[Fixes #9583] Unadvertised resources

doc/sql/002_create_schema_oracle.sql

@@ -26,6 +26,7 @@
         metadata varchar2(4000 char),
         name varchar2(255 char) not null,
         category_id number(19,0) not null,
+        advertised bool not null default true,
         primary key (id),
         unique (name)
     );

doc/sql/002_create_schema_postgres.sql

@@ -41,6 +41,7 @@ psql -U geostore_test -d geostore -f 002_create_schema_postgres.sql
         metadata varchar(30000),
         name varchar(255) not null,
         category_id int8 not null,
+        advertised bool not null default true,
         primary key (id),
         unique (name)
     );

doc/sql/migration/h2/h2-migration-from-v.1.5.0-to-v2.0.0 → doc/sql/migration/h2/h2-migration-from-v.1.5.0-to-v2.0.0.sql

@@ -13,4 +13,4 @@ create index idx_user_group_attr_text on gs_user_group_attribute (string);
 
 create index idx_attr_user_group on gs_user_group_attribute (userGroup_id);
 
-alter table gs_user_group_attribute add constraint fk_ugattrib_user_group foreign key (userGroup_id) references gs_usergroup;
+alter table gs_user_group_attribute add constraint fk_ugattrib_user_group foreign key (userGroup_id) references gs_usergroup;

doc/sql/migration/h2/h2-migration-from-v.2.0.0-to-v2.1.0.sql

@@ -0,0 +1 @@
+alter table gs_resource add column advertised bool not null default true;

doc/sql/migration/oracle/oracle-migration-from-v.1.5.0-to-v2.0.0 → doc/sql/migration/oracle/oracle-migration-from-v.1.5.0-to-v2.0.0.sql

@@ -14,4 +14,4 @@ create index idx_user_group_attr_text on gs_user_group_attribute (string);
 
 create index idx_attr_user_group on gs_user_group_attribute (userGroup_id);
 
-alter table gs_user_group_attribute add constraint fk_ugattrib_user_group foreign key (userGroup_id) references gs_usergroup;
+alter table gs_user_group_attribute add constraint fk_ugattrib_user_group foreign key (userGroup_id) references gs_usergroup;

doc/sql/migration/oracle/oracle-migration-from-v.2.0.0-to-v2.1.0.sql

@@ -0,0 +1 @@
+alter table gs_resource add column advertised bool not null default true;

doc/sql/migration/postgresql/postgresql-migration-from-v.2.0.0-to-v2.1.0.sql

@@ -0,0 +1 @@
+alter table gs_resource add column advertised bool not null default true;

src/core/model/src/main/java/it/geosolutions/geostore/core/model/Resource.java

@@ -68,6 +68,7 @@
         @Index(name = "idx_resource_creation", columnList = "creation"),
         @Index(name = "idx_resource_update", columnList = "lastUpdate"),
         @Index(name = "idx_resource_metadata", columnList = "metadata"),
+        @Index(name = "idx_resource_advertised", columnList = "advertised"),
         @Index(name = "idx_resource_category", columnList = "category_id")
 })
 // @Cache(usage = CacheConcurrencyStrategy.READ_WRITE, region = "gs_resource")
@@ -94,6 +95,9 @@ public class Resource implements Serializable, CycleRecoverable {
     @Temporal(TemporalType.TIMESTAMP)
     private Date lastUpdate;
 
+    @Column(nullable = true, updatable = true, columnDefinition = "bool default true")
+    private Boolean advertised = true;
+
     @Column(nullable = true, updatable = true, length = 30000)
     private String metadata;
 
@@ -183,6 +187,20 @@ public void setLastUpdate(Date lastUpdate) {
         this.lastUpdate = lastUpdate;
     }
 
+    /**
+     * @return the advertised
+     */
+    public Boolean isAdvertised() {
+        return advertised;
+    }
+
+    /**
+     * @param advertised the advertised to set
+     */
+    public void setAdvertised(Boolean advertised) {
+        this.advertised = advertised;
+    }
+
     /**
      * @return the metadata
      */
@@ -303,6 +321,11 @@ public String toString() {
             builder.append("category=").append(category.toString());
         }
 
