Permission expiry timezones (#456)

* Adds timezone configuration to permissions expiry and cleans expiry logic * Change timezone override property name; fix timezone in expiry solr query
keeps · Dec 18, 2024 · 6e1d2b2 · 6e1d2b2
1 parent 8edf325
commit 6e1d2b2
Show file tree

Hide file tree

Showing 5 changed files with 68 additions and 23 deletions.
diff --git a/src/main/java/com/databasepreservation/common/api/v1/DatabaseResource.java b/src/main/java/com/databasepreservation/common/api/v1/DatabaseResource.java
@@ -8,9 +8,10 @@
 package com.databasepreservation.common.api.v1;
 
 import java.io.IOException;
+import java.time.DateTimeException;
 import java.time.LocalDateTime;
-import java.time.LocalTime;
 import java.time.ZoneId;
+import java.time.ZoneOffset;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.HashMap;
@@ -321,13 +322,21 @@ public static List<Filter> getDatabaseFindContentTypeFilterQueries() {
   public static List<Filter> getDatabaseFindUserPermissionsFilterQueries(User user) {
     Filter filter = new Filter();
 
-    // Convert today's date to midnight, start of the day
-    LocalDateTime now = LocalDateTime.ofInstant(new Date().toInstant(), ZoneId.systemDefault());
-    LocalDateTime today = now.with(LocalTime.MIN);
-    Date todayDate = Date.from(today.atZone(ZoneId.systemDefault()).toInstant());
+    String zoneIdString = ViewerConfiguration.getInstance().getViewerConfigurationAsString("UTC",
+      ViewerConstants.PROPERTY_EXPIRY_ZONE_ID_OVERRIDE);
+    ZoneId zoneId;
+    try {
+      zoneId = ZoneId.of(zoneIdString);
+    } catch (DateTimeException e) {
+      zoneId = ZoneOffset.UTC;
+    }
+    // LocalDateTime gets the current time in the configured timezone...
+    LocalDateTime nowDateTime = LocalDateTime.ofInstant(new Date().toInstant(), zoneId);
+    // ... and then we convert to Date using UTC so that it is sent to the query with the timezone's offset
+    Date now = Date.from(nowDateTime.atZone(ZoneOffset.UTC).toInstant());
 
-    BlockJoinAnyParentExpiryFilterParameter param = new BlockJoinAnyParentExpiryFilterParameter(user.getAllRoles(),
-      todayDate, null);
+    BlockJoinAnyParentExpiryFilterParameter param = new BlockJoinAnyParentExpiryFilterParameter(user.getAllRoles(), now,
+      null);
     filter.add(param);
     return new ArrayList<>(List.of(filter));
   }

diff --git a/src/main/java/com/databasepreservation/common/client/ViewerConstants.java b/src/main/java/com/databasepreservation/common/client/ViewerConstants.java
@@ -590,6 +590,11 @@ public class ViewerConstants {
   public static final String SEARCH_ALL_SELECTED_NONE = "none";
   public static final String PROPERTY_SEARCH_ALL_DEFAULT_SELECTION = "ui.searchAll.defaultSelection";
 
+  /**
+   * Permissions
+   */
+  public static final String PROPERTY_EXPIRY_ZONE_ID_OVERRIDE = "permissions.expiry.zoneId.override";
+
   /**
    * Header
    */

diff --git a/...client/common/visualization/manager/SIARDPanel/navigation/PermissionsNavigationPanel.java b/...client/common/visualization/manager/SIARDPanel/navigation/PermissionsNavigationPanel.java
@@ -76,7 +76,8 @@ public class PermissionsNavigationPanel {
 
   private AuthorizationGroup currentGroup;
   private DateTimeFormat htmlInputPresentedDateFormat = DateTimeFormat.getFormat("MM/dd/yyyy");
-  private DateTimeFormat htmlInputDateFormat = DateTimeFormat.getFormat("yyyy-MM-dd");
+  private DateTimeFormat htmlMinDateFormat = DateTimeFormat.getFormat("yyyy-MM-dd");
+  private DateTimeFormat htmlInputDateFormat = DateTimeFormat.getFormat("yyyy-MM-ddTHH:mm:ssZ");
   private Date lastDate;
 
   private boolean overrideMissingGroups = false;
@@ -316,7 +317,7 @@ public void render(Cell.Context context, AuthorizationGroup object, SafeHtmlBuil
   }
 
   private void showDatePicker() {
-    String today = htmlInputDateFormat.format(new Date());
+    String today = htmlMinDateFormat.format(new Date());
     String currentDateValueAttribute = "";
     if (groupDetails.getOrDefault(currentGroup.getAttributeValue(), new AuthorizationDetails()).hasExpiryDate()) {
       currentDateValueAttribute = "value=\""
@@ -329,7 +330,7 @@ protected void onDetach() {
         super.onDetach();
         String datePickerValue = JavascriptUtils.getInputValue("expiryDatePicker");
         if (datePickerValue != null && !datePickerValue.isEmpty()) {
-          lastDate = htmlInputDateFormat.parse(datePickerValue);
+          lastDate = htmlInputDateFormat.parse(datePickerValue + "T23:59:59-0000");
         } else {
           lastDate = null;
         }

