Skip to content
Snippets Groups Projects
Commit 5f4838d9 authored by felmer's avatar felmer
Browse files

SSDM-6061: UserManagerTest and helper classes for testing introduced. Testing...

SSDM-6061: UserManagerTest and helper classes for testing introduced. Testing and implementation not finished
parent 6f7719b9
No related branches found
No related tags found
No related merge requests found
Showing
with 1221 additions and 51 deletions
......@@ -432,7 +432,10 @@ public final class LDAPDirectoryConfiguration
*/
public void setServerUrl(String ldapUrl)
{
this.serverUrl = ldapUrl;
if (isResolved(ldapUrl))
{
this.serverUrl = ldapUrl;
}
}
private static boolean isResolved(String name)
......
......@@ -18,34 +18,43 @@ package ch.systemsx.cisd.openbis.generic.server.task;
import java.util.List;
class Group
public class UserGroup
{
private String name;
private String key;
private List<String> ldapGroupKeys;
private List<String> admins;
private List<String> usersBlackList;
public String getName()
{
return name;
}
public List<String> getAdmins()
public String getKey()
{
return admins;
return key;
}
public List<String> getLdapGroupKeys()
public void setKey(String key)
{
return ldapGroupKeys;
this.key = key;
}
public List<String> getUsersBlackList()
public List<String> getAdmins()
{
return usersBlackList;
return admins;
}
public void setAdmins(List<String> admins)
{
this.admins = admins;
}
public List<String> getLdapGroupKeys()
{
return ldapGroupKeys;
}
}
\ No newline at end of file
......@@ -19,14 +19,12 @@ package ch.systemsx.cisd.openbis.generic.server.task;
import java.io.File;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Properties;
import java.util.TreeMap;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import ch.systemsx.cisd.authentication.Principal;
......@@ -51,8 +49,11 @@ public class UserManagementMaintenanceTask implements IMaintenanceTask
private static final Logger operationLog = LogFactory.getLogger(LogCategory.OPERATION,
UserManagementMaintenanceTask.class);
private static final Logger notificationLog = LogFactory.getLogger(LogCategory.NOTIFY,
UserManagementMaintenanceTask.class);
private File configurationFile;
private LDAPAuthenticationService ldapService;
@Override
......@@ -65,7 +66,14 @@ public class UserManagementMaintenanceTask implements IMaintenanceTask
throw new ConfigurationFailureException("Configuration file '" + configurationFile.getAbsolutePath()
+ "' doesn't exist or is a directory.");
}
ldapService = (LDAPAuthenticationService) CommonServiceProvider.getApplicationContext().getBean("ldap-authentication-service");
if (ldapService.isConfigured() == false)
{
throw new ConfigurationFailureException("There is no LDAP authentication service configured. "
+ "At least 'ldap.server.url', 'ldap.security.principal.distinguished.name', "
+ "'ldap.security.principal.password' have to be specified in 'service.properties'.");
}
operationLog.info("Plugin '" + pluginName + "' initialized. Configuration file: " + configurationFile.getAbsolutePath());
}
......@@ -73,17 +81,16 @@ public class UserManagementMaintenanceTask implements IMaintenanceTask
@Override
public void execute()
{
Map<String, Group> groups = readGroupDefinitions();
if (groups == null)
UserManagerConfig config = readGroupDefinitions();
if (config == null || config.getGroups() == null)
{
return;
}
Log4jSimpleLogger logger = new Log4jSimpleLogger(operationLog);
UserManager userManager = new UserManager(CommonServiceProvider.getApplicationServerApi(), logger);
for (Entry<String, Group> entry : groups.entrySet())
UserManager userManager = new UserManager(CommonServiceProvider.getApplicationServerApi(), config.getCommonSpaces(), logger);
for (UserGroup group : config.getGroups())
{
String key = entry.getKey();
Group group = entry.getValue();
String key = group.getKey();
List<String> ldapGroupKeys = group.getLdapGroupKeys();
if (ldapGroupKeys == null || ldapGroupKeys.isEmpty())
{
......@@ -112,11 +119,15 @@ public class UserManagementMaintenanceTask implements IMaintenanceTask
}
userManager.addGroup(key, group, principalsByUserId);
}
userManager.manageUsers();
String errorReport = userManager.manageUsers();
if (StringUtils.isNotBlank(errorReport))
{
notificationLog.error("User management failed for the following reasons:\n\n" + errorReport);
}
operationLog.info("finished");
}
private Map<String, Group> readGroupDefinitions()
private UserManagerConfig readGroupDefinitions()
{
if (configurationFile.isFile() == false)
{
......@@ -134,10 +145,9 @@ public class UserManagementMaintenanceTask implements IMaintenanceTask
}
}
private Map<String, Group> deserialize(String serializedConfig) throws Exception
private UserManagerConfig deserialize(String serializedConfig) throws Exception
{
ObjectMapper mapper = new ObjectMapper();
return mapper.readValue(serializedConfig, new TypeReference<Map<String, Group>>(){});
return mapper.readValue(serializedConfig, UserManagerConfig.class);
}
}
......@@ -17,9 +17,12 @@
package ch.systemsx.cisd.openbis.generic.server.task;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
......@@ -27,13 +30,32 @@ import java.util.function.Function;
