diff --git a/BimServer/src/org/bimserver/changes/RemoveAttributeChange.java b/BimServer/src/org/bimserver/changes/RemoveAttributeChange.java
index fba6c75ecf..fadc1555d7 100644
--- a/BimServer/src/org/bimserver/changes/RemoveAttributeChange.java
+++ b/BimServer/src/org/bimserver/changes/RemoveAttributeChange.java
@@ -23,11 +23,16 @@
import org.bimserver.BimserverDatabaseException;
import org.bimserver.database.BimserverLockConflictException;
+import org.bimserver.database.DatabaseSession;
+import org.bimserver.database.OldQuery;
import org.bimserver.database.queries.QueryObjectProvider;
import org.bimserver.database.queries.om.Query;
import org.bimserver.database.queries.om.QueryException;
import org.bimserver.database.queries.om.QueryPart;
import org.bimserver.emf.PackageMetaData;
+import org.bimserver.models.store.Project;
+import org.bimserver.models.store.StorePackage;
+import org.bimserver.models.store.User;
import org.bimserver.shared.HashMapVirtualObject;
import org.bimserver.shared.exceptions.UserException;
import org.eclipse.emf.ecore.EAttribute;
@@ -49,7 +54,6 @@ public RemoveAttributeChange(long oid, String attributeName, int index) {
@Override
public void execute(Transaction transaction) throws UserException, BimserverLockConflictException, BimserverDatabaseException, IOException, QueryException {
PackageMetaData packageMetaData = transaction.getDatabaseSession().getMetaDataManager().getPackageMetaData(transaction.getProject().getSchema());
-
HashMapVirtualObject object = transaction.get(oid);
if (object == null) {
Query query = new Query(packageMetaData);
diff --git a/BimServer/src/org/bimserver/database/actions/AddDeserializerDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/AddDeserializerDatabaseAction.java
index adf84c6d5f..d2b582d02f 100644
--- a/BimServer/src/org/bimserver/database/actions/AddDeserializerDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/AddDeserializerDatabaseAction.java
@@ -1,47 +1,51 @@
-package org.bimserver.database.actions;
-
-/******************************************************************************
- * Copyright (C) 2009-2019 BIMserver.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see {@literal}.
- *****************************************************************************/
-
-import org.bimserver.BimserverDatabaseException;
-import org.bimserver.database.BimserverLockConflictException;
-import org.bimserver.database.DatabaseSession;
-import org.bimserver.database.OldQuery;
-import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.DeserializerPluginConfiguration;
-import org.bimserver.models.store.StorePackage;
-import org.bimserver.models.store.User;
-import org.bimserver.shared.exceptions.UserException;
-import org.bimserver.webservices.authorization.Authorization;
+package org.bimserver.database.actions;
+
+/******************************************************************************
+ * Copyright (C) 2009-2019 BIMserver.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see {@literal}.
+ *****************************************************************************/
+
+import org.bimserver.BimserverDatabaseException;
+import org.bimserver.database.BimserverLockConflictException;
+import org.bimserver.database.DatabaseSession;
+import org.bimserver.database.OldQuery;
+import org.bimserver.models.log.AccessMethod;
+import org.bimserver.models.store.DeserializerPluginConfiguration;
+import org.bimserver.models.store.StorePackage;
+import org.bimserver.models.store.User;
+import org.bimserver.models.store.UserType;
+import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.webservices.authorization.Authorization;
public class AddDeserializerDatabaseAction extends AddDatabaseAction {
- private Authorization authorization;
-
+ private Authorization authorization;
+
public AddDeserializerDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, DeserializerPluginConfiguration deserializer) {
- super(databaseSession, accessMethod, deserializer);
+ super(databaseSession, accessMethod, deserializer);
this.authorization = authorization;
- }
-
- @Override
- public Long execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
- user.getUserSettings().getDeserializers().add(getIdEObject());
- getDatabaseSession().store(user.getUserSettings());
- return super.execute();
- }
+ }
+
+ @Override
+ public Long execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User has no rights for this call");
+ }
+ user.getUserSettings().getDeserializers().add(getIdEObject());
+ getDatabaseSession().store(user.getUserSettings());
+ return super.execute();
+ }
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/AddInternalServiceDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/AddInternalServiceDatabaseAction.java
index 142e90d1e0..c3c3a933cc 100644
--- a/BimServer/src/org/bimserver/database/actions/AddInternalServiceDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/AddInternalServiceDatabaseAction.java
@@ -1,57 +1,57 @@
-package org.bimserver.database.actions;
-
-/******************************************************************************
- * Copyright (C) 2009-2019 BIMserver.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see {@literal}.
- *****************************************************************************/
-
-import org.bimserver.BimServer;
-import org.bimserver.BimserverDatabaseException;
-import org.bimserver.database.BimserverLockConflictException;
-import org.bimserver.database.DatabaseSession;
-import org.bimserver.database.OldQuery;
-import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.InternalServicePluginConfiguration;
-import org.bimserver.models.store.ObjectType;
-import org.bimserver.models.store.StorePackage;
-import org.bimserver.models.store.User;
-import org.bimserver.plugins.Plugin;
-import org.bimserver.shared.exceptions.UserException;
-import org.bimserver.webservices.authorization.Authorization;
+package org.bimserver.database.actions;
+
+/******************************************************************************
+ * Copyright (C) 2009-2019 BIMserver.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see {@literal}.
+ *****************************************************************************/
+
+import org.bimserver.BimServer;
+import org.bimserver.BimserverDatabaseException;
+import org.bimserver.database.BimserverLockConflictException;
+import org.bimserver.database.DatabaseSession;
+import org.bimserver.database.OldQuery;
+import org.bimserver.models.log.AccessMethod;
+import org.bimserver.models.store.*;
+import org.bimserver.plugins.Plugin;
+import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.webservices.authorization.Authorization;
public class AddInternalServiceDatabaseAction extends AddDatabaseAction {
- private Authorization authorization;
- private BimServer bimServer;
-
+ private Authorization authorization;
+ private BimServer bimServer;
+
public AddInternalServiceDatabaseAction(BimServer bimServer, DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, InternalServicePluginConfiguration eService) {
- super(databaseSession, accessMethod, eService);
- this.bimServer = bimServer;
+ super(databaseSession, accessMethod, eService);
+ this.bimServer = bimServer;
this.authorization = authorization;
- }
-
- @Override
- public Long execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
- InternalServicePluginConfiguration idEObject = getIdEObject();
- idEObject.setUserSettings(user.getUserSettings());
- Plugin plugin = bimServer.getPluginManager().getPlugin(idEObject.getPluginDescriptor().getIdentifier(), true);
- ObjectType settings = bimServer.convertSettings(getDatabaseSession(), plugin.getUserSettingsDefinition());
- user.getUserSettings().getServices().add(idEObject);
- idEObject.setSettings(settings);
- getDatabaseSession().store(user.getUserSettings());
- return super.execute();
+ }
+
+ @Override
+ public Long execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User has no rights for this call");
+ }
+ InternalServicePluginConfiguration idEObject = getIdEObject();
+ idEObject.setUserSettings(user.getUserSettings());
+ Plugin plugin = bimServer.getPluginManager().getPlugin(idEObject.getPluginDescriptor().getIdentifier(), true);
+ ObjectType settings = bimServer.convertSettings(getDatabaseSession(), plugin.getUserSettingsDefinition());
+ user.getUserSettings().getServices().add(idEObject);
+ idEObject.setSettings(settings);
+ getDatabaseSession().store(user.getUserSettings());
+ return super.execute();
}
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/AddModelCompareDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/AddModelCompareDatabaseAction.java
index 936f326857..6368e69ea7 100644
--- a/BimServer/src/org/bimserver/database/actions/AddModelCompareDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/AddModelCompareDatabaseAction.java
@@ -1,47 +1,51 @@
-package org.bimserver.database.actions;
-
-/******************************************************************************
- * Copyright (C) 2009-2019 BIMserver.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see {@literal}.
- *****************************************************************************/
-
-import org.bimserver.BimserverDatabaseException;
-import org.bimserver.database.BimserverLockConflictException;
-import org.bimserver.database.DatabaseSession;
-import org.bimserver.database.OldQuery;
-import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.ModelComparePluginConfiguration;
-import org.bimserver.models.store.StorePackage;
-import org.bimserver.models.store.User;
-import org.bimserver.shared.exceptions.UserException;
-import org.bimserver.webservices.authorization.Authorization;
+package org.bimserver.database.actions;
+
+/******************************************************************************
+ * Copyright (C) 2009-2019 BIMserver.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see {@literal}.
+ *****************************************************************************/
+
+import org.bimserver.BimserverDatabaseException;
+import org.bimserver.database.BimserverLockConflictException;
+import org.bimserver.database.DatabaseSession;
+import org.bimserver.database.OldQuery;
+import org.bimserver.models.log.AccessMethod;
+import org.bimserver.models.store.ModelComparePluginConfiguration;
+import org.bimserver.models.store.StorePackage;
+import org.bimserver.models.store.User;
+import org.bimserver.models.store.UserType;
+import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.webservices.authorization.Authorization;
public class AddModelCompareDatabaseAction extends AddDatabaseAction {
- private Authorization authorization;
-
+ private Authorization authorization;
+
public AddModelCompareDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, ModelComparePluginConfiguration modelCompare) {
- super(databaseSession, accessMethod, modelCompare);
+ super(databaseSession, accessMethod, modelCompare);
this.authorization = authorization;
- }
-
- @Override
- public Long execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
- user.getUserSettings().getModelCompares().add(getIdEObject());
- getDatabaseSession().store(user.getUserSettings());
- return super.execute();
- }
+ }
+
+ @Override
+ public Long execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User has no rights for this call");
+ }
+ user.getUserSettings().getModelCompares().add(getIdEObject());
+ getDatabaseSession().store(user.getUserSettings());
+ return super.execute();
+ }
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/AddModelMergerDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/AddModelMergerDatabaseAction.java
index 46094c684d..f201b9c553 100644
--- a/BimServer/src/org/bimserver/database/actions/AddModelMergerDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/AddModelMergerDatabaseAction.java
@@ -1,47 +1,51 @@
-package org.bimserver.database.actions;
-
-/******************************************************************************
- * Copyright (C) 2009-2019 BIMserver.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see {@literal}.
- *****************************************************************************/
-
-import org.bimserver.BimserverDatabaseException;
-import org.bimserver.database.BimserverLockConflictException;
-import org.bimserver.database.DatabaseSession;
-import org.bimserver.database.OldQuery;
-import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.ModelMergerPluginConfiguration;
-import org.bimserver.models.store.StorePackage;
-import org.bimserver.models.store.User;
-import org.bimserver.shared.exceptions.UserException;
-import org.bimserver.webservices.authorization.Authorization;
+package org.bimserver.database.actions;
+
+/******************************************************************************
+ * Copyright (C) 2009-2019 BIMserver.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see {@literal}.
+ *****************************************************************************/
+
+import org.bimserver.BimserverDatabaseException;
+import org.bimserver.database.BimserverLockConflictException;
+import org.bimserver.database.DatabaseSession;
+import org.bimserver.database.OldQuery;
+import org.bimserver.models.log.AccessMethod;
+import org.bimserver.models.store.ModelMergerPluginConfiguration;
+import org.bimserver.models.store.StorePackage;
+import org.bimserver.models.store.User;
+import org.bimserver.models.store.UserType;
+import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.webservices.authorization.Authorization;
public class AddModelMergerDatabaseAction extends AddDatabaseAction {
- private Authorization authorization;
-
+ private Authorization authorization;
+
public AddModelMergerDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, ModelMergerPluginConfiguration modelMerger) {
- super(databaseSession, accessMethod, modelMerger);
+ super(databaseSession, accessMethod, modelMerger);
this.authorization = authorization;
- }
-
- @Override
- public Long execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
- user.getUserSettings().getModelMergers().add(getIdEObject());
- getDatabaseSession().store(user.getUserSettings());
- return super.execute();
- }
+ }
+
+ @Override
+ public Long execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User has no rights for this call");
+ }
+ user.getUserSettings().getModelMergers().add(getIdEObject());
+ getDatabaseSession().store(user.getUserSettings());
+ return super.execute();
+ }
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/AddProjectDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/AddProjectDatabaseAction.java
index f5574bddf6..567259a3ab 100644
--- a/BimServer/src/org/bimserver/database/actions/AddProjectDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/AddProjectDatabaseAction.java
@@ -66,6 +66,9 @@ public Project execute() throws UserException, BimserverDatabaseException, Bimse
}
final Project project = getDatabaseSession().create(Project.class);
Project parentProject = null;
+ if (actingUser.getUserType() == UserType.READ_ONLY){
+ throw new UserException("Read-only users cannot create projects/subprojects");
+ }
if (parentPoid != -1) {
parentProject = getProjectByPoid(parentPoid);
project.setParent(parentProject);
diff --git a/BimServer/src/org/bimserver/database/actions/AddQueryEngineDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/AddQueryEngineDatabaseAction.java
index eb8cc52010..f84b4b27b7 100644
--- a/BimServer/src/org/bimserver/database/actions/AddQueryEngineDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/AddQueryEngineDatabaseAction.java
@@ -1,47 +1,51 @@
-package org.bimserver.database.actions;
-
-/******************************************************************************
- * Copyright (C) 2009-2019 BIMserver.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see {@literal}.
- *****************************************************************************/
-
-import org.bimserver.BimserverDatabaseException;
-import org.bimserver.database.BimserverLockConflictException;
-import org.bimserver.database.DatabaseSession;
-import org.bimserver.database.OldQuery;
-import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.QueryEnginePluginConfiguration;
-import org.bimserver.models.store.StorePackage;
-import org.bimserver.models.store.User;
-import org.bimserver.shared.exceptions.UserException;
-import org.bimserver.webservices.authorization.Authorization;
+package org.bimserver.database.actions;
+
+/******************************************************************************
+ * Copyright (C) 2009-2019 BIMserver.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see {@literal}.
+ *****************************************************************************/
+
+import org.bimserver.BimserverDatabaseException;
+import org.bimserver.database.BimserverLockConflictException;
+import org.bimserver.database.DatabaseSession;
+import org.bimserver.database.OldQuery;
+import org.bimserver.models.log.AccessMethod;
+import org.bimserver.models.store.QueryEnginePluginConfiguration;
+import org.bimserver.models.store.StorePackage;
+import org.bimserver.models.store.User;
+import org.bimserver.models.store.UserType;
+import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.webservices.authorization.Authorization;
public class AddQueryEngineDatabaseAction extends AddDatabaseAction {
- private Authorization authorization;
-
+ private Authorization authorization;
+
public AddQueryEngineDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, QueryEnginePluginConfiguration queryEngine) {
- super(databaseSession, accessMethod, queryEngine);
+ super(databaseSession, accessMethod, queryEngine);
this.authorization = authorization;
- }
-
- @Override
- public Long execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
- user.getUserSettings().getQueryEngines().add(getIdEObject());
- getDatabaseSession().store(user.getUserSettings());
- return super.execute();
- }
+ }
+
+ @Override
+ public Long execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User has no rights for this call");
+ }
+ user.getUserSettings().getQueryEngines().add(getIdEObject());
+ getDatabaseSession().store(user.getUserSettings());
+ return super.execute();
+ }
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/AddRenderEngineDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/AddRenderEngineDatabaseAction.java
index f60f6b47f8..b5b2f8eb66 100644
--- a/BimServer/src/org/bimserver/database/actions/AddRenderEngineDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/AddRenderEngineDatabaseAction.java
@@ -1,47 +1,51 @@
-package org.bimserver.database.actions;
-
-/******************************************************************************
- * Copyright (C) 2009-2019 BIMserver.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see {@literal}.
- *****************************************************************************/
-
-import org.bimserver.BimserverDatabaseException;
-import org.bimserver.database.BimserverLockConflictException;
-import org.bimserver.database.DatabaseSession;
-import org.bimserver.database.OldQuery;
-import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.RenderEnginePluginConfiguration;
-import org.bimserver.models.store.StorePackage;
-import org.bimserver.models.store.User;
-import org.bimserver.shared.exceptions.UserException;
-import org.bimserver.webservices.authorization.Authorization;
+package org.bimserver.database.actions;
+
+/******************************************************************************
+ * Copyright (C) 2009-2019 BIMserver.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see {@literal}.
+ *****************************************************************************/
+
+import org.bimserver.BimserverDatabaseException;
+import org.bimserver.database.BimserverLockConflictException;
+import org.bimserver.database.DatabaseSession;
+import org.bimserver.database.OldQuery;
+import org.bimserver.models.log.AccessMethod;
+import org.bimserver.models.store.RenderEnginePluginConfiguration;
+import org.bimserver.models.store.StorePackage;
+import org.bimserver.models.store.User;
+import org.bimserver.models.store.UserType;
+import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.webservices.authorization.Authorization;
public class AddRenderEngineDatabaseAction extends AddDatabaseAction {
- private Authorization authorization;
-
+ private Authorization authorization;
+
public AddRenderEngineDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, RenderEnginePluginConfiguration renderEngine) {
- super(databaseSession, accessMethod, renderEngine);
+ super(databaseSession, accessMethod, renderEngine);
this.authorization = authorization;
- }
-
- @Override
- public Long execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
- user.getUserSettings().getRenderEngines().add(getIdEObject());
- getDatabaseSession().store(user.getUserSettings());
- return super.execute();
- }
+ }
+
+ @Override
+ public Long execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User has no rights for this call");
+ }
+ user.getUserSettings().getRenderEngines().add(getIdEObject());
+ getDatabaseSession().store(user.getUserSettings());
+ return super.execute();
+ }
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/AddSerializerDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/AddSerializerDatabaseAction.java
index 190f658dac..b3dcb8ad37 100644
--- a/BimServer/src/org/bimserver/database/actions/AddSerializerDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/AddSerializerDatabaseAction.java
@@ -1,56 +1,60 @@
-package org.bimserver.database.actions;
-
-/******************************************************************************
- * Copyright (C) 2009-2019 BIMserver.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see {@literal}.
- *****************************************************************************/
-
-import org.bimserver.BimserverDatabaseException;
-import org.bimserver.database.BimserverLockConflictException;
-import org.bimserver.database.DatabaseSession;
-import org.bimserver.database.OldQuery;
-import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.SerializerPluginConfiguration;
-import org.bimserver.models.store.StorePackage;
-import org.bimserver.models.store.User;
-import org.bimserver.shared.exceptions.UserException;
-import org.bimserver.webservices.authorization.Authorization;
+package org.bimserver.database.actions;
+
+/******************************************************************************
+ * Copyright (C) 2009-2019 BIMserver.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see {@literal}.
