diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/CapabilityMap.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/CapabilityMap.java
index 6642806d5e96f099da13b2cdaa5feadeecb58aec..e6a29a98fb9a1ecd139bb119dd0f8652b815e523 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/CapabilityMap.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/CapabilityMap.java
@@ -132,19 +132,18 @@ class CapabilityMap
private void addRoles(String capabilityName, String roleNames, String line, String filePath)
{
- final String[] roleNameArray = StringUtils.split(roleNames, ",");
- for (String roleName : roleNameArray)
+ Collection<RoleWithHierarchy> roles = capMap.get(capabilityName);
+ if (roles == null)
+ {
+ roles = new HashSet<RoleWithHierarchy>();
+ capMap.put(capabilityName, roles);
+ }
+ for (String roleName : StringUtils.split(roleNames, ","))
{
roleName = roleName.trim().toUpperCase();
try
{
final RoleWithHierarchy role = RoleWithHierarchy.valueOf(roleName);
- Collection<RoleWithHierarchy> roles = capMap.get(capabilityName);
- if (roles == null)
- {
- roles = new HashSet<RoleWithHierarchy>();
- capMap.put(capabilityName, roles);
- }
roles.add(role);
if (operationLog.isDebugEnabled())
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/DefaultAccessControllerTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/DefaultAccessControllerTest.java
index eab731110aac579f1f430be5dede438a494ab3cc..61f8814cf5bf85854c16a028f039be85da44937b 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/DefaultAccessControllerTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/DefaultAccessControllerTest.java
@@ -90,7 +90,9 @@ public final class DefaultAccessControllerTest
try
{
FileUtils.writeLines(capFile,
- Arrays.asList("# Test overriding annotation", "MY_CAP: SPACE_OBSERVER; ARG1 = SPACE_USER"));
+ Arrays.asList("# Test overriding annotation",
+ "MY_CAP: SPACE_OBSERVER; ARG1 = SPACE_USER",
+ "my_cap2: arg1 = space_user"));
} catch (IOException ex)
{
ex.printStackTrace();
@@ -336,6 +338,23 @@ public final class DefaultAccessControllerTest
context.assertIsSatisfied();
}
+ @Test
+ public void testIsAuthorizedWithGardedArgumentWithRolesOverridden2() throws Exception
+ {
+ final IAuthSession session = AuthorizationTestUtil.createSession();
+ session.tryGetPerson().setRoleAssignments(createRoleAssignments());
+ final Method method = MyInterface.class.getMethod("myMethodWithGardedArgumentWithRolesOverridden2",
+ String.class, String.class);
+ assertNotNull(method);
+ Argument<?>[] arguments = createArguments(method);
+
+ final Status authorized = accessController.isAuthorized(session, method, arguments);
+
+ assertEquals("OK", authorized.toString());
+ assertEquals("person: john_doe, roles: [SPACE_USER], value: arg0", project.getDescription());
+ context.assertIsSatisfied();
+ }
+
private Argument<?>[] createArguments(final Method method)
{
List<Argument<?>> arguments = new ArrayList<>();
@@ -393,6 +412,13 @@ public final class DefaultAccessControllerTest
@AuthorizationGuard(name = "ARG1", guardClass = MockPredicate.class,
rolesAllowed = { RoleWithHierarchy.SPACE_ETL_SERVER })
String argument1);
+
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ @Capability("MY_CAP2")
+ public void myMethodWithGardedArgumentWithRolesOverridden2(String sessionToken,
+ @AuthorizationGuard(name = "ARG1", guardClass = MockPredicate.class,
+ rolesAllowed = { RoleWithHierarchy.SPACE_ETL_SERVER })
+ String argument1);
}
/**