import java.util.stream.Collectors;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.authorizationgroup.AuthorizationGroup;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.authorizationgroup.create.AuthorizationGroupCreation;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.authorizationgroup.create.CreateAuthorizationGroupsOperation;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.authorizationgroup.fetchoptions.AuthorizationGroupFetchOptions;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.authorizationgroup.id.AuthorizationGroupPermId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.authorizationgroup.id.IAuthorizationGroupId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.authorizationgroup.update.AuthorizationGroupUpdate;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.authorizationgroup.update.UpdateAuthorizationGroupsOperation;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.common.operation.IOperation;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.operation.SynchronousOperationExecutionOptions;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.person.Person;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.person.create.CreatePersonsOperation;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.person.create.PersonCreation;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.person.fetchoptions.PersonFetchOptions;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.person.id.IPersonId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.person.id.PersonPermId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.person.update.PersonUpdate;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.person.update.UpdatePersonsOperation;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.Role;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.create.CreateRoleAssignmentsOperation;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.create.RoleAssignmentCreation;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.space.Space;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.space.create.CreateSpacesOperation;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.space.create.SpaceCreation;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.space.fetchoptions.SpaceFetchOptions;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.space.id.ISpaceId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.space.id.SpacePermId;
import ch.ethz.sis.openbis.generic.server.asapi.v3.IApplicationServerInternalApi;
import ch.systemsx.cisd.authentication.Principal;
import ch.systemsx.cisd.common.logging.ISimpleLogger;
......@@ -42,27 +64,29 @@ import ch.systemsx.cisd.common.logging.LogLevel;
/**
* @author Franz-Josef Elmer
*/
class UserManager
public class UserManager
{
private final IApplicationServerInternalApi service;
private final ISimpleLogger logger;
private final Map<Role, List<String>> commonSpacesByRole;
private final Map<String, UserInfo> userInfosByUserId = new TreeMap<>();
private final List<String> groupCodes = new ArrayList<>();
UserManager(IApplicationServerInternalApi service, ISimpleLogger logger)
public UserManager(IApplicationServerInternalApi service, Map<Role, List<String>> commonSpacesByRole, ISimpleLogger logger)
{
this.service = service;
this.commonSpacesByRole = commonSpacesByRole;
this.logger = logger;
}
public void addGroup(String key, Group group, Map<String, Principal> principalsByUserId)
public void addGroup(String key, UserGroup group, Map<String, Principal> principalsByUserId)
{
groupCodes.add(key);
groupCodes.add(key.toUpperCase());
Set<String> admins = asSet(group.getAdmins());
Set<String> blackListedUsers = asSet(group.getUsersBlackList());
for (Principal principal : principalsByUserId.values())
{
String userId = principal.getUserId();
......@@ -72,27 +96,231 @@ class UserManager
userInfo = new UserInfo(principal);
userInfosByUserId.put(userId, userInfo);
}
userInfo.addGroupInfo(new GroupInfo(key, admins.contains(userId), blackListedUsers.contains(userId)));
userInfo.addGroupInfo(new GroupInfo(key, admins.contains(userId)));
}
logger.log(LogLevel.INFO, principalsByUserId.size() + " users for group " + key);
}
public void manageUsers()
public String manageUsers()
{
String sessionToken = service.loginAsSystem();
Map<IPersonId, Person> users = getUsersWithRoleAssigments(sessionToken);
Map<IAuthorizationGroupId, AuthorizationGroup> authorizationGroups = getAuthorizationGroups(sessionToken);
StringBuilder builder = new StringBuilder();
for (String groupCode : groupCodes)
{
try
{
manageGroup(sessionToken, groupCode, authorizationGroups);
} catch (Exception e)
{
String message = String.format("Couldn't manage group '%s' because of the following error: %s",
groupCode, e);
builder.append(message).append("\n");
logger.log(LogLevel.ERROR, message, e);
}
}
authorizationGroups = getAuthorizationGroups(sessionToken);
for (UserInfo userInfo : userInfosByUserId.values())
{
manageUser(userInfo, users, authorizationGroups);
try
{
manageUser(sessionToken, userInfo, users, authorizationGroups);
} catch (Exception e)
{
String message = String.format("Couldn't manage user '%s' because of the following error: %s",
userInfo.getPrincipal().getUserId(), e);
builder.append(message).append("\n");
logger.log(LogLevel.ERROR, message, e);
}
}
service.logout(sessionToken);
return builder.toString();
}
private void manageUser(UserInfo userInfo, Map<IPersonId, Person> knownUsers,
private void manageGroup(String sessionToken, String groupCode, Map<IAuthorizationGroupId, AuthorizationGroup> knownAuthorizationGroups)
{
Context context = new Context(sessionToken);
AuthorizationGroup knownGroup = knownAuthorizationGroups.get(new AuthorizationGroupPermId(groupCode));
if (knownGroup != null)
{
manageKnownGroup(context, knownGroup);
} else
{
manageNewGroup(context, groupCode);
}
context.executeOperations();
}
private void manageNewGroup(Context context, String groupCode)
{
String adminGroupCode = createAdminGroupCode(groupCode);