+        if (advertised != null) {
+            builder.append(", ");
+            builder.append("advertised=").append(advertised);
+        }
+
         builder.append(']');
 
         return builder.toString();
@@ -325,6 +348,7 @@ public int hashCode() {
         result = (prime * result) + ((metadata == null) ? 0 : metadata.hashCode());
         result = (prime * result) + ((name == null) ? 0 : name.hashCode());
         result = (prime * result) + ((security == null) ? 0 : security.hashCode());
+        result = (prime * result) + ((advertised == null) ? 0 : advertised.hashCode());
 
         return result;
     }
@@ -394,6 +418,13 @@ public boolean equals(Object obj) {
         } else if (!lastUpdate.equals(other.lastUpdate)) {
             return false;
         }
+        if (advertised == null) {
+            if (other.advertised != null) {
+                return false;
+            }
+        } else if (!advertised.equals(other.advertised)) {
+            return false;
+        }
         if (metadata == null) {
             if (other.metadata != null) {
                 return false;
@@ -428,6 +459,7 @@ public Object onCycleDetected(Context arg0) {
         r.setCreation(this.creation);
         r.setDescription(this.description);
         r.setLastUpdate(this.lastUpdate);
+        r.setAdvertised(this.advertised);
         r.setMetadata(this.metadata);
         r.setName(this.name);
         r.setAttribute(null);

src/core/persistence/src/main/java/it/geosolutions/geostore/core/dao/SecurityDAO.java

@@ -35,7 +35,12 @@ public interface SecurityDAO extends RestrictedGenericDAO<SecurityRule> {
      * Add security filtering in order to filter out resources the user has not read access to
      */
     void addReadSecurityConstraints(Search searchCriteria, User user);
-
+
+    /**
+     * Add security filtering in order to filter out resources hidden the user
+     */
+    void addAdvertisedSecurityConstraints(Search searchCriteria, User user);
+
     /**
      * @param userName
      * @param resourceId

src/core/persistence/src/main/java/it/geosolutions/geostore/core/dao/impl/SecurityDAOImpl.java

@@ -135,24 +135,81 @@ public void addReadSecurityConstraints(Search searchCriteria, User user)
             return;
         }
 
+        // User filtering based on user and groups
         Filter userFiltering = Filter.equal("user.name", user.getName());
 
-        if(! user.getGroups().isEmpty()) {
+        // Combine owner and advertisedFilter using OR
+        /**
+         * The user is the owner of the resource or the resource is advertised.
+         */
+        Filter advertisedFiltering = Filter.or(
+                Filter.equal("user.name", user.getName()),
+                Filter.equal("resource.advertised", true));
+
+        if(user.getGroups() != null && !user.getGroups().isEmpty()) {
             List<Long> groupsId = new ArrayList<>();
             for (UserGroup group : user.getGroups()) {
                 groupsId.add(group.getId());
             }
 
-            userFiltering = Filter.or( userFiltering, Filter.in("group.id", groupsId));
+            /* userFiltering = Filter.and(
+                    advertisedFiltering,
+                    Filter.or(userFiltering, Filter.in("group.id", groupsId))
+            ); */
+            userFiltering = Filter.or(userFiltering, Filter.in("group.id", groupsId));
+        }
+
+        Filter securityFilter = Filter.some(
+            "security",
+            Filter.and(
+                    Filter.equal("canRead", true),
+                    userFiltering
+            )
+        );
+
+        searchCriteria.addFilter(securityFilter);
+    }
+
+    /**
+     * Add security filtering in order to filter out resources hidden the user
+     */
+    public void addAdvertisedSecurityConstraints(Search searchCriteria, User user)
+    {
+        // no further constraints for admin user
+        if(user.getRole() == Role.ADMIN) {
+            return;
+        }
+
+        // User filtering based on user and groups
+        Filter userFiltering = Filter.equal("user.name", user.getName());
+
+        // Combine owner and advertisedFilter using OR
+        /**
+         * The user is the owner of the resource or the resource is advertised.
+         */
+        Filter advertisedFiltering = Filter.or(
+                Filter.equal("user.name", user.getName()),
+                Filter.equal("resource.advertised", true));
+
+        if(user.getGroups() != null && !user.getGroups().isEmpty()) {
+            List<Long> groupsId = new ArrayList<>();
+            for (UserGroup group : user.getGroups()) {
+                groupsId.add(group.getId());
+            }
+
+            userFiltering = Filter.and(
+                    advertisedFiltering,
+                    Filter.or(userFiltering, Filter.in("group.id", groupsId))
+            );
         }
 
