AbstractContainerService xref

View Javadoc
1   package de.dlr.shepard.data;
2   
3   import de.dlr.shepard.auth.permission.io.PermissionsIO;
4   import de.dlr.shepard.auth.permission.model.Permissions;
5   import de.dlr.shepard.auth.permission.model.Roles;
6   import de.dlr.shepard.auth.permission.services.PermissionsService;
7   import de.dlr.shepard.auth.security.AuthenticationContext;
8   import de.dlr.shepard.common.exceptions.InvalidAuthException;
9   import de.dlr.shepard.common.exceptions.InvalidPathException;
10  import de.dlr.shepard.common.neo4j.entities.BasicContainer;
11  import de.dlr.shepard.common.neo4j.io.BasicContainerIO;
12  import de.dlr.shepard.common.util.AccessType;
13  import de.dlr.shepard.common.util.QueryParamHelper;
14  import jakarta.enterprise.context.RequestScoped;
15  import jakarta.inject.Inject;
16  import java.util.List;
17  
18  @RequestScoped
19  public abstract class AbstractContainerService<T extends BasicContainer, S extends BasicContainerIO> {
20  
21    @Inject
22    PermissionsService permissionsService;
23  
24    @Inject
25    AuthenticationContext authenticationContext;
26  
27    public abstract List<T> getAllContainers(QueryParamHelper params);
28  
29    public abstract T getContainer(long id);
30  
31    public abstract T createContainer(S containerIO);
32  
33    public abstract void deleteContainer(long containerId);
34  
35    /**
36     * Gets roles for container specified by id
37     *
38     * @param containerId
39     * @return Roles
40     * @throws InvalidPathException if container with containerId does not exist
41     * @throws InvalidAuthException if user has no read permissions on specified container
42     */
43    public Roles getContainerRoles(long containerId) {
44      getContainer(containerId);
45  
46      // We can use the container as neo4jId here since permissions are global for all versions and shepardId and neo4jId are equal for the head version.
47      return permissionsService.getUserRolesOnEntity(containerId, authenticationContext.getCurrentUserName());
48    }
49  
50    /**
51     * Gets Permissions for container specified by id
52     *
53     * @param containerId
54     * @return Permissions
55     * @throws InvalidPathException if container with containerId does not exist
56     * @throws InvalidAuthException if user has no read permissions on specified container, or is not allowed to manage permissions on container
57     */
58    public Permissions getContainerPermissions(long containerId) {
59      getContainer(containerId);
60      assertIsAllowedToManageContainer(containerId);
61  
62      // We can use the containerId as neo4jId here since permissions are global for all versions and shepardId and neo4jId are equal for the head version.
63      return permissionsService.getPermissionsOfEntity(containerId);
64    }
65  
66    /**
67     * Updates Permissions for container specified by id
68     *
69     * @param containerId
70     * @return Permissions
71     * @throws InvalidPathException if container with containerId does not exist
72     * @throws InvalidAuthException if user has no read permissions on specified container, or is not allowed to manage permissions on container
73     */
74    public Permissions updateContainerPermissions(PermissionsIO newPermissions, long containerId) {
75      getContainer(containerId);
76      assertIsAllowedToManageContainer(containerId);
77  
78      // We can use the containerId as neo4jId here since permissions are global for all versions and shepardId and neo4jId are equal for the head version.
79      return permissionsService.updatePermissionsByNeo4jId(newPermissions, containerId);
80    }
81  
82    public void assertIsAllowedToReadContainer(long containerId) {
83      if (
84        !permissionsService.isAccessTypeAllowedForUser(
85          containerId,
86          AccessType.Read,
87          authenticationContext.getCurrentUserName()
88        )
89      ) {
90        throw new InvalidAuthException(
91          "The requested action is forbidden by the permission policies. User has no READ permissions."
92        );
93      }
94    }
95  
96    public void assertIsAllowedToEditContainer(long containerId) {
97      if (
98        !permissionsService.isAccessTypeAllowedForUser(
99          containerId,
100         AccessType.Write,
101         authenticationContext.getCurrentUserName()
102       )
103     ) {
104       throw new InvalidAuthException(
105         "The requested action is forbidden by the permission policies. User has no WRITE permissions."
106       );
107     }
108   }
109 
110   public void assertIsAllowedToManageContainer(long containerId) {
111     if (
112       !permissionsService.isAccessTypeAllowedForUser(
113         containerId,
114         AccessType.Manage,
115         authenticationContext.getCurrentUserName()
116       )
117     ) {
118       throw new InvalidAuthException(
119         "The requested action is forbidden by the permission policies. User has no MANAGE permissions."
120       );
121     }
122   }
123 
124   public void assertIsAllowedToDeleteContainer(long containerId) {
125     if (!permissionsService.isCurrentUserOwner(containerId)) {
126       throw new InvalidAuthException(
127         "The requested action is forbidden by the permission policies. User is not owner."
128       );
129     }
130   }
131 }