Skip to content
This repository has been archived by the owner on Jul 25, 2018. It is now read-only.

Commit

Permalink
Merge pull request #345 from sw360/fix/checksForLicensePermissions#106
Browse files Browse the repository at this point in the history 
Permission Checks In License Service
review-by:[email protected]
tested-by:[email protected]
  • Loading branch information
@mcjaeger
mcjaeger authored Mar 15, 2017
2 parents 25a45b5 + 1d92bce commit 4bc4313
Show file tree
Hide file tree
Showing 7 changed files with 105 additions and 274 deletions.
30 changes: 15 additions & 15 deletions backend/src/src-licenses/src/main/java/org/eclipse/sw360/licenses/LicenseHandler.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright Siemens AG, 2013-2015. Part of the SW360 Portal Project.
* Copyright Siemens AG, 2013-2017. Part of the SW360 Portal Project.
* With modifications by Bosch Software Innovations GmbH, 2016.
*
* All rights reserved. This program and the accompanying materials
Expand Down Expand Up @@ -79,34 +79,34 @@ public List<License> getDetailedLicenseSummary(String organisation, List<String>
}

@Override
public List<RiskCategory> addRiskCategories(List<RiskCategory> riskCategories) throws TException {
return handler.addRiskCategories(riskCategories);
public List<RiskCategory> addRiskCategories(List<RiskCategory> riskCategories, User user) throws TException {
return handler.addRiskCategories(riskCategories, user);
}

@Override
public List<Risk> addRisks(List<Risk> risks) throws TException {
return handler.addRisks(risks);
public List<Risk> addRisks(List<Risk> risks, User user) throws TException {
return handler.addRisks(risks, user);
}

@Override
public List<Obligation> addObligations(List<Obligation> obligations) throws TException {
return handler.addObligations(obligations);
public List<Obligation> addObligations(List<Obligation> obligations, User user) throws TException {
return handler.addObligations(obligations, user);

}

@Override
public List<LicenseType> addLicenseTypes(List<LicenseType> licenseTypes) throws TException {
return handler.addLicenseTypes(licenseTypes);
public List<LicenseType> addLicenseTypes(List<LicenseType> licenseTypes, User user) throws TException {
return handler.addLicenseTypes(licenseTypes, user);
}

@Override
public List<License> addLicenses(List<License> licenses) throws TException {
return handler.addLicenses(licenses);
public List<License> addLicenses(List<License> licenses, User user) throws TException {
return handler.addLicenses(licenses, user);
}

@Override
public List<Todo> addTodos(List<Todo> todos) throws TException {
return handler.addTodos(todos);
public List<Todo> addTodos(List<Todo> todos, User user) throws TException {
return handler.addTodos(todos, user);

}

Expand Down Expand Up @@ -237,11 +237,11 @@ public Todo getTodoById(String id) throws TException {
* Add a new todo object
*/
@Override
public String addTodo(Todo todo) throws TException {
public String addTodo(Todo todo, User user) throws TException {
assertNotNull(todo);
assertIdUnset(todo.getId());

return handler.addTodo(todo);
return handler.addTodo(todo, user);
}

/**
Expand Down
70 changes: 41 additions & 29 deletions .../src/src-licenses/src/main/java/org/eclipse/sw360/licenses/db/LicenseDatabaseHandler.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright Siemens AG, 2013-2016. Part of the SW360 Portal Project.
* Copyright Siemens AG, 2013-2017. Part of the SW360 Portal Project.
* With modifications by Bosch Software Innovations GmbH, 2016.
*
* All rights reserved. This program and the accompanying materials
Expand Down Expand Up @@ -42,7 +42,6 @@
import static org.eclipse.sw360.datahandler.common.CommonUtils.isTemporaryTodo;
import static org.eclipse.sw360.datahandler.common.CommonUtils.*;
import static org.eclipse.sw360.datahandler.common.SW360Assert.assertNotNull;
import static org.eclipse.sw360.datahandler.common.SW360Assert.fail;
import static org.eclipse.sw360.datahandler.permissions.PermissionUtils.makePermission;
import static org.eclipse.sw360.datahandler.thrift.ThriftValidate.*;

Expand Down Expand Up @@ -220,7 +219,10 @@ private void fillLicenseForOrganisation(String organisation, License license) {
*
* @return ID of the added todo.
*/
public String addTodo(@NotNull Todo todo) throws SW360Exception {
public String addTodo(@NotNull Todo todo, User user) throws SW360Exception {
if (!PermissionUtils.isUserAtLeast(UserGroup.CLEARING_ADMIN, user)){
return null;
}
prepareTodo(todo);
todoRepository.add(todo);

