From 020292a6aba0f2fde2d66a1f28544fbed933d6d6 Mon Sep 17 00:00:00 2001
From: felmer <felmer>
Date: Tue, 22 Sep 2015 12:41:17 +0000
Subject: [PATCH] SSDM-2459: Tiny improvement of DefaultAccessController.
SVN: 34688
---
.../server/authorization/CapabilityMap.java | 15 +++++-----
.../DefaultAccessControllerTest.java | 28 ++++++++++++++++++-
2 files changed, 34 insertions(+), 9 deletions(-)
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/CapabilityMap.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/CapabilityMap.java
index 6642806d5e9..e6a29a98fb9 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/CapabilityMap.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/CapabilityMap.java
@@ -132,19 +132,18 @@ class CapabilityMap
private void addRoles(String capabilityName, String roleNames, String line, String filePath)
{
- final String[] roleNameArray = StringUtils.split(roleNames, ",");
- for (String roleName : roleNameArray)
+ Collection<RoleWithHierarchy> roles = capMap.get(capabilityName);
+ if (roles == null)
+ {
+ roles = new HashSet<RoleWithHierarchy>();
+ capMap.put(capabilityName, roles);
+ }
+ for (String roleName : StringUtils.split(roleNames, ","))
{
roleName = roleName.trim().toUpperCase();
try
{
final RoleWithHierarchy role = RoleWithHierarchy.valueOf(roleName);
- Collection<RoleWithHierarchy> roles = capMap.get(capabilityName);
- if (roles == null)
- {
- roles = new HashSet<RoleWithHierarchy>();
- capMap.put(capabilityName, roles);
- }
roles.add(role);
if (operationLog.isDebugEnabled())
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/DefaultAccessControllerTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/DefaultAccessControllerTest.java
index eab731110aa..61f8814cf5b 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/DefaultAccessControllerTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/DefaultAccessControllerTest.java
@@ -90,7 +90,9 @@ public final class DefaultAccessControllerTest
try
{
FileUtils.writeLines(capFile,
- Arrays.asList("# Test overriding annotation", "MY_CAP: SPACE_OBSERVER; ARG1 = SPACE_USER"));
+ Arrays.asList("# Test overriding annotation",
+ "MY_CAP: SPACE_OBSERVER; ARG1 = SPACE_USER",
+ "my_cap2: arg1 = space_user"));
} catch (IOException ex)
{
ex.printStackTrace();
@@ -336,6 +338,23 @@ public final class DefaultAccessControllerTest
context.assertIsSatisfied();
}
+ @Test
+ public void testIsAuthorizedWithGardedArgumentWithRolesOverridden2() throws Exception
+ {
+ final IAuthSession session = AuthorizationTestUtil.createSession();
+ session.tryGetPerson().setRoleAssignments(createRoleAssignments());
+ final Method method = MyInterface.class.getMethod("myMethodWithGardedArgumentWithRolesOverridden2",
+ String.class, String.class);
+ assertNotNull(method);
+ Argument<?>[] arguments = createArguments(method);
+
+ final Status authorized = accessController.isAuthorized(session, method, arguments);
+
+ assertEquals("OK", authorized.toString());
+ assertEquals("person: john_doe, roles: [SPACE_USER], value: arg0", project.getDescription());
+ context.assertIsSatisfied();
+ }
+
private Argument<?>[] createArguments(final Method method)
{
List<Argument<?>> arguments = new ArrayList<>();
@@ -393,6 +412,13 @@ public final class DefaultAccessControllerTest
@AuthorizationGuard(name = "ARG1", guardClass = MockPredicate.class,
rolesAllowed = { RoleWithHierarchy.SPACE_ETL_SERVER })
String argument1);
+
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ @Capability("MY_CAP2")
+ public void myMethodWithGardedArgumentWithRolesOverridden2(String sessionToken,
+ @AuthorizationGuard(name = "ARG1", guardClass = MockPredicate.class,
+ rolesAllowed = { RoleWithHierarchy.SPACE_ETL_SERVER })
+ String argument1);
}
/**
--
GitLab