Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

improve OpenSearch permission logic #940

Merged
merged 29 commits into from
Dec 18, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
1661acd
publicness on encounter/index; catch index-busting exception
naknomum Dec 11, 2024
d409db2
take 1 of N for offloading permissions indexing
naknomum Dec 12, 2024
238059e
take 2: iterate over encounters
naknomum Dec 12, 2024
0378361
base.opensearchUpdate() and friends
naknomum Dec 12, 2024
c038cc9
actually update index documents woohoo
naknomum Dec 12, 2024
4f74818
take1 at improved search permission query
naknomum Dec 12, 2024
0b40acf
[#779] catch bad lat/lon; catch index exceptions; startNum on opensea…
naknomum Dec 12, 2024
3f75d2e
take1 of actual permissions backgroundness
naknomum Dec 12, 2024
a8d28d8
setPermissionsNeeded() in a few places to start
naknomum Dec 13, 2024
8ef476b
submitterUserId in index; smarter viewUsers perm logic; alpha new per…
naknomum Dec 13, 2024
89368c2
userIdsWithViewAccess() no longer abstract on base class, used only f…
naknomum Dec 16, 2024
0e75166
resolve conflicts
naknomum Dec 16, 2024
091a3e3
linting
naknomum Dec 16, 2024
e28aa36
tweaks post-commit
naknomum Dec 16, 2024
ae40133
set these values via properties, now that we have that option
naknomum Dec 16, 2024
9e1deb5
throw exception rather than be forgiving when adding permissions to q…
naknomum Dec 16, 2024
6e75953
resolve conflicts
naknomum Dec 16, 2024
9742308
use the newly available Boolean SystemValue
naknomum Dec 16, 2024
61c8db1
Merge branch 'main' into 785_improve_search_permission_logic
naknomum Dec 16, 2024
ad98174
little more info
naknomum Dec 17, 2024
ea7014c
enc.modified is nice to index
naknomum Dec 17, 2024
1fc60be
name change for clarity
naknomum Dec 17, 2024
9799625
use raw sql instead of Encounter objects, for speed; also some debugg…
naknomum Dec 17, 2024
5a4e4d0
try/catch safety
naknomum Dec 17, 2024
9524b0e
shepherd-less flavor
naknomum Dec 17, 2024
b169ece
collab persistence triggers permissionsNeeded
naknomum Dec 17, 2024
ce8d810
attempt to handle the case where Encounter is first created (so cant …
naknomum Dec 18, 2024
1d06bb8
add a couple try/catch to opensearchIndexPermissions()
naknomum Dec 18, 2024
fa16a54
close query in finally
naknomum Dec 18, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions config/indices.sql
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,14 @@
-- UGH, i guess _IDX (in caps!) should be what we standardize on. that is what datanucleus does.
-- to make matters worse, we have some places we named them explicitely in package.jdo (but those should fix themselves?)

BEGIN;

CREATE INDEX IF NOT EXISTS "MEDIAASSET_PARENTID_idx" ON "MEDIAASSET" ("PARENTID");
CREATE INDEX IF NOT EXISTS "MEDIAASSET_HASHCODE_idx" ON "MEDIAASSET" ("HASHCODE");

CREATE INDEX IF NOT EXISTS "ENCOUNTER_LOCATIONID_idx" ON "ENCOUNTER" ("LOCATIONID");
CREATE INDEX IF NOT EXISTS "ENCOUNTER_STATE_idx" ON "ENCOUNTER" ("STATE");
CREATE INDEX IF NOT EXISTS "ENCOUNTER_MODIFIED_idx" ON "ENCOUNTER" ("MODIFIED");
CREATE INDEX IF NOT EXISTS "ENCOUNTER_INDIVIDUALID_idx" ON "ENCOUNTER" ("INDIVIDUALID");
CREATE INDEX IF NOT EXISTS "ENCOUNTER_DATEINMILLISECONDS_idx" ON "ENCOUNTER" ("DATEINMILLISECONDS");
CREATE INDEX IF NOT EXISTS "ENCOUNTER_DECIMALLATITUDE_idx" ON "ENCOUNTER" ("DECIMALLATITUDE");
Expand Down Expand Up @@ -45,3 +48,5 @@ CREATE INDEX IF NOT EXISTS "TASK_CREATED_IDX" ON "TASK" ("CREATED");

