From f33df066b2fa60c4da37fa630fed12c6ea655ceb Mon Sep 17 00:00:00 2001
From: Timm Fitschen <timm.fitschen@ds.mpg.de>
Date: Mon, 10 Dec 2018 23:06:41 +0100
Subject: [PATCH] MAINT: refactoring some permissions classes
---
.../permissions/AbstractEntityACLFactory.java | 99 +++++++++----------
.../caosdb/server/permissions/EntityACL.java | 70 ++++++-------
.../server/permissions/EntityPermission.java | 10 +-
.../java/caosdb/server/permissions/Role.java | 2 +
4 files changed, 86 insertions(+), 95 deletions(-)
diff --git a/src/main/java/caosdb/server/permissions/AbstractEntityACLFactory.java b/src/main/java/caosdb/server/permissions/AbstractEntityACLFactory.java
index d9657d9c..6460cb34 100644
--- a/src/main/java/caosdb/server/permissions/AbstractEntityACLFactory.java
+++ b/src/main/java/caosdb/server/permissions/AbstractEntityACLFactory.java
@@ -26,26 +26,19 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
+import java.util.Map;
import java.util.Map.Entry;
-class EntityACLFactory extends AbstractEntityACLFactory<EntityACL> {
-
- @Override
- protected EntityACL create(final Collection<EntityACI> acis) {
- return new EntityACL(acis);
- }
-}
-
public abstract class AbstractEntityACLFactory<T extends EntityACL> {
- private final HashMap<ResponsibleAgent, Long> normal_grants =
- new HashMap<ResponsibleAgent, Long>();
- private final HashMap<ResponsibleAgent, Long> priority_grants =
- new HashMap<ResponsibleAgent, Long>();
- private final HashMap<ResponsibleAgent, Long> normal_denials =
- new HashMap<ResponsibleAgent, Long>();
- private final HashMap<ResponsibleAgent, Long> priority_denials =
- new HashMap<ResponsibleAgent, Long>();
+ private final Map<ResponsibleAgent, Long> normalGrants =
+ new HashMap<>();
+ private final Map<ResponsibleAgent, Long> priorityGrants =
+ new HashMap<>();
+ private final Map<ResponsibleAgent, Long> normalDenials =
+ new HashMap<>();
+ private final Map<ResponsibleAgent, Long> priorityDenials =
+ new HashMap<>();
public void grant(final ResponsibleAgent role, final int... permissionBitNumber) {
grant(role, false, permissionBitNumber);
@@ -120,23 +113,23 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
public void grant(
final ResponsibleAgent role, final boolean priority, final EntityPermission... permission) {
if (priority) {
- addACI(this.priority_grants, role, permission);
+ addACI(this.priorityGrants, role, permission);
} else {
- addACI(this.normal_grants, role, permission);
+ addACI(this.normalGrants, role, permission);
}
}
public void deny(
final ResponsibleAgent role, final boolean priority, final EntityPermission... permission) {
if (priority) {
- addACI(this.priority_denials, role, permission);
+ addACI(this.priorityDenials, role, permission);
} else {
- addACI(this.normal_denials, role, permission);
+ addACI(this.normalDenials, role, permission);
}
}
private static void addACI(
- final HashMap<ResponsibleAgent, Long> map,
+ final Map<ResponsibleAgent, Long> map,
final ResponsibleAgent role,
final EntityPermission permission) {
long bitSet = permission.getBitSet();
@@ -149,7 +142,7 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
}
private static void addACI(
- final HashMap<ResponsibleAgent, Long> map,
+ final Map<ResponsibleAgent, Long> map,
final ResponsibleAgent role,
final EntityPermission[] permission) {
for (final EntityPermission p : permission) {
@@ -158,7 +151,7 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
}