+ *****************************************************************************/
+
+import org.bimserver.BimserverDatabaseException;
+import org.bimserver.database.BimserverLockConflictException;
+import org.bimserver.database.DatabaseSession;
+import org.bimserver.database.OldQuery;
+import org.bimserver.models.log.AccessMethod;
+import org.bimserver.models.store.SerializerPluginConfiguration;
+import org.bimserver.models.store.StorePackage;
+import org.bimserver.models.store.User;
+import org.bimserver.models.store.UserType;
+import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.webservices.authorization.Authorization;
public class AddSerializerDatabaseAction extends AddDatabaseAction {
- private Authorization authorization;
-
+ private Authorization authorization;
+
public AddSerializerDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, SerializerPluginConfiguration serializer) {
- super(databaseSession, accessMethod, serializer);
+ super(databaseSession, accessMethod, serializer);
this.authorization = authorization;
- }
-
- @Override
- public Long execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- Long execute = super.execute();
- // Make sure the backreferences are stored as well, someday this should be automatic
- if (getIdEObject().getRenderEngine() != null) {
- getDatabaseSession().store(getIdEObject().getRenderEngine());
- }
- if (getIdEObject().getObjectIDM() != null) {
- getDatabaseSession().store(getIdEObject().getObjectIDM());
- }
- User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
- user.getUserSettings().getSerializers().add(getIdEObject());
- getDatabaseSession().store(user.getUserSettings());
-
- return execute;
+ }
+
+ @Override
+ public Long execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ Long execute = super.execute();
+ // Make sure the backreferences are stored as well, someday this should be automatic
+ if (getIdEObject().getRenderEngine() != null) {
+ getDatabaseSession().store(getIdEObject().getRenderEngine());
+ }
+ if (getIdEObject().getObjectIDM() != null) {
+ getDatabaseSession().store(getIdEObject().getObjectIDM());
+ }
+ User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User has no rights for this call");
+ }
+ user.getUserSettings().getSerializers().add(getIdEObject());
+ getDatabaseSession().store(user.getUserSettings());
+
+ return execute;
}
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/AddUserToProjectDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/AddUserToProjectDatabaseAction.java
index 4a037cb3b1..41ff26a3c5 100644
--- a/BimServer/src/org/bimserver/database/actions/AddUserToProjectDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/AddUserToProjectDatabaseAction.java
@@ -17,7 +17,9 @@
* along with this program. If not, see {@literal}.
*****************************************************************************/
+import java.util.ArrayList;
import java.util.Date;
+import java.util.List;
import org.bimserver.BimServer;
import org.bimserver.BimserverDatabaseException;
@@ -25,54 +27,85 @@
import org.bimserver.database.DatabaseSession;
import org.bimserver.database.PostCommitAction;
import org.bimserver.interfaces.SConverter;
+import org.bimserver.interfaces.objects.SProjectSmall;
import org.bimserver.models.log.AccessMethod;
import org.bimserver.models.log.UserAddedToProject;
import org.bimserver.models.store.Project;
import org.bimserver.models.store.User;
+import org.bimserver.models.store.UserType;
import org.bimserver.shared.exceptions.UserException;
import org.bimserver.webservices.authorization.Authorization;
-
-public class AddUserToProjectDatabaseAction extends BimDatabaseAction {
-
- private final long uoid;
+
+public class AddUserToProjectDatabaseAction extends BimDatabaseAction {
+
+ private final long uoid;
private final long poid;
private Authorization authorization;
- private BimServer bimServer;
-
- public AddUserToProjectDatabaseAction(BimServer bimServer, DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, long uoid,
- long poid) {
+ private BimServer bimServer;
+
+ public AddUserToProjectDatabaseAction(BimServer bimServer, DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, long uoid,
+ long poid) {
super(databaseSession, accessMethod);
this.bimServer = bimServer;
- this.authorization = authorization;
- this.uoid = uoid;
- this.poid = poid;
- }
-
- @Override
+ this.authorization = authorization;
+ this.uoid = uoid;
+ this.poid = poid;
+ }
+
+ @Override
public Boolean execute() throws UserException, BimserverDatabaseException, BimserverLockConflictException {
final Project project = getProjectByPoid(poid);
- User actingUser = getUserByUoid(authorization.getUoid());
- if (authorization.hasRightsOnProject(actingUser, project)) {
- User user = getUserByUoid(uoid);
- project.getHasAuthorizedUsers().add(user);
- user.getHasRightsOn().add(project);
- final UserAddedToProject userAddedToProject = getDatabaseSession().create(UserAddedToProject.class);
- userAddedToProject.setExecutor(actingUser);
- userAddedToProject.setDate(new Date());
- userAddedToProject.setAccessMethod(getAccessMethod());
- userAddedToProject.setUser(user);
- userAddedToProject.setProject(project);
- getDatabaseSession().addPostCommitAction(new PostCommitAction() {
- @Override
- public void execute() throws UserException {
- bimServer.getNotificationsManager().notify(new SConverter().convertToSObject(userAddedToProject));
+ User actingUser = getUserByUoid(authorization.getUoid());
+ User user = getUserByUoid(uoid);
+ if (actingUser.getUserType() != UserType.READ_ONLY) {
+ if (authorization.hasRightsOnProject(actingUser, project)) {
+ if (user.getUserType() == UserType.USER) {
+ Project rootProject = getRootProject(project);
+ getSubProjects(rootProject, actingUser, user);
+ } else {
+ addUserToProject(project, actingUser, user);
}
- });
- getDatabaseSession().store(user);
- getDatabaseSession().store(project);
- return true;
- } else {
- throw new UserException("User has no rights to grant permission on '" + project.getName() + "'");
- }
- }
+ return true;
+ } else {
+ throw new UserException("User has no rights on project '" + project.getName() + "'");
+ }
+ } else {
+ throw new UserException("User has no rights to grant permission on '" + project.getName() + "'");
+ }
+ }
+
+ private Project getRootProject(Project project) {
+ if (project.getParent() != null) {
+ return getRootProject(project.getParent());
+ } else {
+ return project;
+ }
+ }
+
+ private void getSubProjects(Project project, User actingUser, User user) throws BimserverDatabaseException {
+ addUserToProject(project, actingUser, user);
+ List subProjects = new ArrayList(project.getSubProjects());
+ for (Project subProject : subProjects) {
+ getSubProjects(subProject, actingUser, user);
+ }
+ }
+
+ private void addUserToProject( Project project, User actingUser, User user) throws BimserverDatabaseException {
+ project.getHasAuthorizedUsers().add(user);
+ user.getHasRightsOn().add(project);
+ final UserAddedToProject userAddedToProject = getDatabaseSession().create(UserAddedToProject.class);
+ userAddedToProject.setExecutor(actingUser);
+ userAddedToProject.setDate(new Date());
+ userAddedToProject.setAccessMethod(getAccessMethod());
+ userAddedToProject.setUser(user);
+ userAddedToProject.setProject(project);
+ getDatabaseSession().addPostCommitAction(new PostCommitAction() {
+ @Override
+ public void execute() throws UserException {
+ bimServer.getNotificationsManager().notify(new SConverter().convertToSObject(userAddedToProject));
+ }
+ });
+ getDatabaseSession().store(user);
+ getDatabaseSession().store(project);
+ }
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/BranchToExistingProjectDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/BranchToExistingProjectDatabaseAction.java
index d5b60d293c..2162ddee92 100644
--- a/BimServer/src/org/bimserver/database/actions/BranchToExistingProjectDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/BranchToExistingProjectDatabaseAction.java
@@ -28,32 +28,28 @@
import org.bimserver.ifc.BasicIfcModel;
import org.bimserver.ifc.IfcModel;
import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.ConcreteRevision;
-import org.bimserver.models.store.Project;
-import org.bimserver.models.store.Revision;
-import org.bimserver.models.store.StorePackage;
-import org.bimserver.models.store.User;
+import org.bimserver.models.store.*;
import org.bimserver.plugins.IfcModelSet;
import org.bimserver.plugins.ModelHelper;
import org.bimserver.plugins.modelmerger.MergeException;
import org.bimserver.shared.exceptions.UserException;
import org.bimserver.webservices.authorization.Authorization;
-
-public class BranchToExistingProjectDatabaseAction extends AbstractBranchDatabaseAction {
- private final Long roid;
- private final Long destPoid;
- private final String comment;
- private final BimServer bimServer;
- private Authorization authorization;
-
- public BranchToExistingProjectDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, BimServer bimServer, Authorization authorization, Long roid, Long destPoid, String comment) {
- super(databaseSession, accessMethod);
+
+public class BranchToExistingProjectDatabaseAction extends AbstractBranchDatabaseAction {
+ private final Long roid;
+ private final Long destPoid;
+ private final String comment;
+ private final BimServer bimServer;
+ private Authorization authorization;
+
+ public BranchToExistingProjectDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, BimServer bimServer, Authorization authorization, Long roid, Long destPoid, String comment) {
+ super(databaseSession, accessMethod);
this.bimServer = bimServer;
- this.authorization = authorization;
- this.roid = roid;
- this.destPoid = destPoid;
- this.comment = comment;
- }
+ this.authorization = authorization;
+ this.roid = roid;
+ this.destPoid = destPoid;
+ this.comment = comment;
+ }
public Long getRoid() {
return roid;
@@ -63,34 +59,38 @@ public Long getRoid() {
public Long getPoid() {
return destPoid;
}
-
- @Override
- public ConcreteRevision execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- Revision oldRevision = getDatabaseSession().get(StorePackage.eINSTANCE.getRevision(), roid, OldQuery.getDefault());
- Project oldProject = oldRevision.getProject();
- User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
- if (!authorization.hasRightsOnProjectOrSuperProjectsOrSubProjects(user, oldProject)) {
- throw new UserException("User has insufficient rights to download revisions from this project");
- }
+
+ @Override
+ public ConcreteRevision execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ Revision oldRevision = getDatabaseSession().get(StorePackage.eINSTANCE.getRevision(), roid, OldQuery.getDefault());
+ Project oldProject = oldRevision.getProject();
+ User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
+ User actingUser = getUserByUoid(authorization.getUoid());
+ if (actingUser.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User '" + actingUser.getName() + "' is read only and cannot branch projects");
+ }
+ if (!authorization.hasRightsOnProjectOrSuperProjectsOrSubProjects(user, oldProject)) {
+ throw new UserException("User has insufficient rights to download revisions from this project");
+ }
IfcModelSet ifcModelSet = new IfcModelSet();
- PackageMetaData lastMetaData = null;
+ PackageMetaData lastMetaData = null;
for (ConcreteRevision subRevision : oldRevision.getConcreteRevisions()) {
- PackageMetaData packageMetaData = bimServer.getMetaDataManager().getPackageMetaData(subRevision.getProject().getSchema());
- IfcModel subModel = new BasicIfcModel(packageMetaData, null);
- getDatabaseSession().getMap(subModel, new OldQuery(packageMetaData, subRevision.getProject().getId(), subRevision.getId(), -1, Deep.YES));
- subModel.getModelMetaData().setDate(subRevision.getDate());
+ PackageMetaData packageMetaData = bimServer.getMetaDataManager().getPackageMetaData(subRevision.getProject().getSchema());
+ IfcModel subModel = new BasicIfcModel(packageMetaData, null);
+ getDatabaseSession().getMap(subModel, new OldQuery(packageMetaData, subRevision.getProject().getId(), subRevision.getId(), -1, Deep.YES));
+ subModel.getModelMetaData().setDate(subRevision.getDate());
ifcModelSet.add(subModel);
- lastMetaData = packageMetaData;
- }
+ lastMetaData = packageMetaData;
+ }
IfcModelInterface model = new BasicIfcModel(lastMetaData, null);
try {
- model = bimServer.getMergerFactory().createMerger(getDatabaseSession(), authorization.getUoid())
+ model = bimServer.getMergerFactory().createMerger(getDatabaseSession(), authorization.getUoid())
.merge(oldRevision.getProject(), ifcModelSet, new ModelHelper(bimServer.getMetaDataManager(), model));
} catch (MergeException e) {
throw new UserException(e);
- }
- model.resetOids();
- CheckinDatabaseAction checkinDatabaseAction = new CheckinDatabaseAction(bimServer, getDatabaseSession(), getAccessMethod(), destPoid, authorization, model, comment, comment, false, -1, -1); // TODO
+ }
+ model.resetOids();
+ CheckinDatabaseAction checkinDatabaseAction = new CheckinDatabaseAction(bimServer, getDatabaseSession(), getAccessMethod(), destPoid, authorization, model, comment, comment, false, -1, -1); // TODO
return checkinDatabaseAction.execute();
- }
+ }
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/BranchToNewProjectDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/BranchToNewProjectDatabaseAction.java
index b0a42a1018..f0cbb77766 100644
--- a/BimServer/src/org/bimserver/database/actions/BranchToNewProjectDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/BranchToNewProjectDatabaseAction.java
@@ -28,11 +28,7 @@
import org.bimserver.ifc.BasicIfcModel;
import org.bimserver.ifc.IfcModel;
import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.ConcreteRevision;
-import org.bimserver.models.store.Project;
-import org.bimserver.models.store.Revision;
-import org.bimserver.models.store.StorePackage;
-import org.bimserver.models.store.User;
+import org.bimserver.models.store.*;
import org.bimserver.plugins.IfcModelSet;
import org.bimserver.plugins.ModelHelper;
import org.bimserver.plugins.modelmerger.MergeException;
@@ -71,6 +67,10 @@ public ConcreteRevision execute() throws UserException, BimserverLockConflictExc
Revision oldRevision = getDatabaseSession().get(StorePackage.eINSTANCE.getRevision(), roid, OldQuery.getDefault());
Project oldProject = oldRevision.getProject();
final User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
+ User actingUser = getUserByUoid(authorization.getUoid());
+ if (actingUser.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User '" + actingUser.getName() + "' is read only and cannot branch projects");
+ }
if (!authorization.hasRightsOnProjectOrSuperProjectsOrSubProjects(user, oldProject)) {
throw new UserException("User has insufficient rights to download revisions from this project");
}
diff --git a/BimServer/src/org/bimserver/database/actions/CloneToNewProjectDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/CloneToNewProjectDatabaseAction.java
index 743af1b8b2..fbc3533ac2 100644
--- a/BimServer/src/org/bimserver/database/actions/CloneToNewProjectDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/CloneToNewProjectDatabaseAction.java
@@ -36,11 +36,7 @@
import org.bimserver.database.queries.om.SpecialQueryType;
import org.bimserver.emf.PackageMetaData;
import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.ConcreteRevision;
-import org.bimserver.models.store.Project;
-import org.bimserver.models.store.Revision;
-import org.bimserver.models.store.StorePackage;
-import org.bimserver.models.store.User;
+import org.bimserver.models.store.*;
import org.bimserver.shared.HashMapVirtualObject;
import org.bimserver.shared.QueryContext;
import org.bimserver.shared.exceptions.UserException;
@@ -71,6 +67,9 @@ public ConcreteRevision execute() throws UserException, BimserverLockConflictExc
Revision oldRevision = getDatabaseSession().get(StorePackage.eINSTANCE.getRevision(), roid, OldQuery.getDefault());
Project oldProject = oldRevision.getProject();
final User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User '" + user.getName() + "' is read-only and cannot create a new project");
+ }
if (!authorization.hasRightsOnProjectOrSuperProjectsOrSubProjects(user, oldProject)) {
throw new UserException("User has insufficient rights to download revisions from this project");
}
diff --git a/BimServer/src/org/bimserver/database/actions/DeleteDeserializerDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/DeleteDeserializerDatabaseAction.java
index 50a1db9a92..fafca14fc6 100644
--- a/BimServer/src/org/bimserver/database/actions/DeleteDeserializerDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/DeleteDeserializerDatabaseAction.java
@@ -1,44 +1,49 @@
-package org.bimserver.database.actions;
-
-/******************************************************************************
- * Copyright (C) 2009-2019 BIMserver.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see {@literal}.
- *****************************************************************************/
-
-import org.bimserver.BimserverDatabaseException;
-import org.bimserver.database.BimserverLockConflictException;
-import org.bimserver.database.DatabaseSession;
-import org.bimserver.database.OldQuery;
-import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.DeserializerPluginConfiguration;
-import org.bimserver.models.store.StorePackage;
-import org.bimserver.models.store.UserSettings;
-import org.bimserver.shared.exceptions.UserException;
+package org.bimserver.database.actions;
+
+/******************************************************************************
+ * Copyright (C) 2009-2019 BIMserver.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see {@literal}.
+ *****************************************************************************/
+
+import org.bimserver.BimserverDatabaseException;
+import org.bimserver.database.BimserverLockConflictException;
+import org.bimserver.database.DatabaseSession;
+import org.bimserver.database.OldQuery;
+import org.bimserver.models.log.AccessMethod;
+import org.bimserver.models.store.*;
+import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.webservices.authorization.Authorization;
public class DeleteDeserializerDatabaseAction extends DeleteDatabaseAction {
+ private Authorization authorization;
- public DeleteDeserializerDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, long sid) {
+ public DeleteDeserializerDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, long sid) {
super(databaseSession, accessMethod, StorePackage.eINSTANCE.getDeserializerPluginConfiguration(), sid);
- }
-
- @Override
- public Void execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- DeserializerPluginConfiguration object = getDatabaseSession().get(geteClass(), getOid(), OldQuery.getDefault());
- UserSettings settings = object.getUserSettings();
- settings.getDeserializers().remove(object);
- getDatabaseSession().store(settings);
- return super.execute();
+ this.authorization = authorization;
+ }
+
+ @Override
+ public Void execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User has no rights for this call");
+ }
+ DeserializerPluginConfiguration object = getDatabaseSession().get(geteClass(), getOid(), OldQuery.getDefault());
+ UserSettings settings = object.getUserSettings();
+ settings.getDeserializers().remove(object);
+ getDatabaseSession().store(settings);
+ return super.execute();
}
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/DeleteInternalServiceDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/DeleteInternalServiceDatabaseAction.java
index a46e933c1c..8e2cd5a154 100644
--- a/BimServer/src/org/bimserver/database/actions/DeleteInternalServiceDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/DeleteInternalServiceDatabaseAction.java
@@ -1,44 +1,49 @@
-package org.bimserver.database.actions;
-
-/******************************************************************************
- * Copyright (C) 2009-2019 BIMserver.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see {@literal}.
- *****************************************************************************/
-
-import org.bimserver.BimserverDatabaseException;
-import org.bimserver.database.BimserverLockConflictException;
-import org.bimserver.database.DatabaseSession;
-import org.bimserver.database.OldQuery;
-import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.InternalServicePluginConfiguration;
-import org.bimserver.models.store.StorePackage;
-import org.bimserver.models.store.UserSettings;
-import org.bimserver.shared.exceptions.UserException;
+package org.bimserver.database.actions;
+
+/******************************************************************************
+ * Copyright (C) 2009-2019 BIMserver.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see {@literal}.
