dsp-api
dsp-api copied to clipboard
dasch-swiss
Can set abnormal permissions on resource creation
We can send these permissions CR knora-admin:Creator|RV knora-admin:Creator to Knora API v2 when we create a permissions:
{
"@type": "anything:Thing",
"knora-api:attachedToProject": {
"@id": "http://rdfh.ch/projects/0001"
},
"knora-api:hasPermissions": "CR knora-admin:Creator|RV knora-admin:Creator",
"rdfs:label": "test",
"@context": {
"rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#",
"knora-api": "http://api.knora.org/ontology/knora-api/v2#",
"rdfs": "http://www.w3.org/2000/01/rdf-schema#",
"xsd": "http://www.w3.org/2001/XMLSchema#",
"anything": "http://0.0.0.0:3333/ontology/0001/anything/v2#"
}
}
When we get the resource, same perms are returned. Didn't check if permissions are consistent or not...
@benjamingeer I don't know if during resource creation the permission string is simply stored as is, or if it is transformed into a scala object first?
It's validated and reformatted:
https://github.com/dhlab-basel/Knora/blob/develop/webapi/src/main/scala/org/knora/webapi/responders/v2/ResourcesResponderV2.scala#L512
PermissionUtilADM.validatePermissions() does some validation, converts the string to a Set[PermissionADM], then calls PermissionUtilADM.formatPermissionADMs() to reformat the permissions for consistency. To be honest, I've always had trouble understanding formatPermissionADMs. Could you possibly add something to that method to check for this issue?
@benjamingeer @subotic I found one more time this bug by chance that leads to no longer can query some resources any more (InconsistentTriplestoreDataException).
You should maybe plan it for next releases?
webapi_1 | 2019-10-09 09:21:44 | ERROR | Dispatcher | invalid permission literal: image2
webapi_1 | org.knora.webapi.InconsistentTriplestoreDataException: invalid permission literal: image2
webapi_1 | at org.knora.webapi.util.PermissionUtilADM$.$anonfun$parsePermissions$default$2$1(PermissionUtilADM.scala:434)
webapi_1 | at org.knora.webapi.util.PermissionUtilADM$.$anonfun$parsePermissions$1(PermissionUtilADM.scala:442)
webapi_1 | at scala.collection.TraversableLike.$anonfun$map$1(TraversableLike.scala:237)
webapi_1 | at scala.collection.IndexedSeqOptimized.foreach(IndexedSeqOptimized.scala:36)
webapi_1 | at scala.collection.IndexedSeqOptimized.foreach$(IndexedSeqOptimized.scala:33)
webapi_1 | at scala.collection.mutable.WrappedArray.foreach(WrappedArray.scala:39)
webapi_1 | at scala.collection.TraversableLike.map(TraversableLike.scala:237)
webapi_1 | at scala.collection.TraversableLike.map$(TraversableLike.scala:230)
webapi_1 | at scala.collection.AbstractTraversable.map(Traversable.scala:108)
webapi_1 | at org.knora.webapi.util.PermissionUtilADM$.parsePermissions(PermissionUtilADM.scala:437)
webapi_1 | at org.knora.webapi.util.PermissionUtilADM$.getUserPermissionADM(PermissionUtilADM.scala:251)
webapi_1 | at org.knora.webapi.util.PermissionUtilADM$.getUserPermissionFromAssertionsADM(PermissionUtilADM.scala:422)
webapi_1 | at org.knora.webapi.util.PermissionUtilADM$.getUserPermissionFromConstructAssertionsADM(PermissionUtilADM.scala:389)
webapi_1 | at org.knora.webapi.util.ConstructResponseUtilV2$.$anonfun$splitMainResourcesAndValueRdfData$4(ConstructResponseUtilV2.scala:324)
webapi_1 | at scala.collection.TraversableLike.$anonfun$map$1(TraversableLike.scala:237)
webapi_1 | at scala.collection.immutable.HashMap$HashMap1.foreach(HashMap.scala:234)
webapi_1 | at scala.collection.immutable.HashMap$HashTrieMap.foreach(HashMap.scala:465)
webapi_1 | at scala.collection.TraversableLike.map(TraversableLike.scala:237)
webapi_1 | at scala.collection.TraversableLike.map$(TraversableLike.scala:230)
webapi_1 | at scala.collection.AbstractTraversable.map(Traversable.scala:108)
webapi_1 | at org.knora.webapi.util.ConstructResponseUtilV2$.splitMainResourcesAndValueRdfData(ConstructResponseUtilV2.scala:322)
webapi_1 | at org.knora.webapi.responders.v2.search.MainQueryResultProcessor$.getMainQueryResultsWithFullGraphPattern(MainQueryResultProcessor.scala:221)
webapi_1 | at org.knora.webapi.responders.v2.SearchResponderV2.$anonfun$gravsearchV2$13(SearchResponderV2.scala:539)
webapi_1 | at scala.util.Success.$anonfun$map$1(Try.scala:255)
webapi_1 | at scala.util.Success.map(Try.scala:213)
webapi_1 | at scala.concurrent.Future.$anonfun$map$1(Future.scala:292)
webapi_1 | at scala.concurrent.impl.Promise.liftedTree1$1(Promise.scala:33)
webapi_1 | at scala.concurrent.impl.Promise.$anonfun$transform$1(Promise.scala:33)
webapi_1 | at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
webapi_1 | at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
webapi_1 | at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91)
webapi_1 | at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
webapi_1 | at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:85)
webapi_1 | at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:91)
webapi_1 | at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:40)
webapi_1 | at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:44)
webapi_1 | at akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
webapi_1 | at akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
webapi_1 | at akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
webapi_1 | at akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
webapi_1 | 2019-10-09 09:21:44 | ERROR | KnoraExceptionHandler$ | Unable to run route /v2/searchextended