private EntityACI[] toEntityACIArray(
- final HashMap<ResponsibleAgent, Long> map, final long modBitSet) {
+ final Map<ResponsibleAgent, Long> map, final long modBitSet) {
final EntityACI[] ret = new EntityACI[map.size()];
int i = 0;
for (final Entry<ResponsibleAgent, Long> e : map.entrySet()) {
@@ -169,54 +162,54 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
public T create() {
normalize();
- final ArrayList<EntityACI> acis = new ArrayList<EntityACI>();
- Collections.addAll(acis, toEntityACIArray(this.normal_grants, 0));
- Collections.addAll(acis, toEntityACIArray(this.normal_denials, Long.MIN_VALUE));
- Collections.addAll(acis, toEntityACIArray(this.priority_grants, EntityACL.MIN_PRIORITY_BITSET));
+ final ArrayList<EntityACI> acis = new ArrayList<>();
+ Collections.addAll(acis, toEntityACIArray(this.normalGrants, 0));
+ Collections.addAll(acis, toEntityACIArray(this.normalDenials, Long.MIN_VALUE));
+ Collections.addAll(acis, toEntityACIArray(this.priorityGrants, EntityACL.MIN_PRIORITY_BITSET));
Collections.addAll(
acis,
- toEntityACIArray(this.priority_denials, Long.MIN_VALUE | EntityACL.MIN_PRIORITY_BITSET));
+ toEntityACIArray(this.priorityDenials, Long.MIN_VALUE | EntityACL.MIN_PRIORITY_BITSET));
return create(acis);
}
private void normalize() {
- for (final Entry<ResponsibleAgent, Long> set : this.priority_denials.entrySet()) {
- if (this.priority_grants.containsKey(set.getKey())) {
- this.priority_grants.put(
- set.getKey(), this.priority_grants.get(set.getKey()) & ~set.getValue());
+ for (final Entry<ResponsibleAgent, Long> set : this.priorityDenials.entrySet()) {
+ if (this.priorityGrants.containsKey(set.getKey())) {
+ this.priorityGrants.put(
+ set.getKey(), this.priorityGrants.get(set.getKey()) & ~set.getValue());
}
- if (this.normal_denials.containsKey(set.getKey())) {
- this.normal_denials.put(
- set.getKey(), this.normal_denials.get(set.getKey()) & ~set.getValue());
+ if (this.normalDenials.containsKey(set.getKey())) {
+ this.normalDenials.put(
+ set.getKey(), this.normalDenials.get(set.getKey()) & ~set.getValue());
}
- if (this.normal_grants.containsKey(set.getKey())) {
- this.normal_grants.put(
- set.getKey(), this.normal_grants.get(set.getKey()) & ~set.getValue());
+ if (this.normalGrants.containsKey(set.getKey())) {
+ this.normalGrants.put(
+ set.getKey(), this.normalGrants.get(set.getKey()) & ~set.getValue());
}
}
- for (final Entry<ResponsibleAgent, Long> set : this.priority_grants.entrySet()) {
- if (this.normal_denials.containsKey(set.getKey())) {
- this.normal_denials.put(
- set.getKey(), this.normal_denials.get(set.getKey()) & ~set.getValue());
+ for (final Entry<ResponsibleAgent, Long> set : this.priorityGrants.entrySet()) {
+ if (this.normalDenials.containsKey(set.getKey())) {
+ this.normalDenials.put(
+ set.getKey(), this.normalDenials.get(set.getKey()) & ~set.getValue());
}
- if (this.normal_grants.containsKey(set.getKey())) {
- this.normal_grants.put(
- set.getKey(), this.normal_grants.get(set.getKey()) & ~set.getValue());
+ if (this.normalGrants.containsKey(set.getKey())) {
+ this.normalGrants.put(
+ set.getKey(), this.normalGrants.get(set.getKey()) & ~set.getValue());
}
}
- for (final Entry<ResponsibleAgent, Long> set : this.normal_denials.entrySet()) {
- if (this.normal_grants.containsKey(set.getKey())) {
- this.normal_grants.put(
- set.getKey(), this.normal_grants.get(set.getKey()) & ~set.getValue());
+ for (final Entry<ResponsibleAgent, Long> set : this.normalDenials.entrySet()) {