+ *****************************************************************************/
+
+import org.bimserver.BimserverDatabaseException;
+import org.bimserver.database.BimserverLockConflictException;
+import org.bimserver.database.DatabaseSession;
+import org.bimserver.database.OldQuery;
+import org.bimserver.models.log.AccessMethod;
+import org.bimserver.models.store.*;
+import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.webservices.authorization.Authorization;
public class DeleteInternalServiceDatabaseAction extends DeleteDatabaseAction {
+ private Authorization authorization;
- public DeleteInternalServiceDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, long ifid) {
+ public DeleteInternalServiceDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, long ifid) {
super(databaseSession, accessMethod, StorePackage.eINSTANCE.getInternalServicePluginConfiguration(), ifid);
- }
-
- @Override
- public Void execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- InternalServicePluginConfiguration object = getDatabaseSession().get(geteClass(), getOid(), OldQuery.getDefault());
- UserSettings settings = object.getUserSettings();
- settings.getServices().remove(object);
- getDatabaseSession().store(settings);
- return super.execute();
+ this.authorization = authorization;
+ }
+
+ @Override
+ public Void execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User has no rights for this call");
+ }
+ InternalServicePluginConfiguration object = getDatabaseSession().get(geteClass(), getOid(), OldQuery.getDefault());
+ UserSettings settings = object.getUserSettings();
+ settings.getServices().remove(object);
+ getDatabaseSession().store(settings);
+ return super.execute();
}
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/DeleteModelCompareDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/DeleteModelCompareDatabaseAction.java
index 49e556ce3a..c9c4696afb 100644
--- a/BimServer/src/org/bimserver/database/actions/DeleteModelCompareDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/DeleteModelCompareDatabaseAction.java
@@ -1,44 +1,49 @@
-package org.bimserver.database.actions;
-
-/******************************************************************************
- * Copyright (C) 2009-2019 BIMserver.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see {@literal}.
- *****************************************************************************/
-
-import org.bimserver.BimserverDatabaseException;
-import org.bimserver.database.BimserverLockConflictException;
-import org.bimserver.database.DatabaseSession;
-import org.bimserver.database.OldQuery;
-import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.ModelComparePluginConfiguration;
-import org.bimserver.models.store.StorePackage;
-import org.bimserver.models.store.UserSettings;
-import org.bimserver.shared.exceptions.UserException;
+package org.bimserver.database.actions;
+
+/******************************************************************************
+ * Copyright (C) 2009-2019 BIMserver.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see {@literal}.
+ *****************************************************************************/
+
+import org.bimserver.BimserverDatabaseException;
+import org.bimserver.database.BimserverLockConflictException;
+import org.bimserver.database.DatabaseSession;
+import org.bimserver.database.OldQuery;
+import org.bimserver.models.log.AccessMethod;
+import org.bimserver.models.store.*;
+import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.webservices.authorization.Authorization;
public class DeleteModelCompareDatabaseAction extends DeleteDatabaseAction {
+ private Authorization authorization;
- public DeleteModelCompareDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, long iid) {
+ public DeleteModelCompareDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, long iid) {
super(databaseSession, accessMethod, StorePackage.eINSTANCE.getModelComparePluginConfiguration(), iid);
- }
-
- @Override
- public Void execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- ModelComparePluginConfiguration object = getDatabaseSession().get(geteClass(), getOid(), OldQuery.getDefault());
- UserSettings settings = object.getUserSettings();
- settings.getModelCompares().remove(object);
- getDatabaseSession().store(settings);
- return super.execute();
+ this.authorization = authorization;
+ }
+
+ @Override
+ public Void execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User has no rights for this call");
+ }
+ ModelComparePluginConfiguration object = getDatabaseSession().get(geteClass(), getOid(), OldQuery.getDefault());
+ UserSettings settings = object.getUserSettings();
+ settings.getModelCompares().remove(object);
+ getDatabaseSession().store(settings);
+ return super.execute();
}
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/DeleteModelMergerDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/DeleteModelMergerDatabaseAction.java
index b44d0aa114..122ee8ac4f 100644
--- a/BimServer/src/org/bimserver/database/actions/DeleteModelMergerDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/DeleteModelMergerDatabaseAction.java
@@ -1,44 +1,47 @@
-package org.bimserver.database.actions;
-
-/******************************************************************************
- * Copyright (C) 2009-2019 BIMserver.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see {@literal}.
- *****************************************************************************/
-
-import org.bimserver.BimserverDatabaseException;
-import org.bimserver.database.BimserverLockConflictException;
-import org.bimserver.database.DatabaseSession;
-import org.bimserver.database.OldQuery;
-import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.ModelMergerPluginConfiguration;
-import org.bimserver.models.store.StorePackage;
-import org.bimserver.models.store.UserSettings;
-import org.bimserver.shared.exceptions.UserException;
+package org.bimserver.database.actions;
+
+/******************************************************************************
+ * Copyright (C) 2009-2019 BIMserver.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see {@literal}.
+ *****************************************************************************/
+
+import org.bimserver.BimserverDatabaseException;
+import org.bimserver.database.BimserverLockConflictException;
+import org.bimserver.database.DatabaseSession;
+import org.bimserver.database.OldQuery;
+import org.bimserver.models.log.AccessMethod;
+import org.bimserver.models.store.ModelMergerPluginConfiguration;
+import org.bimserver.models.store.StorePackage;
+import org.bimserver.models.store.UserSettings;
+import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.webservices.authorization.Authorization;
public class DeleteModelMergerDatabaseAction extends DeleteDatabaseAction {
+ private Authorization authorization;
- public DeleteModelMergerDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, long iid) {
+ public DeleteModelMergerDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, long iid) {
super(databaseSession, accessMethod, StorePackage.eINSTANCE.getModelMergerPluginConfiguration(), iid);
- }
-
- @Override
- public Void execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- ModelMergerPluginConfiguration object = getDatabaseSession().get(geteClass(), getOid(), OldQuery.getDefault());
- UserSettings settings = object.getUserSettings();
- settings.getModelMergers().remove(object);
- getDatabaseSession().store(settings);
- return super.execute();
+ this.authorization = authorization;
+ }
+
+ @Override
+ public Void execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ ModelMergerPluginConfiguration object = getDatabaseSession().get(geteClass(), getOid(), OldQuery.getDefault());
+ UserSettings settings = object.getUserSettings();
+ settings.getModelMergers().remove(object);
+ getDatabaseSession().store(settings);
+ return super.execute();
}
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/DeletePluginConfigurationDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/DeletePluginConfigurationDatabaseAction.java
index ecebd1f562..ed6f01eff5 100644
--- a/BimServer/src/org/bimserver/database/actions/DeletePluginConfigurationDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/DeletePluginConfigurationDatabaseAction.java
@@ -1,48 +1,53 @@
-package org.bimserver.database.actions;
-
-/******************************************************************************
- * Copyright (C) 2009-2019 BIMserver.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see {@literal}.
- *****************************************************************************/
-
-import java.util.List;
-
-import org.bimserver.BimserverDatabaseException;
-import org.bimserver.database.BimserverLockConflictException;
-import org.bimserver.database.DatabaseSession;
-import org.bimserver.database.OldQuery;
-import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.PluginConfiguration;
-import org.bimserver.models.store.StorePackage;
-import org.bimserver.models.store.UserSettings;
-import org.bimserver.shared.exceptions.ServerException;
-import org.bimserver.shared.exceptions.UserException;
+package org.bimserver.database.actions;
+
+/******************************************************************************
+ * Copyright (C) 2009-2019 BIMserver.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see {@literal}.
+ *****************************************************************************/
+
+import java.util.List;
+
+import org.bimserver.BimserverDatabaseException;
+import org.bimserver.database.BimserverLockConflictException;
+import org.bimserver.database.DatabaseSession;
+import org.bimserver.database.OldQuery;
+import org.bimserver.models.log.AccessMethod;
+import org.bimserver.models.store.*;
+import org.bimserver.shared.exceptions.ServerException;
+import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.webservices.authorization.Authorization;
import org.eclipse.emf.ecore.EReference;
public class DeletePluginConfigurationDatabaseAction extends BimDatabaseAction{
private long oid;
+ private Authorization authorization;
- public DeletePluginConfigurationDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, long oid) {
+ public DeletePluginConfigurationDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, long oid) {
super(databaseSession, accessMethod);
this.oid = oid;
+ this.authorization = authorization;
}
@SuppressWarnings("rawtypes")
@Override
public Void execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException, ServerException {
+ User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User has no rights for this call");
+ }
PluginConfiguration pluginConfiguration = getDatabaseSession().get(StorePackage.eINSTANCE.getPluginConfiguration(), oid, OldQuery.getDefault());
UserSettings settings = (UserSettings) pluginConfiguration.eGet(pluginConfiguration.eClass().getEStructuralFeature("userSettings"));
if (settings == null) {
diff --git a/BimServer/src/org/bimserver/database/actions/DeleteProjectDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/DeleteProjectDatabaseAction.java
index 84c9f34771..cd7a9c5ba0 100644
--- a/BimServer/src/org/bimserver/database/actions/DeleteProjectDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/DeleteProjectDatabaseAction.java
@@ -33,30 +33,33 @@
import org.bimserver.models.store.UserType;
import org.bimserver.shared.exceptions.UserException;
import org.bimserver.webservices.authorization.Authorization;
-
-public class DeleteProjectDatabaseAction extends BimDatabaseAction {
-
+
+public class DeleteProjectDatabaseAction extends BimDatabaseAction {
+
private final long poid;
private Authorization authorization;
- private BimServer bimServer;
-
- public DeleteProjectDatabaseAction(BimServer bimServer, DatabaseSession databaseSession, AccessMethod accessMethod, long poid, Authorization authorization) {
+ private BimServer bimServer;
+
+ public DeleteProjectDatabaseAction(BimServer bimServer, DatabaseSession databaseSession, AccessMethod accessMethod, long poid, Authorization authorization) {
super(databaseSession, accessMethod);
this.bimServer = bimServer;
this.poid = poid;
- this.authorization = authorization;
- }
-
- @Override
- public Boolean execute() throws UserException, BimserverDatabaseException, BimserverLockConflictException {
- User actingUser = getUserByUoid(authorization.getUoid());
- final Project project = getProjectByPoid(poid);
- if (actingUser.getUserType() == UserType.ADMIN || (actingUser.getHasRightsOn().contains(project) && bimServer.getServerSettingsCache().getServerSettings().isAllowUsersToCreateTopLevelProjects())) {
- delete(project);
- final ProjectDeleted projectDeleted = getDatabaseSession().create(ProjectDeleted.class);
- projectDeleted.setAccessMethod(getAccessMethod());
- projectDeleted.setDate(new Date());
- projectDeleted.setExecutor(actingUser);
+ this.authorization = authorization;
+ }
+
+ @Override
+ public Boolean execute() throws UserException, BimserverDatabaseException, BimserverLockConflictException {
+ User actingUser = getUserByUoid(authorization.getUoid());
+ final Project project = getProjectByPoid(poid);
+ if (actingUser.getUserType() == UserType.READ_ONLY){
+ throw new UserException("No rights to delete this project");
+ }
+ if (actingUser.getUserType() == UserType.ADMIN || (actingUser.getHasRightsOn().contains(project) && bimServer.getServerSettingsCache().getServerSettings().isAllowUsersToCreateTopLevelProjects())) {
+ delete(project);
+ final ProjectDeleted projectDeleted = getDatabaseSession().create(ProjectDeleted.class);
+ projectDeleted.setAccessMethod(getAccessMethod());
+ projectDeleted.setDate(new Date());
+ projectDeleted.setExecutor(actingUser);
projectDeleted.setProject(project);
getDatabaseSession().addPostCommitAction(new PostCommitAction() {
@Override
@@ -64,17 +67,17 @@ public void execute() throws UserException {
bimServer.getNotificationsManager().notify(new SConverter().convertToSObject(projectDeleted));
}
});
- getDatabaseSession().store(project);
- return true;
- } else {
- throw new UserException("No rights to delete this project");
- }
- }
-
- private void delete(Project project) {
- project.setState(ObjectState.DELETED);
- for (Project subProject : project.getSubProjects()) {
- delete(subProject);
- }
- }
+ getDatabaseSession().store(project);
+ return true;
+ } else {
+ throw new UserException("No rights to delete this project");
+ }
+ }
+
+ private void delete(Project project) {
+ project.setState(ObjectState.DELETED);
+ for (Project subProject : project.getSubProjects()) {
+ delete(subProject);
+ }
+ }
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/DeleteQueryEngineDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/DeleteQueryEngineDatabaseAction.java
index da54713d22..d15a8262e2 100644
--- a/BimServer/src/org/bimserver/database/actions/DeleteQueryEngineDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/DeleteQueryEngineDatabaseAction.java
@@ -1,44 +1,49 @@
-package org.bimserver.database.actions;
-
-/******************************************************************************
- * Copyright (C) 2009-2019 BIMserver.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see {@literal}.
- *****************************************************************************/
-
-import org.bimserver.BimserverDatabaseException;
-import org.bimserver.database.BimserverLockConflictException;
-import org.bimserver.database.DatabaseSession;
-import org.bimserver.database.OldQuery;
-import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.QueryEnginePluginConfiguration;
-import org.bimserver.models.store.StorePackage;
-import org.bimserver.models.store.UserSettings;
-import org.bimserver.shared.exceptions.UserException;
+package org.bimserver.database.actions;
+
+/******************************************************************************
+ * Copyright (C) 2009-2019 BIMserver.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see {@literal}.
+ *****************************************************************************/
+
+import org.bimserver.BimserverDatabaseException;
+import org.bimserver.database.BimserverLockConflictException;
+import org.bimserver.database.DatabaseSession;
+import org.bimserver.database.OldQuery;
+import org.bimserver.models.log.AccessMethod;
+import org.bimserver.models.store.*;
+import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.webservices.authorization.Authorization;
public class DeleteQueryEngineDatabaseAction extends DeleteDatabaseAction {
+ private Authorization authorization;
- public DeleteQueryEngineDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, long iid) {
+ public DeleteQueryEngineDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, long iid) {
super(databaseSession, accessMethod, StorePackage.eINSTANCE.getQueryEnginePluginConfiguration(), iid);
- }
-
- @Override
- public Void execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- QueryEnginePluginConfiguration object = getDatabaseSession().get(geteClass(), getOid(), OldQuery.getDefault());
- UserSettings settings = object.getUserSettings();
- settings.getQueryEngines().remove(object);
- getDatabaseSession().store(settings);
- return super.execute();
+ this.authorization = authorization;
+ }
+
+ @Override
+ public Void execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User has no rights for this call");
+ }
+ QueryEnginePluginConfiguration object = getDatabaseSession().get(geteClass(), getOid(), OldQuery.getDefault());
+ UserSettings settings = object.getUserSettings();
+ settings.getQueryEngines().remove(object);
+ getDatabaseSession().store(settings);
+ return super.execute();
}
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/DeleteRenderEngineDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/DeleteRenderEngineDatabaseAction.java
index 526f7074f5..b72e2178e5 100644
--- a/BimServer/src/org/bimserver/database/actions/DeleteRenderEngineDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/DeleteRenderEngineDatabaseAction.java
@@ -1,44 +1,49 @@
-package org.bimserver.database.actions;
-
-/******************************************************************************
- * Copyright (C) 2009-2019 BIMserver.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see {@literal}.
- *****************************************************************************/
-
-import org.bimserver.BimserverDatabaseException;
-import org.bimserver.database.BimserverLockConflictException;
-import org.bimserver.database.DatabaseSession;
-import org.bimserver.database.OldQuery;
-import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.RenderEnginePluginConfiguration;
-import org.bimserver.models.store.StorePackage;
-import org.bimserver.models.store.UserSettings;
-import org.bimserver.shared.exceptions.UserException;
+package org.bimserver.database.actions;
+
+/******************************************************************************
+ * Copyright (C) 2009-2019 BIMserver.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see {@literal}.
