4944 permission service bean cleanup #4998
Conversation
…b.com/IQSS/dataverse into 2122-querying-root-dataverse-contents
…now have their groupProvider set up properly
…ent, or even no statements at all, when the closure seed is empty
| } catch (CommandException cex) { | ||
| logger.warning("Problem getting rsync script (Command Exception): " + cex.getLocalizedMessage()); | ||
| logger.warning(()->"Problem getting rsync script (Command Exception): " + cex.getLocalizedMessage()); |
There was a problem hiding this comment.
What do these changes do? It looks like it just creates clutter by adding anonymous functions. Is there a benefit?
There was a problem hiding this comment.
There's a huge benefit in not creating the string unless it's actually going to be logged. Note that creating strings requires O(n) time and contiguous space, which means that the memory management and garbage collector have to work harder.
NetBeans actually displays a warning and offers an auto-fix when you use the previous version.
| @@ -109,14 +106,14 @@ public MapLayerMetadata findMetadataByDatafile(DataFile datafile){ | |||
| First check if the given user has permission to edit this data. | |||
|
|
|||
| */ | |||
| public boolean deleteMapLayerMetadataObject(MapLayerMetadata mapLayerMetadata, User user){ | |||
| public boolean deleteMapLayerMetadataObject(MapLayerMetadata mapLayerMetadata, DataverseRequest req){ | |||
There was a problem hiding this comment.
Should this use @notnull? It will create compile time warnings if someone tries to pass null in.
There was a problem hiding this comment.
The change I made in this method was replacing the user with the request, so that it uses the updated permission check system.
Adding @notNull would change the method behavior, so I suggest not adding it now, as it is not in scope, and would require additional testing (Also, the null -> false semantics might make sense).
There are other problems in this method (e.g. ignored result on line 121), but, again, not in scope for issue.
| .filter( Permission::requiresAuthenticatedUser ) | ||
| .collect( Collectors.toList() )); | ||
|
|
||
| EnumSet.copyOf(Arrays.asList(Permission.values()).stream() |
There was a problem hiding this comment.
Because we want the actual Set object to be an EnumSet, not just any set. This means set operations are done over bit of a long value, rather than over objects. Happy to change the method used, but I think that's the only one that does that.
|
|
||
| /** | ||
| * A request-level permission query (e.g includes IP groups). These queries | ||
| * form a DSL for querying permissions, in a way that's hopefully more |
There was a problem hiding this comment.
Domain Specific Language. Updated the docs.
| private StaticPermissionQuery(RoleAssignee user, DvObject subject) { | ||
| this.subject = subject; | ||
| this.user = user; | ||
| public RequestPermissionQuery on(DvObject d) { |
| * @param ipc Callback, called if there are insufficient permissions for the passed command. | ||
| * @return {@code true} iff the command will not be blocked due to permission issues. | ||
| */ | ||
| boolean isPermitted(Command aCommand, InsufficientPermissionCallback ipc) { |
There was a problem hiding this comment.
Does anything use this anymore? If not, we should remove.
There was a problem hiding this comment.
Yes, used twice (engine and internally in the bean).
| @@ -46,6 +38,18 @@ | |||
| */ | |||
| public Set<T> groupsFor( RoleAssignee ra, DvObject dvo ); | |||
There was a problem hiding this comment.
Can This go away now?
There was a problem hiding this comment.
No. It's in use by the GroupServiceBean.
| */ | ||
| public Set<T> groupsFor( DataverseRequest req, DvObject dvo ); | ||
|
|
||
| public Set<T> groupsFor( RoleAssignee ra); |
There was a problem hiding this comment.
No, it's used to get membership in groups that are not defined at a DvObject (e.g. AllUsers, AuthenticatedUsers, groups coming from shib, IP groups).
| @@ -184,7 +187,7 @@ public RequestPermissionQuery on(DvObject dvo) { | |||
| * @param d the object on which the permissions will be queried | |||
| * @return A permission query | |||
| */ | |||
| public RequestPermissionQuery on(DvObject d) { | |||
| public RequestPermissionQuery on( @NotNull DvObject d) { | |||
| if (d == null) { | |||
There was a problem hiding this comment.
d isn't null. that's why to NotNull it
There was a problem hiding this comment.
Ideally, yes. But as far as I can tell, you still need to do runtime validation in regular Java (i.e. not using Lombok et al). See https://blogs.oracle.com/java-platform-group/java-8s-new-type-annotations (scroll down to the section "Optional Type Annotations are not a substitute for runtime validation").
It may generate compiler warnings (https://www.jetbrains.com/help/idea/nullable-and-notnull-annotations.html), but as long as there are no errors from standard javac, we have to do the check.
That said, I'll be very happy to see an official document saying we can remove that check :-)
There was a problem hiding this comment.
It does say that "Your code should still perform runtime validation", but on the other hand, maven and any ide will not allow it to compile, at which point I feel like we should not have runtime checking for something we already check at compile time. It would be like testing isinstance every time we use generics because java's generics are broken
There was a problem hiding this comment.
Dunno. This compiles on my machine with warning only:
public static void main(String[] args) {
new PermissionServiceBean().on(null);
}
(leaving the Java generics part for the next time we meet 😄)
…bean) that was in the original, "Oscar" branch, but not in the cleanup branch. (#4944)
|
@michbarsinai there are a fair number of merge conflicts. |
|
Can one of the admins verify this patch? |
|
This pull request is over a year old (currently our oldest pull request), has lots of merge conflicts, and hasn't seen any activity lately. Closing. |
Related Issues
Pull Request Checklist