From 317c95ea0029f3cca99894ed923130e190b84556 Mon Sep 17 00:00:00 2001
From: pkupczyk <pkupczyk>
Date: Wed, 20 Dec 2017 14:13:17 +0000
Subject: [PATCH] SSDM-6019 : Project Authorization - modify @RolesAllowed
annotations at non-entity related methods
SVN: 39067
---
.../ExperimentAuthorizationRecord.java | 33 ---------------
.../ExperimentAuthorizationValidator.java | 41 +++++--------------
.../experiment/ExperimentQuery.java | 6 ---
.../GlobalSearchObjectTranslator.java | 7 +++-
.../shared/dto/ExperimentAccessPE.java | 13 ++++++
.../systemtest/asapi/v3/GlobalSearchTest.java | 40 +++++++++++++++++-
6 files changed, 68 insertions(+), 72 deletions(-)
delete mode 100644 openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/translator/experiment/ExperimentAuthorizationRecord.java
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/translator/experiment/ExperimentAuthorizationRecord.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/translator/experiment/ExperimentAuthorizationRecord.java
deleted file mode 100644
index d346436c3c5..00000000000
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/translator/experiment/ExperimentAuthorizationRecord.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright 2015 ETH Zuerich, CISD
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package ch.ethz.sis.openbis.generic.server.asapi.v3.translator.experiment;
-
-/**
- * @author pkupczyk
- */
-public class ExperimentAuthorizationRecord
-{
-
- public Long id;
-
- public String code;
-
- public String projectCode;
-
- public String spaceCode;
-
-}
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/translator/experiment/ExperimentAuthorizationValidator.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/translator/experiment/ExperimentAuthorizationValidator.java
index 3d2e713201e..a6495119edc 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/translator/experiment/ExperimentAuthorizationValidator.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/translator/experiment/ExperimentAuthorizationValidator.java
@@ -16,58 +16,39 @@
package ch.ethz.sis.openbis.generic.server.asapi.v3.translator.experiment;
+import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
-import java.util.List;
import java.util.Set;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
-import ch.ethz.sis.openbis.generic.asapi.v3.dto.experiment.id.ExperimentIdentifier;
+import ch.ethz.sis.openbis.generic.server.asapi.v3.translator.common.AbstractAuthorizationValidator;
import ch.systemsx.cisd.openbis.generic.server.authorization.AuthorizationDataProvider;
-import ch.systemsx.cisd.openbis.generic.server.authorization.validator.ExperimentByIdentiferValidator;
-import ch.systemsx.cisd.openbis.generic.server.dataaccess.IDAOFactory;
-import ch.systemsx.cisd.openbis.generic.shared.basic.IIdentifierHolder;
+import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
+import ch.systemsx.cisd.openbis.generic.shared.dto.ExperimentAccessPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
-import it.unimi.dsi.fastutil.longs.LongOpenHashSet;
-import net.lemnik.eodsql.QueryTool;
-
/**
* @author pkupczyk
*/
@Component
-public class ExperimentAuthorizationValidator implements IExperimentAuthorizationValidator
+public class ExperimentAuthorizationValidator extends AbstractAuthorizationValidator implements IExperimentAuthorizationValidator
{
- @Autowired
- private IDAOFactory daoFactory;
-
@Override
public Set<Long> validate(PersonPE person, Collection<Long> experimentIds)
{
- ExperimentQuery query = QueryTool.getManagedQuery(ExperimentQuery.class);
- List<ExperimentAuthorizationRecord> records = query.getAuthorizations(new LongOpenHashSet(experimentIds));
+ AuthorizationDataProvider provider = new AuthorizationDataProvider(daoFactory);
+ Set<ExperimentAccessPE> accessDatas =
+ provider.getExperimentCollectionAccessData(TechId.createList(new ArrayList<Long>(experimentIds)), false);
Set<Long> result = new HashSet<Long>();
- ExperimentByIdentiferValidator validator = new ExperimentByIdentiferValidator();
- validator.init(new AuthorizationDataProvider(daoFactory));
-
- for (ExperimentAuthorizationRecord record : records)
+ for (ExperimentAccessPE accessData : accessDatas)
{
- final ExperimentAuthorizationRecord theRecord = record;
-
- if (validator.doValidation(person, new IIdentifierHolder()
- {
- @Override
- public String getIdentifier()
- {
- return new ExperimentIdentifier(theRecord.spaceCode, theRecord.projectCode, theRecord.code).getIdentifier();
- }
- }))
+ if (isValid(person, accessData.getSpaceIdentifier(), accessData.getProjectIdentifier()))
{
- result.add(record.id);
+ result.add(accessData.getExperimentId());
}
}
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/translator/experiment/ExperimentQuery.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/translator/experiment/ExperimentQuery.java
index a9426803923..63dfbcca785 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/translator/experiment/ExperimentQuery.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/translator/experiment/ExperimentQuery.java
@@ -36,12 +36,6 @@ import ch.systemsx.cisd.common.db.mapper.LongSetMapper;
public interface ExperimentQuery extends ObjectQuery
{
- @Select(sql = "select e.id, e.code, p.code as projectCode, sp.code as spaceCode "
- + "from experiments e join projects p on e.proj_id = p.id "