Expand All @@ -239,7 +241,7 @@ public RequestStatus addTodoToLicense(Todo todo, String licenseId, User user) th
todo.unsetId();
}
todo.unsetObligations();
String todoId = addTodo(todo);
String todoId = addTodo(todo, user);
license.addToTodoDatabaseIds(todoId);
licenseRepository.update(license);
return RequestStatus.SUCCESS;
Expand Down Expand Up @@ -271,7 +273,7 @@ public RequestStatus updateWhitelist(String licenseId, Set<String> whitelistTodo
List<Todo> todos = todoRepository.get(license.todoDatabaseIds);
for (Todo todo : todos) {
String todoId = todo.getId();
Set<String> currentWhitelist = todo.whitelist != null ? todo.whitelist : new HashSet<String>();
Set<String> currentWhitelist = todo.whitelist != null ? todo.whitelist : new HashSet<>();

// Add to whitelist if necessary
if (whitelistTodos.contains(todoId) && !currentWhitelist.contains(businessUnit)) {
Expand All @@ -293,7 +295,7 @@ public RequestStatus updateWhitelist(String licenseId, Set<String> whitelistTodo
List<Todo> todos = licenseForModerationRequest.getTodos();
for (Todo todo : todos) {
String todoId = todo.getId();
Set<String> currentWhitelist = todo.whitelist != null ? todo.whitelist : new HashSet<String>();
Set<String> currentWhitelist = todo.whitelist != null ? todo.whitelist : new HashSet<>();

// Add to whitelist if necessary
if (whitelistTodos.contains(todoId) && !currentWhitelist.contains(businessUnit)) {
Expand Down Expand Up @@ -369,16 +371,16 @@ private void filterTodoWhiteList(String organisation, List<Todo> todos) {
}


public static <T> List<T> getEntriesFromIds(final Map<String, T> map, Set<String> ids) {
private static <T> List<T> getEntriesFromIds(final Map<String, T> map, Set<String> ids) {
return ids
.stream()
.map(input -> map.get(input))
.filter(input -> input !=null)
.map(map::get)
.filter(Objects::nonNull)
.collect(Collectors.toList());
}

public RequestStatus updateLicense(License inputLicense, User user, User requestingUser) {
if (PermissionUtils.isUserAtLeast(UserGroup.CLEARING_ADMIN, user)) {
if (makePermission(inputLicense, user).isActionAllowed(RequestedAction.WRITE)) {
String businessUnit = SW360Utils.getBUFromOrganisation(requestingUser.getDepartment());

License dbLicense = null;
Expand All @@ -394,7 +396,7 @@ public RequestStatus updateLicense(License inputLicense, User user, User request
isNewLicense = false;
}

dbLicense = updateLicenseFromInputLicense(dbLicense, inputLicense, businessUnit);
dbLicense = updateLicenseFromInputLicense(dbLicense, inputLicense, businessUnit, user);

if(isNewLicense) {
licenseRepository.add(dbLicense);
Expand All @@ -406,13 +408,13 @@ public RequestStatus updateLicense(License inputLicense, User user, User request
return RequestStatus.FAILURE;
}

private License updateLicenseFromInputLicense(License license, License inputLicense, String businessUnit){
private License updateLicenseFromInputLicense(License license, License inputLicense, String businessUnit, User user){
if(inputLicense.isSetTodos()) {
for (Todo todo : inputLicense.getTodos()) {
if (isTemporaryTodo(todo)) {
todo.unsetId();
try {
String todoDatabaseId = addTodo(todo);
String todoDatabaseId = addTodo(todo, user);
license.addToTodoDatabaseIds(todoDatabaseId);
} catch (SW360Exception e) {
log.error("Error adding todo to database.");
Expand Down Expand Up @@ -461,14 +463,6 @@ public RequestStatus updateLicenseFromAdditionsAndDeletions(License licenseAddit
}
}

public License getLicenseFromRepository(String id) throws SW360Exception {
License license = licenseRepository.get(id);
if (license == null) {
throw fail("Could not fetch license from database! id=" + id);
}
return license;
}

public List<License> getDetailedLicenseSummaryForExport(String organisation, List<String> identifiers) {
final List<License> licenses = CommonUtils.nullToEmptyList(licenseRepository.searchByShortName(identifiers));
List<Todo> todos = getTodosFromLicenses(licenses);
Expand Down Expand Up @@ -524,7 +518,10 @@ private List<LicenseType> getLicenseTypesFromLicenses(List<License> licenses) {
return licenseTypes;
}

public List<RiskCategory> addRiskCategories(List<RiskCategory> riskCategories) throws SW360Exception {
public List<RiskCategory> addRiskCategories(List<RiskCategory> riskCategories, User user) throws SW360Exception {
if (!PermissionUtils.isUserAtLeast(UserGroup.CLEARING_ADMIN, user)){
return null;
}
for (RiskCategory riskCategory : riskCategories) {
prepareRiskCategory(riskCategory);
}
Expand All @@ -535,7 +532,10 @@ public List<RiskCategory> addRiskCategories(List<RiskCategory> riskCategories) t
} else return null;
}

