From 2ad8c5f2bb89e717812c4501bcb7127aec69820d Mon Sep 17 00:00:00 2001
From: felmer <franz-josef.elmer@id.ethz.ch>
Date: Thu, 29 Dec 2022 09:29:32 +0100
Subject: [PATCH] SSDM-13135: Authorization checked. Only INSTANCE_ADMIN or
 SPACE_ADMIN roles can use the Dropbox Monitor

---
 .../dropbox-monitor-api/plugin.properties         |  5 +++++
 .../dropbox-monitor-api/script.py                 | 15 +++++++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 openbis_standard_technologies/dist/core-plugins/eln-lims/1/dss/reporting-plugins/dropbox-monitor-api/plugin.properties
 create mode 100644 openbis_standard_technologies/dist/core-plugins/eln-lims/1/dss/reporting-plugins/dropbox-monitor-api/script.py

diff --git a/openbis_standard_technologies/dist/core-plugins/eln-lims/1/dss/reporting-plugins/dropbox-monitor-api/plugin.properties b/openbis_standard_technologies/dist/core-plugins/eln-lims/1/dss/reporting-plugins/dropbox-monitor-api/plugin.properties
new file mode 100644
index 00000000000..e79908a8647
--- /dev/null
+++ b/openbis_standard_technologies/dist/core-plugins/eln-lims/1/dss/reporting-plugins/dropbox-monitor-api/plugin.properties
@@ -0,0 +1,5 @@
+label = Dropbox MonitorAPI
+class = ch.systemsx.cisd.openbis.dss.generic.server.plugins.jython.JythonIngestionService
+script-path = script.py
+h5-folders = ${dataset-uploader.h5-folders:false}
+h5ar-folders = ${dataset-uploader.h5ar-folders:true}
diff --git a/openbis_standard_technologies/dist/core-plugins/eln-lims/1/dss/reporting-plugins/dropbox-monitor-api/script.py b/openbis_standard_technologies/dist/core-plugins/eln-lims/1/dss/reporting-plugins/dropbox-monitor-api/script.py
new file mode 100644
index 00000000000..d3d81be3eec
--- /dev/null
+++ b/openbis_standard_technologies/dist/core-plugins/eln-lims/1/dss/reporting-plugins/dropbox-monitor-api/script.py
@@ -0,0 +1,15 @@
+from ch.systemsx.cisd.common.exceptions import UserFailureException
+
+def process(tr, parameters, tableBuilder):
+    assertAuthorization(tr)
+
+def assertAuthorization(tr):
+    authService = tr.getAuthorizationService()
+    roleAssignements = authService.listRoleAssignments()
+    for ra in roleAssignements:
+        user = ra.getUser().getUserId()
+        role = ra.getRoleSetCode()
+        if user == userId and str(role).endswith("ADMIN"):
+            return
+    raise UserFailureException("User isn't authorized for using the Dropbox Monitor.")
+
-- 
GitLab