+ *****************************************************************************/
+
+import org.bimserver.BimserverDatabaseException;
+import org.bimserver.database.BimserverLockConflictException;
+import org.bimserver.database.DatabaseSession;
+import org.bimserver.database.OldQuery;
+import org.bimserver.models.log.AccessMethod;
+import org.bimserver.models.store.*;
+import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.webservices.authorization.Authorization;
public class DeleteRenderEngineDatabaseAction extends DeleteDatabaseAction {
+ private Authorization authorization;
- public DeleteRenderEngineDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, long iid) {
+ public DeleteRenderEngineDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, long iid) {
super(databaseSession, accessMethod, StorePackage.eINSTANCE.getRenderEnginePluginConfiguration(), iid);
- }
-
- @Override
- public Void execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- RenderEnginePluginConfiguration object = getDatabaseSession().get(geteClass(), getOid(), OldQuery.getDefault());
- UserSettings settings = object.getUserSettings();
- settings.getRenderEngines().remove(object);
- getDatabaseSession().store(settings);
- return super.execute();
+ this.authorization = authorization;
+ }
+
+ @Override
+ public Void execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User has no rights for this call");
+ }
+ RenderEnginePluginConfiguration object = getDatabaseSession().get(geteClass(), getOid(), OldQuery.getDefault());
+ UserSettings settings = object.getUserSettings();
+ settings.getRenderEngines().remove(object);
+ getDatabaseSession().store(settings);
+ return super.execute();
}
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/DeleteSerializerDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/DeleteSerializerDatabaseAction.java
index 96f65cbc43..d80443f907 100644
--- a/BimServer/src/org/bimserver/database/actions/DeleteSerializerDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/DeleteSerializerDatabaseAction.java
@@ -22,19 +22,24 @@
import org.bimserver.database.DatabaseSession;
import org.bimserver.database.OldQuery;
import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.SerializerPluginConfiguration;
-import org.bimserver.models.store.StorePackage;
-import org.bimserver.models.store.UserSettings;
+import org.bimserver.models.store.*;
import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.webservices.authorization.Authorization;
public class DeleteSerializerDatabaseAction extends DeleteDatabaseAction {
+ private Authorization authorization;
- public DeleteSerializerDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, long sid) {
+ public DeleteSerializerDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, long sid) {
super(databaseSession, accessMethod, StorePackage.eINSTANCE.getSerializerPluginConfiguration(), sid);
+ this.authorization = authorization;
}
@Override
public Void execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User has no rights for this call");
+ }
SerializerPluginConfiguration object = getDatabaseSession().get(geteClass(), getOid(), OldQuery.getDefault());
UserSettings settings = object.getUserSettings();
settings.getSerializers().remove(object);
diff --git a/BimServer/src/org/bimserver/database/actions/GetAllAuthorizedUsersOfProjectDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/GetAllAuthorizedUsersOfProjectDatabaseAction.java
index c88d89cc0f..858b514dc0 100644
--- a/BimServer/src/org/bimserver/database/actions/GetAllAuthorizedUsersOfProjectDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/GetAllAuthorizedUsersOfProjectDatabaseAction.java
@@ -25,21 +25,29 @@
import org.bimserver.database.DatabaseSession;
import org.bimserver.models.log.AccessMethod;
import org.bimserver.models.store.User;
+import org.bimserver.models.store.UserType;
import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.webservices.authorization.Authorization;
import org.eclipse.emf.common.util.EList;
-
-public class GetAllAuthorizedUsersOfProjectDatabaseAction extends BimDatabaseAction>{
-
- private final long poid;
-
- public GetAllAuthorizedUsersOfProjectDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, long poid) {
- super(databaseSession, accessMethod);
- this.poid = poid;
- }
-
- @Override
- public Set execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- EList users = getProjectByPoid(poid).getHasAuthorizedUsers();
- return new HashSet(users);
- }
+
+public class GetAllAuthorizedUsersOfProjectDatabaseAction extends BimDatabaseAction>{
+
+ private final long poid;
+ private Authorization authorization;
+
+ public GetAllAuthorizedUsersOfProjectDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, long poid, Authorization authorization) {
+ super(databaseSession, accessMethod);
+ this.poid = poid;
+ this.authorization = authorization;
+ }
+
+ @Override
+ public Set execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ User actingUser = getUserByUoid(authorization.getUoid());
+ if (actingUser.getUserType() == UserType.READ_ONLY){
+ throw new UserException("No rights to get all authorized users of a project");
+ }
+ EList users = getProjectByPoid(poid).getHasAuthorizedUsers();
+ return new HashSet(users);
+ }
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/GetAllCheckoutsByUserDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/GetAllCheckoutsByUserDatabaseAction.java
index d2368f216d..633456718f 100644
--- a/BimServer/src/org/bimserver/database/actions/GetAllCheckoutsByUserDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/GetAllCheckoutsByUserDatabaseAction.java
@@ -30,24 +30,29 @@
import org.bimserver.models.store.Checkout;
import org.bimserver.models.store.StorePackage;
import org.bimserver.models.store.User;
+import org.bimserver.models.store.UserType;
import org.bimserver.shared.exceptions.UserException;
import org.bimserver.utils.CollectionUtils;
-
-public class GetAllCheckoutsByUserDatabaseAction extends BimDatabaseAction> {
-
- private final long uoid;
-
- public GetAllCheckoutsByUserDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, long uoid) {
- super(databaseSession, accessMethod);
- this.uoid = uoid;
- }
-
- @Override
- public List execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- User user = getUserByUoid(uoid);
- Condition condition = new HasReferenceToCondition(StorePackage.eINSTANCE.getCheckout_User(), user);
-// condition = condition.and(new AttributeCondition(StorePackage.eINSTANCE.getCheckout_Active(), new BooleanLiteral(true)));
- Map query = getDatabaseSession().query(condition, Checkout.class, OldQuery.getDefault());
- return CollectionUtils.mapToList(query);
- }
+import org.bimserver.webservices.authorization.Authorization;
+
+public class GetAllCheckoutsByUserDatabaseAction extends BimDatabaseAction> {
+
+ private final long uoid;
+
+ public GetAllCheckoutsByUserDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, long uoid) {
+ super(databaseSession, accessMethod);
+ this.uoid = uoid;
+ }
+
+ @Override
+ public List execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ User user = getUserByUoid(uoid);
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("Read-only user does not have access to this method");
+ }
+ Condition condition = new HasReferenceToCondition(StorePackage.eINSTANCE.getCheckout_User(), user);
+// condition = condition.and(new AttributeCondition(StorePackage.eINSTANCE.getCheckout_Active(), new BooleanLiteral(true)));
+ Map query = getDatabaseSession().query(condition, Checkout.class, OldQuery.getDefault());
+ return CollectionUtils.mapToList(query);
+ }
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/GetAllCheckoutsOfProjectDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/GetAllCheckoutsOfProjectDatabaseAction.java
index 259299aae8..4cfc692d87 100644
--- a/BimServer/src/org/bimserver/database/actions/GetAllCheckoutsOfProjectDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/GetAllCheckoutsOfProjectDatabaseAction.java
@@ -30,43 +30,48 @@
import org.bimserver.database.query.conditions.Condition;
import org.bimserver.database.query.conditions.HasReferenceToInCondition;
import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.Checkout;
-import org.bimserver.models.store.Project;
-import org.bimserver.models.store.StorePackage;
+import org.bimserver.models.store.*;
import org.bimserver.shared.exceptions.UserException;
import org.bimserver.utils.CollectionUtils;
-
-public class GetAllCheckoutsOfProjectDatabaseAction extends BimDatabaseAction> {
-
- private final long poid;
- private final boolean checkSubProjects;
-
- public GetAllCheckoutsOfProjectDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, long poid, boolean checkSubProjects) {
- super(databaseSession, accessMethod);
- this.poid = poid;
- this.checkSubProjects = checkSubProjects;
- }
-
- @Override
- public List execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- Project project = getProjectByPoid(poid);
- Set projects = new HashSet();
- if (checkSubProjects) {
- getSubProjects(project, projects);
- } else {
- projects.add(project);
- }
- Condition condition = new HasReferenceToInCondition(StorePackage.eINSTANCE.getCheckout_Project(), projects);
+import org.bimserver.webservices.authorization.Authorization;
+
+public class GetAllCheckoutsOfProjectDatabaseAction extends BimDatabaseAction> {
+
+ private final long poid;
+ private final boolean checkSubProjects;
+ private Authorization authorization;
+
+ public GetAllCheckoutsOfProjectDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, long poid, boolean checkSubProjects, Authorization authorization) {
+ super(databaseSession, accessMethod);
+ this.poid = poid;
+ this.checkSubProjects = checkSubProjects;
+ this.authorization = authorization;
+ }
+
+ @Override
+ public List execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ User actingUser = getUserByUoid(authorization.getUoid());
+ Project project = getProjectByPoid(poid);
+ if (!authorization.hasRightsOnProject(actingUser, project)) {
+ throw new UserException("User does not have rights on project");
+ }
+ Set projects = new HashSet();
+ if (checkSubProjects) {
+ getSubProjects(project, projects);
+ } else {
+ projects.add(project);
+ }
+ Condition condition = new HasReferenceToInCondition(StorePackage.eINSTANCE.getCheckout_Project(), projects);
Map query = getDatabaseSession().query(condition, Checkout.class, OldQuery.getDefault());
- return CollectionUtils.mapToList(query);
- }
-
- private void getSubProjects(Project project, Set projects) {
- projects.add(project);
- Iterator iterator = project.getSubProjects().iterator();
- while (iterator.hasNext()) {
- Project subProject = iterator.next();
- getSubProjects(subProject, projects);
- }
- }
+ return CollectionUtils.mapToList(query);
+ }
+
+ private void getSubProjects(Project project, Set projects) {
+ projects.add(project);
+ Iterator iterator = project.getSubProjects().iterator();
+ while (iterator.hasNext()) {
+ Project subProject = iterator.next();
+ getSubProjects(subProject, projects);
+ }
+ }
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/GetAllCheckoutsOfRevisionDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/GetAllCheckoutsOfRevisionDatabaseAction.java
index 8a3e8b010d..0360f32587 100644
--- a/BimServer/src/org/bimserver/database/actions/GetAllCheckoutsOfRevisionDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/GetAllCheckoutsOfRevisionDatabaseAction.java
@@ -26,25 +26,31 @@
import org.bimserver.database.query.conditions.Condition;
import org.bimserver.database.query.conditions.HasReferenceToCondition;
import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.Checkout;
-import org.bimserver.models.store.Revision;
-import org.bimserver.models.store.StorePackage;
+import org.bimserver.models.store.*;
import org.bimserver.shared.exceptions.UserException;
import org.bimserver.utils.CollectionUtils;
-
-public class GetAllCheckoutsOfRevisionDatabaseAction extends BimDatabaseAction> {
-
- private final long roid;
-
- public GetAllCheckoutsOfRevisionDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, long roid) {
- super(databaseSession, accessMethod);
- this.roid = roid;
- }
-
- @Override
- public List execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- Revision revision = getRevisionByRoid(roid);
- Condition condition = new HasReferenceToCondition(StorePackage.eINSTANCE.getCheckout_Revision(), revision);
- return CollectionUtils.mapToList(getDatabaseSession().query(condition, Checkout.class, OldQuery.getDefault()));
- }
+import org.bimserver.webservices.authorization.Authorization;
+
+public class GetAllCheckoutsOfRevisionDatabaseAction extends BimDatabaseAction> {
+
+ private final long roid;
+ private Authorization authorization;
+
+ public GetAllCheckoutsOfRevisionDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, long roid, Authorization authorization) {
+ super(databaseSession, accessMethod);
+ this.roid = roid;
+ this.authorization = authorization;
+ }
+
+ @Override
+ public List execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ User actingUser = getUserByUoid(authorization.getUoid());
+ Revision revision = getRevisionByRoid(roid);
+ Project project = revision.getProject();
+ if (!authorization.hasRightsOnProject(actingUser, project)) {
+ throw new UserException("User does not have rights on project");
+ }
+ Condition condition = new HasReferenceToCondition(StorePackage.eINSTANCE.getCheckout_Revision(), revision);
+ return CollectionUtils.mapToList(getDatabaseSession().query(condition, Checkout.class, OldQuery.getDefault()));
+ }
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/GetAllProjectsSmallDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/GetAllProjectsSmallDatabaseAction.java
index 811b97b1f5..5d0281f54f 100644
--- a/BimServer/src/org/bimserver/database/actions/GetAllProjectsSmallDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/GetAllProjectsSmallDatabaseAction.java
@@ -77,7 +77,10 @@ private void addProjects(List list, Project project, User user) {
if (project.getState() == ObjectState.DELETED && !(authorization instanceof AdminAuthorization)) {
return;
}
- list.add(createSmallProject(authorization, bimServer, project, user));
+ if (authorization.hasRightsOnProject(user, project)) {
+ list.add(createSmallProject(authorization, bimServer, project, user));
+ }
+
List subProjects = new ArrayList(project.getSubProjects());
Collections.sort(subProjects, new Comparator(){
@Override
diff --git a/BimServer/src/org/bimserver/database/actions/GetAllRelatedProjectsDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/GetAllRelatedProjectsDatabaseAction.java
index c5e87d5f27..4884fcb5c6 100644
--- a/BimServer/src/org/bimserver/database/actions/GetAllRelatedProjectsDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/GetAllRelatedProjectsDatabaseAction.java
@@ -72,7 +72,10 @@ private void addProjects(List list, Project project, User user) {
if (project.getState() == ObjectState.DELETED && !(authorization instanceof AdminAuthorization)) {
return;
}
- list.add(GetAllProjectsSmallDatabaseAction.createSmallProject(authorization, bimServer, project, user));
+ if (authorization.hasRightsOnProject(user, project)) {
+ list.add(GetAllProjectsSmallDatabaseAction.createSmallProject(authorization, bimServer, project, user));
+ }
+
List subProjects = new ArrayList(project.getSubProjects());
Collections.sort(subProjects, new Comparator(){
@Override
diff --git a/BimServer/src/org/bimserver/database/actions/GetDataObjectByGuidDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/GetDataObjectByGuidDatabaseAction.java
index 3b2611afd4..d32ac64002 100644
--- a/BimServer/src/org/bimserver/database/actions/GetDataObjectByGuidDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/GetDataObjectByGuidDatabaseAction.java
@@ -23,44 +23,48 @@
import org.bimserver.database.DatabaseSession;
import org.bimserver.database.ObjectIdentifier;
import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.ConcreteRevision;
-import org.bimserver.models.store.DataObject;
-import org.bimserver.models.store.Revision;
+import org.bimserver.models.store.*;
import org.bimserver.shared.exceptions.UserException;
import org.bimserver.webservices.authorization.Authorization;
-
-public class GetDataObjectByGuidDatabaseAction extends BimDatabaseAction{
-
- private final String guid;
- private final long roid;
+
+public class GetDataObjectByGuidDatabaseAction extends BimDatabaseAction{
+
+ private final String guid;
+ private final long roid;
private final BimServer bimServer;
- private Authorization authorization;
-
- public GetDataObjectByGuidDatabaseAction(BimServer bimServer, DatabaseSession databaseSession, AccessMethod accessMethod, long roid, String guid, Authorization authorization) {
- super(databaseSession, accessMethod);
- this.bimServer = bimServer;
- this.roid = roid;
+ private Authorization authorization;
+
+ public GetDataObjectByGuidDatabaseAction(BimServer bimServer, DatabaseSession databaseSession, AccessMethod accessMethod, long roid, String guid, Authorization authorization) {
+ super(databaseSession, accessMethod);
+ this.bimServer = bimServer;
+ this.roid = roid;
this.guid = guid;
this.authorization = authorization;
- }
-
- @Override
- public DataObject execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- Revision virtualRevision = getRevisionByRoid(roid);
- ObjectIdentifier objectIdentifier = null;
- for (ConcreteRevision concreteRevision : virtualRevision.getConcreteRevisions()) {
- objectIdentifier = getDatabaseSession().getOidOfGuid(concreteRevision.getProject().getSchema(), guid, concreteRevision.getProject().getId(), concreteRevision.getId());
- if (objectIdentifier != null) {
- long oidOfGuid = objectIdentifier.getOid();
- if (oidOfGuid != -1) {
- break;
- }
- }
- }
- if (objectIdentifier == null) {
- throw new UserException("Guid " + guid + " not found in this revision/project");
- }
-
- return new GetDataObjectByOidDatabaseAction(bimServer, getDatabaseSession(), getAccessMethod(), roid, objectIdentifier.getOid(), authorization).execute();
- }
+ }
+
+ @Override
+ public DataObject execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ Revision virtualRevision = getRevisionByRoid(roid);
+ ObjectIdentifier objectIdentifier = null;
+ Project project = virtualRevision.getProject();
+ User user = getUserByUoid(authorization.getUoid());
+ if (!authorization.hasRightsOnProjectOrSuperProjectsOrSubProjects(user, project)) {
+ throw new UserException("User does not have rights on project");
+ }
+
+ for (ConcreteRevision concreteRevision : virtualRevision.getConcreteRevisions()) {
+ objectIdentifier = getDatabaseSession().getOidOfGuid(concreteRevision.getProject().getSchema(), guid, concreteRevision.getProject().getId(), concreteRevision.getId());
+ if (objectIdentifier != null) {
+ long oidOfGuid = objectIdentifier.getOid();
+ if (oidOfGuid != -1) {
+ break;
+ }
+ }
+ }
+ if (objectIdentifier == null) {
+ throw new UserException("Guid " + guid + " not found in this revision/project");
+ }
+
+ return new GetDataObjectByOidDatabaseAction(bimServer, getDatabaseSession(), getAccessMethod(), roid, objectIdentifier.getOid(), authorization).execute();
+ }
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/GetDataObjectByOidDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/GetDataObjectByOidDatabaseAction.java
index 274bc3f57c..be7ed2c9a5 100644
--- a/BimServer/src/org/bimserver/database/actions/GetDataObjectByOidDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/GetDataObjectByOidDatabaseAction.java
@@ -35,13 +35,7 @@
import org.bimserver.ifc.IfcModel;
import org.bimserver.models.ifc2x3tc1.IfcRoot;
import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.ConcreteRevision;
-import org.bimserver.models.store.DataObject;
-import org.bimserver.models.store.ListDataValue;
-import org.bimserver.models.store.ReferenceDataValue;
-import org.bimserver.models.store.Revision;
-import org.bimserver.models.store.SimpleDataValue;
-import org.bimserver.models.store.StoreFactory;
+import org.bimserver.models.store.*;
import org.bimserver.plugins.IfcModelSet;
import org.bimserver.plugins.ModelHelper;
import org.bimserver.plugins.modelmerger.MergeException;
@@ -56,40 +50,47 @@
import com.google.common.base.Charsets;
import com.google.common.collect.BiMap;
-
-public class GetDataObjectByOidDatabaseAction extends AbstractDownloadDatabaseAction {
- private final long oid;
- private final long roid;
-
- public GetDataObjectByOidDatabaseAction(BimServer bimServer, DatabaseSession databaseSession, AccessMethod accessMethod, long roid, long oid, Authorization authorization) {
- super(bimServer, databaseSession, accessMethod, authorization);
- this.roid = roid;
- this.oid = oid;
- }
-
- @Override
+public class GetDataObjectByOidDatabaseAction extends AbstractDownloadDatabaseAction {
+
+ private final long oid;
+ private final long roid;
+ private Authorization authorization;
+