assertAuthorizationGroupDoesNotExist(context, adminGroupCode);
assertNoCommonSpaceExists(context, groupCode);
createAuthorizationGroup(context, groupCode);
createAuthorizationGroup(context, adminGroupCode);
for (Entry<Role, List<String>> entry : commonSpacesByRole.entrySet())
{
Role role = entry.getKey();
for (String space : entry.getValue())
{
ISpaceId spaceId = createSpace(context, createCommonSpaceCode(groupCode, space));
createRoleAssignment(context, new AuthorizationGroupPermId(groupCode), role, spaceId);
createRoleAssignment(context, new AuthorizationGroupPermId(adminGroupCode), Role.ADMIN, spaceId);
}
}
}
private void assertAuthorizationGroupDoesNotExist(Context context, String adminGroup)
{
if (service.getAuthorizationGroups(context.getSessionToken(), Arrays.asList(new AuthorizationGroupPermId(adminGroup)),
new AuthorizationGroupFetchOptions()).isEmpty() == false)
{
throw new IllegalStateException("Authorization group " + adminGroup + " already exists.");
}
}
private void assertNoCommonSpaceExists(Context context, String groupCode)
{
Set<String> commonSpaces = new TreeSet<>();
for (List<String> set : commonSpacesByRole.values())
{
commonSpaces.addAll(set.stream().map(s -> createCommonSpaceCode(groupCode, s)).collect(Collectors.toList()));
}
Map<ISpaceId, Space> spaces = getSpaces(context.getSessionToken(), commonSpaces);
if (spaces.isEmpty())
{
return;
}
List<String> existingSpaces = new ArrayList<>(spaces.values()).stream().map(Space::getCode).collect(Collectors.toList());
Collections.sort(existingSpaces);
throw new IllegalStateException("The group '" + groupCode + "' has already the following spaces: " + existingSpaces);
}
private void manageKnownGroup(Context context, AuthorizationGroup knownGroup)
{
// TODO Auto-generated method stub
}
private void manageUser(String sessionToken, UserInfo userInfo, Map<IPersonId, Person> knownUsers,
Map<IAuthorizationGroupId, AuthorizationGroup> knownAuthorizationGroups)
{
Context context = new Context(sessionToken);
Person knownUser = knownUsers.get(new PersonPermId(userInfo.getPrincipal().getUserId()));
if (knownUser != null)
{
manageKnownUser(context, userInfo, knownUser, knownAuthorizationGroups);
} else
{
manageNewUser(context, userInfo, knownAuthorizationGroups);
}
context.executeOperations();
}
private void manageKnownUser(Context context, UserInfo userInfo, Person knownUser,
Map<IAuthorizationGroupId, AuthorizationGroup> knownAuthorizationGroups)
{
System.out.println("UserManager.manageKnownUser() " + userInfo);
}
private void manageNewUser(Context context, UserInfo userInfo,
Map<IAuthorizationGroupId, AuthorizationGroup> knownAuthorizationGroups)
{
Principal principal = userInfo.getPrincipal();
String userId = principal.getUserId();
String spaceCode = userId.toUpperCase();
if (getSpaces(context.getSessionToken(), Arrays.asList(spaceCode)).isEmpty() == false)
{
throw new IllegalStateException("There is already a space with code " + spaceCode + ".");
}
ISpaceId homeSpaceId = createSpace(context, spaceCode);
IPersonId personId = createPerson(context, userId);
assignHomeSpace(context, homeSpaceId, personId);
for (GroupInfo groupInfo : userInfo.getGroupInfosByGroupKey().values())
{
String groupCode = groupInfo.getKey();
addPersonToAuthorizationGroup(context, new AuthorizationGroupPermId(groupCode), personId);
AuthorizationGroupPermId adminGroupId = new AuthorizationGroupPermId(createAdminGroupCode(groupCode));
createRoleAssignment(context, adminGroupId, Role.ADMIN, homeSpaceId);
if (groupInfo.isAdmin())
{
addPersonToAuthorizationGroup(context, adminGroupId, personId);
}
}
}
private void assignHomeSpace(Context context, ISpaceId homeSpaceId, IPersonId personId)
{
PersonUpdate personUpdate = new PersonUpdate();
personUpdate.setUserId(personId);
personUpdate.setSpaceId(homeSpaceId);
context.add(personUpdate);
RoleAssignmentCreation roleCreation = new RoleAssignmentCreation();
roleCreation.setUserId(personId);
roleCreation.setRole(Role.ADMIN);
roleCreation.setSpaceId(homeSpaceId);
context.add(roleCreation);
}
private void addPersonToAuthorizationGroup(Context context, AuthorizationGroupPermId groupId, IPersonId personId)
{
AuthorizationGroupUpdate groupUpdate = new AuthorizationGroupUpdate();
groupUpdate.setAuthorizationGroupId(groupId);
groupUpdate.getUserIds().add(personId);
context.add(groupUpdate);
}
private ISpaceId createSpace(Context context, String spaceCode)
{
SpaceCreation spaceCreation = new SpaceCreation();
spaceCreation.setCode(spaceCode);
context.add(spaceCreation);
return new SpacePermId(spaceCode);
}
private IPersonId createPerson(Context context, String userId)
{
PersonCreation personCreation = new PersonCreation();
personCreation.setUserId(userId);
context.add(personCreation);
return new PersonPermId(userId);
}
private void createAuthorizationGroup(Context context, String groupCode)
{
AuthorizationGroupCreation creation = new AuthorizationGroupCreation();
creation.setCode(groupCode);
context.add(creation);
}
private void createRoleAssignment(Context context, AuthorizationGroupPermId groupId, Role role, ISpaceId spaceId)
{
RoleAssignmentCreation roleCreation = new RoleAssignmentCreation();
roleCreation.setAuthorizationGroupId(groupId);
roleCreation.setRole(role);
roleCreation.setSpaceId(spaceId);
context.add(roleCreation);
}
private String createCommonSpaceCode(String groupCode, String spaceCode)
{
return groupCode + "_" + spaceCode;
}
private String createAdminGroupCode(String groupCode)
{
return groupCode + "_ADMIN";
}
private Map<ISpaceId, Space> getSpaces(String sessionToken, Collection<String> spaceCodes)
