEntityTransaction(final Container<? extends EntityInterface> container, final Principal principal) {
+  public RetrieveFullEntityTransaction(
+      final Container<? extends EntityInterface> container, final Subject subject) {
     this.container = container;
-    this.principal = principal;
+    this.subject = subject;
+  }
+
+  public RetrieveFullEntityTransaction(final Container<? extends EntityInterface> container) {
+    this.container = container;
+    this.subject = null;
   }
 
   public RetrieveFullEntityTransaction(final EntityID id) {
@@ -227,11 +233,13 @@ public class RetrieveFullEntityTransaction extends BackendTransaction {
       final ReferenceValue value, final List<Selection> selections, final String propertyName) {
     final RetrieveEntity ref = new RetrieveEntity(value.getId());
 
+    if (this.subject != null) {
       // check whether the referenced entity may be retrieved
       final EntityACL entityACL = ref.getEntityACL();
-    if (!entityACL.isPermitted(this.principal, EntityPermission.RETRIEVE_ENTITY)) {
+      if (!entityACL.isPermitted(this.subject, EntityPermission.RETRIEVE_ENTITY)) {
         return;
       }
+    }
     // recursion! (Only for the matching selections)
     retrieveFullEntity(ref, getSubSelects(selections, propertyName));
     value.setEntity(ref, true);

src/main/java/org/caosdb/server/query/Query.java

@@ -77,7 +77,6 @@ import org.caosdb.server.transaction.WriteTransaction;
 import org.jdom2.Element;
 import org.slf4j.Logger;
 
-
 // TODO Document: The query is initialized with a RetrieveTransaction and its
 // Container. The container is filled by the Query with the resulting IDs. The
 // Retrieve transaction then handles the retrieve of all respective Entities.

src/main/java/org/caosdb/server/transaction/Retrieve.java

@@ -114,7 +114,7 @@ public class Retrieve extends Transaction<RetrieveContainer> {
 
   private void retrieveFullEntities(final RetrieveContainer container, final Access access)
       throws Exception {
-    execute(new RetrieveFullEntityTransaction(container), access);
+    execute(new RetrieveFullEntityTransaction(container, getTransactor()), access);
   }
 
   @Override