Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
/*
* This file is part of vospace-rest
* Copyright (C) 2021 Istituto Nazionale di Astrofisica
* SPDX-License-Identifier: GPL-3.0-or-later
*/
package it.inaf.oats.vospace;
import it.inaf.ia2.aa.data.User;
import it.inaf.oats.vospace.datamodel.NodeProperties;
import it.inaf.oats.vospace.datamodel.NodeUtils;
import it.inaf.oats.vospace.exception.ContainerNotFoundException;
import it.inaf.oats.vospace.exception.DuplicateNodeException;
import it.inaf.oats.vospace.exception.InvalidURIException;
import it.inaf.oats.vospace.exception.LinkFoundException;
import it.inaf.oats.vospace.exception.PermissionDeniedException;
import it.inaf.oats.vospace.persistence.NodeDAO;
import net.ivoa.xml.vospace.v2.Node;
import net.ivoa.xml.vospace.v2.Property;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.EnableTransactionManagement;
@Service
@EnableTransactionManagement
public class CreateNodeService {
@Autowired
private NodeDAO nodeDao;
@Value("${vospace-authority}")
private String authority;
private static final Logger LOG = LoggerFactory.getLogger(CreateNodeService.class);
public Node createNode(Node node, String path, User principal) {
LOG.debug("createNodeService called for node with URI {} and PATH {}", node.getUri(), path);
// Validate payload node URI
if (!isValidURI(node.getUri())) {
throw new InvalidURIException(node.getUri());
}
// Check if payload URI is consistent with http request
if (!isUrlConsistentWithPayloadURI(node.getUri(), path)) {
throw new InvalidURIException(node.getUri(), path);
}
// Check if another node is already present at specified path
// This checks if the user is trying to insert the root node at "/" too
if (nodeDao.listNode(path).isPresent()) {
throw new DuplicateNodeException(path);
}
// Retrieve parent node
Node parentNode = nodeDao.listNode(getParentPath(path))
.orElseThrow(() -> new ContainerNotFoundException(getParentPath(path)));
// Check if parent node is not a Container node and in case throw
// appropriate exception
if (!parentNode.getType().equals("vos:ContainerNode")) {
if (parentNode.getType().equals("vos:LinkNode")) {
throw new LinkFoundException(getParentPath(path));
} else {
throw new ContainerNotFoundException(getParentPath(path));
}
}
if (!NodeUtils.checkIfWritable(parentNode, principal.getName(), principal.getGroups())) {
throw new PermissionDeniedException(path);
}
// Check if node creator property is set. If not set it according to
// token. In case of creator mistmatch between node and token throw
// exception
String creator = NodeProperties.getNodePropertyByURI(
node, NodeProperties.CREATOR_URI);
if (creator == null) {
Property creatorProperty = new Property();
creatorProperty.setUri(NodeProperties.CREATOR_URI);
creatorProperty.setValue(principal.getName());
node.getProperties().add(creatorProperty);
} else {
if (!creator.equals(principal.getName())) // maybe a more specific exception would be more appropriate?
{
throw new PermissionDeniedException(path);
}
}
// If payload has no read groups specified, inherit from parent node
String payloadReadGroups = NodeProperties.getNodePropertyByURI(
node, NodeProperties.GROUP_READ_URI);
if (payloadReadGroups == null) {
String parentNodeReadGroups = NodeProperties.getNodePropertyByURI(
parentNode, NodeProperties.GROUP_READ_URI);
if (parentNodeReadGroups != null) {
Property readGroups = new Property();
readGroups.setUri(NodeProperties.GROUP_READ_URI);
readGroups.setValue(parentNodeReadGroups);
node.getProperties().add(readGroups);
}
}
// If payload has no write groups specified, inherit from parent node
String payloadWriteGroups = NodeProperties.getNodePropertyByURI(
node, NodeProperties.GROUP_WRITE_URI);
if (payloadWriteGroups == null) {
String parentNodeWriteGroups = NodeProperties.getNodePropertyByURI(
parentNode, NodeProperties.GROUP_WRITE_URI);
if (parentNodeWriteGroups != null) {
Property writeGroups = new Property();
writeGroups.setUri(NodeProperties.GROUP_WRITE_URI);
writeGroups.setValue(parentNodeWriteGroups);
node.getProperties().add(writeGroups);
}
}
nodeDao.createNode(node);
return node;
}
// Assuming that this service implementation uses only ! as a separator
// in the authority part of the URI
private boolean isValidURI(String nodeURI) {
String parsedAuthority;
if (!nodeURI.startsWith("vos://")) {
return false;
} else {
parsedAuthority = nodeURI.replaceAll("vos://", "").split("/", -1)[0];
}
if (parsedAuthority.isEmpty()
|| !parsedAuthority.replace("~", "!").equals(authority)) {
return false;
}
return true;
}
private boolean isUrlConsistentWithPayloadURI(String nodeURI, String path) {
// It's assumed that nodeURI has been validated to be in the expected
// form vos://authority[!~]somepath/mynode..."
return nodeURI.replaceAll("vos://[^/]+", "").equals(path);
}
private String getParentPath(String path) {
return NodeUtils.getParentPath(path);
}
}