{
SpaceFetchOptions fetchOptions = new SpaceFetchOptions();
return service.getSpaces(sessionToken, spaceCodes.stream().map(SpacePermId::new).collect(Collectors.toList()), fetchOptions);
}
private Map<IPersonId, Person> getUsersWithRoleAssigments(String sessionToken)
......@@ -113,7 +341,7 @@ class UserManager
fetchOptions.withUsers();
return service.getAuthorizationGroups(sessionToken, groupPermIds, fetchOptions);
}
private Set<String> asSet(List<String> users)
{
return users == null ? Collections.emptySet() : new TreeSet<>(users);
......@@ -140,6 +368,11 @@ class UserManager
groupInfosByGroupKey.put(groupInfo.getKey(), groupInfo);
}
public Map<String, GroupInfo> getGroupInfosByGroupKey()
{
return groupInfosByGroupKey;
}
@Override
public String toString()
{
......@@ -153,13 +386,10 @@ class UserManager
private boolean admin;
private boolean onBlackList;
GroupInfo(String key, boolean admin, boolean onBlackList)
GroupInfo(String key, boolean admin)
{
this.key = key;
this.admin = admin;
this.onBlackList = onBlackList;
}
public String getKey()
......@@ -172,17 +402,103 @@ class UserManager
return admin;
}
public boolean isOnBlackList()
{
return onBlackList;
}
@Override
public String toString()
{
return (onBlackList ? "." : "") + key + (admin ? "*" : "");
return key + (admin ? "*" : "");
}
}
private final class Context
{
private String sessionToken;
private List<PersonCreation> personCreations = new ArrayList<>();
private List<PersonUpdate> personUpdates = new ArrayList<>();
private List<SpaceCreation> spaceCreations = new ArrayList<>();
private List<AuthorizationGroupCreation> groupCreations = new ArrayList<>();
private List<AuthorizationGroupUpdate> groupUpdates = new ArrayList<>();
private List<RoleAssignmentCreation> roleCreations = new ArrayList<>();
Context(String sessionToken)
{
this.sessionToken = sessionToken;
}
public String getSessionToken()
{
return sessionToken;
}
public void add(PersonCreation personCreation)
{
personCreations.add(personCreation);
}
public void add(PersonUpdate personUpdate)
{
personUpdates.add(personUpdate);
}
public void add(SpaceCreation spaceCreation)
{
spaceCreations.add(spaceCreation);
}
public void add(AuthorizationGroupCreation creation)
{
groupCreations.add(creation);
}
public void add(RoleAssignmentCreation roleCreation)
{
roleCreations.add(roleCreation);
}
public void add(AuthorizationGroupUpdate groupUpdate)
{
groupUpdates.add(groupUpdate);
}
public void executeOperations()
{
List<IOperation> operations = new ArrayList<>();
if (personCreations.isEmpty() == false)
{
operations.add(new CreatePersonsOperation(personCreations));
}
if (personUpdates.isEmpty() == false)
{
operations.add(new UpdatePersonsOperation(personUpdates));
}
if (spaceCreations.isEmpty() == false)
{
operations.add(new CreateSpacesOperation(spaceCreations));
}
if (groupCreations.isEmpty() == false)
{
operations.add(new CreateAuthorizationGroupsOperation(groupCreations));
}
if (groupUpdates.isEmpty() == false)
{
operations.add(new UpdateAuthorizationGroupsOperation(groupUpdates));
}
if (roleCreations.isEmpty() == false)
{
operations.add(new CreateRoleAssignmentsOperation(roleCreations));
}
if (operations.isEmpty())
{
return;
}
SynchronousOperationExecutionOptions options = new SynchronousOperationExecutionOptions();
service.executeOperations(sessionToken, operations, options);
}
}
}
/*
* Copyright 2018 ETH Zuerich, SIS
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package ch.systemsx.cisd.openbis.generic.server.task;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.Role;
class UserManagerConfig
{
private Map<Role, List<String>> commonSpaces = new HashMap<>();
private List<UserGroup> groups;
public Map<Role, List<String>> getCommonSpaces()
{
return commonSpaces;
}
public void setCommonSpaces(Map<Role, List<String>> commonSpaces)
{
this.commonSpaces = commonSpaces;
}
public List<UserGroup> getGroups()
{
return groups;
}
public void setGroups(List<UserGroup> groups)
{
this.groups = groups;
}
}
\ No newline at end of file
......@@ -47,7 +47,6 @@ import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import ch.ethz.sis.openbis.generic.asapi.v3.IApplicationServerApi;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.attachment.Attachment;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.attachment.create.AttachmentCreation;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.common.id.IObjectId;
......@@ -97,6 +96,7 @@ import ch.ethz.sis.openbis.generic.asapi.v3.dto.vocabulary.id.VocabularyTermPerm
import ch.ethz.sis.openbis.generic.asapi.v3.exceptions.NotFetchedException;
import ch.ethz.sis.openbis.generic.asapi.v3.exceptions.ObjectNotFoundException;
import ch.ethz.sis.openbis.generic.asapi.v3.exceptions.UnauthorizedObjectAccessException;
import ch.ethz.sis.openbis.generic.server.asapi.v3.IApplicationServerInternalApi;
import ch.ethz.sis.openbis.systemtest.asapi.v3.index.IndexOperation;
import ch.ethz.sis.openbis.systemtest.asapi.v3.index.IndexState;
import ch.ethz.sis.openbis.systemtest.asapi.v3.index.ReindexingState;
......@@ -119,7 +119,6 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.SamplePE;
import ch.systemsx.cisd.openbis.systemtest.SystemTestCase;
import ch.systemsx.cisd.openbis.util.LogRecordingUtils;
import junit.framework.Assert;
/**
......@@ -139,7 +138,7 @@ public class AbstractTest extends SystemTestCase
private BufferedAppender logRecorder;
@Autowired
protected IApplicationServerApi v3api;
protected IApplicationServerInternalApi v3api;
@Autowired
protected IGeneralInformationService generalInformationService;
......