- + "join spaces sp on p.space_id = sp.id "
- + "where e.id = any(?{1})", parameterBindings = { LongSetMapper.class }, fetchSize = FETCH_SIZE)
- public List<ExperimentAuthorizationRecord> getAuthorizations(LongSet experimentIds);
-
@Select(sql = "select e.id, e.code, e.perm_id as permId, p.code as projectCode, sp.code as spaceCode, e.registration_timestamp as registrationDate, e.modification_timestamp as modificationDate "
+ "from experiments e join projects p on e.proj_id = p.id "
+ "join spaces sp on p.space_id = sp.id "
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/translator/globalsearch/GlobalSearchObjectTranslator.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/translator/globalsearch/GlobalSearchObjectTranslator.java
index ad21987b504..9dec56cb085 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/translator/globalsearch/GlobalSearchObjectTranslator.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/translator/globalsearch/GlobalSearchObjectTranslator.java
@@ -19,9 +19,11 @@ package ch.ethz.sis.openbis.generic.server.asapi.v3.translator.globalsearch;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -77,11 +79,12 @@ public class GlobalSearchObjectTranslator extends AbstractCachingTranslator<Matc
private IMaterialTranslator materialTranslator;
@Override
- protected boolean shouldTranslate(TranslationContext context, MatchingEntity input, GlobalSearchObjectFetchOptions fetchOptions)
+ protected Set<MatchingEntity> shouldTranslate(TranslationContext context, Collection<MatchingEntity> inputs,
+ GlobalSearchObjectFetchOptions fetchOptions)
{
MatchingEntityValidator validator = new MatchingEntityValidator();
validator.init(new AuthorizationDataProvider(daoFactory));
- return validator.isValid(context.getSession().tryGetPerson(), input);
+ return new HashSet<MatchingEntity>(validator.getValid(context.getSession().tryGetPerson(), inputs));
}
@Override
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/ExperimentAccessPE.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/ExperimentAccessPE.java
index c9091de2cd2..93364d38540 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/ExperimentAccessPE.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/ExperimentAccessPE.java
@@ -28,6 +28,7 @@ import org.apache.commons.lang.builder.EqualsBuilder;
import org.apache.commons.lang.builder.HashCodeBuilder;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.ProjectIdentifier;
+import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.SpaceIdentifier;
/**
* @author Pawel Glyzewski
@@ -93,6 +94,18 @@ public class ExperimentAccessPE
return spaceCode;
}
+ @Transient
+ public SpaceIdentifier getSpaceIdentifier()
+ {
+ if (getSpaceCode() != null)
+ {
+ return new SpaceIdentifier(getSpaceCode());
+ } else
+ {
+ return null;
+ }
+ }
+
public void setProjectCode(String projectCode)
{
this.projectCode = projectCode;
diff --git a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/GlobalSearchTest.java b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/GlobalSearchTest.java
index f7978a8c1d0..fdec8c5cdb7 100644
--- a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/GlobalSearchTest.java
+++ b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/GlobalSearchTest.java
@@ -40,6 +40,7 @@ import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.id.SampleIdentifier;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.id.SamplePermId;
import ch.systemsx.cisd.common.action.IDelegatedAction;
import ch.systemsx.cisd.common.test.AssertionUtil;
+import ch.systemsx.cisd.openbis.systemtest.authorization.ProjectAuthorizationUser;
/**
* @author pkupczyk
@@ -561,7 +562,7 @@ public class GlobalSearchTest extends AbstractTest
@Test
public void testSearchDataSetWithKindLink()
{
- // given
+ // given
GlobalSearchObjectFetchOptions fo = new GlobalSearchObjectFetchOptions();
fo.withDataSet();
@@ -675,6 +676,43 @@ public class GlobalSearchTest extends AbstractTest
assertMaterialNotFetched(object);
}
+ @Test(dataProviderClass = ProjectAuthorizationUser.class, dataProvider = ProjectAuthorizationUser.PROVIDER_WITH_ETL)
+ public void testSearchWithProjectAuthorization(ProjectAuthorizationUser user)
+ {
+ GlobalSearchCriteria criteria = new GlobalSearchCriteria();
+ criteria.withText().thatContainsExactly("/CISD/DEFAULT/EXP-REUSE");
+ criteria.withText().thatContainsExactly("/TEST-SPACE/TEST-PROJECT/EXP-SPACE-TEST");
+
+ GlobalSearchObjectFetchOptions fetchOptions = new GlobalSearchObjectFetchOptions();
+
+ if (user.isDisabledProjectUser())
+ {
+ assertAuthorizationFailureException(new IDelegatedAction()
+ {
+ @Override
+ public void execute()
+ {
+ search(user.getUserId(), criteria, fetchOptions);
+ }
+ });
+ } else
+ {
+ SearchResult<GlobalSearchObject> result = search(user.getUserId(), criteria, fetchOptions);
+
+ if (user.isInstanceUser())
+ {
+ assertEquals(result.getObjects().size(), 2);
+ } else if (user.isTestSpaceUser() || user.isTestProjectUser())
+ {
+ assertEquals(result.getObjects().size(), 1);
+ assertEquals(result.getObjects().get(0).getObjectIdentifier().toString(), "/TEST-SPACE/TEST-PROJECT/EXP-SPACE-TEST");
+ } else
+ {
+ assertEquals(result.getObjects().size(), 0);
+ }
+ }
+ }
+
private SearchResult<GlobalSearchObject> search(String user, GlobalSearchCriteria criteria, GlobalSearchObjectFetchOptions fetchOptions)
{
String sessionToken = v3api.login(user, PASSWORD);
--
GitLab