+ public GetDataObjectByOidDatabaseAction(BimServer bimServer, DatabaseSession databaseSession, AccessMethod accessMethod, long roid, long oid, Authorization authorization) {
+ super(bimServer, databaseSession, accessMethod, authorization);
+ this.roid = roid;
+ this.oid = oid;
+ this.authorization = authorization;
+ }
+
+ @Override
public DataObject execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- Revision virtualRevision = getRevisionByRoid(roid);
- EObject eObject = null;
+ Revision virtualRevision = getRevisionByRoid(roid);
+ Project project = virtualRevision.getProject();
+ User user = getUserByUoid(authorization.getUoid());
+ if (!authorization.hasRightsOnProjectOrSuperProjectsOrSubProjects(user, project)) {
+ throw new UserException("User does not have rights on project");
+ }
+ EObject eObject = null;
IfcModelSet ifcModelSet = new IfcModelSet();
PackageMetaData lastPackageMetaData = null;
Map pidRoidMap = new HashMap<>();
- pidRoidMap.put(virtualRevision.getProject().getId(), virtualRevision.getOid());
+ pidRoidMap.put(virtualRevision.getProject().getId(), virtualRevision.getOid());
for (ConcreteRevision concreteRevision : virtualRevision.getConcreteRevisions()) {
- PackageMetaData packageMetaData = getBimServer().getMetaDataManager().getPackageMetaData(concreteRevision.getProject().getSchema());
+ PackageMetaData packageMetaData = getBimServer().getMetaDataManager().getPackageMetaData(concreteRevision.getProject().getSchema());
lastPackageMetaData = packageMetaData;
- IfcModel subModel = new BasicIfcModel(packageMetaData, pidRoidMap);
+ IfcModel subModel = new BasicIfcModel(packageMetaData, pidRoidMap);
int highestStopId = findHighestStopRid(concreteRevision.getProject(), concreteRevision);
OldQuery query = new OldQuery(packageMetaData, concreteRevision.getProject().getId(), concreteRevision.getId(), virtualRevision.getOid(), Deep.NO, highestStopId);
- eObject = getDatabaseSession().get(null, oid, subModel, query);
- subModel.getModelMetaData().setDate(concreteRevision.getDate());
- ifcModelSet.add(subModel);
- if (eObject != null) {
- break;
+ eObject = getDatabaseSession().get(null, oid, subModel, query);
+ subModel.getModelMetaData().setDate(concreteRevision.getDate());
+ ifcModelSet.add(subModel);
+ if (eObject != null) {
+ break;
}
}
-
+
IfcModelInterface ifcModel = new BasicIfcModel(lastPackageMetaData, pidRoidMap);
if (ifcModelSet.size() > 1) {
try {
@@ -100,34 +101,34 @@ public DataObject execute() throws UserException, BimserverLockConflictException
} else {
ifcModel = ifcModelSet.iterator().next();
}
-
- if (eObject == null) {
- throw new UserException("Object not found in this project/revision");
- }
- DataObject dataObject = null;
- if (eObject instanceof IfcRoot) {
- IfcRoot ifcRoot = (IfcRoot) eObject;
- String guid = ifcRoot.getGlobalId() != null ? ifcRoot.getGlobalId() : "";
- String name = ifcRoot.getName() != null ? ifcRoot.getName() : "";
- dataObject = StoreFactory.eINSTANCE.createDataObject();
- dataObject.setType(eObject.eClass().getName());
- ((IdEObjectImpl)dataObject).setOid(oid);
- dataObject.setGuid(guid);
- dataObject.setName(name);
- } else {
- dataObject = StoreFactory.eINSTANCE.createDataObject();
- dataObject.setType(eObject.eClass().getName());
- ((IdEObjectImpl)dataObject).setOid(oid);
- dataObject.setName("");
+
+ if (eObject == null) {
+ throw new UserException("Object not found in this project/revision");
+ }
+ DataObject dataObject = null;
+ if (eObject instanceof IfcRoot) {
+ IfcRoot ifcRoot = (IfcRoot) eObject;
+ String guid = ifcRoot.getGlobalId() != null ? ifcRoot.getGlobalId() : "";
+ String name = ifcRoot.getName() != null ? ifcRoot.getName() : "";
+ dataObject = StoreFactory.eINSTANCE.createDataObject();
+ dataObject.setType(eObject.eClass().getName());
+ ((IdEObjectImpl)dataObject).setOid(oid);
+ dataObject.setGuid(guid);
+ dataObject.setName(name);
+ } else {
+ dataObject = StoreFactory.eINSTANCE.createDataObject();
+ dataObject.setType(eObject.eClass().getName());
+ ((IdEObjectImpl)dataObject).setOid(oid);
+ dataObject.setName("");
dataObject.setGuid("");
}
- fillDataObject(ifcModel.getObjects(), eObject, dataObject);
- return dataObject;
- }
-
- @SuppressWarnings({ "unchecked", "rawtypes" })
+ fillDataObject(ifcModel.getObjects(), eObject, dataObject);
+ return dataObject;
+ }
+
+ @SuppressWarnings({ "unchecked", "rawtypes" })
public static void fillDataObject(BiMap mapResult, EObject eObject, DataObject dataObject) {
- for (EStructuralFeature eStructuralFeature : eObject.eClass().getEAllStructuralFeatures()) {
+ for (EStructuralFeature eStructuralFeature : eObject.eClass().getEAllStructuralFeatures()) {
Object eGet = eObject.eGet(eStructuralFeature);
if (eStructuralFeature.getEAnnotation("hidden") == null && !eStructuralFeature.isDerived()) {
if (eStructuralFeature instanceof EAttribute) {
@@ -165,12 +166,12 @@ public static void fillDataObject(BiMap mapRe
} else {
dataValue.setStringValue(eGet.toString());
}
- } else {
- dataValue.setStringValue(null);
- }
- dataValue.setFieldName(eStructuralFeature.getName());
+ } else {
+ dataValue.setStringValue(null);
+ }
+ dataValue.setFieldName(eStructuralFeature.getName());
dataObject.getValues().add(dataValue);
- }
+ }
} else if (eStructuralFeature instanceof EReference) {
if (eStructuralFeature.isMany()) {
if (eStructuralFeature.getEType() == EcorePackage.eINSTANCE.getEDouble() || eStructuralFeature.getEType() == EcorePackage.eINSTANCE.getEDoubleObject()) {
@@ -209,41 +210,41 @@ public static void fillDataObject(BiMap mapRe
}
}
} else {
- EObject eObject2 = (EObject) eGet;
- if (eObject2 != null) {
- if (eObject2.eClass().getEAnnotation("wrapped") != null) {
+ EObject eObject2 = (EObject) eGet;
+ if (eObject2 != null) {
+ if (eObject2.eClass().getEAnnotation("wrapped") != null) {
EObject referenceEObject = (EObject) eGet;
- SimpleDataValue e = StoreFactory.eINSTANCE.createSimpleDataValue();
+ SimpleDataValue e = StoreFactory.eINSTANCE.createSimpleDataValue();
EStructuralFeature wrappedValueFeature = referenceEObject.eClass().getEStructuralFeature("wrappedValue");
Object eGet2 = referenceEObject.eGet(wrappedValueFeature);
// if (wrappedValueFeature.getEType() == EcorePackage.eINSTANCE.getEDoubleObject() || wrappedValueFeature.getEType() == EcorePackage.eINSTANCE.getEDouble()) {
// e.setStringValue((String)referenceEObject.eGet(referenceEObject.eClass().getEStructuralFeature("wrappedValueAsString")));
// } else {
if (eGet2 != null) {
- e.setStringValue(eGet2.toString());
- } else {
- e.setStringValue(null);
+ e.setStringValue(eGet2.toString());
+ } else {
+ e.setStringValue(null);
}
- // }
- e.setFieldName(eStructuralFeature.getName());
- dataObject.getValues().add(e);
+ // }
+ e.setFieldName(eStructuralFeature.getName());
+ dataObject.getValues().add(e);
} else {
Long oid = ((IdEObject)eObject2).getOid();
ReferenceDataValue reference = StoreFactory.eINSTANCE.createReferenceDataValue();
if (eObject2 instanceof IfcRoot) {
IfcRoot ifcRoot = (IfcRoot)eObject2;
String guid = ifcRoot.getGlobalId();
- reference.setGuid(guid);
- }
- reference.setTypeName(eObject2.eClass().getName());
- ((IdEObjectImpl)reference).setOid(oid);
- reference.setFieldName(eStructuralFeature.getName());
+ reference.setGuid(guid);
+ }
+ reference.setTypeName(eObject2.eClass().getName());
+ ((IdEObjectImpl)reference).setOid(oid);
+ reference.setFieldName(eStructuralFeature.getName());
dataObject.getValues().add(reference);
- }
+ }
}
- }
- }
+ }
+ }
}
- }
- }
+ }
+ }
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/GetDataObjectsDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/GetDataObjectsDatabaseAction.java
index b1b247efd0..453cbde294 100644
--- a/BimServer/src/org/bimserver/database/actions/GetDataObjectsDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/GetDataObjectsDatabaseAction.java
@@ -34,74 +34,78 @@
import org.bimserver.ifc.IfcModel;
import org.bimserver.models.ifc2x3tc1.IfcRoot;
import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.ConcreteRevision;
-import org.bimserver.models.store.DataObject;
-import org.bimserver.models.store.Revision;
-import org.bimserver.models.store.StoreFactory;
+import org.bimserver.models.store.*;
import org.bimserver.plugins.IfcModelSet;
import org.bimserver.plugins.ModelHelper;
import org.bimserver.plugins.modelmerger.MergeException;
import org.bimserver.shared.exceptions.UserException;
import org.bimserver.webservices.authorization.Authorization;
import org.eclipse.emf.ecore.EObject;
-
-public class GetDataObjectsDatabaseAction extends AbstractDownloadDatabaseAction> {
-
- private final long roid;
-
- public GetDataObjectsDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, BimServer bimServer, long roid, Authorization authorization) {
- super(bimServer, databaseSession, accessMethod, authorization);
+
+public class GetDataObjectsDatabaseAction extends AbstractDownloadDatabaseAction> {
+
+ private final long roid;
+ private Authorization authorization;
+
+ public GetDataObjectsDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, BimServer bimServer, long roid, Authorization authorization) {
+ super(bimServer, databaseSession, accessMethod, authorization);
this.roid = roid;
- }
-
- @Override
- public List execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
- Revision virtualRevision = getRevisionByRoid(roid);
+ this.authorization = authorization;
+ }
+
+ @Override
+ public List execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ Revision virtualRevision = getRevisionByRoid(roid);
+ Project project = virtualRevision.getProject();
+ User user = getUserByUoid(authorization.getUoid());
+ if (!authorization.hasRightsOnProjectOrSuperProjectsOrSubProjects(user, project)) {
+ throw new UserException("User does not have rights on project");
+ }
IfcModelSet ifcModelSet = new IfcModelSet();
PackageMetaData lastPackageMetaData = null;
- Map pidRoidMap = new HashMap<>();
+ Map pidRoidMap = new HashMap<>();
pidRoidMap.put(virtualRevision.getProject().getId(), virtualRevision.getOid());
for (ConcreteRevision concreteRevision : virtualRevision.getConcreteRevisions()) {
int highestStopId = findHighestStopRid(concreteRevision.getProject(), concreteRevision);
PackageMetaData packageMetaData = getBimServer().getMetaDataManager().getPackageMetaData(concreteRevision.getProject().getSchema());
lastPackageMetaData = packageMetaData;
- IfcModel subModel = getDatabaseSession().createServerModel(packageMetaData, pidRoidMap);
+ IfcModel subModel = getDatabaseSession().createServerModel(packageMetaData, pidRoidMap);
OldQuery query = new OldQuery(packageMetaData, concreteRevision.getProject().getId(), concreteRevision.getId(), virtualRevision.getOid(), Deep.YES, highestStopId);
- getDatabaseSession().getMap(subModel, query);
- subModel.getModelMetaData().setDate(concreteRevision.getDate());
- ifcModelSet.add(subModel);
- }
+ getDatabaseSession().getMap(subModel, query);
+ subModel.getModelMetaData().setDate(concreteRevision.getDate());
+ ifcModelSet.add(subModel);
+ }
IfcModelInterface ifcModel = getDatabaseSession().createServerModel(lastPackageMetaData, pidRoidMap);
try {
ifcModel = getBimServer().getMergerFactory().createMerger(getDatabaseSession(), getAuthorization().getUoid()).merge(virtualRevision.getProject(), ifcModelSet, new ModelHelper(getBimServer().getMetaDataManager(), ifcModel));
} catch (MergeException e) {
throw new UserException(e);
- }
- List dataObjects = new ArrayList();
- for (Long oid : ifcModel.keySet()) {
+ }
+ List dataObjects = new ArrayList();
+ for (Long oid : ifcModel.keySet()) {
EObject eObject = ifcModel.get(oid);
if (eObject.eClass().getEAnnotation("hidden") == null) {
- DataObject dataObject = null;
- if (eObject instanceof IfcRoot) {
- IfcRoot ifcRoot = (IfcRoot)eObject;
- String guid = ifcRoot.getGlobalId() != null ? ifcRoot.getGlobalId() : "";
- String name = ifcRoot.getName() != null ? ifcRoot.getName() : "";
- dataObject = StoreFactory.eINSTANCE.createDataObject();
- dataObject.setType(eObject.eClass().getName());
- ((IdEObjectImpl)dataObject).setOid(oid);
- dataObject.setGuid(guid);
- dataObject.setName(name);
- } else {
- dataObject = StoreFactory.eINSTANCE.createDataObject();
- dataObject.setType(eObject.eClass().getName());
- ((IdEObjectImpl)dataObject).setOid(oid);
- dataObject.setGuid("");
- dataObject.setName("");
+ DataObject dataObject = null;
+ if (eObject instanceof IfcRoot) {
+ IfcRoot ifcRoot = (IfcRoot)eObject;
+ String guid = ifcRoot.getGlobalId() != null ? ifcRoot.getGlobalId() : "";
+ String name = ifcRoot.getName() != null ? ifcRoot.getName() : "";
+ dataObject = StoreFactory.eINSTANCE.createDataObject();
+ dataObject.setType(eObject.eClass().getName());
+ ((IdEObjectImpl)dataObject).setOid(oid);
+ dataObject.setGuid(guid);
+ dataObject.setName(name);
+ } else {
+ dataObject = StoreFactory.eINSTANCE.createDataObject();
+ dataObject.setType(eObject.eClass().getName());
+ ((IdEObjectImpl)dataObject).setOid(oid);
+ dataObject.setGuid("");
+ dataObject.setName("");
}
- GetDataObjectByOidDatabaseAction.fillDataObject(ifcModel.getObjects(), eObject, dataObject);
- dataObjects.add(dataObject);
- }
+ GetDataObjectByOidDatabaseAction.fillDataObject(ifcModel.getObjects(), eObject, dataObject);
+ dataObjects.add(dataObject);
+ }
}
- return dataObjects;
- }
+ return dataObjects;
+ }
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/GetGeometryInfoDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/GetGeometryInfoDatabaseAction.java
index 80668e6663..a5c42b74fc 100644
--- a/BimServer/src/org/bimserver/database/actions/GetGeometryInfoDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/GetGeometryInfoDatabaseAction.java
@@ -29,29 +29,35 @@
import org.bimserver.models.log.AccessMethod;
import org.bimserver.models.store.Project;
import org.bimserver.models.store.Revision;
+import org.bimserver.models.store.User;
import org.bimserver.shared.exceptions.UserException;
import org.bimserver.webservices.authorization.Authorization;
import org.eclipse.emf.ecore.EStructuralFeature;
-
-public class GetGeometryInfoDatabaseAction extends BimDatabaseAction {
-
+
+public class GetGeometryInfoDatabaseAction extends BimDatabaseAction {
+
private BimServer bimServer;
private long roid;
private long oid;
+ private Authorization authorization;
public GetGeometryInfoDatabaseAction(BimServer bimServer, DatabaseSession databaseSession, AccessMethod accessMethod, long roid, long oid, Authorization authorization) {
super(databaseSession, accessMethod);
this.bimServer = bimServer;
this.roid = roid;
this.oid = oid;
+ this.authorization = authorization;
}
@Override
public SGeometryInfo execute() throws UserException, BimserverDatabaseException, BimserverLockConflictException {
Revision revision = getDatabaseSession().get(roid, OldQuery.getDefault());
Project project = revision.getProject();
+ User actingUser = getUserByUoid(authorization.getUoid());
+ if (!authorization.hasRightsOnProject(actingUser, project)) {
+ throw new UserException("Only user who has access to the project can get geometry information");
+ }
PackageMetaData packageMetaData = bimServer.getMetaDataManager().getPackageMetaData(project.getSchema());
-
IdEObject ifcProduct = getDatabaseSession().get(oid, new OldQuery(packageMetaData, project.getId(), revision.getId(), revision.getOid()));
if (ifcProduct == null) {
throw new UserException("Object with oid " + oid + " not found");
diff --git a/BimServer/src/org/bimserver/database/actions/RemoveUserFromProjectDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/RemoveUserFromProjectDatabaseAction.java
index 673e59ea94..e8937cd99a 100644
--- a/BimServer/src/org/bimserver/database/actions/RemoveUserFromProjectDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/RemoveUserFromProjectDatabaseAction.java
@@ -1,51 +1,51 @@
-package org.bimserver.database.actions;
-
-/******************************************************************************
- * Copyright (C) 2009-2019 BIMserver.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see {@literal}.
- *****************************************************************************/
-
-import java.util.Date;
-
-import org.bimserver.BimServer;
-import org.bimserver.BimserverDatabaseException;
-import org.bimserver.database.BimserverLockConflictException;
-import org.bimserver.database.DatabaseSession;
-import org.bimserver.database.PostCommitAction;
-import org.bimserver.interfaces.SConverter;
-import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.log.UserRemovedFromProject;
-import org.bimserver.models.store.Project;
-import org.bimserver.models.store.User;
-import org.bimserver.models.store.UserType;
-import org.bimserver.shared.exceptions.UserException;
-import org.bimserver.webservices.authorization.Authorization;
+package org.bimserver.database.actions;
+
+/******************************************************************************
+ * Copyright (C) 2009-2019 BIMserver.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see {@literal}.
+ *****************************************************************************/
+
+import java.util.Date;
+
+import org.bimserver.BimServer;
+import org.bimserver.BimserverDatabaseException;
+import org.bimserver.database.BimserverLockConflictException;
+import org.bimserver.database.DatabaseSession;
+import org.bimserver.database.PostCommitAction;
+import org.bimserver.interfaces.SConverter;
+import org.bimserver.models.log.AccessMethod;
+import org.bimserver.models.log.UserRemovedFromProject;
+import org.bimserver.models.store.Project;
+import org.bimserver.models.store.User;
+import org.bimserver.models.store.UserType;
+import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.webservices.authorization.Authorization;
public class RemoveUserFromProjectDatabaseAction extends BimDatabaseAction {
private final long uoid;
- private final long poid;
- private Authorization authorization;
+ private final long poid;
+ private Authorization authorization;
private BimServer bimServer;
public RemoveUserFromProjectDatabaseAction(BimServer bimServer, DatabaseSession databaseSession, AccessMethod accessMethod, long uoid, long poid,
Authorization authorization) {
- super(databaseSession, accessMethod);
+ super(databaseSession, accessMethod);
this.bimServer = bimServer;
this.uoid = uoid;
- this.poid = poid;
+ this.poid = poid;
this.authorization = authorization;
}
@@ -67,6 +67,9 @@ public Boolean execute() throws UserException, BimserverDatabaseException, Bimse
"User cannot be removed from this project because it is the only admin user with authorization on this project");
}
}
+ if (user.getUserType() == UserType.READ_ONLY){
+ throw new UserException("Read-only user has no rights to remove users from project");
+ }
project.getHasAuthorizedUsers().remove(user);
user.getHasRightsOn().remove(project);
final UserRemovedFromProject userRemovedFromProject = getDatabaseSession().create(UserRemovedFromProject.class);
@@ -74,12 +77,12 @@ public Boolean execute() throws UserException, BimserverDatabaseException, Bimse
userRemovedFromProject.setExecutor(actingUser);
userRemovedFromProject.setAccessMethod(getAccessMethod());
userRemovedFromProject.setProject(project);
- userRemovedFromProject.setUser(user);
- getDatabaseSession().addPostCommitAction(new PostCommitAction() {
- @Override
- public void execute() throws UserException {
- bimServer.getNotificationsManager().notify(new SConverter().convertToSObject(userRemovedFromProject));
- }
+ userRemovedFromProject.setUser(user);
+ getDatabaseSession().addPostCommitAction(new PostCommitAction() {
+ @Override
+ public void execute() throws UserException {
+ bimServer.getNotificationsManager().notify(new SConverter().convertToSObject(userRemovedFromProject));
+ }
});
getDatabaseSession().store(user);
getDatabaseSession().store(project);
diff --git a/BimServer/src/org/bimserver/database/actions/SetRevisionTagDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/SetRevisionTagDatabaseAction.java
index 946c5a2e0c..e641d07093 100644
--- a/BimServer/src/org/bimserver/database/actions/SetRevisionTagDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/SetRevisionTagDatabaseAction.java
@@ -1,40 +1,41 @@
-package org.bimserver.database.actions;
-
-/******************************************************************************
- * Copyright (C) 2009-2019 BIMserver.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see {@literal}.
- *****************************************************************************/
-
-import org.bimserver.BimserverDatabaseException;
-import org.bimserver.database.BimserverLockConflictException;
-import org.bimserver.database.DatabaseSession;
-import org.bimserver.models.log.AccessMethod;
-import org.bimserver.models.store.ConcreteRevision;
-import org.bimserver.models.store.Project;
-import org.bimserver.models.store.Revision;
-import org.bimserver.shared.exceptions.UserException;
-import org.eclipse.emf.common.util.EList;
+package org.bimserver.database.actions;
+
+/******************************************************************************
+ * Copyright (C) 2009-2019 BIMserver.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see {@literal}.
