Skip to content
Snippets Groups Projects
Commit 6eb34f12 authored by pkupczyk's avatar pkupczyk
Browse files

SSDM-6019 : Project Authorization - modify @RolesAllowed annotations at... 

SSDM-6019 : Project Authorization - modify @RolesAllowed annotations at non-entity related methods - fix openbis tests

SVN: 39053
parent 56484fa9
No related branches found
Tags S392.0
No related merge requests found
Hide whitespace changes
Inline Side-by-side
openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/AuthorizationServiceUtils.java
+ 55
0
View file @ 6eb34f12
...@@ -23,6 +23,7 @@ import java.util.List; ...@@ -23,6 +23,7 @@ import java.util.List;
import ch.systemsx.cisd.common.exceptions.AuthorizationFailureException; import ch.systemsx.cisd.common.exceptions.AuthorizationFailureException;
import ch.systemsx.cisd.common.exceptions.Status; import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.common.exceptions.StatusFlag; import ch.systemsx.cisd.common.exceptions.StatusFlag;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.DataSetCodePredicate; import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.DataSetCodePredicate;
import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.ExperimentAugmentedCodePredicate; import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.ExperimentAugmentedCodePredicate;
import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.IPredicate; import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.IPredicate;
...@@ -228,6 +229,14 @@ public class AuthorizationServiceUtils ...@@ -228,6 +229,14 @@ public class AuthorizationServiceUtils
} }
} }
private void checkEntityNotNull(Object entity, EntityKind entityKind, TechId entityId)
{
if (entity == null)
{
throw UserFailureException.fromTemplate("There is no %s with id '%s'.", entityKind.getDescription(), entityId);
}
}
public void checkAccessEntity(EntityKind entityKind, TechId entityId) public void checkAccessEntity(EntityKind entityKind, TechId entityId)
{ {
boolean canAccess; boolean canAccess;
...@@ -235,14 +244,17 @@ public class AuthorizationServiceUtils ...@@ -235,14 +244,17 @@ public class AuthorizationServiceUtils
if (EntityKind.EXPERIMENT.equals(entityKind)) if (EntityKind.EXPERIMENT.equals(entityKind))
{ {
ExperimentPE experiment = daoFactory.getExperimentDAO().getByTechId(entityId); ExperimentPE experiment = daoFactory.getExperimentDAO().getByTechId(entityId);
checkEntityNotNull(experiment, entityKind, entityId);
canAccess = canAccessExperiment(experiment); canAccess = canAccessExperiment(experiment);
} else if (EntityKind.SAMPLE.equals(entityKind)) } else if (EntityKind.SAMPLE.equals(entityKind))
{ {
SamplePE sample = daoFactory.getSampleDAO().getByTechId(entityId); SamplePE sample = daoFactory.getSampleDAO().getByTechId(entityId);
checkEntityNotNull(sample, entityKind, entityId);
canAccess = canAccessSample(sample); canAccess = canAccessSample(sample);
} else if (EntityKind.DATA_SET.equals(entityKind)) } else if (EntityKind.DATA_SET.equals(entityKind))
{ {
DataPE dataSet = daoFactory.getDataDAO().getByTechId(entityId); DataPE dataSet = daoFactory.getDataDAO().getByTechId(entityId);
checkEntityNotNull(dataSet, entityKind, entityId);
canAccess = canAccessDataSet(dataSet); canAccess = canAccessDataSet(dataSet);
} else if (EntityKind.MATERIAL.equals(entityKind)) } else if (EntityKind.MATERIAL.equals(entityKind))
{ {
...@@ -260,6 +272,49 @@ public class AuthorizationServiceUtils ...@@ -260,6 +272,49 @@ public class AuthorizationServiceUtils
} }
} }
private void checkEntityNotNull(Object entity, EntityKind entityKind, String entityPermId)
{
if (entity == null)
{
throw UserFailureException.fromTemplate("There is no %s with permId '%s'.", entityKind.getDescription(), entityPermId);
}
}
public void checkAccessEntity(EntityKind entityKind, String entityPermId)
{
boolean canAccess;
if (EntityKind.EXPERIMENT.equals(entityKind))
{
ExperimentPE experiment = daoFactory.getExperimentDAO().tryGetByPermID(entityPermId);
checkEntityNotNull(experiment, entityKind, entityPermId);
canAccess = canAccessExperiment(experiment);
} else if (EntityKind.SAMPLE.equals(entityKind))
{
SamplePE sample = daoFactory.getSampleDAO().tryToFindByPermID(entityPermId);
checkEntityNotNull(sample, entityKind, entityPermId);
canAccess = canAccessSample(sample);
} else if (EntityKind.DATA_SET.equals(entityKind))
{
DataPE dataSet = daoFactory.getDataDAO().tryToFindDataSetByCode(entityPermId);
checkEntityNotNull(dataSet, entityKind, entityPermId);
canAccess = canAccessDataSet(dataSet);
} else if (EntityKind.MATERIAL.equals(entityKind))
{
canAccess = true;
} else
{
throw new IllegalArgumentException("Unknown entity kind: " + entityKind);
}
if (false == canAccess)
{
throw new AuthorizationFailureException("User: "
+ (user != null ? user.getUserId() : null)
+ " doesn't have access to entity: " + entityKind + " with permId: " + entityPermId);
}
}
public boolean canAccessExperiment(Experiment experiment) public boolean canAccessExperiment(Experiment experiment)
{ {
return canAccessExperiment(experiment.getIdentifier()); return canAccessExperiment(experiment.getIdentifier());
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment