/*
* Copyright (C) 2016 University of Dundee & Open Microscopy Environment.
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
package ome.security.basic;
import java.util.List;
import java.util.Map;
import ome.model.core.Image;
import ome.model.internal.Details;
import ome.services.sharing.ShareStore;
import ome.services.sharing.data.ShareData;
import ome.system.EventContext;
import ome.system.Roles;
import org.apache.commons.collections.CollectionUtils;
import org.hibernate.Filter;
import org.hibernate.Session;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
/**
* The sharing security filter provides database-level access protection for share contexts.
* @see ome.security.sharing.SharingACLVoter
* @author m.t.b.carroll@dundee.ac.uk
* @since 5.2.5
*/
public class SharingSecurityFilter extends AbstractSecurityFilter {
private static final ImmutableMap<String, String> PARAMETER_TYPES =
ImmutableMap.of("is_admin", "int",
"is_share", "int",
"images", "long");
private ShareStore shares;
/**
* Construct a new sharing security filter.
* @param roles the users and groups that are special to OMERO
* @param shares the shares
*/
public SharingSecurityFilter(Roles roles, ShareStore shares) {
super(roles);
this.shares = shares;
}
@Override
public Map<String, String> getParameterTypes() {
return PARAMETER_TYPES;
}
@Override
public String getDefaultCondition() {
/* provided instead by annotations */
return null;
}
@Override
public boolean passesFilter(Session session, Details details, EventContext ec) {
final Long shareId = ec.getCurrentShareId();
if (shareId == null) {
return true;
}
final ShareData share = shares.get(shareId);
return ec.isCurrentUserAdmin() || share != null && share.enabled;
}
@Override
public void enable(Session session, EventContext ec) {
List<Long> imageIds = null;
final Long shareId = ec.getCurrentShareId();
if (shareId != null) {
final ShareData shareData = shares.get(shareId);
if (shareData != null && shareData.enabled) {
imageIds = shareData.objectMap.get(Image.class.getName());
}
}
if (CollectionUtils.isEmpty(imageIds)) {
imageIds = ImmutableList.of(-1L);
}
final int isAdmin01 = ec.isCurrentUserAdmin() ? 1 : 0;
final int isShare01 = isShare(ec) ? 1 : 0;
final Filter filter = session.enableFilter(getName());
filter.setParameter("is_admin", isAdmin01);
filter.setParameter("is_share", isShare01);
filter.setParameterList("images", imageIds);
enableBaseFilters(session, isAdmin01, ec.getCurrentUserId());
}
}