+ *****************************************************************************/
+
+import org.bimserver.BimserverDatabaseException;
+import org.bimserver.database.BimserverLockConflictException;
+import org.bimserver.database.DatabaseSession;
+import org.bimserver.models.log.AccessMethod;
+import org.bimserver.models.store.*;
+import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.webservices.authorization.Authorization;
+import org.eclipse.emf.common.util.EList;
public class SetRevisionTagDatabaseAction extends BimDatabaseAction {
private final Long roid;
private final String tag;
+ private Authorization authorization;
- public SetRevisionTagDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, Long roid, String tag) {
+ public SetRevisionTagDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, Long roid, String tag, Authorization authorization) {
super(databaseSession, accessMethod);
this.roid = roid;
this.tag = tag;
+ this.authorization = authorization;
}
@Override
@@ -42,6 +43,10 @@ public String execute() throws UserException, BimserverLockConflictException, Bi
Revision revision = getRevisionByRoid(roid);
String trimmedTag = tag.trim();
Project project = revision.getProject();
+ User actingUser = getUserByUoid(authorization.getUoid());
+ if (actingUser.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User not allowed to set a tag on a revision");
+ }
if (project.getParent() != null) {
throw new UserException("Revision is not contained by a top project.");
}
diff --git a/BimServer/src/org/bimserver/database/actions/SetUserSettingDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/SetUserSettingDatabaseAction.java
index 25c411091d..4f7fbf7e92 100644
--- a/BimServer/src/org/bimserver/database/actions/SetUserSettingDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/SetUserSettingDatabaseAction.java
@@ -24,24 +24,29 @@
import org.bimserver.models.log.AccessMethod;
import org.bimserver.models.store.StorePackage;
import org.bimserver.models.store.User;
+import org.bimserver.models.store.UserType;
import org.bimserver.shared.exceptions.UserException;
import org.bimserver.webservices.authorization.Authorization;
-
-public class SetUserSettingDatabaseAction extends BimDatabaseAction {
+
+public class SetUserSettingDatabaseAction extends BimDatabaseAction {
+
private UserSettingsSetter userSettingsSetter;
- private Authorization authorization;
-
- public SetUserSettingDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, UserSettingsSetter userSettingsSetter) {
+ private Authorization authorization;
+
+ public SetUserSettingDatabaseAction(DatabaseSession databaseSession, AccessMethod accessMethod, Authorization authorization, UserSettingsSetter userSettingsSetter) {
super(databaseSession, accessMethod);
- this.authorization = authorization;
- this.userSettingsSetter = userSettingsSetter;
- }
-
- @Override
- public Void execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
+ this.authorization = authorization;
+ this.userSettingsSetter = userSettingsSetter;
+ }
+
+ @Override
+ public Void execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
User user = getDatabaseSession().get(StorePackage.eINSTANCE.getUser(), authorization.getUoid(), OldQuery.getDefault());
- userSettingsSetter.set(user.getUserSettings());
- getDatabaseSession().store(user.getUserSettings());
- return null;
- }
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("Read-only users cannot set user settings");
+ }
+ userSettingsSetter.set(user.getUserSettings());
+ getDatabaseSession().store(user.getUserSettings());
+ return null;
+ }
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/database/actions/UndeleteProjectDatabaseAction.java b/BimServer/src/org/bimserver/database/actions/UndeleteProjectDatabaseAction.java
index 4e2e587f52..2cf9eb8de6 100644
--- a/BimServer/src/org/bimserver/database/actions/UndeleteProjectDatabaseAction.java
+++ b/BimServer/src/org/bimserver/database/actions/UndeleteProjectDatabaseAction.java
@@ -33,44 +33,47 @@
import org.bimserver.models.store.UserType;
import org.bimserver.shared.exceptions.UserException;
import org.bimserver.webservices.authorization.Authorization;
-
-public class UndeleteProjectDatabaseAction extends BimDatabaseAction {
-
+
+public class UndeleteProjectDatabaseAction extends BimDatabaseAction {
+
private final long poid;
private Authorization authorization;
- private BimServer bimServer;
-
- public UndeleteProjectDatabaseAction(BimServer bimServer, DatabaseSession databaseSession, AccessMethod accessMethod, long poid, Authorization authorization) {
+ private BimServer bimServer;
+
+ public UndeleteProjectDatabaseAction(BimServer bimServer, DatabaseSession databaseSession, AccessMethod accessMethod, long poid, Authorization authorization) {
super(databaseSession, accessMethod);
- this.bimServer = bimServer;
+ this.bimServer = bimServer;
this.poid = poid;
- this.authorization = authorization;
- }
-
- @Override
- public Boolean execute() throws UserException, BimserverDatabaseException, BimserverLockConflictException {
- User actingUser = getUserByUoid(authorization.getUoid());
+ this.authorization = authorization;
+ }
+
+ @Override
+ public Boolean execute() throws UserException, BimserverDatabaseException, BimserverLockConflictException {
+ User actingUser = getUserByUoid(authorization.getUoid());
final Project project = getProjectByPoid(poid);
if (project == null) {
throw new UserException("No Project with oid " + poid + " found");
- }
- if (actingUser.getUserType() == UserType.ADMIN || actingUser.getHasRightsOn().contains(project)) {
- project.setState(ObjectState.ACTIVE);
- final ProjectUndeleted projectUndeleted = getDatabaseSession().create(ProjectUndeleted.class);
- projectUndeleted.setAccessMethod(getAccessMethod());
- projectUndeleted.setDate(new Date());
- projectUndeleted.setExecutor(actingUser);
+ }
+ if (actingUser.getUserType() == UserType.READ_ONLY){
+ throw new UserException("No rights to undelete this project");
+ }
+ if (actingUser.getUserType() == UserType.ADMIN || actingUser.getHasRightsOn().contains(project)) {
+ project.setState(ObjectState.ACTIVE);
+ final ProjectUndeleted projectUndeleted = getDatabaseSession().create(ProjectUndeleted.class);
+ projectUndeleted.setAccessMethod(getAccessMethod());
+ projectUndeleted.setDate(new Date());
+ projectUndeleted.setExecutor(actingUser);
projectUndeleted.setProject(project);
getDatabaseSession().addPostCommitAction(new PostCommitAction() {
@Override
public void execute() throws UserException {
bimServer.getNotificationsManager().notify(new SConverter().convertToSObject(projectUndeleted));
}
- });
- getDatabaseSession().store(project);
- return true;
- } else {
- throw new UserException("No rights to undelete this project");
- }
- }
+ });
+ getDatabaseSession().store(project);
+ return true;
+ } else {
+ throw new UserException("No rights to undelete this project");
+ }
+ }
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/webservices/impl/LowLevelServiceImpl.java b/BimServer/src/org/bimserver/webservices/impl/LowLevelServiceImpl.java
index 096e33f8f5..4ed4cff821 100644
--- a/BimServer/src/org/bimserver/webservices/impl/LowLevelServiceImpl.java
+++ b/BimServer/src/org/bimserver/webservices/impl/LowLevelServiceImpl.java
@@ -46,10 +46,7 @@
import org.bimserver.database.actions.GetDataObjectsDatabaseAction;
import org.bimserver.emf.IdEObject;
import org.bimserver.interfaces.objects.SDataObject;
-import org.bimserver.models.store.ConcreteRevision;
-import org.bimserver.models.store.DataObject;
-import org.bimserver.models.store.Project;
-import org.bimserver.models.store.Revision;
+import org.bimserver.models.store.*;
import org.bimserver.shared.exceptions.ServerException;
import org.bimserver.shared.exceptions.UserException;
import org.bimserver.shared.interfaces.LowLevelInterface;
@@ -64,7 +61,19 @@
public class LowLevelServiceImpl extends GenericServiceImpl implements LowLevelInterface {
private static final Logger LOGGER = LoggerFactory.getLogger(LowLevelServiceImpl.class);
-
+
+ private void checkWritePermission() throws UserException {
+ try (DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.READ_ONLY)) {
+ User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User is read only and not allowed to invoke this method.");
+ }
+ } catch (BimserverDatabaseException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+
public LowLevelServiceImpl(ServiceMap serviceMap) {
super(serviceMap);
}
@@ -81,6 +90,10 @@ public Long startTransaction(Long poid) throws UserException, ServerException {
if (project == null) {
throw new UserException("No project found with poid " + poid);
}
+ User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (!getAuthorization().hasRightsOnProjectOrSuperProjectsOrSubProjects(user, project)) {
+ throw new UserException("User has no rights on project with poid " + poid);
+ }
pid = project.getId();
if (project.getLastRevision() != null) {
Revision revision = project.getLastRevision();
@@ -135,66 +148,73 @@ public void abortTransaction(Long tid) throws UserException, ServerException {
public void addStringAttribute(Long tid, Long oid, String attributeName, String value) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new AddAttributeChange(oid, attributeName, value));
} catch (NoTransactionException e) {
handleException(e);
}
- }
+ }
@Override
public void addIntegerAttribute(Long tid, Long oid, String attributeName, Integer value) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new AddAttributeChange(oid, attributeName, value));
} catch (NoTransactionException e) {
handleException(e);
}
- }
+ }
@Override
public void addDoubleAttribute(Long tid, Long oid, String attributeName, Double value) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new AddAttributeChange(oid, attributeName, value));
} catch (NoTransactionException e) {
handleException(e);
}
- }
+ }
@Override
public void setDoubleAttributes(Long tid, Long oid, String attributeName, List values) throws ServerException, UserException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetAttributeChange(oid, attributeName, values));
} catch (NoTransactionException e) {
handleException(e);
}
- }
+ }
@Override
public void setDoubleAttributeAtIndex(Long tid, Long oid, String attributeName, Integer index, Double value) throws ServerException, UserException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetAttributeChangeAtIndex(oid, attributeName, index, value));
} catch (NoTransactionException e) {
handleException(e);
}
- }
+ }
@Override
public void setBooleanAttributeAtIndex(Long tid, Long oid, String attributeName, Integer index, Boolean value) throws ServerException, UserException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetAttributeChangeAtIndex(oid, attributeName, index, value));
} catch (NoTransactionException e) {
handleException(e);
}
- }
+ }
@Override
public void setIntegerAttributes(Long tid, Long oid, String attributeName, List values) throws ServerException, UserException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetAttributeChange(oid, attributeName, values));
} catch (NoTransactionException e) {
handleException(e);
@@ -205,6 +225,7 @@ public void setIntegerAttributes(Long tid, Long oid, String attributeName, List<
public void setIntegerAttributeAtIndex(Long tid, Long oid, String attributeName, Integer index, Integer value) throws ServerException, UserException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetAttributeChangeAtIndex(oid, attributeName, index, value));
} catch (NoTransactionException e) {
handleException(e);
@@ -215,6 +236,7 @@ public void setIntegerAttributeAtIndex(Long tid, Long oid, String attributeName,
public void setLongAttributes(Long tid, Long oid, String attributeName, List values) throws ServerException, UserException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetAttributeChange(oid, attributeName, values));
} catch (NoTransactionException e) {
handleException(e);
@@ -225,36 +247,40 @@ public void setLongAttributes(Long tid, Long oid, String attributeName, List values) throws ServerException, UserException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetAttributeChange(oid, attributeName, values));
} catch (NoTransactionException e) {
handleException(e);
}
- }
+ }
@Override
public void addBooleanAttribute(Long tid, Long oid, String attributeName, Boolean value) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new AddAttributeChange(oid, attributeName, value));
} catch (NoTransactionException e) {
handleException(e);
}
- }
+ }
@Override
public void addReference(Long tid, Long oid, String referenceName, Long referenceOid) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new AddReferenceChange(oid, referenceName, referenceOid));
} catch (NoTransactionException e) {
handleException(e);
}
- }
+ }
@Override
public Long createObject(Long tid, String className, Boolean generateGuid) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
LongTransaction longTransaction = getBimServer().getLongTransactionManager().get(tid);
if (longTransaction == null) {
throw new UserException("No transaction with tid " + tid + " was found");
@@ -278,41 +304,45 @@ public Long createObject(Long tid, String className, Boolean generateGuid) throw
public void removeAttribute(Long tid, Long oid, String attributeName, Integer index) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new RemoveAttributeChange(oid, attributeName, index));
} catch (NoTransactionException e) {
handleException(e);
}
- }
+ }
@Override
public void removeObject(Long tid, Long oid) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new RemoveObjectChange(oid));
} catch (NoTransactionException e) {
handleException(e);
}
- }
+ }
@Override
public void removeReference(Long tid, Long oid, String referenceName, Integer index) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new RemoveReferenceChange(oid, referenceName, index));
} catch (NoTransactionException e) {
handleException(e);
}
- }
+ }
@Override
public void removeReferenceByOid(Long tid, Long oid, String referenceName, Long referencedOid) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new RemoveReferenceChange(oid, referenceName, referencedOid));
} catch (NoTransactionException e) {
handleException(e);
}
- }
+ }
@Override
public void removeAllReferences(Long tid, Long oid, String referenceName) throws ServerException, UserException {
@@ -328,6 +358,7 @@ public void removeAllReferences(Long tid, Long oid, String referenceName) throws
public void setStringAttribute(Long tid, Long oid, String attributeName, String value) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetAttributeChange(oid, attributeName, value));
} catch (NoTransactionException e) {
handleException(e);
@@ -338,6 +369,7 @@ public void setStringAttribute(Long tid, Long oid, String attributeName, String
public void setStringAttributeAtIndex(Long tid, Long oid, String attributeName, Integer index, String value) throws ServerException, UserException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetAttributeChangeAtIndex(oid, attributeName, index, value));
} catch (NoTransactionException e) {
handleException(e);
@@ -349,6 +381,7 @@ public void setWrappedStringAttribute(Long tid, Long oid, String attributeName,
throws ServerException, UserException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetWrappedAttributeChange(oid, attributeName, type, value));
} catch (NoTransactionException e) {
handleException(e);
@@ -365,16 +398,18 @@ public String getStringAttribute(Long tid, Long oid, String attributeName) throw
public void setIntegerAttribute(Long tid, Long oid, String attributeName, Integer value) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetAttributeChange(oid, attributeName, value));
} catch (NoTransactionException e) {
handleException(e);
}
- }
+ }
@Override
public void setWrappedIntegerAttribute(Long tid, Long oid, String attributeName, String type, Integer value) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetWrappedAttributeChange(oid, attributeName, type, value));
} catch (NoTransactionException e) {
handleException(e);
@@ -385,16 +420,18 @@ public void setWrappedIntegerAttribute(Long tid, Long oid, String attributeName,
public void setByteArrayAttribute(Long tid, Long oid, String attributeName, Byte[] value) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetAttributeChange(oid, attributeName, value));
} catch (NoTransactionException e) {
handleException(e);
}
- }
+ }
@Override
public void setLongAttribute(Long tid, Long oid, String attributeName, Long value) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetAttributeChange(oid, attributeName, value));
} catch (NoTransactionException e) {
handleException(e);
@@ -405,6 +442,7 @@ public void setLongAttribute(Long tid, Long oid, String attributeName, Long valu
public void setLongAttributeAtIndex(Long tid, Long oid, String attributeName, Integer index,Long value) throws ServerException, UserException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetAttributeChangeAtIndex(oid, attributeName, index, value));
} catch (NoTransactionException e) {
handleException(e);
@@ -415,6 +453,7 @@ public void setLongAttributeAtIndex(Long tid, Long oid, String attributeName, In
public void setWrappedLongAttribute(Long tid, Long oid, String attributeName, String type, Long value) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetWrappedAttributeChange(oid, attributeName, type, value));
} catch (NoTransactionException e) {
handleException(e);
@@ -440,6 +479,7 @@ public Long getLongAttributeAtIndex(Long tid, Long oid, String attributeName, In
@Override
public void setBooleanAttribute(Long tid, Long oid, String attributeName, Boolean value) throws UserException, ServerException {
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetAttributeChange(oid, attributeName, value));
} catch (NoTransactionException e) {
handleException(e);
@@ -449,6 +489,7 @@ public void setBooleanAttribute(Long tid, Long oid, String attributeName, Boolea
@Override
public void setWrappedBooleanAttribute(Long tid, Long oid, String attributeName, String type, Boolean value) throws UserException, ServerException {
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetWrappedAttributeChange(oid, attributeName, type, value));
} catch (NoTransactionException e) {
handleException(e);
@@ -468,6 +509,7 @@ public Boolean getBooleanAttributeAtIndex(Long tid, Long oid, String attributeNa
@Override
public void setDoubleAttribute(Long tid, Long oid, String attributeName, Double value) throws UserException, ServerException {
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetAttributeChange(oid, attributeName, value));
} catch (NoTransactionException e) {
handleException(e);
@@ -477,6 +519,7 @@ public void setDoubleAttribute(Long tid, Long oid, String attributeName, Double
@Override
public void setWrappedDoubleAttribute(Long tid, Long oid, String attributeName, String type, Double value) throws UserException, ServerException {
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetWrappedAttributeChange(oid, attributeName, type, value));
} catch (NoTransactionException e) {
handleException(e);
@@ -587,11 +630,12 @@ private Object getAttributeAtIndex(Long tid, Long oid, String attributeName, int
public void setEnumAttribute(Long tid, Long oid, String attributeName, String value) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetAttributeChange(oid, attributeName, value));
} catch (NoTransactionException e) {
handleException(e);
}
- }
+ }
@Override
public String getEnumAttribute(Long tid, Long oid, String attributeName) throws ServerException, UserException {
@@ -603,6 +647,7 @@ public String getEnumAttribute(Long tid, Long oid, String attributeName) throws
public void setReference(Long tid, Long oid, String referenceName, Long referenceOid) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetReferenceChange(oid, referenceName, referenceOid));
} catch (NoTransactionException e) {
handleException(e);
@@ -663,6 +708,7 @@ public List getReferences(Long tid, Long oid, String referenceName) throws
public void unsetAttribute(Long tid, Long oid, String attributeName) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetAttributeChange(oid, attributeName, null));
} catch (NoTransactionException e) {
handleException(e);
@@ -673,6 +719,7 @@ public void unsetAttribute(Long tid, Long oid, String attributeName) throws User
public void unsetReference(Long tid, Long oid, String referenceName) throws UserException, ServerException {
requireAuthenticationAndRunningServer();
try {
+ checkWritePermission();
getBimServer().getLongTransactionManager().get(tid).add(new SetReferenceChange(oid, referenceName, -1));
} catch (NoTransactionException e) {
handleException(e);
diff --git a/BimServer/src/org/bimserver/webservices/impl/MetaServiceImpl.java b/BimServer/src/org/bimserver/webservices/impl/MetaServiceImpl.java
index f207896b5f..56a92b7dda 100644
--- a/BimServer/src/org/bimserver/webservices/impl/MetaServiceImpl.java
+++ b/BimServer/src/org/bimserver/webservices/impl/MetaServiceImpl.java
@@ -1,54 +1,55 @@
-package org.bimserver.webservices.impl;
-
-/******************************************************************************
- * Copyright (C) 2009-2019 BIMserver.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see {@literal}.
