SSDM-4824 : V3 Roles bugfix, operation executions fix.

SVN: 37815

SSDM-4824 : V3 Roles bugfix, operation executions fix.
46a7f6c3 · juanf · b305c83f · 46a7f6c3 · 46a7f6c3 · 46a7f6c3
Commit 46a7f6c3 authored 8 years ago by juanf
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/operation/IOperationExecutionAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/operation/IOperationExecutionAuthorizationExecutor.java
@@ -26,17 +26,12 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.OperationExecutionPE;
 */
 public interface IOperationExecutionAuthorizationExecutor extends IObjectAuthorizationExecutor
 {
+    public void canGet(IOperationContext context);
-    void canGet(IOperationContext context);
    boolean canGet(IOperationContext context, OperationExecutionPE execution);
-    void canUpdate(IOperationContext context);
    void canUpdate(IOperationContext context, IOperationExecutionId id, OperationExecutionPE execution);
-    void canDelete(IOperationContext context);
    void canDelete(IOperationContext context, IOperationExecutionId id, OperationExecutionPE execution);
 }
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/operation/OperationExecutionAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/operation/OperationExecutionAuthorizationExecutor.java
@@ -67,11 +67,6 @@ public class OperationExecutionAuthorizationExecutor implements IOperationExecut
    @RolesAllowed({ RoleWithHierarchy.SPACE_USER, RoleWithHierarchy.SPACE_ETL_SERVER })
    @Capability("UPDATE_OPERATION_EXECUTION")
    @DatabaseUpdateModification(value = ObjectKind.OPERATION_EXECUTION)
-    public void canUpdate(IOperationContext context)
-    {
-    }
-    @Override
    public void canUpdate(IOperationContext context, IOperationExecutionId id, OperationExecutionPE execution)
    {
        if (false == canGet(context, execution))
@@ -84,11 +79,6 @@ public class OperationExecutionAuthorizationExecutor implements IOperationExecut
    @RolesAllowed({ RoleWithHierarchy.SPACE_USER, RoleWithHierarchy.SPACE_ETL_SERVER })
    @Capability("DELETE_OPERATION_EXECUTION")
    @DatabaseCreateOrDeleteModification(value = { ObjectKind.OPERATION_EXECUTION, ObjectKind.DELETION })
-    public void canDelete(IOperationContext context)
-    {
-    }
-    @Override
    public void canDelete(IOperationContext context, IOperationExecutionId id, OperationExecutionPE execution)
    {
        if (false == canGet(context, execution))

--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/operation/delete/DeleteOperationExecutionExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/operation/delete/DeleteOperationExecutionExecutor.java
@@ -30,10 +30,12 @@ import ch.ethz.sis.openbis.generic.asapi.v3.dto.operation.delete.OperationExecut
 import ch.ethz.sis.openbis.generic.asapi.v3.dto.operation.fetchoptions.OperationExecutionFetchOptions;
 import ch.ethz.sis.openbis.generic.asapi.v3.dto.operation.id.IOperationExecutionId;
 import ch.ethz.sis.openbis.generic.asapi.v3.dto.operation.id.OperationExecutionPermId;
+import ch.ethz.sis.openbis.generic.asapi.v3.exceptions.UnauthorizedObjectAccessException;
 import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.IOperationContext;
 import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.entity.AbstractDeleteEntityExecutor;
 import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.operation.IOperationExecutionAuthorizationExecutor;
 import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.operation.store.IOperationExecutionStore;
+import ch.systemsx.cisd.common.exceptions.AuthorizationFailureException;
 import ch.systemsx.cisd.openbis.generic.shared.dto.OperationExecutionPE;
 /**
@@ -75,7 +77,13 @@ public class DeleteOperationExecutionExecutor
    @Override
    protected void checkAccess(IOperationContext context, IOperationExecutionId entityId, OperationExecutionPE entity)
    {
-        authorizationExecutor.canDelete(context, entityId, entity);
+        try
+        {
+            authorizationExecutor.canDelete(context, entityId, entity);
+        } catch (AuthorizationFailureException ex)
+        {
+            throw new UnauthorizedObjectAccessException(entityId);
+        }
    }
    @Override

--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/operation/store/OperationExecutionStore.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/operation/store/OperationExecutionStore.java
@@ -65,6 +65,7 @@ import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.operation.IOperation
 import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.operation.config.IOperationExecutionConfig;
 import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.operation.notification.IOperationExecutionNotifier;
 import ch.ethz.sis.openbis.generic.server.sharedapi.v3.json.ObjectMapperResource;
+import ch.systemsx.cisd.common.exceptions.AuthorizationFailureException;
 import ch.systemsx.cisd.common.logging.LogCategory;
 import ch.systemsx.cisd.common.logging.LogFactory;
 import ch.systemsx.cisd.openbis.generic.shared.dto.OperationExecutionPE;
@@ -813,7 +814,13 @@ public class OperationExecutionStore implements IOperationExecutionStore, Applic
    private void checkAccess(IOperationContext context, OperationExecutionPE executionPE)
    {
-        authorization.canGet(context);
+        try
+        {
+            authorization.canGet(context);
+        } catch (AuthorizationFailureException ex)
+        {
+            throw new UnauthorizedObjectAccessException(new OperationExecutionPermId(executionPE.getCode()));
+        }
        if (false == authorization.canGet(context, executionPE))
        {

--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/operation/update/UpdateOperationExecutionExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/operation/update/UpdateOperationExecutionExecutor.java
@@ -31,11 +31,13 @@ import ch.ethz.sis.openbis.generic.asapi.v3.dto.operation.fetchoptions.Operation
 import ch.ethz.sis.openbis.generic.asapi.v3.dto.operation.id.IOperationExecutionId;
 import ch.ethz.sis.openbis.generic.asapi.v3.dto.operation.id.OperationExecutionPermId;
 import ch.ethz.sis.openbis.generic.asapi.v3.dto.operation.update.OperationExecutionUpdate;
+import ch.ethz.sis.openbis.generic.asapi.v3.exceptions.UnauthorizedObjectAccessException;
 import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.IOperationContext;
 import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.entity.AbstractUpdateEntityExecutor;
 import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.operation.IOperationExecutionAuthorizationExecutor;
 import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.operation.store.IOperationExecutionStore;
 import ch.ethz.sis.openbis.generic.server.asapi.v3.helper.common.batch.MapBatch;
+import ch.systemsx.cisd.common.exceptions.AuthorizationFailureException;
 import ch.systemsx.cisd.common.exceptions.UserFailureException;
 import ch.systemsx.cisd.openbis.generic.server.business.bo.DataAccessExceptionTranslator;
 import ch.systemsx.cisd.openbis.generic.server.dataaccess.IDAOFactory;
@@ -83,7 +85,14 @@ public class UpdateOperationExecutionExecutor
    @Override
    protected void checkAccess(IOperationContext context, IOperationExecutionId id, OperationExecutionPE entity)
    {
-        authorizationExecutor.canUpdate(context, id, entity);
+        try
+        {
+            authorizationExecutor.canUpdate(context, id, entity);
+        } catch (AuthorizationFailureException ex)
+        {
+            throw new UnauthorizedObjectAccessException(id);
+        }
    }
    @Override