+ if (this.normalGrants.containsKey(set.getKey())) {
+ this.normalGrants.put(
+ set.getKey(), this.normalGrants.get(set.getKey()) & ~set.getValue());
}
}
}
public void clear() {
- this.normal_grants.clear();
- this.normal_denials.clear();
- this.priority_grants.clear();
- this.priority_denials.clear();
+ this.normalGrants.clear();
+ this.normalDenials.clear();
+ this.priorityGrants.clear();
+ this.priorityDenials.clear();
}
protected abstract T create(Collection<EntityACI> acis);
diff --git a/src/main/java/caosdb/server/permissions/EntityACL.java b/src/main/java/caosdb/server/permissions/EntityACL.java
index 79008947..154c2bf7 100644
--- a/src/main/java/caosdb/server/permissions/EntityACL.java
+++ b/src/main/java/caosdb/server/permissions/EntityACL.java
@@ -24,15 +24,10 @@ package caosdb.server.permissions;
import static caosdb.server.permissions.Role.OTHER_ROLE;
import static caosdb.server.permissions.Role.OWNER_ROLE;
-
-import caosdb.server.accessControl.AuthenticationUtils;
-import caosdb.server.accessControl.Principal;
-import caosdb.server.database.exceptions.TransactionException;
import java.util.ArrayList;
import java.util.BitSet;
import java.util.Collection;
import java.util.Collections;
-import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
@@ -41,6 +36,9 @@ import org.apache.shiro.subject.Subject;
import org.eclipse.jetty.util.ajax.JSON;
import org.jdom2.DataConversionException;
import org.jdom2.Element;
+import caosdb.server.accessControl.AuthenticationUtils;
+import caosdb.server.accessControl.Principal;
+import caosdb.server.database.exceptions.TransactionException;
public class EntityACL {
@@ -53,7 +51,7 @@ public class EntityACL {
if (acl != null) {
this.acl = acl;
} else {
- this.acl = new ArrayList<EntityACI>();
+ this.acl = new ArrayList<>();
}
}
@@ -68,7 +66,7 @@ public class EntityACL {
}
EntityACL(final EntityACI... aci) {
- this.acl = new ArrayList<EntityACI>();
+ this.acl = new ArrayList<>();
for (final EntityACI a : aci) {
this.acl.add(a);
}
@@ -88,7 +86,7 @@ public class EntityACL {
}
public static final Set<EntityPermission> getPermissionsFromBitSet(final long bitSet) {
- final HashSet<EntityPermission> ret = new HashSet<EntityPermission>();
+ final Set<EntityPermission> ret = new HashSet<>();
final boolean[] ba = convertToArray(bitSet);
for (int i = 0; i < 62; i++) {
if (ba[i]) {
@@ -104,9 +102,9 @@ public class EntityACL {
return true;
}
if (permission instanceof EntityPermission) {
- final ArrayList<EntityACI> acl = new ArrayList<EntityACI>(this.acl);
- acl.addAll(GLOBAL_PERMISSIONS.acl);
- final Set<EntityPermission> permissions = getPermissionsFor(subject, acl);
+ final List<EntityACI> localAcl = new ArrayList<>(this.acl);
+ localAcl.addAll(GLOBAL_PERMISSIONS.acl);
+ final Set<EntityPermission> permissions = getPermissionsFor(subject, localAcl);
return permissions.contains(permission);
}
return false;
@@ -114,15 +112,13 @@ public class EntityACL {
public static final Set<EntityPermission> getPermissionsFor(
final Subject subject, final Collection<EntityACI> entityACL) {
- final ArrayList<Long> acl = new ArrayList<Long>();
+ final List<Long> acl = new ArrayList<>();
final List<ResponsibleAgent> owners = getOwners(entityACL);
- final ArrayList<Long> forOthers = new ArrayList<Long>();
+ final List<Long> forOthers = new ArrayList<>();
for (final EntityACI aci : entityACL) {
- if (aci.getResponsibleAgent().equals(OWNER_ROLE)) {
