From 3db57c6935c36df55f01734483cb5ba65bc41d64 Mon Sep 17 00:00:00 2001
From: pkupczyk <piotr.kupczyk@id.ethz.ch>
Date: Tue, 13 Jun 2023 14:40:19 +0200
Subject: [PATCH] SSDM-13718 : Fix user rights for creation and update :
dataset creation
---
.../systemtest/asapi/v3/AbstractTest.java | 5 +-
.../asapi/v3/CreateDataSetTest.java | 157 ++++++++++++++++++
2 files changed, 161 insertions(+), 1 deletion(-)
diff --git a/server-application-server/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/AbstractTest.java b/server-application-server/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/AbstractTest.java
index de4705babc4..68497c088b8 100644
--- a/server-application-server/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/AbstractTest.java
+++ b/server-application-server/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/AbstractTest.java
@@ -1847,7 +1847,7 @@ public class AbstractTest extends SystemTestCase
final PersonCreation personCreation = new PersonCreation();
personCreation.setUserId("test_user_with_role_" + role + "_pa_on");
- v3api.createPersons(adminSessionToken, List.of(personCreation));
+ final PersonPermId personId = v3api.createPersons(adminSessionToken, List.of(personCreation)).get(0);
final SpaceCreation space1Creation = new SpaceCreation();
space1Creation.setCode("TEST_SPACE_1_" + UUID.randomUUID());
@@ -1906,6 +1906,7 @@ public class AbstractTest extends SystemTestCase
final TestWithUserRoleParams params = new TestWithUserRoleParams();
params.adminSessionToken = adminSessionToken;
params.userSessionToken = userSessionToken;
+ params.userId = personId.getPermId();
params.space1Id = space1Id;
params.space2Id = space2Id;
params.space1Project1Id = space1Project1Id;
@@ -1920,6 +1921,8 @@ public class AbstractTest extends SystemTestCase
public String userSessionToken;
+ public String userId;
+
public ISpaceId space1Id;
public ISpaceId space2Id;
diff --git a/server-application-server/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/CreateDataSetTest.java b/server-application-server/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/CreateDataSetTest.java
index fb968fdfce9..cf22ff7d490 100644
--- a/server-application-server/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/CreateDataSetTest.java
+++ b/server-application-server/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/CreateDataSetTest.java
@@ -75,6 +75,7 @@ import ch.systemsx.cisd.common.action.IDelegatedAction;
import ch.systemsx.cisd.common.test.AssertionUtil;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.EntityKind;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewETPTAssignment;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.systemtest.authorization.ProjectAuthorizationUser;
/**
@@ -2269,6 +2270,162 @@ public class CreateDataSetTest extends AbstractDataSetTest
assertEquals(dataSet.getMetaData(), Map.of("key", "value"));
}
+ @Test(dataProvider = USER_ROLES_PROVIDER)
+ public void testCreateWithDifferentRolesExperimentDataSet(RoleWithHierarchy role)
+ {
+ testWithUserRole(role, params ->
+ {
+ final ExperimentCreation experimentCreation = new ExperimentCreation();
+ experimentCreation.setTypeId(new EntityTypePermId("SIRNA_HCS"));
+ experimentCreation.setCode("TEST_EXPERIMENT_" + UUID.randomUUID());
+ experimentCreation.setProjectId(params.space1Project1Id);