- *****************************************************************************/
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.List;
-
-import org.bimserver.interfaces.objects.SServiceField;
-import org.bimserver.interfaces.objects.SServiceInterface;
-import org.bimserver.interfaces.objects.SServiceMethod;
-import org.bimserver.interfaces.objects.SServiceParameter;
-import org.bimserver.interfaces.objects.SServiceSimpleType;
-import org.bimserver.interfaces.objects.SServiceType;
-import org.bimserver.shared.exceptions.ServerException;
-import org.bimserver.shared.exceptions.UserException;
-import org.bimserver.shared.interfaces.MetaInterface;
-import org.bimserver.shared.meta.SClass;
-import org.bimserver.shared.meta.SField;
-import org.bimserver.shared.meta.SMethod;
-import org.bimserver.shared.meta.SParameter;
-import org.bimserver.shared.meta.SService;
-import org.bimserver.webservices.ServiceMap;
-
-import com.fasterxml.jackson.databind.ObjectMapper;
+package org.bimserver.webservices.impl;
+
+/******************************************************************************
+ * Copyright (C) 2009-2019 BIMserver.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see {@literal}.
+ *****************************************************************************/
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.List;
+
+import org.bimserver.interfaces.objects.SServiceField;
+import org.bimserver.interfaces.objects.SServiceInterface;
+import org.bimserver.interfaces.objects.SServiceMethod;
+import org.bimserver.interfaces.objects.SServiceParameter;
+import org.bimserver.interfaces.objects.SServiceSimpleType;
+import org.bimserver.interfaces.objects.SServiceType;
+import org.bimserver.shared.exceptions.ServerException;
+import org.bimserver.shared.exceptions.UserException;
+import org.bimserver.shared.interfaces.MetaInterface;
+import org.bimserver.shared.meta.SClass;
+import org.bimserver.shared.meta.SField;
+import org.bimserver.shared.meta.SMethod;
+import org.bimserver.shared.meta.SParameter;
+import org.bimserver.shared.meta.SService;
+import org.bimserver.webservices.ServiceMap;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
public class MetaServiceImpl extends GenericServiceImpl implements MetaInterface {
- private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
-
+ private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
+
public MetaServiceImpl(ServiceMap serviceMap) {
super(serviceMap);
}
@Override
public List getServiceInterfaces() throws ServerException, UserException {
+ requireAuthentication();
List sServiceInterfaces = new ArrayList();
for (String name : getBimServer().getServicesMap().keySetName()) {
SServiceInterface sServiceInterface = convertServiceInterface(name);
@@ -65,15 +66,16 @@ public int compare(SServiceInterface o1, SServiceInterface o2) {
private SServiceInterface convertServiceInterface(String name) {
SServiceInterface sServiceInterface = new SServiceInterface();
- SService byName = getBimServer().getServicesMap().getByName(name);
+ SService byName = getBimServer().getServicesMap().getByName(name);
sServiceInterface.setName(name);
- sServiceInterface.setNameSpace(byName.getNameSpace());
+ sServiceInterface.setNameSpace(byName.getNameSpace());
sServiceInterface.setSimpleName(byName.getSimpleName());
return sServiceInterface;
}
@Override
public List getServiceMethods(String serviceInterfaceName) throws ServerException, UserException {
+ requireAuthentication();
List sServiceMethods = new ArrayList();
SService sService = getBimServer().getServicesMap().getByName(serviceInterfaceName);
if (sService == null) {
@@ -97,14 +99,16 @@ private SServiceMethod convertMethod(SMethod sMethod) {
@Override
public List getServiceTypes() throws ServerException, UserException {
+ requireAuthentication();
List sServiceTypes = new ArrayList();
- for (SClass sType : getBimServer().getServicesMap().getTypes()) {
+ for (SClass sType : getBimServer().getServicesMap().getTypes()) {
sServiceTypes.add(createSServiceType(sType, false));
}
- return sServiceTypes;
+ return sServiceTypes;
}
public List getEnumLiterals(String enumName) throws UserException {
+ requireAuthentication();
List result = new ArrayList();
SClass type = getBimServer().getServicesMap().getType(enumName);
for (Object enumConstant : type.getInstanceClass().getEnumConstants()) {
@@ -122,12 +126,12 @@ public SServiceType createSServiceType(SClass sClass, boolean recurse) throws Us
sServiceType.setName(sClass.getName());
sServiceType.setSimpleName(sClass.getSimpleName());
sServiceType.setSimpleType(SServiceSimpleType.valueOf(sClass.getSimpleType().name()));
- for (SField field : sClass.getOwnFields()) {
+ for (SField field : sClass.getOwnFields()) {
SServiceField sServiceField = new SServiceField();
- sServiceField.setName(field.getName());
- if (recurse) {
+ sServiceField.setName(field.getName());
+ if (recurse) {
sServiceField.setType(createSServiceType(field.getType(), recurse));
- sServiceField.setGenericType(createSServiceType(field.getGenericType(), recurse));
+ sServiceField.setGenericType(createSServiceType(field.getGenericType(), recurse));
}
sServiceField.setDoc(field.getDoc());
sServiceType.getFields().add(sServiceField);
@@ -137,6 +141,7 @@ public SServiceType createSServiceType(SClass sClass, boolean recurse) throws Us
@Override
public List getServiceMethodParameters(String serviceInterfaceName, String serviceMethodName) throws ServerException, UserException {
+ requireAuthentication();
List sServiceParameters = new ArrayList();
SService serviceInterface = getBimServer().getServicesMap().getByName(serviceInterfaceName);
if (serviceInterface == null) {
@@ -146,7 +151,7 @@ public List getServiceMethodParameters(String serviceInterfac
if (sMethod == null) {
throw new UserException("Method \"" + serviceMethodName + "\" not found in \"" + serviceInterfaceName + "\"");
}
- for (SParameter sParameter : sMethod.getParameters()) {
+ for (SParameter sParameter : sMethod.getParameters()) {
SServiceParameter sServiceParameter = new SServiceParameter();
sServiceParameter.setName(sParameter.getName());
sServiceParameter.setDoc(sParameter.getDoc());
@@ -159,20 +164,23 @@ public List getServiceMethodParameters(String serviceInterfac
@Override
public SServiceInterface getServiceInterface(String serviceInterfaceName) throws ServerException, UserException {
+ requireAuthentication();
return convertServiceInterface(serviceInterfaceName);
}
@Override
public SServiceMethod getServiceMethod(String serviceInterfaceName, String methodName) throws ServerException, UserException {
+ requireAuthentication();
SService sService = getBimServer().getServicesMap().getByName(serviceInterfaceName);
if (sService == null) {
throw new UserException("Service \"" + serviceInterfaceName + "\" not found");
}
return convertMethod(sService.getMethod(methodName));
- }
-
- @Override
- public String getAllAsJson() throws ServerException, UserException {
- return getBimServer().getServicesMap().toJson(OBJECT_MAPPER).toString();
+ }
+
+ @Override
+ public String getAllAsJson() throws ServerException, UserException {
+ requireAuthentication();
+ return getBimServer().getServicesMap().toJson(OBJECT_MAPPER).toString();
}
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/webservices/impl/NewServicesImpl.java b/BimServer/src/org/bimserver/webservices/impl/NewServicesImpl.java
index 9b88cac549..367ce74f8a 100644
--- a/BimServer/src/org/bimserver/webservices/impl/NewServicesImpl.java
+++ b/BimServer/src/org/bimserver/webservices/impl/NewServicesImpl.java
@@ -58,6 +58,8 @@
import org.bimserver.interfaces.objects.SSerializerPluginConfiguration;
import org.bimserver.models.store.PluginDescriptor;
import org.bimserver.models.store.Project;
+import org.bimserver.models.store.StorePackage;
+import org.bimserver.models.store.User;
import org.bimserver.plugins.Plugin;
import org.bimserver.plugins.serializers.StreamingSerializerPlugin;
import org.bimserver.shared.exceptions.ServerException;
@@ -149,13 +151,17 @@ public List listAvailableOutputFormats(Long poid) throws S
Map outputs = new HashMap<>();
try (DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.READ_ONLY)) {
Project project = session.get(poid, OldQuery.getDefault());
+ User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (!getAuthorization().hasRightsOnProject(user, project)) {
+ throw new UserException("User has no rights on project");
+ }
try {
List allSerializersForPoids = getServiceMap().get(PluginInterface.class).getAllSerializersForPoids(true, Collections.singleton(poid));
for (SSerializerPluginConfiguration pluginConfiguration : allSerializersForPoids) {
PluginDescriptor pluginDescriptor = session.get(pluginConfiguration.getPluginDescriptorId(), OldQuery.getDefault());
Plugin plugin = getBimServer().getPluginManager().getPlugin(pluginDescriptor.getIdentifier(), true);
String outputFormat = null;
-
+
// TODO For now only streaming serializers
if (plugin instanceof StreamingSerializerPlugin) {
outputFormat = ((StreamingSerializerPlugin)plugin).getOutputFormat(Schema.valueOf(project.getSchema().toUpperCase()));
diff --git a/BimServer/src/org/bimserver/webservices/impl/PluginServiceImpl.java b/BimServer/src/org/bimserver/webservices/impl/PluginServiceImpl.java
index 8731f86dc3..c430a9b303 100644
--- a/BimServer/src/org/bimserver/webservices/impl/PluginServiceImpl.java
+++ b/BimServer/src/org/bimserver/webservices/impl/PluginServiceImpl.java
@@ -131,6 +131,10 @@ public void updateSerializer(SSerializerPluginConfiguration serializer) throws S
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
+ User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("Read-only users cannot update plugins");
+ }
SerializerPluginConfiguration convert = session.get(serializer.getOid(), OldQuery.getDefault());
getBimServer().getSConverter().convertFromSObject(serializer, convert, session);
session.executeAndCommitAction(new UpdateSerializerDatabaseAction(session, getInternalAccessMethod(), convert));
@@ -146,6 +150,10 @@ public void updateDeserializer(SDeserializerPluginConfiguration deserializer) th
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
+ User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("Read-only users cannot update plugins");
+ }
DeserializerPluginConfiguration convert = session.get(deserializer.getOid(), OldQuery.getDefault());
getBimServer().getSConverter().convertFromSObject(deserializer, convert, session);
session.executeAndCommitAction(new UpdateDeserializerDatabaseAction(session, getInternalAccessMethod(), convert));
@@ -187,7 +195,7 @@ public void deleteSerializer(Long sid) throws ServerException, UserException {
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
- BimDatabaseAction action = new DeleteSerializerDatabaseAction(session, getInternalAccessMethod(), sid);
+ BimDatabaseAction action = new DeleteSerializerDatabaseAction(session, getInternalAccessMethod(), getAuthorization(), sid);
session.executeAndCommitAction(action);
} catch (Exception e) {
handleException(e);
@@ -201,7 +209,7 @@ public void deletePluginConfiguration(Long oid) throws ServerException, UserExce
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
- BimDatabaseAction action = new DeletePluginConfigurationDatabaseAction(session, getInternalAccessMethod(), oid);
+ BimDatabaseAction action = new DeletePluginConfigurationDatabaseAction(session, getInternalAccessMethod(), getAuthorization(), oid);
session.executeAndCommitAction(action);
} catch (Exception e) {
handleException(e);
@@ -215,7 +223,7 @@ public void deleteDeserializer(Long sid) throws ServerException, UserException {
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
- BimDatabaseAction action = new DeleteDeserializerDatabaseAction(session, getInternalAccessMethod(), sid);
+ BimDatabaseAction action = new DeleteDeserializerDatabaseAction(session, getInternalAccessMethod(), getAuthorization(), sid);
session.executeAndCommitAction(action);
} catch (Exception e) {
handleException(e);
@@ -420,6 +428,10 @@ public void updateRenderEngine(SRenderEnginePluginConfiguration renderEngine) th
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
+ User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("Read-only users cannot update plugins");
+ }
RenderEnginePluginConfiguration convert = session.get(renderEngine.getOid(), OldQuery.getDefault());
getBimServer().getSConverter().convertFromSObject(renderEngine, convert, session);
session.executeAndCommitAction(new UpdateRenderEngineDatabaseAction(session, getInternalAccessMethod(), convert));
@@ -435,6 +447,10 @@ public void updateQueryEngine(SQueryEnginePluginConfiguration queryEngine) throw
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
+ User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("Read-only users cannot update plugins");
+ }
QueryEnginePluginConfiguration convert = session.get(queryEngine.getOid(), OldQuery.getDefault());
getBimServer().getSConverter().convertFromSObject(queryEngine, convert, session);
session.executeAndCommitAction(new UpdateQueryEngineDatabaseAction(session, getInternalAccessMethod(), convert));
@@ -450,6 +466,10 @@ public void updateModelCompare(SModelComparePluginConfiguration modelCompare) th
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
+ User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("Read-only users cannot update plugins");
+ }
ModelComparePluginConfiguration convert = session.get(modelCompare.getOid(), OldQuery.getDefault());
getBimServer().getSConverter().convertFromSObject(modelCompare, convert, session);
session.executeAndCommitAction(new UpdateModelCompareDatabaseAction(session, getInternalAccessMethod(), convert));
@@ -465,6 +485,10 @@ public void updateModelMerger(SModelMergerPluginConfiguration modelMerger) throw
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
+ User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("Read-only users cannot update plugins");
+ }
ModelMergerPluginConfiguration convert = session.get(modelMerger.getOid(), OldQuery.getDefault());
getBimServer().getSConverter().convertFromSObject(modelMerger, convert, session);
session.executeAndCommitAction(new UpdateModelMergerDatabaseAction(session, getInternalAccessMethod(), convert));
@@ -480,7 +504,7 @@ public void deleteRenderEngine(Long iid) throws ServerException, UserException {
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
- BimDatabaseAction action = new DeleteRenderEngineDatabaseAction(session, getInternalAccessMethod(), iid);
+ BimDatabaseAction action = new DeleteRenderEngineDatabaseAction(session, getInternalAccessMethod(), getAuthorization(), iid);
session.executeAndCommitAction(action);
} catch (Exception e) {
handleException(e);
@@ -494,7 +518,7 @@ public void deleteQueryEngine(Long iid) throws ServerException, UserException {
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
- BimDatabaseAction action = new DeleteQueryEngineDatabaseAction(session, getInternalAccessMethod(), iid);
+ BimDatabaseAction action = new DeleteQueryEngineDatabaseAction(session, getInternalAccessMethod(), getAuthorization(), iid);
session.executeAndCommitAction(action);
} catch (Exception e) {
handleException(e);
@@ -508,7 +532,7 @@ public void deleteModelCompare(Long iid) throws ServerException, UserException {
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
- BimDatabaseAction action = new DeleteModelCompareDatabaseAction(session, getInternalAccessMethod(), iid);
+ BimDatabaseAction action = new DeleteModelCompareDatabaseAction(session, getInternalAccessMethod(), getAuthorization(), iid);
session.executeAndCommitAction(action);
} catch (Exception e) {
handleException(e);
@@ -522,7 +546,7 @@ public void deleteModelChecker(Long iid) throws ServerException, UserException {
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
- BimDatabaseAction action = new DeleteModelCompareDatabaseAction(session, getInternalAccessMethod(), iid);
+ BimDatabaseAction action = new DeleteModelCompareDatabaseAction(session, getInternalAccessMethod(), getAuthorization(), iid);
session.executeAndCommitAction(action);
} catch (Exception e) {
handleException(e);
@@ -536,7 +560,7 @@ public void deleteModelMerger(Long iid) throws ServerException, UserException {
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
- BimDatabaseAction action = new DeleteModelMergerDatabaseAction(session, getInternalAccessMethod(), iid);
+ BimDatabaseAction action = new DeleteModelMergerDatabaseAction(session, getInternalAccessMethod(), getAuthorization(), iid);
session.executeAndCommitAction(action);
} catch (Exception e) {
handleException(e);
@@ -724,6 +748,14 @@ public SObjectDefinition getPluginSystemObjectDefinition(Long oid) throws Server
@Override
public void setPluginSettings(Long poid, SObjectType settings) throws ServerException, UserException {
try (DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE)) {
+ User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ Project project = session.get(StorePackage.eINSTANCE.getProject(), poid, OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("Read-only users cannot install plugins");
+ }
+ if (!getAuthorization().hasRightsOnProject(user, project)) {
+ throw new UserException("User has no rights to this project");
+ }
ObjectType convertedSettings = getBimServer().getSConverter().convertFromSObject(settings, session);
SetPluginSettingsDatabaseAction action = new SetPluginSettingsDatabaseAction(getBimServer(), session, getInternalAccessMethod(), poid, convertedSettings);
session.executeAndCommitAction(action);
@@ -748,6 +780,14 @@ public void setPluginSettings(Long poid, SObjectType settings) throws ServerExce
@Override
public void setPluginSystemSettings(Long poid, SObjectType settings) throws ServerException, UserException {
try (DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE)) {
+ User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ Project project = session.get(StorePackage.eINSTANCE.getProject(), poid, OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("Read-only users cannot install plugins");
+ }
+ if (!getAuthorization().hasRightsOnProject(user, project)) {
+ throw new UserException("User has no rights to this project");
+ }
ObjectType convertedSettings = getBimServer().getSConverter().convertFromSObject(settings, session);
SetPluginSystemSettingsDatabaseAction action = new SetPluginSystemSettingsDatabaseAction(getBimServer(), session, getInternalAccessMethod(), poid, convertedSettings);
session.executeAndCommitAction(action);
@@ -908,9 +948,15 @@ public SObjectIDMPluginConfiguration getDefaultObjectIDM() throws ServerExceptio
}
public SObjectType getPluginSettings(Long poid) throws ServerException, UserException {
+ requireRealUserAuthentication();
// TODO possibly use PluginSettingsCache
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.READ_ONLY);
try {
+ User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ Project project = session.get(StorePackage.eINSTANCE.getProject(), poid, OldQuery.getDefault());
+ if (!getAuthorization().hasRightsOnProject(user, project)) {
+ throw new UserException("User has no rights to this project");
+ }
PluginConfiguration pluginConfiguration = session.get(StorePackage.eINSTANCE.getPluginConfiguration(), poid, OldQuery.getDefault());
ObjectType settings = pluginConfiguration.getSettings();
return getBimServer().getSConverter().convertToSObject(settings);
@@ -970,7 +1016,12 @@ public void set(UserSettings userSettings) {
public void setDefaultWebModule(final Long oid) throws ServerException, UserException {
requireRealUserAuthentication();
+ DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
+ User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("Read-only users cannot install plugins");
+ }
getBimServer().getWebModuleManager().setDefault(oid);
} catch (Exception e) {
handleException(e);
@@ -984,8 +1035,10 @@ public List getAllSerializersForPoids(Boolean on
try {
Set uniqueSchemas = new HashSet<>();
