Skip to content

Commit

Permalink
Merge branch '4.1.17'
Browse files Browse the repository at this point in the history
  • Loading branch information
@hplahar
hplahar committed May 6, 2015
2 parents f9fd7cb + 1e0d09c commit db381b9
Show file tree
Hide file tree
Showing 19 changed files with 290 additions and 165 deletions.
12 changes: 1 addition & 11 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-search</artifactId>
<version>5.1.1.Final</version>
<version>5.2.0.Final</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
Expand Down Expand Up @@ -112,16 +112,6 @@
<artifactId>opencsv</artifactId>
<version>2.3</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
<version>4.2.2</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.2.1</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
Expand Down
15 changes: 7 additions & 8 deletions src/main/java/org/jbei/ice/lib/account/PasswordUtil.java
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,15 @@
package org.jbei.ice.lib.account;

import org.jbei.ice.lib.utils.UtilityException;

import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.xml.bind.DatatypeConverter;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.UUID;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

import org.jbei.ice.lib.utils.UtilityException;

import org.apache.commons.codec.binary.Hex;

/**
* Utility class for handling account passwords
Expand All @@ -32,7 +31,7 @@ public static String encryptPassword(String password, String salt) throws Utilit
try {
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
byte[] hash = keyFactory.generateSecret(spec).getEncoded();
return Hex.encodeHexString(hash);
return DatatypeConverter.printHexBinary(hash);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
throw new UtilityException(e);
}
Expand All @@ -42,7 +41,7 @@ public static String generateSalt() {
SecureRandom random = new SecureRandom();
byte[] salt = new byte[SALT_BYTE_SIZE];
random.nextBytes(salt);
return Hex.encodeHexString(salt);
return DatatypeConverter.printHexBinary(salt);
}

public static String generateTemporaryPassword() {
Expand Down
43 changes: 21 additions & 22 deletions src/main/java/org/jbei/ice/lib/dao/hibernate/AccountDAO.java
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
package org.jbei.ice.lib.dao.hibernate;

import org.hibernate.Criteria;
import org.hibernate.HibernateException;
import org.hibernate.Query;
import org.hibernate.Session;
import org.hibernate.criterion.MatchMode;
import org.hibernate.criterion.Projections;
import org.hibernate.criterion.Restrictions;
import org.jbei.ice.lib.account.model.Account;
import org.jbei.ice.lib.common.logging.Logger;
import org.jbei.ice.lib.dao.DAOException;
Expand All @@ -30,20 +31,25 @@ public Account get(long id) throws DAOException {
return super.get(Account.class, id);
}

/**
* Retrieves accounts whose firstName, lastName, or email fields match the specified token up to the specified limit
*
* @param token filter for the account fields
* @param limit maximum number of matching accounts to return; 0 to return all
* @return list of matching accounts
*/
@SuppressWarnings("unchecked")
public Set<Account> getMatchingAccounts(String token, int limit) {
Session session = currentSession();
try {
token = token.toUpperCase();
String queryString = "from " + Account.class.getName()
+ " where (UPPER(firstName) like '%" + token
+ "%') OR (UPPER(lastName) like '%" + token
+ "%') OR (UPPER(email) like '%" + token + "%')";
Query query = session.createQuery(queryString);
if (limit > 0)
query.setMaxResults(limit);
Criteria criteria = currentSession().createCriteria(Account.class)
.add(Restrictions.disjunction()
.add(Restrictions.ilike("firstName", token, MatchMode.ANYWHERE))
.add(Restrictions.ilike("lastName", token, MatchMode.ANYWHERE))
.add(Restrictions.ilike("email", token, MatchMode.ANYWHERE)));

return new HashSet<Account>(query.list());
if (limit > 0)
criteria.setMaxResults(limit);
return new HashSet<>(criteria.list());
} catch (HibernateException e) {
Logger.error(e);
throw new DAOException(e);
Expand All @@ -57,24 +63,17 @@ public Set<Account> getMatchingAccounts(String token, int limit) {
* @return Account record referenced by email or null if email is null
*/
public Account getByEmail(String email) {
Account account = null;
if (email == null)
return null;

Session session = currentSession();
try {
Query query = session.createQuery("from " + Account.class.getName() + " where LOWER(email) = :email");
query.setParameter("email", email.toLowerCase());
Object result = query.uniqueResult();

if (result != null) {
account = (Account) result;
}
return (Account) currentSession().createCriteria(Account.class)
.add(Restrictions.eq("email", email).ignoreCase())
.uniqueResult();
} catch (HibernateException e) {
Logger.error(e);
throw new DAOException("Failed to retrieve Account by email: " + email, e);
}
return account;
}

@SuppressWarnings("unchecked")
Expand Down
43 changes: 29 additions & 14 deletions src/main/java/org/jbei/ice/lib/dao/hibernate/EntryDAO.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -290,22 +290,37 @@ public long sharedEntryCount(Account requester, Set<Group> accountGroups) throws
public List<Entry> sharedWithUserEntries(Account requester, Set<Group> groups, ColumnField sort,
boolean asc, int start, int limit) throws DAOException {
try {
List entryList = currentSession().createCriteria(Permission.class)
.add(Restrictions.disjunction()
.add(Restrictions.in("group", groups))
.add(Restrictions.eq("account", requester)))
.createAlias("entry", "entry")
.add(Restrictions.isNotNull("entry"))
.add(Restrictions.ne("entry.ownerEmail", requester.getEmail()))
.setProjection(Projections.property("entry.id"))
.list();

