-
Notifications
You must be signed in to change notification settings - Fork 486
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
4944 permission service bean cleanup #4998
Conversation
…b.com/IQSS/dataverse into 2122-querying-root-dataverse-contents
…now have their groupProvider set up properly
…ent, or even no statements at all, when the closure seed is empty
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall this looks great, The removal of 3000 lines of redundancy is quite nice. Some NotNull macros might clean stuff up a bit, and I think we can simplify groupservice bean with this, but I'll leave that up to you.
} catch (CommandException cex) { | ||
logger.warning("Problem getting rsync script (Command Exception): " + cex.getLocalizedMessage()); | ||
logger.warning(()->"Problem getting rsync script (Command Exception): " + cex.getLocalizedMessage()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do these changes do? It looks like it just creates clutter by adding anonymous functions. Is there a benefit?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's a huge benefit in not creating the string unless it's actually going to be logged. Note that creating strings requires O(n) time and contiguous space, which means that the memory management and garbage collector have to work harder.
NetBeans actually displays a warning and offers an auto-fix when you use the previous version.
@@ -109,14 +106,14 @@ public MapLayerMetadata findMetadataByDatafile(DataFile datafile){ | |||
First check if the given user has permission to edit this data. | |||
|
|||
*/ | |||
public boolean deleteMapLayerMetadataObject(MapLayerMetadata mapLayerMetadata, User user){ | |||
public boolean deleteMapLayerMetadataObject(MapLayerMetadata mapLayerMetadata, DataverseRequest req){ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this use @notnull
? It will create compile time warnings if someone tries to pass null in.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The change I made in this method was replacing the user with the request, so that it uses the updated permission check system.
Adding @notNull
would change the method behavior, so I suggest not adding it now, as it is not in scope, and would require additional testing (Also, the null
-> false
semantics might make sense).
There are other problems in this method (e.g. ignored result on line 121), but, again, not in scope for issue.
.filter( Permission::requiresAuthenticatedUser ) | ||
.collect( Collectors.toList() )); | ||
|
||
EnumSet.copyOf(Arrays.asList(Permission.values()).stream() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why copy?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because we want the actual Set
object to be an EnumSet
, not just any set. This means set operations are done over bit of a long
value, rather than over objects. Happy to change the method used, but I think that's the only one that does that.
|
||
/** | ||
* A request-level permission query (e.g includes IP groups). These queries | ||
* form a DSL for querying permissions, in a way that's hopefully more |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's a DSL?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Domain Specific Language. Updated the docs.
private StaticPermissionQuery(RoleAssignee user, DvObject subject) { | ||
this.subject = subject; | ||
this.user = user; | ||
public RequestPermissionQuery on(DvObject d) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use @notnull
here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added
* @param ipc Callback, called if there are insufficient permissions for the passed command. | ||
* @return {@code true} iff the command will not be blocked due to permission issues. | ||
*/ | ||
boolean isPermitted(Command aCommand, InsufficientPermissionCallback ipc) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does anything use this anymore? If not, we should remove.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, used twice (engine and internally in the bean).
@@ -46,6 +38,18 @@ | |||
*/ | |||
public Set<T> groupsFor( RoleAssignee ra, DvObject dvo ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can This go away now?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No. It's in use by the GroupServiceBean.
*/ | ||
public Set<T> groupsFor( DataverseRequest req, DvObject dvo ); | ||
|
||
public Set<T> groupsFor( RoleAssignee ra); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And This?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, it's used to get membership in groups that are not defined at a DvObject
(e.g. AllUsers
, AuthenticatedUsers
, groups coming from shib, IP groups).
@@ -184,7 +187,7 @@ public RequestPermissionQuery on(DvObject dvo) { | |||
* @param d the object on which the permissions will be queried | |||
* @return A permission query | |||
*/ | |||
public RequestPermissionQuery on(DvObject d) { | |||
public RequestPermissionQuery on( @NotNull DvObject d) { | |||
if (d == null) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
d
isn't null. that's why to NotNull
it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ideally, yes. But as far as I can tell, you still need to do runtime validation in regular Java (i.e. not using Lombok et al). See https://blogs.oracle.com/java-platform-group/java-8s-new-type-annotations (scroll down to the section "Optional Type Annotations are not a substitute for runtime validation").
It may generate compiler warnings (https://www.jetbrains.com/help/idea/nullable-and-notnull-annotations.html), but as long as there are no errors from standard javac
, we have to do the check.
That said, I'll be very happy to see an official document saying we can remove that check :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It does say that "Your code should still perform runtime validation", but on the other hand, maven and any ide will not allow it to compile, at which point I feel like we should not have runtime checking for something we already check at compile time. It would be like testing isinstance every time we use generics because java's generics are broken
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Dunno. This compiles on my machine with warning only:
public static void main(String[] args) {
new PermissionServiceBean().on(null);
}
(leaving the Java generics part for the next time we meet 😄)
…bean) that was in the original, "Oscar" branch, but not in the cleanup branch. (#4944)
@michbarsinai there are a fair number of merge conflicts. |
Can one of the admins verify this patch? |
This pull request is over a year old (currently our oldest pull request), has lots of merge conflicts, and hasn't seen any activity lately. Closing. |
Related Issues
Pull Request Checklist