/*
* Copyright 2018 ETH Zuerich, SIS
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package ch.systemsx.cisd.openbis.systemtest.task;
import static org.testng.Assert.assertEquals;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.testng.Assert;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.common.id.ObjectPermId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.common.interfaces.ICodeHolder;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.person.Person;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.person.fetchoptions.PersonFetchOptions;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.person.id.IPersonId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.person.id.PersonPermId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.Role;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.space.Space;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.space.fetchoptions.SpaceFetchOptions;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.space.id.ISpaceId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.space.id.SpacePermId;
import ch.ethz.sis.openbis.generic.server.asapi.v3.IApplicationServerInternalApi;
import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.IOperationContext;
import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.OperationContext;
import ch.systemsx.cisd.authentication.Principal;
import ch.systemsx.cisd.openbis.generic.shared.IOpenBisSessionManager;
import ch.systemsx.cisd.openbis.generic.shared.dto.Session;
import ch.systemsx.cisd.openbis.generic.shared.dto.SpacePE;
class UserManagerExpectationsBuilder
{
private static final String TEST_USER = "test";
private static final String PASSWORD = "password";
private final IApplicationServerInternalApi v3api;
private final UserManagerTestService testService;
private final IOpenBisSessionManager sessionManager;
private final Map<Role, List<String>> commonSpaces;
private Map<String, List<Principal>> usersByGroup = new TreeMap<>();
private Map<String, List<Principal>> noUsersByGroup = new TreeMap<>();
private Map<String, List<Principal>> normalUsersByGroup = new TreeMap<>();
private Map<String, List<Principal>> adminUsersByGroup = new TreeMap<>();
UserManagerExpectationsBuilder(IApplicationServerInternalApi v3api, UserManagerTestService testService,
IOpenBisSessionManager sessionManager, Map<Role, List<String>> commonSpaces)
{
this.v3api = v3api;
this.testService = testService;
this.sessionManager = sessionManager;
this.commonSpaces = commonSpaces;
}
UserManagerExpectationsBuilder noUser(Principal user, String... groups)
{
return addUser(user, noUsersByGroup, groups);
}
UserManagerExpectationsBuilder user(Principal user, String... groups)
{
return addUser(user, normalUsersByGroup, groups);
}
UserManagerExpectationsBuilder adminUser(Principal user, String... groups)
{
return addUser(user, adminUsersByGroup, groups);
}
private UserManagerExpectationsBuilder addUser(Principal user, Map<String, List<Principal>> users, String... groups)
{
for (String group : groups)
{
addUserToGroup(user, group, users);
addUserToGroup(user, group, usersByGroup);
}
return this;
}
private void addUserToGroup(Principal user, String group, Map<String, List<Principal>> users)
{
List<Principal> principals = users.get(group);
if (principals == null)
{
principals = new ArrayList<>();
users.put(group, principals);
}
principals.add(user);
}
void assertExpectations()
{
String sessionToken = v3api.login(TEST_USER, PASSWORD);
assertSpaces(sessionToken);
assertUsers(sessionToken);
assertAuthorization(sessionToken);
v3api.logout(sessionToken);
}
private void assertSpaces(String sessionToken)
{
List<SpacePermId> allCommonSpaces = getAllCommonSpaces();
assertSpacesExist(sessionToken, allCommonSpaces);
List<SpacePermId> allUserSpaces = applyMapperToAllUsers(user -> new SpacePermId(user.getUserId().toUpperCase()));
assertSpacesExist(sessionToken, allUserSpaces);
}
private List<SpacePermId> getAllCommonSpaces()
{
List<SpacePermId> allCommonSpaces = new ArrayList<>();
Set<String> groups = usersByGroup.keySet();
for (String group : groups)
{
for (List<String> list : commonSpaces.values())
{
for (String commonSpace : list)
{
allCommonSpaces.add(new SpacePermId(group + "_" + commonSpace));
}
}
}
return allCommonSpaces;
}
private void assertSpacesExist(String sessionToken, List<SpacePermId> spaces)
{
List<String> expectedSpaces = extractedSortedPermIds(spaces);
SpaceFetchOptions fetchOptions = new SpaceFetchOptions();
List<String> actualSpaces = extractedSortedCodes(v3api.getSpaces(sessionToken, spaces, fetchOptions).values());
assertEquals(actualSpaces.toString(), expectedSpaces.toString());
}
private void assertUsers(String sessionToken)
{
List<PersonPermId> allUsers = applyMapperToAllUsers(user -> new PersonPermId(user.getUserId()));
PersonFetchOptions fetchOptions = new PersonFetchOptions();
fetchOptions.withSpace();
Map<IPersonId, Person> persons = v3api.getPersons(sessionToken, allUsers, fetchOptions);
Function<IPersonId, PersonPermId> mapper = id -> (PersonPermId) id;
List<String> expectedUsers = extractedSortedPermIds(allUsers);
List<String> actualUsers = extractedSortedPermIds(persons.keySet().stream().map(mapper).collect(Collectors.toSet()));
assertEquals(actualUsers.toString(), expectedUsers.toString());
for (PersonPermId id : allUsers)
{
Person person = persons.get(id);
assertEquals(person.getUserId(), id.getPermId());
assertEquals(person.getEmail(), "franz-josef.elmer@systemsx.ch", "Wrong email of " + person);