public List<Risk> addRisks(List<Risk> risks) throws SW360Exception {
public List<Risk> addRisks(List<Risk> risks, User user) throws SW360Exception {
if (!PermissionUtils.isUserAtLeast(UserGroup.CLEARING_ADMIN, user)){
return null;
}
for (Risk risk : risks) {
prepareRisk(risk);
}
Expand All @@ -546,14 +546,20 @@ public List<Risk> addRisks(List<Risk> risks) throws SW360Exception {
} else return null;
}

public List<LicenseType> addLicenseTypes(List<LicenseType> licenseTypes) {
public List<LicenseType> addLicenseTypes(List<LicenseType> licenseTypes, User user) {
if (!PermissionUtils.isUserAtLeast(UserGroup.CLEARING_ADMIN, user)){
return null;
}
final List<DocumentOperationResult> documentOperationResults = licenseTypeRepository.executeBulk(licenseTypes);
if (documentOperationResults.isEmpty()) {
return licenseTypes;
} else return null;
}

public List<License> addLicenses(List<License> licenses) throws SW360Exception {
public List<License> addLicenses(List<License> licenses, User user) throws SW360Exception {
if (!PermissionUtils.isUserAtLeast(UserGroup.CLEARING_ADMIN, user)){
return null;
}
for (License license : licenses) {
prepareLicense(license);
}
Expand All @@ -564,7 +570,10 @@ public List<License> addLicenses(List<License> licenses) throws SW360Exception {
} else return null;
}

public List<Obligation> addObligations(List<Obligation> obligations) throws SW360Exception {
public List<Obligation> addObligations(List<Obligation> obligations, User user) throws SW360Exception {
if (!PermissionUtils.isUserAtLeast(UserGroup.CLEARING_ADMIN, user)){
return null;
}
for (Obligation obligation : obligations) {
prepareObligation(obligation);
}
Expand All @@ -575,7 +584,10 @@ public List<Obligation> addObligations(List<Obligation> obligations) throws SW36
} else return null;
}

public List<Todo> addTodos(List<Todo> todos) throws SW360Exception {
public List<Todo> addTodos(List<Todo> todos, User user) throws SW360Exception {
if (!PermissionUtils.isUserAtLeast(UserGroup.CLEARING_ADMIN, user)){
return null;
}
for (Todo todo : todos) {
prepareTodo(todo);
}
Expand Down Expand Up @@ -630,8 +642,8 @@ public List<Risk> getRisksByIds(Collection<String> ids) {

private void fillRisks(List<Risk> risks) {
final List<RiskCategory> riskCategories = riskCategoryRepository.get(risks.stream()
.map(input -> input.getRiskCategoryDatabaseId())
.filter(input -> input != null)
.map(Risk::getRiskCategoryDatabaseId)
.filter(Objects::nonNull)
.collect(Collectors.toList()));

final Map<String, RiskCategory> idMap = ThriftUtils.getIdMap(riskCategories);
Expand Down
35 changes: 17 additions & 18 deletions ...portlet/src/main/java/org/eclipse/sw360/portal/portlets/admin/ComponentUploadPortlet.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright Siemens AG, 2013-2015. Part of the SW360 Portal Project.
* Copyright Siemens AG, 2013-2017. Part of the SW360 Portal Project.
* With modifications by Bosch Software Innovations GmbH, 2016.
*
* All rights reserved. This program and the accompanying materials
Expand Down Expand Up @@ -47,6 +47,7 @@
import javax.portlet.*;
import java.io.*;
import java.util.*;
import java.util.function.Consumer;
import java.util.zip.ZipOutputStream;

import static org.eclipse.sw360.commonIO.ConvertRecord.*;
Expand Down Expand Up @@ -212,23 +213,21 @@ private void printReleasesAttachments(Component component, List<Iterable<String>
private void printComponentAttachments(Component component, List<Iterable<String>> csvRows) throws IOException {
final Set<Attachment> attachments = component.getAttachments();

if (attachments != null && !attachments.isEmpty()) {
for (Attachment attachment : attachments) {
final ComponentAttachmentCSVRecordBuilder componentAttachmentCSVRecordBuilder = ComponentAttachmentCSVRecord.builder();
componentAttachmentCSVRecordBuilder.fill(component);
componentAttachmentCSVRecordBuilder.fill(attachment);
csvRows.add(componentAttachmentCSVRecordBuilder.build().getCSVIterable());
}
}
printAttachments(attachments, csvRows, builder -> builder.fill(component));
}

private void printReleaseAttachments(Release release, List<Iterable<String>> csvRows) throws IOException {
final Set<Attachment> attachments = release.getAttachments();