         Filter securityFilter = Filter.some(
                 "security",
                 Filter.and(
                         Filter.equal("canRead", true),
                         userFiltering
-                        )
-                );
+                )
+        );
 
         searchCriteria.addFilter(securityFilter);
     }
@@ -172,7 +229,7 @@ public List<SecurityRule> findUserSecurityRule(String userName, long resourceId)
         searchCriteria.addFilter(securityFilter);
         // now rules are not properly filtered. 
         // so no user rules have to be removed externally (see RESTServiceImpl > ResourceServiceImpl)
-        // TODO: apply same worakaround of findGroupSecurityRule or fix searchCriteria issue (when this unit is well tested).
+        // TODO: apply same workaround of findGroupSecurityRule or fix searchCriteria issue (when this unit is well tested).
         return super.search(searchCriteria);
     }
 
@@ -214,6 +271,5 @@ public UserGroupDAO getUserGroupDAO() {
     public void setUserGroupDAO(UserGroupDAO userGroupDAO) {
         this.userGroupDAO = userGroupDAO;
     }
-
-
+
 }

src/core/services-api/src/main/java/it/geosolutions/geostore/services/ResourceService.java

@@ -208,8 +208,7 @@ public List<Resource> getResourcesFull(SearchFilter filter, User authUser)
 
     /**
      * Returns the list of security rules for the resource.
-     * 
-     * @param resources
+     * @param id
      * @return
      */
     public List<SecurityRule> getSecurityRules(long id)
@@ -243,7 +242,7 @@ long getCountByFilterAndUser(SearchFilter filter, User user)
             throws BadRequestServiceEx, InternalErrorServiceEx;
 
     /**
-     * Get filter count by namerLike and user
+     * Get filter count by nameLike and user
      * @param nameLike
      * @param user
      * @return resources' count that the user has access
@@ -256,6 +255,4 @@ long getCountByFilterAndUser(String nameLike, User user)
 
     long insertAttribute(long id, String name, String value, DataType type)
         throws InternalErrorServiceEx;
-
-
 }

src/core/services-api/src/main/java/it/geosolutions/geostore/services/dto/ShortResource.java

@@ -60,6 +60,8 @@ public class ShortResource implements Serializable {
 
     private boolean canDelete = false;
 
+    private boolean advertised = true;
+
     public ShortResource() {
 
     }
@@ -73,6 +75,7 @@ public ShortResource(Resource resource) {
         this.creation = resource.getCreation();
         this.description = resource.getDescription();
         this.lastUpdate = resource.getLastUpdate();
+        this.advertised = resource.isAdvertised();
     }
 
     /**
@@ -173,6 +176,20 @@ public void setCanDelete(boolean canDelete) {
         this.canDelete = canDelete;
     }
 
+    /**
+     * @return the advertised
+     */
+    public Boolean isAdvertised() {
+        return advertised;
+    }
+
+    /**
+     * @param advertised the advertised to set
+     */
+    public void setAdvertised(Boolean advertised) {
+        this.advertised = advertised;
+    }
+
     /*
      * (non-Javadoc)
      * 
@@ -201,6 +218,9 @@ public String toString() {
         if (canDelete)
             builder.append("canDelete=").append(canDelete);
 
+        if (advertised)
+            builder.append("advertised=").append(advertised);
+
         builder.append(']');
         return builder.toString();
     }