+ experimentCreation.setProperty("DESCRIPTION", "test description");
+ final ExperimentPermId experimentId = v3api.createExperiments(params.adminSessionToken, List.of(experimentCreation)).get(0);
+
+ final DataSetCreation dataSetCreation = physicalDataSetCreation();
+ dataSetCreation.setExperimentId(experimentId);
+ dataSetCreation.setSampleId(null);
+
+ // use instance admin to login on behalf of the user
+ final String onBehalfOfSessionToken = v3api.loginAs(TEST_USER, PASSWORD, params.userId);
+
+ if (List.of(RoleWithHierarchy.RoleCode.ADMIN, RoleWithHierarchy.RoleCode.POWER_USER, RoleWithHierarchy.RoleCode.USER)
+ .contains(role.getRoleCode()))
+ {
+ v3api.createDataSets(onBehalfOfSessionToken, Collections.singletonList(dataSetCreation));
+ } else
+ {
+ assertAnyAuthorizationException(() -> v3api.createDataSets(onBehalfOfSessionToken, Collections.singletonList(dataSetCreation)));
+ }
+ });
+ }
+
+ @Test(dataProvider = USER_ROLES_PROVIDER)
+ public void testCreateWithDifferentRolesInstanceSampleDataSet(RoleWithHierarchy role)
+ {
+ testWithUserRole(role, params ->
+ {
+ final SampleCreation sampleCreation = new SampleCreation();
+ sampleCreation.setCode("TEST_INSTANCE_SAMPLE_" + UUID.randomUUID());
+ sampleCreation.setTypeId(new EntityTypePermId("CELL_PLATE"));
+ final SamplePermId sampleId = v3api.createSamples(params.adminSessionToken, List.of(sampleCreation)).get(0);
+
+ final DataSetCreation dataSetCreation = physicalDataSetCreation();
+ dataSetCreation.setExperimentId(null);
+ dataSetCreation.setSampleId(sampleId);
+
+ // use instance admin to login on behalf of the user
+ final String onBehalfOfSessionToken = v3api.loginAs(TEST_USER, PASSWORD, params.userId);
+
+ if (RoleWithHierarchy.INSTANCE_ADMIN.equals(role))
+ {
+ // shared samples cannot have data sets
+ assertUserFailureException(() -> v3api.createDataSets(onBehalfOfSessionToken, Collections.singletonList(dataSetCreation)),
+ "shared sample");
+ } else
+ {
+ assertAnyAuthorizationException(() -> v3api.createDataSets(onBehalfOfSessionToken, Collections.singletonList(dataSetCreation)));
+ }
+ });
+ }
+
+ @Test(dataProvider = USER_ROLES_PROVIDER)
+ public void testCreateWithDifferentRolesSpaceSampleDataSet(RoleWithHierarchy role)
+ {
+ testWithUserRole(role, params ->
+ {
+ final SampleCreation sampleCreation = new SampleCreation();
+ sampleCreation.setCode("TEST_SPACE_SAMPLE_" + UUID.randomUUID());
+ sampleCreation.setTypeId(new EntityTypePermId("CELL_PLATE"));
+ sampleCreation.setSpaceId(params.space1Id);
+ final SamplePermId sampleId = v3api.createSamples(params.adminSessionToken, List.of(sampleCreation)).get(0);
+
+ final DataSetCreation dataSetCreation = physicalDataSetCreation();
+ dataSetCreation.setExperimentId(null);
+ dataSetCreation.setSampleId(sampleId);
+
+ // use instance admin to login on behalf of the user
+ final String onBehalfOfSessionToken = v3api.loginAs(TEST_USER, PASSWORD, params.userId);
+
+ if (List.of(RoleWithHierarchy.RoleLevel.INSTANCE, RoleWithHierarchy.RoleLevel.SPACE).contains(role.getRoleLevel()) && List.of(
+ RoleWithHierarchy.RoleCode.ADMIN, RoleWithHierarchy.RoleCode.POWER_USER, RoleWithHierarchy.RoleCode.USER)
+ .contains(role.getRoleCode()))
+ {
+ v3api.createDataSets(onBehalfOfSessionToken, Collections.singletonList(dataSetCreation));
+ } else
