#3636 - Handle permissions in ListNodeController: Return readable child (9eef9cbe) · Commits · VOSpace INAF / vospace-rest

src/main/java/it/inaf/oats/vospace/ListNodeController.java

+18 −0

Original line number	Diff line number	Diff line
		@@ -7,6 +7,7 @@ import org.springframework.web.bind.annotation.GetMapping;
		import org.springframework.http.ResponseEntity;

		import net.ivoa.xml.vospace.v2.Node;
		import net.ivoa.xml.vospace.v2.ContainerNode;

		import it.inaf.oats.vospace.persistence.NodeDAO;
		import javax.servlet.http.HttpServletRequest;
		@@ -17,6 +18,8 @@ import it.inaf.ia2.aa.data.User;
		import it.inaf.oats.vospace.datamodel.NodeUtils;
		import java.util.Optional;
		import it.inaf.oats.vospace.exception.PermissionDeniedException;
		import java.util.stream.Collectors;
		import java.util.List;

		@RestController
		public class ListNodeController extends BaseNodeController {
		@@ -43,6 +46,21 @@ public class ListNodeController extends BaseNodeController {
		}
		}

		Node node = optNode.get();

		if(node instanceof ContainerNode)
		{
		ContainerNode cnd = (ContainerNode) node;
		List<Node> children =
		cnd.getNodes().stream().filter(
		(n)->NodeUtils.checkIfReadable(
		n, principal.getName(),
		principal.getGroups()))
		.collect(Collectors.toList());
		cnd.setNodes(children);
		optNode = Optional.of(cnd);
		}

		return ResponseEntity.ok(optNode.get());
		}
		}

src/test/java/it/inaf/oats/vospace/ListNodeControllerTest.java

+60 −18

Original line number	Diff line number	Diff line
		@@ -26,6 +26,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
		import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
		import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
		import org.w3c.dom.Document;
		import org.w3c.dom.NodeList;

		@SpringBootTest
		@AutoConfigureMockMvc
		@@ -108,6 +109,48 @@ public class ListNodeControllerTest {
		.andExpect(status().is2xxSuccessful());
		}

		@Test
		public void testRemoveUnreadable() throws Exception {
		// Create container node
		ContainerNode root = (ContainerNode) getRootNode().get();

		Node node1 = getDataNodeByOwnership("user1", "group10");
		node1.setUri(URI_PREFIX + "/mynode1");
		root.getNodes().add(node1);

		Node node2 = getDataNodeByOwnership("user1", "group10");
		node2.setUri(URI_PREFIX + "/mynode2");
		root.getNodes().add(node2);

		Node node3 = getDataNodeByOwnership("user2", "group10");
		node3.setUri(URI_PREFIX + "/mynode3");
		root.getNodes().add(node3);

		Node node4 = getDataNodeByOwnership("user3", "group10");
		node4.setUri(URI_PREFIX + "/mynode4");
		root.getNodes().add(node4);

		when(dao.listNode(eq("/"))).thenReturn(Optional.of(root));

		String xml = mockMvc.perform(get("/nodes/")
		.header("Authorization", "Bearer user2_token")
		.accept(MediaType.APPLICATION_XML))
		.andExpect(status().is2xxSuccessful())
		.andDo(print())
		.andReturn().getResponse().getContentAsString();

		Document doc = loadDocument(xml);
		assertEquals("vos:node", doc.getDocumentElement().getNodeName());
		assertEquals("vos:ContainerNode", doc.getDocumentElement().getAttribute("xsi:type"));
		NodeList nl = doc.getDocumentElement().getElementsByTagName("vos:nodes");

		assertEquals(1, nl.getLength());
		NodeList children = nl.item(0).getChildNodes();
		assertEquals(2, children.getLength());
		verify(dao, times(1)).listNode(eq("/"));

		}

		private Optional<Node> getRootNode() {
		ContainerNode root = new ContainerNode();
		root.setUri(URI_PREFIX + "/");
		@@ -131,8 +174,7 @@ public class ListNodeControllerTest {
		return node;
		}

		private Node getDataNodeByOwnership(String ownerID, String group)
		{
		private Node getDataNodeByOwnership(String ownerID, String group) {
		DataNode node = new DataNode();
		node.setUri(URI_PREFIX + "/mynode");
		// Set owner