INSERT INTO "RELATIONSHIP" ("RELATIONSHIP_ID", "MARKEDINDIVIDUALNAME1", "MARKEDINDIVIDUALNAME2", "MARKEDINDIVIDUALROLE1", "MARKEDINDIVIDUALROLE2", "TYPE", "STARTTIME", "ENDTIME") VALUES (0, (SELECT "INDIVIDUALID" FROM "MARKEDINDIVIDUAL" ORDER BY random() LIMIT 1), (SELECT "INDIVIDUALID" FROM "MARKEDINDIVIDUAL" ORDER BY random() LIMIT 1), 'placeholder', 'placeholder', 'placeholder-to-prevent-empty-table', 0, 0);

END;

27 changes: 25 additions & 2 deletions src/main/java/org/ecocean/Base.java
Original file line number Diff line number Diff line change
Expand Up @@ -77,8 +77,10 @@
*/
public abstract void addComments(final String newComments);

public abstract List<String> userIdsWithViewAccess(Shepherd myShepherd);
public abstract List<String> userIdsWithEditAccess(Shepherd myShepherd);
// issue 785 makes this no longer necessary; the overrides are left on Occurrence and MarkedIndividual
// for now as reference -- but are not called. they will need to be addressed when these classes are searchable
// public abstract List<String> userIdsWithViewAccess(Shepherd myShepherd);
// public abstract List<String> userIdsWithEditAccess(Shepherd myShepherd);

public abstract String opensearchIndexName();

Expand All @@ -97,6 +99,8 @@ public JSONObject opensearchMapping() {
map.put("version", new org.json.JSONObject("{\"type\": \"long\"}"));
// id should be keyword for the sake of sorting
map.put("id", new org.json.JSONObject("{\"type\": \"keyword\"}"));
map.put("viewUsers", new org.json.JSONObject("{\"type\": \"keyword\"}"));
map.put("editUsers", new org.json.JSONObject("{\"type\": \"keyword\"}"));
return map;
}

Expand Down Expand Up @@ -153,11 +157,24 @@ public void opensearchUnindexDeep()
this.opensearchUnindex();
}

public void opensearchUpdate(final JSONObject updateData)
throws IOException {
if (updateData == null) return;
OpenSearch opensearch = new OpenSearch();

opensearch.indexUpdate(this.opensearchIndexName(), this.getId(), updateData);
}

// should be overridden
public void opensearchDocumentSerializer(JsonGenerator jgen, Shepherd myShepherd)
throws IOException, JsonProcessingException {
jgen.writeStringField("id", this.getId());
jgen.writeNumberField("version", this.getVersion());
jgen.writeNumberField("indexTimestamp", System.currentTimeMillis());

/*
these are no longer computed in the general opensearchIndex() call.
they are too expensive. see Encounter.opensearchIndexPermission()

jgen.writeFieldName("viewUsers");
jgen.writeStartArray();
Expand All @@ -172,6 +189,7 @@ public void opensearchDocumentSerializer(JsonGenerator jgen, Shepherd myShepherd
jgen.writeString(id);
}
jgen.writeEndArray();
*/
}

public void opensearchDocumentSerializer(JsonGenerator jgen)
Expand All @@ -196,6 +214,11 @@ public static JSONObject opensearchQuery(final String indexname, final JSONObjec
return res;
}

// this is so we can call it on Base obj, but really is only needed by [overridden by] Encounter (currently)
public boolean getOpensearchProcessPermissions() {
return false;
}

public static Map<String, Long> getAllVersions(Shepherd myShepherd, String sql) {
Query query = myShepherd.getPM().newQuery("javax.jdo.query.SQL", sql);
Map<String, Long> rtn = new HashMap<String, Long>();
Expand Down
Loading
Loading