assertEquals(person.getSpace().getCode(), person.getUserId().toUpperCase(), "Wrong home space of " + person);
}
}
private void assertAuthorization(String sessionToken)
{
AuthorizationExpectations expectations = new AuthorizationExpectations(v3api, sessionManager, testService);
for (Entry<String, List<Principal>> entry : normalUsersByGroup.entrySet())
{
String groupKey = entry.getKey();
List<Principal> users = entry.getValue();
users.forEach(user -> expectations.expect(user, groupKey, Level.SPACE_USER));
}
}
private static final class AuthorizationExpectations
{
private Map<String, Map<Level, Set<String>>> groupsByLevelsByUsers = new TreeMap<>();
private IApplicationServerInternalApi v3api;
private IOpenBisSessionManager sessionManager;
private UserManagerTestService testService;
public AuthorizationExpectations(IApplicationServerInternalApi v3api, IOpenBisSessionManager sessionManager,
UserManagerTestService testService)
{
this.v3api = v3api;
this.sessionManager = sessionManager;
this.testService = testService;
}
void expect(Principal user, String group, Level level)
{
String userId = user.getUserId();
Map<Level, Set<String>> groupsByLevels = groupsByLevelsByUsers.get(userId);
if (groupsByLevels == null)
{
groupsByLevels = new TreeMap<>();
groupsByLevelsByUsers.put(userId, groupsByLevels);
}
Set<String> groups = groupsByLevels.get(level);
if (groups == null)
{
groups = new TreeSet<>();
groupsByLevels.put(level, groups);
}
groups.add(group);
}
void assertExpectations()
{
for (Entry<String, Map<Level, Set<String>>> entry : groupsByLevelsByUsers.entrySet())
{
String userId = entry.getKey();
String sessionToken = v3api.login(userId, PASSWORD);
try
{
Session session = sessionManager.getSession(sessionToken);
IOperationContext context = new OperationContext(session);
Set<Entry<Level, Set<String>>> entrySet = entry.getValue().entrySet();
for (Entry<Level, Set<String>> entry2 : entrySet)
{
Level level = entry2.getKey();
Set<String> groups = entry2.getValue();
for (String group : groups)
{
// getActualLevel(context, spaceCode);
}
// probeAuthorizationLevel(user, spaceCodes);
}
} finally
{
v3api.logout(sessionToken);
}
}
}
private Level getActualLevel(IOperationContext context, String spaceCode)
{
SpacePE space = new SpacePE();
space.setCode(spaceCode);
Level previousLevel = null;
for (Level level : Level.values())
{
try
{
level.probe(testService, context, space);
} catch (Exception e)
{
break;
}
previousLevel = level;
}
return previousLevel;
}
private static final class LevelAndSpace
{
private Level level;
private String spaceCode;
LevelAndSpace(Level level, String spaceCode)
{
this.level = level;
this.spaceCode = spaceCode;
}
}
}
private List<String> extractedSortedPermIds(Collection<? extends ObjectPermId> ids)
{
List<String> result = ids.stream().map(ObjectPermId::getPermId).collect(Collectors.toList());
Collections.sort(result);
return result;
}
private List<String> extractedSortedCodes(Collection<? extends ICodeHolder> codeHolders)
{
List<String> result = codeHolders.stream().map(ICodeHolder::getCode).collect(Collectors.toList());
Collections.sort(result);
return result;
}
private <T> List<T> applyMapperToAllUsers(Function<Principal, T> mapper)
{
List<T> result = new ArrayList<>();
for (List<Principal> users : usersByGroup.values())
{
result.addAll(users.stream().map(mapper).collect(Collectors.toList()));
}
return result;
}
private List<Level> probeAuthorizationLevel(String userId, List<String> spaceCodes)
{
String sessionToken = v3api.login(userId, PASSWORD);
try
{
List<Level> levels = new ArrayList<>();
Session session = sessionManager.getSession(sessionToken);
IOperationContext context = new OperationContext(session);
for (String spaceCode : spaceCodes)
{
Level previousLevel = getActualLevel(context, spaceCode);
levels.add(previousLevel);
}
return levels;
} finally
{
v3api.logout(sessionToken);
}
}
private Level getActualLevel(IOperationContext context, String spaceCode)
{
SpacePE space = new SpacePE();
space.setCode(spaceCode);
Level previousLevel = null;
for (Level level : Level.values())
{
try
{
level.probe(testService, context, space);
} catch (Exception e)
{
break;
}
previousLevel = level;
}
return previousLevel;
}
private enum Level
{
NON
{
@Override
public void probe(UserManagerTestService testService, IOperationContext context, SpacePE space)
{
}
},
SPACE_OBSERVER
{
@Override
public void probe(UserManagerTestService testService, IOperationContext context, SpacePE space)
{
testService.allowedForSpaceObservers(context, space);
}
},
SPACE_USER
{
@Override
public void probe(UserManagerTestService testService, IOperationContext context, SpacePE space)
{
testService.allowedForSpaceUsers(context, space);
}
},
SPACE_ADMIN
{
@Override
public void probe(UserManagerTestService testService, IOperationContext context, SpacePE space)
{
testService.allowedForSpaceAdmins(context, space);
}
},
INSTANCE_ADMIN
{
@Override
public void probe(UserManagerTestService testService, IOperationContext context, SpacePE space)
{
testService.allowedForInstanceAdmins(context, space);
}
};
public abstract void probe(UserManagerTestService testService, IOperationContext context, SpacePE space);
}
}
\ No newline at end of file
/*
* Copyright 2018 ETH Zuerich, SIS
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package ch.systemsx.cisd.openbis.systemtest.task;
import static org.testng.Assert.assertEquals;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.EnumMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.annotation.Resource;