List folderIdList = currentSession().createCriteria(Permission.class)
.add(Restrictions.disjunction()
.add(Restrictions.in("group", groups))
.add(Restrictions.eq("account", requester)))
.createAlias("folder", "folder")
.createAlias("folder.contents", "content")
.add(Restrictions.isNotNull("folder"))
.add(Restrictions.ne("folder.ownerEmail", requester.getEmail()))
.setProjection(Projections.property("content.id"))
.list();

entryList.addAll(folderIdList);
if (entryList.isEmpty())
return new ArrayList<>();

Session session = currentSession();
String fieldName = columnFieldToString(sort);
String ascString = asc ? " asc" : " desc";
String queryString = "SELECT DISTINCT e FROM Entry e, Permission p WHERE p.group IN (:groups) "
+ " AND e.ownerEmail <> :oe AND e = p.entry AND e.visibility = :v ORDER BY e." + fieldName +
ascString;

Query query = session.createQuery(queryString);
query.setParameterList("groups", groups);
query.setParameter("v", Visibility.OK.getValue());
query.setParameter("oe", requester.getEmail());
query.setFirstResult(start);
query.setMaxResults(limit);
List list = query.list();
return new ArrayList<>(list);
Criteria criteria = currentSession().createCriteria(Entry.class).add(Restrictions.in("id", entryList));
criteria.addOrder(asc ? Order.asc(fieldName) : Order.desc(fieldName));
criteria.setFirstResult(start);
criteria.setMaxResults(limit);
return new ArrayList<>(criteria.list());
} catch (HibernateException he) {
Logger.error(he);
throw new DAOException(he);
Expand Down
34 changes: 30 additions & 4 deletions src/main/java/org/jbei/ice/lib/dao/hibernate/FolderDAO.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,21 +4,21 @@
import org.hibernate.HibernateException;
import org.hibernate.Query;
import org.hibernate.Session;
import org.hibernate.criterion.Disjunction;
import org.hibernate.criterion.Projections;
import org.hibernate.criterion.Restrictions;
import org.jbei.ice.lib.access.Permission;
import org.jbei.ice.lib.account.model.Account;
import org.jbei.ice.lib.common.logging.Logger;
import org.jbei.ice.lib.dao.DAOException;
import org.jbei.ice.lib.dto.entry.EntryType;
import org.jbei.ice.lib.dto.folder.FolderType;
import org.jbei.ice.lib.entry.model.Entry;
import org.jbei.ice.lib.folder.Folder;
import org.jbei.ice.lib.group.Group;
import org.jbei.ice.lib.shared.ColumnField;

import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.*;

/**
* Manipulate {@link org.jbei.ice.lib.folder.Folder} objects in the database.
Expand Down Expand Up @@ -223,4 +223,30 @@ public List<Folder> getFoldersByEntry(Entry entry) {

return folders;
}

/**
* Retrieves folders that the specified account owns, or has write privileges on based on the permissions
*
* @param account
* @return
* @throws DAOException
*/
public List<Folder> getCanEditFolders(Account account, Set<Group> accountGroups) throws DAOException {
List resultList = currentSession().createCriteria(Permission.class)
.add(Restrictions.disjunction()
.add(Restrictions.eq("account", account))
.add(Restrictions.in("group", accountGroups)))
.add(Restrictions.eq("canWrite", true))
.add(Restrictions.isNotNull("folder"))
.setProjection(Projections.property("folder.id"))
.list();

Disjunction disjunction = Restrictions.or(Restrictions.eq("ownerEmail", account.getEmail()));
if (!resultList.isEmpty()) {
disjunction.add(Restrictions.in("id", resultList));
}

Criteria criteria = currentSession().createCriteria(Folder.class).add(disjunction);
return criteria.list();
}
}
33 changes: 23 additions & 10 deletions src/main/java/org/jbei/ice/lib/dto/folder/FolderAuthorization.java
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,23 @@
package org.jbei.ice.lib.dto.folder;

import java.util.HashSet;
import java.util.Set;

import org.jbei.ice.lib.access.Authorization;
import org.jbei.ice.lib.access.PermissionsController;
import org.jbei.ice.lib.account.AccountType;
import org.jbei.ice.lib.account.model.Account;
import org.jbei.ice.lib.dao.DAOFactory;
import org.jbei.ice.lib.folder.Folder;

import java.util.HashSet;
import java.util.Set;

/**
* Authorization specific to folder objects
*
* @author Hector Plahar
*/
public class FolderAuthorization extends Authorization<Folder> {

private final PermissionsController controller = new PermissionsController();

public FolderAuthorization() {
super(DAOFactory.getFolderDAO());
}
Expand All @@ -25,8 +28,6 @@ public String getOwner(Folder folder) {
}

public boolean canRead(String userId, Folder folder) {
PermissionsController controller = new PermissionsController();

if (controller.isPublicVisible(folder))
return true;

Expand All @@ -37,10 +38,7 @@ public boolean canRead(String userId, Folder folder) {
if (folder.getType() == FolderType.PUBLIC)
return true;

if (account.getType() == AccountType.ADMIN)
return true;

if (userId.equals(folder.getOwnerEmail()))
if (super.canRead(userId, folder))
return true;

// now check actual permissions
Expand All @@ -53,4 +51,19 @@ public boolean canRead(String userId, Folder folder) {
return controller.accountHasReadPermission(account, folders)
|| controller.accountHasWritePermission(account, folders);
}

public boolean canWrite(String userId, Folder folder) {
Account account = getAccount(userId);
if (account == null)
return false;

if (super.canWrite(userId, folder))
return true;

// now check actual permissions
Set<Folder> folders = new HashSet<>();
folders.add(folder);
return controller.groupHasWritePermission(account.getGroups(), folders)
|| controller.accountHasWritePermission(account, folders);
}
}
Loading

0 comments on commit db381b9

Please sign in to comment.