V3 data set file download - authorization test and bugfix

SVN: 35706

V3 data set file download - authorization test and bugfix
326291fd · pkupczyk · 11a9cf53 · 326291fd · 326291fd
Commit 326291fd authored 9 years ago by pkupczyk
--- a/datastore_server/source/java/ch/ethz/sis/openbis/generic/server/dssapi/v3/DataStoreServerApi.java
+++ b/datastore_server/source/java/ch/ethz/sis/openbis/generic/server/dssapi/v3/DataStoreServerApi.java
@@ -49,6 +49,7 @@ import ch.ethz.sis.openbis.generic.dssapi.v3.dto.datasetfile.id.DataSetFilePermI
 import ch.ethz.sis.openbis.generic.dssapi.v3.dto.datasetfile.id.IDataSetFileId;
 import ch.ethz.sis.openbis.generic.dssapi.v3.dto.datasetfile.search.DataSetFileSearchCriteria;
 import ch.ethz.sis.openbis.generic.server.dssapi.v3.download.DataSetFileDownloadInputStream;
+import ch.systemsx.cisd.common.exceptions.Status;
 import ch.systemsx.cisd.common.filesystem.IFreeSpaceProvider;
 import ch.systemsx.cisd.common.filesystem.SimpleFreeSpaceProvider;
 import ch.systemsx.cisd.common.logging.LogCategory;
@@ -63,6 +64,7 @@ import ch.systemsx.cisd.openbis.dss.generic.server.plugins.tasks.IPluginTaskInfo
 import ch.systemsx.cisd.openbis.dss.generic.shared.IEncapsulatedOpenBISService;
 import ch.systemsx.cisd.openbis.dss.generic.shared.IHierarchicalContentProvider;
 import ch.systemsx.cisd.openbis.dss.generic.shared.IShareIdManager;
+import ch.systemsx.cisd.openbis.dss.generic.shared.api.internal.authorization.DssSessionAuthorizationHolder;
 import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.RolesAllowed;
 import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
 import ch.systemsx.cisd.openbis.plugin.query.shared.api.v1.IQueryApiServer;
@@ -211,22 +213,26 @@ public class DataStoreServerApi extends AbstractDssServiceRpc<IDataStoreServerAp
                if (filePermId.getDataSetId() instanceof DataSetPermId)
                {
                    String dataSetCode = ((DataSetPermId) filePermId.getDataSetId()).getPermId();
-                    String filePath = filePermId.getFilePath();
+                    Status authorizationStatus = DssSessionAuthorizationHolder.getAuthorizer().checkDatasetAccess(sessionToken, dataSetCode);

-                    IHierarchicalContent content = contentProvider.asContent(dataSetCode);
-                    IHierarchicalContentNode node = content.getNode(filePath);
-
-                    if (node.isDirectory() && downloadOptions.isRecursive())
+                    if (authorizationStatus.isOK())
                    {
-                        for (IHierarchicalContentNode child : iterate(node))
+                        String filePath = filePermId.getFilePath();
+
+                        IHierarchicalContent content = contentProvider.asContent(dataSetCode);
+                        IHierarchicalContentNode node = content.getNode(filePath);
+
+                        if (node.isDirectory() && downloadOptions.isRecursive())
                        {
-                            contentNodes.put(child, dataSetCode);
+                            for (IHierarchicalContentNode child : iterate(node))
+                            {
+                                contentNodes.put(child, dataSetCode);
+                            }
+                        } else
+                        {
+                            contentNodes.put(node, dataSetCode);
                        }
-                    } else
-                    {
-                        contentNodes.put(node, dataSetCode);
                    }
-
                } else
                {
                    throw new IllegalArgumentException("Unsupported dataSetId: " + fileId);

--- a/datastore_server/sourceTest/java/ch/ethz/sis/openbis/generic/dss/systemtest/api/v3/DownloadFileTest.java
+++ b/datastore_server/sourceTest/java/ch/ethz/sis/openbis/generic/dss/systemtest/api/v3/DownloadFileTest.java
@@ -19,6 +19,19 @@ import ch.ethz.sis.openbis.generic.dssapi.v3.dto.datasetfile.id.IDataSetFileId;
 public class DownloadFileTest extends AbstractFileTest
 {

+    @Test
+    public void testDownloadUnauthorized()
+    {
+        String spaceSessionToken = gis.tryToAuthenticateForAllServices("test_space", "password");
+
+        InputStream stream = dss.downloadFiles(spaceSessionToken, Arrays.asList(new DataSetFilePermId(new DataSetPermId(dataSetCode))),
+                new DataSetFileDownloadOptions());
+
+        DataSetFileDownloadReader reader = new DataSetFileDownloadReader(stream);
+
+        assertNull(reader.read());
+    }
+
    @Test
    public void testDownloadAllFiles() throws Exception
    {
@@ -128,8 +141,7 @@ public class DownloadFileTest extends AbstractFileTest
        assertEquals(getContent(download2.getDataSetFile().getPath()).length(), download2.getDataSetFile().getFileLength());
    }

-    private Map<String, String> download(@SuppressWarnings("hiding")
-    List<IDataSetFileId> files, DataSetFileDownloadOptions options)
+    private Map<String, String> download(@SuppressWarnings("hiding") List<IDataSetFileId> files, DataSetFileDownloadOptions options)
    {
        try
        {