BIS-142 Moving authorization annotations from IQueryServer to QueryServer....

BIS-142 Moving authorization annotations from IQueryServer to QueryServer. Introducing QueryServerAuthorizationTest. Moving ServerInterfaceRegressionTest from shared to server package.

SVN: 26568

openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/server/QueryServer.java

@@ -39,9 +39,13 @@ import ch.systemsx.cisd.openbis.generic.server.dataaccess.IDAOFactory;
 import ch.systemsx.cisd.openbis.generic.server.dataaccess.IQueryDAO;
 import ch.systemsx.cisd.openbis.generic.server.plugin.IDataSetTypeSlaveServerPlugin;
 import ch.systemsx.cisd.openbis.generic.server.plugin.ISampleTypeSlaveServerPlugin;
+import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.ReturnValueFilter;
+import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
+import ch.systemsx.cisd.openbis.generic.shared.authorization.validator.ExpressionValidator;
 import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
 import ch.systemsx.cisd.openbis.generic.shared.basic.dto.BasicEntityType;
 import ch.systemsx.cisd.openbis.generic.shared.basic.dto.QueryType;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
 import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TableModel;
 import ch.systemsx.cisd.openbis.generic.shared.dto.QueryPE;
 import ch.systemsx.cisd.openbis.generic.shared.dto.Session;
@@ -97,6 +101,7 @@ public class QueryServer extends AbstractServer<IQueryServer> implements IQueryS
     }
 
     @Override
+    @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
     public int initDatabases(String sessionToken)
     {
         checkSession(sessionToken);
@@ -105,6 +110,7 @@ public class QueryServer extends AbstractServer<IQueryServer> implements IQueryS
     }
 
     @Override
+    @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
     public List<QueryDatabase> listQueryDatabases(String sessionToken)
     {
         checkSession(sessionToken);
@@ -119,6 +125,8 @@ public class QueryServer extends AbstractServer<IQueryServer> implements IQueryS
     }
 
     @Override
+    @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+    @ReturnValueFilter(validatorClass = ExpressionValidator.class)
     public List<QueryExpression> listQueries(String sessionToken, QueryType queryType,
             BasicEntityType entityTypeOrNull)
     {
@@ -154,6 +162,7 @@ public class QueryServer extends AbstractServer<IQueryServer> implements IQueryS
     }
 
     @Override
+    @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
     public void registerQuery(String sessionToken, NewQuery expression)
     {
         Session session = getSession(sessionToken);
@@ -180,14 +189,15 @@ public class QueryServer extends AbstractServer<IQueryServer> implements IQueryS
     }
 
     @Override
-    public void deleteQueries(String sessionToken, List<TechId> filterIds)
+    @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+    public void deleteQueries(String sessionToken, List<TechId> queryIds)
     {
         Session session = getSession(sessionToken);
 
         IQueryDAO queryDAO = getDAOFactory().getQueryDAO();
         try
         {
-            for (TechId techId : filterIds)
+            for (TechId techId : queryIds)
             {
                 QueryPE query = queryDAO.getByTechId(techId);
                 QueryAccessController.checkWriteAccess(session, query.getQueryDatabaseKey(),
@@ -201,6 +211,7 @@ public class QueryServer extends AbstractServer<IQueryServer> implements IQueryS
     }
 
     @Override
+    @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
     public void updateQuery(String sessionToken, IQueryUpdates updates)
     {
         Session session = getSession(sessionToken);
@@ -229,6 +240,7 @@ public class QueryServer extends AbstractServer<IQueryServer> implements IQueryS
     }
 
     @Override
+    @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
     public TableModel queryDatabase(String sessionToken, QueryDatabase database, String sqlQuery,
             QueryParameterBindings bindings, boolean onlyPerform)
     {
@@ -252,6 +264,7 @@ public class QueryServer extends AbstractServer<IQueryServer> implements IQueryS
     }
 
     @Override
+    @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
     public TableModel queryDatabase(String sessionToken, TechId queryId,
             QueryParameterBindings bindings)
     {

openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/IQueryServer.java

@@ -23,14 +23,10 @@ import org.springframework.transaction.annotation.Transactional;
 import ch.systemsx.cisd.openbis.generic.shared.DatabaseCreateOrDeleteModification;
 import ch.systemsx.cisd.openbis.generic.shared.DatabaseUpdateModification;
 import ch.systemsx.cisd.openbis.generic.shared.IServer;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.ReturnValueFilter;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.validator.ExpressionValidator;
 import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
 import ch.systemsx.cisd.openbis.generic.shared.basic.dto.BasicEntityType;
 import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseModificationKind.ObjectKind;
 import ch.systemsx.cisd.openbis.generic.shared.basic.dto.QueryType;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
 import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TableModel;
 import ch.systemsx.cisd.openbis.plugin.query.shared.authorization.QueryAccessController;
 import ch.systemsx.cisd.openbis.plugin.query.shared.basic.dto.IQueryUpdates;
@@ -47,41 +43,32 @@ public interface IQueryServer extends IServer
 {
 
