From d10a588130c9e37145356077f65944b86c2f46a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20tom=20W=C3=B6rden?= <h.tomwoerden@indiscale.com>
Date: Sat, 2 Dec 2023 12:31:20 +0100
Subject: [PATCH] wip

---
 .../RetrieveFullEntityTransaction.java        | 26 ++++++++++++-------
 .../caosdb/server/entity/RetrieveEntity.java  |  2 +-
 .../java/org/caosdb/server/query/Query.java   |  1 -
 .../caosdb/server/transaction/Retrieve.java   |  2 +-
 4 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/src/main/java/org/caosdb/server/database/backend/transaction/RetrieveFullEntityTransaction.java b/src/main/java/org/caosdb/server/database/backend/transaction/RetrieveFullEntityTransaction.java
index a45a86a1..e4d198c2 100644
--- a/src/main/java/org/caosdb/server/database/backend/transaction/RetrieveFullEntityTransaction.java
+++ b/src/main/java/org/caosdb/server/database/backend/transaction/RetrieveFullEntityTransaction.java
@@ -26,12 +26,11 @@ package org.caosdb.server.database.backend.transaction;
 
 import java.util.LinkedList;
 import java.util.List;
-import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.subject.Subject;
 import org.caosdb.server.database.BackendTransaction;
 import org.caosdb.server.database.exceptions.EntityDoesNotExistException;
 import org.caosdb.server.datatype.CollectionValue;
 import org.caosdb.server.datatype.IndexedSingleValue;
-import org.caosdb.server.accessControl.Principal;
 import org.caosdb.server.datatype.ReferenceValue;
 import org.caosdb.server.entity.EntityID;
 import org.caosdb.server.entity.EntityInterface;
@@ -61,17 +60,24 @@ import org.caosdb.server.utils.EntityStatus;
 public class RetrieveFullEntityTransaction extends BackendTransaction {
 
   private final Container<? extends EntityInterface> container;
-  private final Principal principal;
+  private final Subject subject;
 
   public RetrieveFullEntityTransaction(final EntityInterface entity) {
     final Container<EntityInterface> c = new Container<>();
     c.add(entity);
     this.container = c;
+    this.subject = null;
   }
 
-  public RetrieveFullEntityTransaction(final Container<? extends EntityInterface> container, final Principal principal) {
+  public RetrieveFullEntityTransaction(
+      final Container<? extends EntityInterface> container, final Subject subject) {
     this.container = container;
-    this.principal = principal;
+    this.subject = subject;
+  }
+
+  public RetrieveFullEntityTransaction(final Container<? extends EntityInterface> container) {
+    this.container = container;
+    this.subject = null;
   }
 
   public RetrieveFullEntityTransaction(final EntityID id) {
@@ -227,10 +233,12 @@ public class RetrieveFullEntityTransaction extends BackendTransaction {
       final ReferenceValue value, final List<Selection> selections, final String propertyName) {
     final RetrieveEntity ref = new RetrieveEntity(value.getId());
 
-    // check whether the referenced entity may be retrieved
-    final EntityACL entityACL = ref.getEntityACL();
-    if (!entityACL.isPermitted(this.principal, EntityPermission.RETRIEVE_ENTITY)) {
-      return;
+    if (this.subject != null) {
+      // check whether the referenced entity may be retrieved
+      final EntityACL entityACL = ref.getEntityACL();
+      if (!entityACL.isPermitted(this.subject, EntityPermission.RETRIEVE_ENTITY)) {
+        return;
+      }
     }
     // recursion! (Only for the matching selections)
     retrieveFullEntity(ref, getSubSelects(selections, propertyName));
diff --git a/src/main/java/org/caosdb/server/entity/RetrieveEntity.java b/src/main/java/org/caosdb/server/entity/RetrieveEntity.java
index 887e7d12..69df103a 100644
--- a/src/main/java/org/caosdb/server/entity/RetrieveEntity.java
+++ b/src/main/java/org/caosdb/server/entity/RetrieveEntity.java
@@ -24,7 +24,7 @@
  */
 package org.caosdb.server.entity;
 
-//TODO document the use of this class; it seems to exist of only constructors
+// TODO document the use of this class; it seems to exist of only constructors
 
 public class RetrieveEntity extends Entity {
 
diff --git a/src/main/java/org/caosdb/server/query/Query.java b/src/main/java/org/caosdb/server/query/Query.java
index 29361d3a..507dc9d4 100644
--- a/src/main/java/org/caosdb/server/query/Query.java
+++ b/src/main/java/org/caosdb/server/query/Query.java
@@ -77,7 +77,6 @@ import org.caosdb.server.transaction.WriteTransaction;
 import org.jdom2.Element;
 import org.slf4j.Logger;
 
-
 // TODO Document: The query is initialized with a RetrieveTransaction and its
 // Container. The container is filled by the Query with the resulting IDs. The
 // Retrieve transaction then handles the retrieve of all respective Entities.
diff --git a/src/main/java/org/caosdb/server/transaction/Retrieve.java b/src/main/java/org/caosdb/server/transaction/Retrieve.java
index 643c1201..54500c59 100644
--- a/src/main/java/org/caosdb/server/transaction/Retrieve.java
+++ b/src/main/java/org/caosdb/server/transaction/Retrieve.java
@@ -114,7 +114,7 @@ public class Retrieve extends Transaction<RetrieveContainer> {
 
   private void retrieveFullEntities(final RetrieveContainer container, final Access access)
       throws Exception {
-    execute(new RetrieveFullEntityTransaction(container), access);
+    execute(new RetrieveFullEntityTransaction(container, getTransactor()), access);
   }
 
   @Override
-- 
GitLab