- if (subjectIsOwner(subject, owners)) {
- acl.add(aci.getBitSet());
- break;
- }
+ if (aci.getResponsibleAgent().equals(OWNER_ROLE) && subjectIsOwner(subject, owners)) {
+ acl.add(aci.getBitSet());
+ break;
}
if (subjectHasRole(subject, aci.getResponsibleAgent())) {
acl.add(aci.getBitSet());
@@ -157,9 +153,7 @@ public class EntityACL {
private static boolean subjectIsOwner(
final Subject subject, final List<ResponsibleAgent> owners) {
for (final ResponsibleAgent owner : owners) {
- if (owner instanceof Role && subject.hasRole(owner.toString())) {
- return true;
- } else if (owner instanceof Principal && subject.getPrincipal().equals(owner)) {
+ if ((owner instanceof Role && subject.hasRole(owner.toString())) || (owner instanceof Principal && subject.getPrincipal().equals(owner))) {
return true;
}
}
@@ -171,7 +165,7 @@ public class EntityACL {
}
public static final List<ResponsibleAgent> getOwners(final Collection<EntityACI> acl) {
- final ArrayList<ResponsibleAgent> owners = new ArrayList<ResponsibleAgent>();
+ final List<ResponsibleAgent> owners = new ArrayList<>();
for (final EntityACI aci : acl) {
if (isOwnerBitSet(aci.getBitSet()) && !aci.getResponsibleAgent().equals(OWNER_ROLE)) {
owners.add(aci.getResponsibleAgent());
@@ -187,15 +181,15 @@ public class EntityACL {
public static final long getResultingACL(final Collection<Long> acl) {
long allowance = 0;
long denial = Long.MIN_VALUE;
- long priority_allowance = 0;
- long priority_denial = Long.MIN_VALUE;
+ long priorityAllowance = 0;
+ long priorityDenial = Long.MIN_VALUE;
for (final long aci : acl) {
if (isPriorityBitSet(aci)) {
if (isDenial(aci)) {
- priority_denial = priority_denial | aci;
+ priorityDenial = priorityDenial | aci;
} else {
- priority_allowance = priority_allowance | aci;
+ priorityAllowance = priorityAllowance | aci;
}
} else {
if (isDenial(aci)) {
@@ -205,7 +199,7 @@ public class EntityACL {
}
}
}
- return ((allowance & ~denial) | (priority_allowance & ~MIN_PRIORITY_BITSET)) & ~priority_denial;
+ return ((allowance & ~denial) | (priorityAllowance & ~MIN_PRIORITY_BITSET)) & ~priorityDenial;
}
public static final boolean isPriorityBitSet(final long bitSet) {
@@ -254,13 +248,13 @@ public class EntityACL {
}
public static final EntityACL getPriorityEntityACL(final EntityACL acl) {
- final ArrayList<EntityACI> priority_acl = new ArrayList<EntityACI>();
+ final List<EntityACI> priorityAcl = new ArrayList<>();
for (final EntityACI aci : acl.acl) {
if (isPriorityBitSet(aci.getBitSet())) {
- priority_acl.add(aci);
+ priorityAcl.add(aci);
}
}
- return new EntityACL(priority_acl);
+ return new EntityACL(priorityAcl);
}
public static final EntityACL parseFromElement(final Element e) {
@@ -322,7 +316,7 @@ public class EntityACL {
}
public static final EntityACL combine(final EntityACL... acls) {
- final ArrayList<EntityACI> newACL = new ArrayList<EntityACI>();
+ final List<EntityACI> newACL = new ArrayList<>();
for (final EntityACL acl : acls) {
newACL.addAll(acl.acl);
}
@@ -341,11 +335,11 @@ public class EntityACL {
public boolean equals(final Object obj) {
if (obj instanceof EntityACL) {
final EntityACL that = (EntityACL) obj;
- final HashSet<EntityACI> that_acis = new HashSet<EntityACI>();
- that_acis.addAll(that.acl);
- final HashSet<EntityACI> this_acis = new HashSet<EntityACI>();
- this_acis.addAll(this.acl);
- return that_acis.equals(this_acis);
+ final Set<EntityACI> thatAcis = new HashSet<>();
+ thatAcis.addAll(that.acl);