     @Transactional(readOnly = true)
-    @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
     public int initDatabases(String sessionToken);
 
     @Transactional(readOnly = true)
-    @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
     public List<QueryDatabase> listQueryDatabases(String sessionToken);
 
     @Transactional(readOnly = true)
-    @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
     public TableModel queryDatabase(String sessionToken, QueryDatabase database, String sqlQuery,
             QueryParameterBindings bindings, boolean onlyPerform);
 
     @Transactional(readOnly = true)
-    @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
     public TableModel queryDatabase(String sessionToken, TechId queryId,
             QueryParameterBindings bindings);
 
     @Transactional(readOnly = true)
-    @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
-    @ReturnValueFilter(validatorClass = ExpressionValidator.class)
     public List<QueryExpression> listQueries(String sessionToken, QueryType queryType,
             BasicEntityType entityTypeOrNull);
 
     @Transactional
-    @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
     @DatabaseCreateOrDeleteModification(value = ObjectKind.QUERY)
     public void registerQuery(String sessionToken, NewQuery expression);
 
     @Transactional
-    @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
     @DatabaseCreateOrDeleteModification(value = ObjectKind.QUERY)
     public void deleteQueries(String sessionToken, List<TechId> queryIds);
 
     @Transactional
-    @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
     @DatabaseUpdateModification(value = ObjectKind.QUERY)
     public void updateQuery(String sessionToken, IQueryUpdates updates);
 }

openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/RegressionTestCase.java

@@ -51,6 +51,14 @@ public class RegressionTestCase extends AssertJUnit
         mandatoryAnnotations.add(RolesAllowed.class);
         mandatoryAnnotations.add(Transactional.class);
 
+        assertMandatoryMethodAnnotations(mandatoryAnnotations, interfaceClass, implementingClass,
+                exceptions);
+    }
+
+    protected void assertMandatoryMethodAnnotations(
+            List<Class<? extends Annotation>> mandatoryAnnotations, Class<?> interfaceClass,
+            Class<?> implementingClass, String exceptions)
+    {
         final String noMissingAnnotationsMsg =
                 "Annotation checking for interface " + interfaceClass.getName()
                         + " and implementing class " + implementingClass.getName()

openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/query/shared/ServerInterfaceRegressionTest.java → openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/query/server/ServerInterfaceRegressionTest.java

@@ -14,11 +14,12 @@
  * limitations under the License.
  */
 
-package ch.systemsx.cisd.openbis.plugin.query.shared;
+package ch.systemsx.cisd.openbis.plugin.query.server;
 
 import org.testng.annotations.Test;
 
 import ch.systemsx.cisd.openbis.generic.shared.RegressionTestCase;
+import ch.systemsx.cisd.openbis.plugin.query.shared.IQueryServer;
 
 /**
  * @author Piotr Buczek
@@ -28,6 +29,6 @@ public class ServerInterfaceRegressionTest extends RegressionTestCase
     @Test
     public void testIQueryServer()
     {
-        assertMandatoryMethodAnnotations(IQueryServer.class);
+        assertMandatoryMethodAnnotations(IQueryServer.class, QueryServer.class);
     }
 }

openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/authorization/QueryServerAuthorizationTest.java

+/*
+ * Copyright 2012 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.systemtest.authorization;
+
+import static org.testng.AssertJUnit.assertEquals;
+
+import org.testng.annotations.Test;
+
+import ch.systemsx.cisd.common.exceptions.AuthorizationFailureException;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.QueryType;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
+import ch.systemsx.cisd.openbis.plugin.query.shared.basic.dto.NewQuery;
+import ch.systemsx.cisd.openbis.plugin.query.shared.basic.dto.QueryDatabase;
+import ch.systemsx.cisd.openbis.systemtest.base.BaseTest;
+
+/**
+ * @author Franz-Josef Elmer
+ */
+public class QueryServerAuthorizationTest extends BaseTest
+{
+    @Test(expectedExceptions = AuthorizationFailureException.class)
+    public void testRegisterQueryByUnauthorizedUser()
+    {
+        Space space = create(aSpace());
+        String sessionToken =
+                create(aSession().withSpaceRole(RoleWithHierarchy.SPACE_OBSERVER, space));
+        int databases = queryServer.initDatabases(sessionToken);
+        assertEquals(1, databases);
+        QueryDatabase database = queryServer.listQueryDatabases(sessionToken).get(0);
+        NewQuery query = new NewQuery();
+        query.setExpression("select * from sample_types order by code");
+        query.setName("List sample types");
+        query.setQueryType(QueryType.GENERIC);
+        query.setQueryDatabase(database);
+
+        queryServer.registerQuery(sessionToken, query);
+    }
+}