Draft: F acm permissions2

Summary

Insert a meaningful description for this merge request here.  What is the
new/changed behavior? Which bug has been fixed? Are there related Issues?

Focus

Point the reviewer to the core of the code change. Where should they start
reading? What should they focus on (e.g. security, performance,
maintainability, user-friendliness, compliance with the specs, finding more
corner cases, concrete questions)?

Test Environment

How to set up a test environment for manual testing?

Check List for the Author

Please, prepare your MR for a review. Be sure to write a summary and a focus and create gitlab comments for the reviewer. They should guide the reviewer through the changes, explain your changes and also point out open questions. For further good practices have a look at our review guidelines

• All automated tests pass
• Reference related Issues
• Up-to-date CHANGELOG.md
• Annotations in code (Gitlab comments)
  • Intent of new code
  • Problems with old code
  • Why this implementation?

Check List for the Reviewer

• I understand the intent of this MR
• All automated tests pass
• Up-to-date CHANGELOG.md
• The test environment setup works and the intended behavior is reproducible in the test environment
• In-code documentation and comments are up-to-date.
• Check: Are there spezifications? Are they satisfied?

For further good practices have a look at our review guidelines.

src/main/java/org/caosdb/server/jobs/core/CheckStateTransition.java

 package org.caosdb.server.jobs.core;
 
+import java.util.Map;
 import org.apache.shiro.authz.AuthorizationException;
 import org.caosdb.server.entity.DeleteEntity;
 import org.caosdb.server.entity.Message;
@@ -18,6 +19,9 @@ import org.caosdb.server.utils.ServerMessages;
 @JobAnnotation(time = JobExecutionTime.POST_CHECK, transaction = WriteTransaction.class)
 public class CheckStateTransition extends EntityStateJob {
 
+  private static final String PERMISSION_STATE_FORCE_FINAL = "STATE:FORCE:FINAL";
+  private static final String PERMISSION_STATE_UNASSIGN = "STATE:UNASSIGN:";
+  private static final String PERMISSION_STATE_ASSIGN = "STATE:ASSIGN:";
   private static final Message TRANSITION_NOT_ALLOWED =
       new Message(MessageType.Error, "Transition not allowed.");
   private static final Message INITIAL_STATE_NOT_ALLOWED =
@@ -29,7 +33,7 @@ public class CheckStateTransition extends EntityStateJob {
    * The forceFinalState flag is especially useful if you want to delete entities in the middle of
    * the state machine's usual state cycle.
    */
-  private static final String FORCE_FINAL_STATE = "forceFinalState";
+  private static final String FLAG_FORCE_FINAL_STATE = "forceFinalState";
 
   @Override
   protected void run() {
@@ -131,14 +135,13 @@ public class CheckStateTransition extends EntityStateJob {
    */
   private void checkFinalState(State oldState) throws Message {
     if (!oldState.isFinal()) {
-      if ("true".equalsIgnoreCase(getTransaction().getContainer().getFlags().get(FORCE_FINAL_STATE))
-          || "true".equalsIgnoreCase(getEntity().getFlag(FORCE_FINAL_STATE))) {
-        // TODO permissions
-        return;
+      if (isForceFinal()) {
+        getUser().checkPermission(PERMISSION_STATE_FORCE_FINAL);
+      } else {
+        throw FINAL_STATE_NOT_ALLOWED;
       }
-      throw FINAL_STATE_NOT_ALLOWED;
     }
-    // TODO permissions
+    getUser().checkPermission(PERMISSION_STATE_UNASSIGN + oldState.getStateModelName());
   }
 
   /**
@@ -151,6 +154,13 @@ public class CheckStateTransition extends EntityStateJob {
     if (!newState.isInitial()) {
       throw INITIAL_STATE_NOT_ALLOWED;
     }
-    // TODO permissions
+    getUser().checkPermission(PERMISSION_STATE_ASSIGN + newState.getStateModelName());
+  }
+
+  private boolean isForceFinal() {
+    Map<String, String> containerFlags = getTransaction().getContainer().getFlags();
+    return (containerFlags != null
+            && "true".equalsIgnoreCase(containerFlags.get(FLAG_FORCE_FINAL_STATE)))
+        || "true".equalsIgnoreCase(getEntity().getFlag(FLAG_FORCE_FINAL_STATE));
   }
 }