+ {
+ assertAnyAuthorizationException(() -> v3api.createDataSets(onBehalfOfSessionToken, Collections.singletonList(dataSetCreation)));
+ }
+ });
+ }
+
+ @Test(dataProvider = USER_ROLES_PROVIDER)
+ public void testCreateWithDifferentRolesProjectSampleDataSet(RoleWithHierarchy role)
+ {
+ testWithUserRole(role, params ->
+ {
+ final SampleCreation sampleCreation = new SampleCreation();
+ sampleCreation.setCode("TEST_PROJECT_SAMPLE_" + UUID.randomUUID());
+ sampleCreation.setTypeId(new EntityTypePermId("CELL_PLATE"));
+ sampleCreation.setSpaceId(params.space1Id);
+ sampleCreation.setProjectId(params.space1Project1Id);
+ final SamplePermId sampleId = v3api.createSamples(params.adminSessionToken, List.of(sampleCreation)).get(0);
+
+ final DataSetCreation dataSetCreation = physicalDataSetCreation();
+ dataSetCreation.setExperimentId(null);
+ dataSetCreation.setSampleId(sampleId);
+
+ // use instance admin to login on behalf of the user
+ final String onBehalfOfSessionToken = v3api.loginAs(TEST_USER, PASSWORD, params.userId);
+
+ if (List.of(RoleWithHierarchy.RoleCode.ADMIN, RoleWithHierarchy.RoleCode.POWER_USER, RoleWithHierarchy.RoleCode.USER)
+ .contains(role.getRoleCode()))
+ {
+ v3api.createDataSets(onBehalfOfSessionToken, Collections.singletonList(dataSetCreation));
+ } else
+ {
+ assertAnyAuthorizationException(() -> v3api.createDataSets(onBehalfOfSessionToken, Collections.singletonList(dataSetCreation)));
+ }
+ });
+ }
+
+ @Test(dataProvider = USER_ROLES_PROVIDER)
+ public void testCreateWithDifferentRolesExperimentSampleDataSet(RoleWithHierarchy role)
+ {
+ testWithUserRole(role, params ->
+ {
+ final ExperimentCreation experimentCreation = new ExperimentCreation();
+ experimentCreation.setTypeId(new EntityTypePermId("SIRNA_HCS"));
+ experimentCreation.setCode("TEST_EXPERIMENT_" + UUID.randomUUID());
+ experimentCreation.setProjectId(params.space1Project1Id);
+ experimentCreation.setProperty("DESCRIPTION", "test description");
+ final ExperimentPermId experimentId = v3api.createExperiments(params.adminSessionToken, List.of(experimentCreation)).get(0);
+
+ final SampleCreation sampleCreation = new SampleCreation();
+ sampleCreation.setCode("TEST_EXPERIMENT_SAMPLE_" + UUID.randomUUID());
+ sampleCreation.setTypeId(new EntityTypePermId("CELL_PLATE"));
+ sampleCreation.setSpaceId(params.space1Id);
+ sampleCreation.setExperimentId(experimentId);
+ final SamplePermId sampleId = v3api.createSamples(params.adminSessionToken, List.of(sampleCreation)).get(0);
+
+ final DataSetCreation dataSetCreation = physicalDataSetCreation();
+ dataSetCreation.setExperimentId(null);
+ dataSetCreation.setSampleId(sampleId);
+
+ // use instance admin to login on behalf of the user
+ final String onBehalfOfSessionToken = v3api.loginAs(TEST_USER, PASSWORD, params.userId);
+
+ if (List.of(RoleWithHierarchy.RoleCode.ADMIN, RoleWithHierarchy.RoleCode.POWER_USER, RoleWithHierarchy.RoleCode.USER)
+ .contains(role.getRoleCode()))
+ {
+ v3api.createDataSets(onBehalfOfSessionToken, Collections.singletonList(dataSetCreation));
+ } else
+ {
+ assertAnyAuthorizationException(() -> v3api.createDataSets(onBehalfOfSessionToken, Collections.singletonList(dataSetCreation)));
+ }
+ });
+ }
+
private DataSetCreation containerDataSetCreation()
{
String code = UUID.randomUUID().toString();
--
GitLab