for (Long poid : poids) {
- Project project = session.get(poid, OldQuery.getDefault());
- uniqueSchemas.add(Schema.valueOf(project.getSchema().toUpperCase()));
+ Project project = session.get(poid, OldQuery.getDefault());User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (getAuthorization().hasRightsOnProject(user, project)){
+ uniqueSchemas.add(Schema.valueOf(project.getSchema().toUpperCase()));
+ }
}
Set schemaOr = new HashSet<>();
@@ -1064,8 +1117,12 @@ public List getAllSerializersForRoids(Boolean on
Set poids = new HashSet<>();
for (Long roid : roids) {
Revision revision = session.get(roid, OldQuery.getDefault());
- for (ConcreteRevision concreteRevision : revision.getConcreteRevisions()) {
- poids.add(concreteRevision.getProject().getOid());
+ Project project = revision.getProject();
+ User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (getAuthorization().hasRightsOnProject(user, project)){
+ for (ConcreteRevision concreteRevision : revision.getConcreteRevisions()) {
+ poids.add(concreteRevision.getProject().getOid());
+ }
}
}
return getAllSerializersForPoids(onlyEnabled, poids);
@@ -1234,6 +1291,10 @@ public void updateInternalService(SInternalServicePluginConfiguration internalSe
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
+ User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("Read-only users cannot update plugins");
+ }
InternalServicePluginConfiguration convertFromSObject = session.get(internalService.getOid(), OldQuery.getDefault());
getBimServer().getSConverter().convertFromSObject(internalService, convertFromSObject, session);
session.executeAndCommitAction(new UpdateDatabaseAction(session, getInternalAccessMethod(), convertFromSObject));
@@ -1263,7 +1324,7 @@ public void deleteInternalService(Long oid) throws ServerException, UserExceptio
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
- session.executeAndCommitAction(new DeleteInternalServiceDatabaseAction(session, getInternalAccessMethod(), oid));
+ session.executeAndCommitAction(new DeleteInternalServiceDatabaseAction(session, getInternalAccessMethod(), getAuthorization(), oid));
} catch (Exception e) {
handleException(e);
} finally {
@@ -1328,7 +1389,10 @@ public List getAllDeserializersForProject(Bool
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.READ_ONLY);
try {
Project project = session.get(poid, OldQuery.getDefault());
-
+ User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (!getAuthorization().hasRightsOnProject(user, project)){
+ throw new UserException("User has no rights on project");
+ }
UserSettings userSettings = getUserSettings(session);
EList deserializers = userSettings.getDeserializers();
List sDeserializers = new ArrayList();
@@ -1377,7 +1441,7 @@ public List getAvailablePluginBundles() throws UserException, Ser
}
public void installPluginBundle(String repository, String groupId, String artifactId, String version, List plugins) throws UserException, ServerException {
- requireRealUserAuthentication();
+ requireAdminAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
session.executeAndCommitAction(new InstallPluginBundle(session, getInternalAccessMethod(), getBimServer(), repository, groupId, artifactId, version, plugins));
@@ -1389,7 +1453,7 @@ public void installPluginBundle(String repository, String groupId, String artifa
}
public void installPluginBundleFromFile(DataHandler file, Boolean installAllPluginsForAllUsers, Boolean installAllPluginsForNewUsers) throws UserException, ServerException {
- requireRealUserAuthentication();
+ requireAdminAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
@@ -1404,7 +1468,7 @@ public void installPluginBundleFromFile(DataHandler file, Boolean installAllPlug
}
public void installPluginBundleFromUrl(String url, Boolean installAllPluginsForAllUsers, Boolean installAllPluginsForNewUsers) throws UserException, ServerException {
- requireRealUserAuthentication();
+ requireAdminAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
byte[] data = NetUtils.getContentAsBytes(new URL(url), 5000);
@@ -1420,6 +1484,10 @@ public void updatePluginBundle(String repository, String groupId, String artifac
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
+ User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("Read-only users cannot update plugins");
+ }
session.executeAndCommitAction(new UpdatePluginBundle(session, getInternalAccessMethod(), getBimServer(), repository, groupId, artifactId, version));
} catch (Exception e) {
handleException(e);
@@ -1445,7 +1513,7 @@ public List getInstalledPluginBundles() throws UserException, Ser
@Override
public void uninstallPluginBundle(String repository, String groupId, String artifactId, String version) throws UserException, ServerException {
- requireRealUserAuthentication();
+ requireAdminAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.READ_ONLY);
try {
session.executeAndCommitAction(new UninstallPluginBundle(session, getInternalAccessMethod(), getBimServer(), repository, groupId, artifactId, version));
@@ -1510,6 +1578,7 @@ public SPluginBundleVersion getPluginBundleVersionById(Long pbid) throws UserExc
@Override
public void clearMavenCache() throws UserException, ServerException {
+ requireAuthentication();
try {
getBimServer().getMavenPluginRepository().clearCache();
} catch (IOException e) {
@@ -1519,6 +1588,7 @@ public void clearMavenCache() throws UserException, ServerException {
@Override
public List listPluginsInBundle(Long pluginBundleVersionOid) throws ServerException, UserException {
+ requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.READ_ONLY);
try {
return getBimServer().getSConverter()
@@ -1532,6 +1602,7 @@ public List listPluginsInBundle(Long pluginBundleVersionOid)
@Override
public List getAllInternalServicesOfService(String name, Boolean onlyEnabled) throws UserException, ServerException {
+ requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.READ_ONLY);
try {
return getBimServer().getSConverter().convertToSListInternalServicePluginConfiguration(
@@ -1550,10 +1621,16 @@ public Boolean hasPreBuiltPlugins() throws UserException {
@Override
public void installPreBuiltPlugins(List artifacts) throws UserException {
+ requireRealUserAuthentication();
+ DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
Set set = new HashSet<>(artifacts);
ResourceFetcher resourceFetcher = getBimServer().getResourceFetcher();
Set listKeys = resourceFetcher.listKeys("pre");
try {
+ User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("Read-only users cannot install plugins");
+ }
for (String filename : listKeys) {
if (filename.endsWith(".jar")) {
if (filename.contains("-")) {
@@ -1571,11 +1648,14 @@ public void installPreBuiltPlugins(List artifacts) throws UserException
throw new UserException(e);
} catch (ServerException e) {
throw new UserException(e);
- }
- }
+ } catch (BimserverDatabaseException e) {
+ throw new RuntimeException(e);
+ }
+ }
@Override
public SPluginDescriptor getDefaultRenderEnginePluginDescriptor() throws ServerException, UserException {
+ requireRealUserAuthentication();
return getBimServer().getSConverter().convertToSObject(getBimServer().getServerSettingsCache().getServerSettings().getDefaultRenderEnginePlugin());
}
}
\ No newline at end of file
diff --git a/BimServer/src/org/bimserver/webservices/impl/ServiceImpl.java b/BimServer/src/org/bimserver/webservices/impl/ServiceImpl.java
index b98097fa7b..0ab286e7c3 100644
--- a/BimServer/src/org/bimserver/webservices/impl/ServiceImpl.java
+++ b/BimServer/src/org/bimserver/webservices/impl/ServiceImpl.java
@@ -353,6 +353,7 @@ public void terminateLongRunningAction(Long topicId) throws ServerException, Use
@Override
public SDownloadResult getDownloadData(final Long topicId) throws ServerException, UserException {
+ requireRealUserAuthentication();
LongAction longAction = getBimServer().getLongActionManager().getLongAction(topicId);
if (longAction == null) {
throw new UserException("No data found for topicId " + topicId);
@@ -1048,6 +1049,9 @@ public Long initiateCheckin(Long poid, Long deserializerOid) throws ServerExcept
try {
User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
Project project = session.get(poid, OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User '" + user.getName() + "' is read only and cannot checkin models to the project");
+ }
if (!getAuthorization().hasRightsOnProjectOrSuperProjects(user, project)) {
throw new UserException("User has no rights to checkin models to this project");
}
@@ -1077,6 +1081,9 @@ public SLongCheckinActionState checkinInitiatedInternal(Long topicId, final Long
String userUsername = "Unknown";
try {
User user = (User) readOnlySession.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User '" + user.getName() + "' is read only and cannot checkin models to the project");
+ }
Project project = readOnlySession.get(poid, OldQuery.getDefault());
if (project == null) {
throw new UserException("No project found with poid " + poid);
@@ -1311,6 +1318,9 @@ public SLongCheckinActionState checkinFromUrlSync(Long poid, String comment, Lon
Long topicId = initiateCheckin(poid, deserializerOid);
User user = (User) readOnlySession.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User '" + user.getName() + "' is read only and cannot checkin models to the project");
+ }
username = user.getName();
userUsername = user.getUsername();
@@ -1365,6 +1375,9 @@ public Long checkinFromUrlAsync(Long poid, String comment, Long deserializerOid,
Long topicId = initiateCheckin(poid, deserializerOid);
User user = (User) session.get(StorePackage.eINSTANCE.getUser(), getAuthorization().getUoid(), OldQuery.getDefault());
+ if (user.getUserType() == UserType.READ_ONLY) {
+ throw new UserException("User '" + user.getName() + "' is read only and cannot checkin models to the project");
+ }
username = user.getName();
userUsername = user.getUsername();
Path homeDirIncoming = getBimServer().getHomeDir().resolve("incoming");
@@ -1457,7 +1470,7 @@ public SUser addUser(String username, String name, SUserType type, Boolean selfR
if (selfRegistration) {
requireSelfregistrationAllowed();
} else if (!getBimServer().getServerSettingsCache().getServerSettings().getAllowSelfRegistration()) {
- requireRealUserAuthentication();
+ requireAdminAuthentication();
}
BimDatabaseAction action = new AddUserDatabaseAction(getBimServer(), session, getInternalAccessMethod(), username, name, getBimServer().getSConverter().convertFromSObject(type), getAuthorization(), selfRegistration,
resetUrl);
@@ -1476,7 +1489,7 @@ public SUser addUserWithPassword(String username, String password, String name,
if (selfRegistration) {
requireSelfregistrationAllowed();
} else if (!getBimServer().getServerSettingsCache().getServerSettings().getAllowSelfRegistration()) {
- requireRealUserAuthentication();
+ requireAdminAuthentication();
}
BimDatabaseAction action = new AddUserDatabaseAction(getBimServer(), session, getInternalAccessMethod(), username, password, name, getBimServer().getSConverter().convertFromSObject(type), getAuthorization(),
selfRegistration, resetUrl);
@@ -1539,7 +1552,7 @@ public List getAllCheckoutsOfProject(Long poid) throws ServerExceptio
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.READ_ONLY);
try {
- BimDatabaseAction> action = new GetAllCheckoutsOfProjectDatabaseAction(session, getInternalAccessMethod(), poid, false);
+ BimDatabaseAction> action = new GetAllCheckoutsOfProjectDatabaseAction(session, getInternalAccessMethod(), poid, false, getAuthorization());
List list = session.executeAndCommitAction(action);
Collections.sort(list, new CheckoutComparator());
return getBimServer().getSConverter().convertToSListCheckout(list);
@@ -1555,7 +1568,7 @@ public List getAllCheckoutsOfProjectAndSubProjects(Long poid) throws
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.READ_ONLY);
try {
- BimDatabaseAction> action = new GetAllCheckoutsOfProjectDatabaseAction(session, getInternalAccessMethod(), poid, true);
+ BimDatabaseAction> action = new GetAllCheckoutsOfProjectDatabaseAction(session, getInternalAccessMethod(), poid, true, getAuthorization());
List list = session.executeAndCommitAction(action);
Collections.sort(list, new CheckoutComparator());
return getBimServer().getSConverter().convertToSListCheckout(list);
@@ -1624,7 +1637,7 @@ public List getAllCheckoutsOfRevision(Long roid) throws ServerExcepti
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.READ_ONLY);
try {
- BimDatabaseAction> action = new GetAllCheckoutsOfRevisionDatabaseAction(session, getInternalAccessMethod(), roid);
+ BimDatabaseAction> action = new GetAllCheckoutsOfRevisionDatabaseAction(session, getInternalAccessMethod(), roid, getAuthorization());
List list = session.executeAndCommitAction(action);
Collections.sort(list, new CheckoutComparator());
return getBimServer().getSConverter().convertToSListCheckout(list);
@@ -1636,6 +1649,7 @@ public List getAllCheckoutsOfRevision(Long roid) throws ServerExcepti
}
public void cleanupLongAction(Long topicId) throws UserException, ServerException {
+ requireAuthentication();
getBimServer().getLongActionManager().remove(topicId);
}
@@ -1712,7 +1726,7 @@ public List getAvailableClasses() throws ServerException, UserException
@Override
public List getAllNonAuthorizedProjectsOfUser(Long uoid) throws ServerException, UserException {
- requireRealUserAuthentication();
+ requireAdminAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.READ_ONLY);
try {
BimDatabaseAction> action = new GetAllNonAuthorizedProjectsOfUserDatabaseAction(session, getInternalAccessMethod(), uoid);
@@ -1726,7 +1740,7 @@ public List getAllNonAuthorizedProjectsOfUser(Long uoid) throws Server
@Override
public SUser getUserByUserName(String username) throws ServerException, UserException {
- requireRealUserAuthentication();
+ requireAdminAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.READ_ONLY);
try {
BimDatabaseAction action = new GetUserByUserNameDatabaseAction(session, getInternalAccessMethod(), username);
@@ -1744,7 +1758,7 @@ public SUser getUserByUserName(String username) throws ServerException, UserExce
@Override
public Boolean undeleteUser(Long uoid) throws ServerException, UserException {
- requireRealUserAuthentication();
+ requireAdminAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
BimDatabaseAction action = new UndeleteUserDatabaseAction(getBimServer(), session, getInternalAccessMethod(), getAuthorization(), uoid);
@@ -1948,7 +1962,7 @@ public List getAllAuthorizedUsersOfProject(Long poid) throws ServerExcept
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.READ_ONLY);
try {
- BimDatabaseAction> action = new GetAllAuthorizedUsersOfProjectDatabaseAction(session, getInternalAccessMethod(), poid);
+ BimDatabaseAction> action = new GetAllAuthorizedUsersOfProjectDatabaseAction(session, getInternalAccessMethod(), poid, getAuthorization());
return new ArrayList(getBimServer().getSConverter().convertToSSetUser(session.executeAndCommitAction(action)));
} catch (Exception e) {
return handleException(e);
@@ -1976,7 +1990,7 @@ public void setRevisionTag(Long roid, String tag) throws ServerException, UserEx
requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
- BimDatabaseAction action = new SetRevisionTagDatabaseAction(session, getInternalAccessMethod(), roid, tag);
+ BimDatabaseAction action = new SetRevisionTagDatabaseAction(session, getInternalAccessMethod(), roid, tag, getAuthorization());
session.executeAndCommitAction(action);
} catch (Exception e) {
handleException(e);
@@ -2117,7 +2131,7 @@ public Long addExtendedDataSchema(SExtendedDataSchema extendedDataSchema) throws
@Override
public void addUserToExtendedDataSchema(Long uoid, Long edsid) throws ServerException, UserException {
- requireAuthenticationAndRunningServer();
+ requireAdminAuthenticationAndRunningServer();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
BimDatabaseAction action = new AddUserToExtendedDataSchemaDatabaseAction(session, getInternalAccessMethod(), uoid, edsid);
@@ -2131,7 +2145,7 @@ public void addUserToExtendedDataSchema(Long uoid, Long edsid) throws ServerExce
@Override
public void removeUserFromExtendedDataSchema(Long uoid, Long edsid) throws ServerException, UserException {
- requireAuthenticationAndRunningServer();
+ requireAdminAuthenticationAndRunningServer();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
BimDatabaseAction action = new RemoveUserFromExtendedDataSchemaDatabaseAction(session, getInternalAccessMethod(), uoid, edsid);
@@ -2402,7 +2416,7 @@ public Long addServiceToProject(Long poid, org.bimserver.interfaces.objects.SSer
@Override
public void deleteService(Long oid) throws ServerException, UserException {
- requireRealUserAuthentication();
+ requireAdminAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
BimDatabaseAction action = new DeleteServiceDatabaseAction(session, getInternalAccessMethod(), oid);
@@ -2500,6 +2514,7 @@ public SExtendedDataSchema getExtendedDataSchemaFromRepository(String namespace)
@Override
public SFile getFile(Long fileId) throws ServerException, UserException {
+ requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.READ_ONLY);
try {
org.bimserver.models.store.File file = (org.bimserver.models.store.File) session.get(StorePackage.eINSTANCE.getFile(), fileId, OldQuery.getDefault());
@@ -2513,6 +2528,7 @@ public SFile getFile(Long fileId) throws ServerException, UserException {
@Override
public SFile getFileMeta(Long fileId) throws ServerException, UserException {
+ requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.READ_ONLY);
try {
org.bimserver.models.store.File file = (org.bimserver.models.store.File) session.get(StorePackage.eINSTANCE.getFile(), fileId, OldQuery.getDefault());
@@ -2731,6 +2747,7 @@ public SUserSettings getUserSettings() throws ServerException, UserException {
@Override
public List getAllRelatedProjects(Long poid) throws ServerException, UserException {
+ requireRealUserAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.READ_ONLY);
try {
GetAllRelatedProjectsDatabaseAction action = new GetAllRelatedProjectsDatabaseAction(getBimServer(), session, getAuthorization(), getInternalAccessMethod(), poid);
@@ -2744,6 +2761,7 @@ public List getAllRelatedProjects(Long poid) throws ServerExcepti
@Override
public List getUserRelatedLogs(Long uoid) throws ServerException, UserException {
+ requireAdminAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.READ_ONLY);
try {
List logActions = new ArrayList();
diff --git a/BimServer/src/org/bimserver/webservices/impl/SettingsServiceImpl.java b/BimServer/src/org/bimserver/webservices/impl/SettingsServiceImpl.java
index b83d274a2c..02e5917b94 100644
--- a/BimServer/src/org/bimserver/webservices/impl/SettingsServiceImpl.java
+++ b/BimServer/src/org/bimserver/webservices/impl/SettingsServiceImpl.java
@@ -185,6 +185,7 @@ public void set(ServerSettings serverSettings) {
@Override
public Boolean isAllowSelfRegistration() throws ServerException, UserException {
+ requireAuthentication();
return getBimServer().getServerSettingsCache().getServerSettings().getAllowSelfRegistration();
}
@@ -365,6 +366,7 @@ public void set(ServerSettings serverSettings) {
@Override
public SServerSettings getServerSettings() throws ServerException, UserException {
+ requireAuthentication();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.READ_ONLY);
try {
IfcModelInterface allOfType = session.getAllOfType(StorePackage.eINSTANCE.getServerSettings(), OldQuery.getDefault());
@@ -378,6 +380,7 @@ public SServerSettings getServerSettings() throws ServerException, UserException
@Override
public void setWhiteListedDomains(final List domains) throws ServerException, UserException {
+ requireAdminAuthenticationAndRunningServer();
DatabaseSession session = getBimServer().getDatabase().createSession(OperationType.POSSIBLY_WRITE);
try {
SetServerSettingDatabaseAction action = new SetServerSettingDatabaseAction(getBimServer(), session, getInternalAccessMethod(), new ServerSettingsSetter() {