diff --git a/src/main/java/com/databasepreservation/common/utils/UserUtility.java b/src/main/java/com/databasepreservation/common/utils/UserUtility.java
@@ -11,8 +11,10 @@
 import java.lang.reflect.Method;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
-import java.time.Instant;
-import java.time.temporal.ChronoUnit;
+import java.time.DateTimeException;
+import java.time.LocalDateTime;
+import java.time.ZoneId;
+import java.time.ZoneOffset;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Date;
@@ -164,14 +166,24 @@ private static void checkAuthorizationGroups(final User user, Map<String, Author
     for (AuthorizationGroup authorizationGroup : authorizationGroupsToCheck.getAuthorizationGroupsList()) {
       if (authorizationGroup.getAttributeOperator()
         .equals(ViewerConfiguration.PROPERTY_COLLECTIONS_AUTHORIZATION_GROUP_OPERATOR_EQUAL)) {
-        Instant expiry = null;
+        LocalDateTime expiry = null;
+        LocalDateTime now = null;
         if (databasePermissions.get(authorizationGroup.getAttributeValue()).hasExpiryDate()) {
-          expiry = databasePermissions.get(authorizationGroup.getAttributeValue()).getExpiry().toInstant();
-          // The expiry ends at the end of the stored day
-          expiry = expiry.plus(24, ChronoUnit.HOURS);
+          expiry = LocalDateTime.ofInstant(
+            databasePermissions.get(authorizationGroup.getAttributeValue()).getExpiry().toInstant(), ZoneOffset.UTC);
+          String zoneIdString = ViewerConfiguration.getInstance().getViewerConfigurationAsString("UTC",
+            ViewerConstants.PROPERTY_EXPIRY_ZONE_ID_OVERRIDE);
+          ZoneId zoneId = null;
+          try {
+            zoneId = ZoneId.of(zoneIdString);
+          } catch (DateTimeException e) {
+            zoneId = ZoneOffset.UTC;
+          }
+          now = LocalDateTime.ofInstant(new Date().toInstant(), zoneId);
         }
+
         if (user.getAllRoles().contains(authorizationGroup.getAttributeValue())
-          && (expiry == null || expiry.isAfter(new Date().toInstant()))) {
+          && (expiry == null || expiry.isAfter(now))) {
           // User has permissions to access this database
           return;
         }
@@ -181,13 +193,22 @@ private static void checkAuthorizationGroups(final User user, Map<String, Author
     // If there is a permission on database that doesn't match witch any group, do a
     // simple verification with user roles
     for (String permission : permissionWithoutGroup) {
-      Instant expiry = null;
+      LocalDateTime expiry = null;
+      LocalDateTime now = null;
       if (databasePermissions.get(permission).hasExpiryDate()) {
-        expiry = databasePermissions.get(permission).getExpiry().toInstant();
-        // The expiry ends at the end of the stored day
-        expiry = expiry.plus(24, ChronoUnit.HOURS);
+        expiry = LocalDateTime.ofInstant(databasePermissions.get(permission).getExpiry().toInstant(), ZoneOffset.UTC);
+        String zoneIdString = ViewerConfiguration.getInstance().getViewerConfigurationAsString("UTC",
+          ViewerConstants.PROPERTY_EXPIRY_ZONE_ID_OVERRIDE);
+        ZoneId zoneId = null;
+        try {
+          zoneId = ZoneId.of(zoneIdString);
+        } catch (DateTimeException e) {
+          zoneId = ZoneOffset.UTC;
+        }
+        now = LocalDateTime.ofInstant(new Date().toInstant(), zoneId);
       }
-      if (user.getAllRoles().contains(permission) && (expiry == null || expiry.isAfter(new Date().toInstant()))) {
+
+      if (user.getAllRoles().contains(permission) && (expiry == null || expiry.isAfter(now))) {
         return;
       }
     }

diff --git a/src/main/resources/config/dbvtk-viewer.properties b/src/main/resources/config/dbvtk-viewer.properties
@@ -215,4 +215,13 @@ ui.iiif_viewer.presentation.service_name=presentation
 #    Default: "all"
 #    Possible values: "all" (search on all available databases), "none" (search on no databases)
 ##############################################
-ui.searchAll.defaultSelection=all
+ui.searchAll.defaultSelection=all
+
+##############################################
+# Permission expiry settings
+# permissions.expiry.zoneId.override
+#    The timezone that the server uses to calculate the current date and time when querying for permission expiry dates.
+#    Default: "UTC"
+#    Possible values: Any valid Java ZoneId string
+##############################################
+permissions.expiry.zoneId.override=UTC