Ticket #977 (closed Defect: worksforme)

Opened 5 years ago

Last modified 5 years ago

adapting dm4-geospatial to 4.7: catching the AccessControlException

Reported by: Malte Owned by: Malte
Priority: Major Milestone: Release 4.8.1
Component: 3rd Party Plugins Version: 4.7
Keywords: Cc: jri
Complexity: 3 Area:
Module:

Description

I would be glad if someone could review the following patch in the dm4-geospatial module for me. It needs to be adapted if, e.g. the topic index in the spatial layer is not accessible for the request/user.

https://github.com/mukil/dm4-geospatial/commit/a3e6fc1aef0e691061b0cf725c0f0a883f90b311

I was wondering why i must catch a RuntimeException? and cannot directly catch an AccessControlException?. Is this the way it must or should be? If there is a way to implement this better i would be happy if someone could point me in the right direction.

Thanks for your help!

Change History

comment:1 Changed 5 years ago by jri

When an error occurs in dm4.getTopic(id) the CoreService wraps the cause exception in a generic "Fetching topic failed" runtime exception. That's why you must catch RuntimeException.

To detect a nested AccessControlException (at any level) within another exception you could use this helper method (copied from Core util's UniversalExceptionMapper):

import de.deepamehta.core.service.accesscontrol.AccessControlException;

boolean hasNestedAccessControlException(Throwable e) {
    while (e != null) {
        if (e instanceof AccessControlException) {
            return true;
        }
        e = e.getCause();
    }
    return false;
}

Instead of catching you could avoid throwing the exception in the first place by checking if the user has READ permission:

import de.deepamehta.core.service.accesscontrol.Operation;

boolean allowed = dm4.getAccessControl().hasPermission(username, Operation.READ, topicId)

To get the username of the logged in user you can use the standard AccessControlService.

@Inject AccessControlService ac;

String username = ac.getUsername();

comment:2 Changed 5 years ago by jri

Normally a developer is not supposed to deal with AccessControlExceptions.
So I would suggest the 2nd approach (check permission) as it is more "high-level".

comment:3 Changed 5 years ago by Malte

  • Status changed from new to closed
  • Resolution set to worksforme

Thanks for your help, i could realize the 2nd approach for the dm4-geospatial module.

Normally a developer is not supposed to deal with AccessControlExceptions?.

Another case is, if one wants to reuse an existing topic, that exists, but the requesting user has no permission to read it the following would throw an AccessControlException:

dm4.getTopicByValue("dm4.webbrowser.url", new SimpleValue(value.trim()));

Currently the plugin developer would need to expect an AccessControlException, am i correct?

comment:4 Changed 5 years ago by jri

Yes, you're right. If you don't have a topic ID (or workspace ID) at hand you can't check the permission in advance.
Note that the AccessControlException is wrapped in a generic "Fetching topic failed" runtime exception.

Last edited 5 years ago by jri (previous) (diff)
Note: See TracTickets for help on using tickets.