+ final Set<EntityACI> thisAcis = new HashSet<>();
+ thisAcis.addAll(this.acl);
+ return thatAcis.equals(thisAcis);
}
return false;
}
@@ -361,7 +355,7 @@ public class EntityACL {
public static EntityACL fromJSON(final String input) {
final Object parse = JSON.parse(input);
- final ArrayList<EntityACI> acl = new ArrayList<EntityACI>();
+ final List<EntityACI> acl = new ArrayList<>();
if (parse.getClass().isArray()) {
final Object[] array = (Object[]) parse;
for (final Object aci : array) {
@@ -386,7 +380,7 @@ public class EntityACL {
}
public static String toJSON(final EntityACL acl) {
- final ArrayList<HashMap<String, Object>> list = new ArrayList<HashMap<String, Object>>();
+ final List<Map<String, Object>> list = new ArrayList<>();
for (final EntityACI aci : acl.acl) {
list.add(aci.toMap());
diff --git a/src/main/java/caosdb/server/permissions/EntityPermission.java b/src/main/java/caosdb/server/permissions/EntityPermission.java
index c4fd8224..7fae8a76 100644
--- a/src/main/java/caosdb/server/permissions/EntityPermission.java
+++ b/src/main/java/caosdb/server/permissions/EntityPermission.java
@@ -22,9 +22,11 @@
*/
package caosdb.server.permissions;
+import caosdb.server.CaosDBException;
import caosdb.server.entity.xml.ToElementable;
import java.util.ArrayList;
import java.util.HashSet;
+import java.util.List;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -33,7 +35,7 @@ import org.jdom2.Element;
public class EntityPermission extends Permission {
private static final long serialVersionUID = 1L;
- private static ArrayList<EntityPermission> instances = new ArrayList<EntityPermission>();
+ private static List<EntityPermission> instances = new ArrayList<>();
private final int bitNumber;
public static ToElementable getAllEntityPermissions() {
@@ -59,11 +61,11 @@ public class EntityPermission extends Permission {
super(shortName, description);
this.bitNumber = bitNumber;
if (bitNumber > 61) {
- throw new RuntimeException(
+ throw new CaosDBException(
"This bitNumber is too big. This implementation only handles bitNumbers up to 61.");
}
if (instances.contains(this)) {
- throw new RuntimeException("This EntityPermission is defined yet.");
+ throw new CaosDBException("This EntityPermission is defined yet.");
} else {
instances.add(this);
}
@@ -72,7 +74,7 @@ public class EntityPermission extends Permission {
public static Set<EntityPermission> getPermissionsPerWildCard(final String s) {
final Pattern pattern = Pattern.compile(s.replaceAll("\\*", ".*"));
- final HashSet<EntityPermission> ret = new HashSet<EntityPermission>();
+ final Set<EntityPermission> ret = new HashSet<>();
for (final EntityPermission p : instances) {
final Matcher m = pattern.matcher(p.getShortName());
if (m.matches()) {
diff --git a/src/main/java/caosdb/server/permissions/Role.java b/src/main/java/caosdb/server/permissions/Role.java
index eed068fc..95ce7289 100644
--- a/src/main/java/caosdb/server/permissions/Role.java
+++ b/src/main/java/caosdb/server/permissions/Role.java
@@ -25,11 +25,13 @@ package caosdb.server.permissions;
import java.util.HashMap;
import org.jdom2.Attribute;
import org.jdom2.Element;
+import caosdb.server.accessControl.UserSources;
public class Role implements ResponsibleAgent {
public static final Role OWNER_ROLE = new Role("?OWNER?");
public static final Role OTHER_ROLE = new Role("?OTHER?");
+ public static final Role ANONYMOUS_ROLE = new Role(UserSources.ANONYMOUS_ROLE);
private final String role;
--
GitLab