printAttachments(attachments, csvRows, builder -> builder.fill(release));
}

private void printAttachments(Set<Attachment> attachments, List<Iterable<String>> csvRows, Consumer<ComponentAttachmentCSVRecordBuilder> containingObjectPrinter) {
if (attachments != null && !attachments.isEmpty()) {
for (Attachment attachment : attachments) {
final ComponentAttachmentCSVRecordBuilder componentAttachmentCSVRecordBuilder = ComponentAttachmentCSVRecord.builder();
componentAttachmentCSVRecordBuilder.fill(release);
final ComponentAttachmentCSVRecordBuilder componentAttachmentCSVRecordBuilder = ComponentAttachmentCSVRecord
.builder();
containingObjectPrinter.accept(componentAttachmentCSVRecordBuilder);
componentAttachmentCSVRecordBuilder.fill(attachment);
csvRows.add(componentAttachmentCSVRecordBuilder.build().getCSVIterable());
}
Expand Down Expand Up @@ -400,25 +399,25 @@ public void updateLicenses(ActionRequest request, ActionResponse response) throw

log.debug("Parsing risk categories ...");
Map<Integer, RiskCategory> riskCategoryMap = getIdentifierToTypeMapAndWriteMissingToDatabase(licenseClient,
inputMap.get(RISK_CATEGORY_FILE), RiskCategory.class, Integer.class);
inputMap.get(RISK_CATEGORY_FILE), RiskCategory.class, Integer.class, user);

log.debug("Parsing risks ...");
Map<Integer, Risk> riskMap = getIntegerRiskMap(licenseClient, riskCategoryMap, inputMap.get(RISK_FILE));
Map<Integer, Risk> riskMap = getIntegerRiskMap(licenseClient, riskCategoryMap, inputMap.get(RISK_FILE), user);

log.debug("Parsing obligations ...");
Map<Integer, Obligation> obligationMap = getIdentifierToTypeMapAndWriteMissingToDatabase(licenseClient,
inputMap.get(OBLIGATION_FILE), Obligation.class, Integer.class);
inputMap.get(OBLIGATION_FILE), Obligation.class, Integer.class, user);

log.debug("Parsing obligation todos ...");
List<CSVRecord> obligationTodoRecords = readAsCSVRecords(inputMap.get(OBLIGATION_TODO_FILE));
Map<Integer, Set<Integer>> obligationTodoMapping = convertRelationalTableWithIntegerKeys(obligationTodoRecords);

log.debug("Parsing license types ...");
Map<Integer, LicenseType> licenseTypeMap = getIdentifierToTypeMapAndWriteMissingToDatabase(licenseClient,
inputMap.get(LICENSETYPE_FILE), LicenseType.class, Integer.class);
inputMap.get(LICENSETYPE_FILE), LicenseType.class, Integer.class, user);

log.debug("Parsing todos ...");
Map<Integer, Todo> todoMap = getTodoMapAndWriteMissingToDatabase(licenseClient, obligationMap, obligationTodoMapping, inputMap.get(TODO_FILE));
Map<Integer, Todo> todoMap = getTodoMapAndWriteMissingToDatabase(licenseClient, obligationMap, obligationTodoMapping, inputMap.get(TODO_FILE), user);

if(inputMap.containsKey(CUSTOM_PROPERTIES_FILE)) {
log.debug("Parsing custom properties ...");
Expand All @@ -429,7 +428,7 @@ public void updateLicenses(ActionRequest request, ActionResponse response) throw
List<CSVRecord> todoPropertiesRecord = readAsCSVRecords(inputMap.get(TODO_CUSTOM_PROPERTIES_FILE));
Map<Integer, Set<Integer>> todoPropertiesMap = convertRelationalTableWithIntegerKeys(todoPropertiesRecord);

todoMap = updateTodoMapWithCustomPropertiesAndWriteToDatabase(licenseClient, todoMap, customPropertiesMap, todoPropertiesMap);
todoMap = updateTodoMapWithCustomPropertiesAndWriteToDatabase(licenseClient, todoMap, customPropertiesMap, todoPropertiesMap, user);
}

log.debug("Parsing license todos ...");
Expand All @@ -445,7 +444,7 @@ public void updateLicenses(ActionRequest request, ActionResponse response) throw
List<CSVRecord> licenseRecord = readAsCSVRecords(inputMap.get(LICENSE_FILE));

final List<License> licensesToAdd = ConvertRecord.fillLicenses(licenseRecord, licenseTypeMap, todoMap, riskMap, licenseTodoMap, licenseRiskMap);
addLicenses(licenseClient, licensesToAdd, log);
addLicenses(licenseClient, licensesToAdd, log, user);

} else {
throw new SW360Exception("Invalid file format");
Expand Down
Loading

0 comments on commit 4bc4313

Please sign in to comment.