import org.springframework.beans.factory.annotation.Autowired;
import org.testng.Assert;
import org.testng.annotations.Test;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.common.search.SearchResult;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.person.Person;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.person.fetchoptions.PersonFetchOptions;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.person.id.PersonPermId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.Role;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.space.Space;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.space.fetchoptions.SpaceFetchOptions;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.space.search.SpaceSearchCriteria;
import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.IOperationContext;
import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.OperationContext;
import ch.ethz.sis.openbis.systemtest.asapi.v3.AbstractTest;
import ch.systemsx.cisd.authentication.Principal;
import ch.systemsx.cisd.common.logging.MockLogger;
import ch.systemsx.cisd.common.test.AssertionUtil;
import ch.systemsx.cisd.openbis.generic.server.ComponentNames;
import ch.systemsx.cisd.openbis.generic.server.task.UserGroup;
import ch.systemsx.cisd.openbis.generic.server.task.UserManager;
import ch.systemsx.cisd.openbis.generic.shared.IOpenBisSessionManager;
import ch.systemsx.cisd.openbis.generic.shared.dto.Session;
import ch.systemsx.cisd.openbis.generic.shared.dto.SpacePE;
/**
* @author Franz-Josef Elmer
*/
public class UserManagerTest extends AbstractTest
{
private static final Principal U1 = new Principal("u1", "Albert", "Einstein", "a.e@abc.de");
private static final Principal U2 = new Principal("u2", "Isaac", "Newton", "i.n@abc.de");
private static final Principal U3 = new Principal("u3", "Alan", "Turing", "a.t@abc.de");
@Autowired
private UserManagerTestService testService;
@Resource(name = ComponentNames.SESSION_MANAGER)
private IOpenBisSessionManager sessionManager;
private static Map<Role, List<String>> commonSpaces()
{
Map<Role, List<String>> commonSpacesByRole = new EnumMap<>(Role.class);
commonSpacesByRole.put(Role.USER, Arrays.asList("ALPHA", "BETA"));
commonSpacesByRole.put(Role.OBSERVER, Arrays.asList("GAMMA"));
return commonSpacesByRole;
}
@Test
public void testAddNewGroupWithNewUsers()
{
// Given
MockLogger logger = new MockLogger();
UserManager userManager = new UserManager(v3api, commonSpaces(), logger);
Map<String, Principal> principals = principals(U3, U1, U2);
UserGroup group = new UserGroup();
group.setAdmins(Arrays.asList(U1.getUserId(), "blabla"));
userManager.addGroup("G1", group, principals);
// When
String errorMessages = userManager.manageUsers();
// Then
assertEquals(errorMessages, "");
List<String> allSpaces = getAllSpaces();
System.err.println("all spaces: " + allSpaces);
for (Principal user : principals.values())
{
List<Person> persons = getPersons(user.getUserId());
Person person = persons.get(0);
assertEquals(person.getUserId(), user.getUserId());
assertEquals(person.getEmail(), "franz-josef.elmer@systemsx.ch");
String space = getOwnSpace(user);
assertEquals(person.getSpace().getCode(), space);
if (group.getAdmins() != null && group.getAdmins().contains(user.getUserId()))
{
assertAdminUserLevels("G1", user, principals.values());
} else
{
assertNormalUserLevels("G1", user);
}
}
}
@Test
public void testAddUsersToAnExistingGroup()
{
// Given
MockLogger logger = new MockLogger();
Map<Role, List<String>> commonSpaces = commonSpaces();
UserManager userManager = new UserManager(v3api, commonSpaces, logger);
UserGroup group = new UserGroup();
group.setAdmins(Arrays.asList(U1.getUserId(), "blabla"));
userManager.addGroup("G2", group, principals(U1));
assertEquals(userManager.manageUsers(), "");
userManager = new UserManager(v3api, commonSpaces, logger);
userManager.addGroup("G2", group, principals(U2, U3));
// When
String errorMessages = userManager.manageUsers();
// Then
assertEquals(errorMessages, "");
Collection<Principal> users = principals(U1, U2, U3).values();
for (Principal user : users)
{
List<Person> persons = getPersons(user.getUserId());
Person person = persons.get(0);
assertEquals(person.getUserId(), user.getUserId());
assertEquals(person.getEmail(), "franz-josef.elmer@systemsx.ch");
String space = getOwnSpace(user);
assertEquals(person.getSpace().getCode(), space);
if (group.getAdmins() != null && group.getAdmins().contains(user.getUserId()))
{
assertAdminUserLevels("G2", user, users);
} else
{
assertNormalUserLevels("G2", user);
}
}
UserManagerExpectationsBuilder builder = createBuilder(commonSpaces);
builder.adminUser(U1, "G2");
builder.user(U2, "G2");
builder.user(U3, "G2");
builder.assertExpectations();
}
private UserManagerExpectationsBuilder createBuilder(Map<Role, List<String>> commonSpaces)
{
return new UserManagerExpectationsBuilder(v3api, testService, sessionManager, commonSpaces);
}
private void assertNormalUserLevels(String groupCode, Principal user)
{
String userId = user.getUserId();
Map<Role, List<String>> commonSpaces = commonSpaces();
assertLevel(userId, Level.SPACE_OBSERVER, getCommonSpaces(groupCode, commonSpaces, Role.OBSERVER));
assertLevel(userId, Level.SPACE_USER, getCommonSpaces(groupCode, commonSpaces, Role.USER));
assertLevel(userId, Level.SPACE_ADMIN, Arrays.asList(userId.toUpperCase()));
}
private void assertAdminUserLevels(String groupCode, Principal adminUser, Collection<Principal> users)
{
List<String> spaces = users.stream().map(p -> getOwnSpace(p)).collect(Collectors.toList());
Map<Role, List<String>> commonSpaces = commonSpaces();
spaces.addAll(getCommonSpaces(groupCode, commonSpaces, Role.OBSERVER));
spaces.addAll(getCommonSpaces(groupCode, commonSpaces, Role.USER));
assertLevel(adminUser.getUserId(), Level.SPACE_ADMIN, spaces);
}
private List<String> getCommonSpaces(String groupCode, Map<Role, List<String>> commonSpaces, Role role)
{
return commonSpaces.get(role).stream().map(s -> groupCode + "_" + s).collect(Collectors.toList());
}
private void assertLevel(String userId, Level level, List<String> spaceCodes)
{
List<Level> levels = probeAuthorizationLevel(userId, spaceCodes);
for (int i = 0; i < spaceCodes.size(); i++)
{
assertLevel(levels.get(i), level, userId, spaceCodes.get(i));
}
}
private void assertLevel(Level actualLevel, Level expectedLevel, String userId, String spaceCode)
{
assertEquals(userId + ":" + spaceCode + ":" + actualLevel, userId + ":" + spaceCode + ":" + expectedLevel);
}
private List<String> getAllSpaces()
{
String sessionToken = v3api.login(TEST_USER, PASSWORD);
SearchResult<Space> spaces = v3api.searchSpaces(sessionToken, new SpaceSearchCriteria(), new SpaceFetchOptions());
v3api.logout(sessionToken);
List<String> spaceCodes = spaces.getObjects().stream().map(Space::getCode).collect(Collectors.toList());
Collections.sort(spaceCodes);
return spaceCodes;
}
private List<Person> getPersons(String... userIds)
{
String sessionToken = v3api.login(TEST_USER, PASSWORD);
Function<String, PersonPermId> mapper = u -> new PersonPermId(u);
List<PersonPermId> permIds = Arrays.asList(userIds).stream().map(mapper).collect(Collectors.toList());
PersonFetchOptions fetchOptions = new PersonFetchOptions();
fetchOptions.withSpace();
Collection<Person> persons = v3api.getPersons(sessionToken, permIds, fetchOptions).values();
v3api.logout(sessionToken);
List<Person> result = new ArrayList<>(persons);
Collections.sort(result, Comparator.comparing(Person::getUserId));
return result;
}
private Map<String, Principal> principals(Principal... principals)
{
Map<String, Principal> map = new TreeMap<>();
for (Principal principal : principals)
{
map.put(principal.getUserId(), principal);
}
return map;
}
private String getOwnSpace(Principal principal)
{
return principal.getUserId().toUpperCase();
}
private List<Level> probeAuthorizationLevel(String userId, List<String> spaceCodes)
{
String sessionToken = v3api.login(userId, PASSWORD);
try
{
List<Level> levels = new ArrayList<>();
Session session = sessionManager.getSession(sessionToken);
IOperationContext context = new OperationContext(session);
for (String spaceCode : spaceCodes)
{
SpacePE space = new SpacePE();
space.setCode(spaceCode);
Level previousLevel = null;
for (Level level : Level.values())
{
try
{
level.probe(testService, context, space);
} catch (Exception e)
{
break;
}
previousLevel = level;
}
levels.add(previousLevel);
}
return levels;
} finally
{
v3api.logout(sessionToken);
}
}
private enum Level
{
NON
{
@Override
public void probe(UserManagerTestService testService, IOperationContext context, SpacePE space)
{
}
},
SPACE_OBSERVER
{
@Override
public void probe(UserManagerTestService testService, IOperationContext context, SpacePE space)
{
testService.allowedForSpaceObservers(context, space);
}
},
SPACE_USER
{
@Override
public void probe(UserManagerTestService testService, IOperationContext context, SpacePE space)
{
testService.allowedForSpaceUsers(context, space);
}
},
SPACE_ADMIN
{
@Override
public void probe(UserManagerTestService testService, IOperationContext context, SpacePE space)
{
testService.allowedForSpaceAdmins(context, space);
}
},
INSTANCE_ADMIN
{
@Override
public void probe(UserManagerTestService testService, IOperationContext context, SpacePE space)
{
testService.allowedForInstanceAdmins(context, space);
}
};
public abstract void probe(UserManagerTestService testService, IOperationContext context, SpacePE space);
}
}
/*
* Copyright 2018 ETH Zuerich, SIS
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package ch.systemsx.cisd.openbis.systemtest.task;
import org.springframework.stereotype.Component;
import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.IOperationContext;
import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.AuthorizationGuard;
import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.RolesAllowed;
import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.SpacePEPredicate;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.dto.SpacePE;
/**
* @author Franz-Josef Elmer
*
*/
@Component
public class UserManagerTestService
{
@RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public void allowedForSpaceObservers(IOperationContext context, @AuthorizationGuard(guardClass = SpacePEPredicate.class) SpacePE space)
{
}
@RolesAllowed(RoleWithHierarchy.SPACE_USER)
public void allowedForSpaceUsers(IOperationContext context, @AuthorizationGuard(guardClass = SpacePEPredicate.class) SpacePE space)
{
}
@RolesAllowed(RoleWithHierarchy.SPACE_ADMIN)
public void allowedForSpaceAdmins(IOperationContext context, @AuthorizationGuard(guardClass = SpacePEPredicate.class) SpacePE space)
{
}
@RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
public void allowedForInstanceAdmins(IOperationContext context, @AuthorizationGuard(guardClass = SpacePEPredicate.class) SpacePE space)
{
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment