diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/DataSetAuthorizationExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/DataSetAuthorizationExecutor.java
index 65bf51f0289f5fca5da89ea01b831021b43b1cd5..4a9082ac2251f07e726e534847e95ee84e8e0646 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/DataSetAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/DataSetAuthorizationExecutor.java
@@ -24,8 +24,10 @@ import ch.ethz.sis.openbis.generic.asapi.v3.exceptions.UnauthorizedObjectAccessE
import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.IOperationContext;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
import ch.systemsx.cisd.openbis.generic.server.authorization.AuthorizationServiceUtils;
+import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.AuthorizationGuard;
import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.Capability;
import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.RolesAllowed;
+import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.DataPEPredicate;
import ch.systemsx.cisd.openbis.generic.server.authorization.validator.DataSetPEByExperimentOrSampleIdentifierValidator;
import ch.systemsx.cisd.openbis.generic.shared.DatabaseCreateOrDeleteModification;
import ch.systemsx.cisd.openbis.generic.shared.DatabaseUpdateModification;
@@ -119,12 +121,7 @@ public class DataSetAuthorizationExecutor implements IDataSetAuthorizationExecut
@DatabaseCreateOrDeleteModification(value = { ObjectKind.DATA_SET, ObjectKind.DELETION })
@RolesAllowed({ RoleWithHierarchy.SPACE_POWER_USER, RoleWithHierarchy.SPACE_ETL_SERVER })
@Capability("DELETE_DATASET")
- public void canDelete(IOperationContext context)
- {
- }
-
- @Override
- public void canDelete(IOperationContext context, IDataSetId id, DataPE dataSet)
+ public void canDelete(IOperationContext context, IDataSetId id, @AuthorizationGuard(guardClass = DataPEPredicate.class) DataPE dataSet)
{
canUpdate(context, id, dataSet);
}
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/DeleteDataSetExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/DeleteDataSetExecutor.java
index 32f490e7112d37eabf2f6195ac6d3225b941804a..393adbde0cd2ac3c5bd80a4676313c651937e96f 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/DeleteDataSetExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/DeleteDataSetExecutor.java
@@ -58,12 +58,6 @@ public class DeleteDataSetExecutor extends AbstractDeleteEntityExecutor<IDeletio
return mapDataSetByIdExecutor.map(context, entityIds);
}
- @Override
- protected void checkAccess(IOperationContext context)
- {
- authorizationExecutor.canDelete(context);
- }
-
@Override
protected void checkAccess(IOperationContext context, IDataSetId entityId, DataPE entity)
{
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/IDataSetAuthorizationExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/IDataSetAuthorizationExecutor.java
index db367559a66b78ff2889e0cd66c5b6f8f5629742..2d64541b61cde75dd2ab1e71dde72fc3a228ce8c 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/IDataSetAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/IDataSetAuthorizationExecutor.java
@@ -35,8 +35,6 @@ public interface IDataSetAuthorizationExecutor extends IObjectAuthorizationExecu
void canUpdate(IOperationContext context, IDataSetId id, DataPE dataSet);
- void canDelete(IOperationContext context);
-
void canDelete(IOperationContext context, IDataSetId id, DataPE dataSet);
void canGet(IOperationContext context);
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/entity/AbstractDeleteEntityExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/entity/AbstractDeleteEntityExecutor.java
index 0bd8575c16aeaa89b28103f1624283b844f0dd86..9726d45f61387dd5d1c2371c3b7c9d1f10e2c617 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/entity/AbstractDeleteEntityExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/entity/AbstractDeleteEntityExecutor.java
@@ -50,8 +50,6 @@ public abstract class AbstractDeleteEntityExecutor<DELETION_ID, ENTITY_ID, ENTIT
@Override
public DELETION_ID delete(IOperationContext context, List<? extends ENTITY_ID> entityIds, DELETION_OPTIONS deletionOptions)
{
- checkAccess(context);
-
if (context == null)
{
throw new IllegalArgumentException("Context cannot be null");
@@ -100,7 +98,7 @@ public abstract class AbstractDeleteEntityExecutor<DELETION_ID, ENTITY_ID, ENTIT
protected abstract Map<ENTITY_ID, ENTITY_PE> map(IOperationContext context, List<? extends ENTITY_ID> entityIds);
- protected abstract void checkAccess(IOperationContext context);
+ // protected abstract void checkAccess(IOperationContext context);
protected abstract void checkAccess(IOperationContext context, ENTITY_ID entityId, ENTITY_PE entity);
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/experiment/DeleteExperimentExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/experiment/DeleteExperimentExecutor.java
index b863d0764928fd4f9ce0897434efe81a9f13c136..50c63af068121c28efa3785119e2246db0db0eca 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/experiment/DeleteExperimentExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/experiment/DeleteExperimentExecutor.java
@@ -56,12 +56,6 @@ public class DeleteExperimentExecutor extends AbstractDeleteEntityExecutor<IDele
return mapExperimentByIdExecutor.map(context, entityIds);
}
- @Override
- protected void checkAccess(IOperationContext context)
- {
- authorizationExecutor.canDelete(context);
- }
-
@Override
protected void checkAccess(IOperationContext context, IExperimentId entityId, ExperimentPE entity)
{
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/experiment/ExperimentAuthorizationExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/experiment/ExperimentAuthorizationExecutor.java
index 09e38aa2e642ee488eb1bacb720123d9ec70b449..6b5ecd399553d88a8c6dd92cdcb4f92ef73d6744 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/experiment/ExperimentAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/experiment/ExperimentAuthorizationExecutor.java
@@ -22,13 +22,15 @@ import ch.ethz.sis.openbis.generic.asapi.v3.dto.experiment.id.ExperimentIdentifi
import ch.ethz.sis.openbis.generic.asapi.v3.dto.experiment.id.IExperimentId;
import ch.ethz.sis.openbis.generic.asapi.v3.exceptions.UnauthorizedObjectAccessException;
import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.IOperationContext;
+import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.AuthorizationGuard;
import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.Capability;
import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.RolesAllowed;
+import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.ExperimentPEPredicate;
import ch.systemsx.cisd.openbis.generic.server.authorization.validator.ExperimentByIdentiferValidator;
import ch.systemsx.cisd.openbis.generic.shared.DatabaseCreateOrDeleteModification;
import ch.systemsx.cisd.openbis.generic.shared.DatabaseUpdateModification;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseModificationKind.ObjectKind;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.dto.ExperimentPE;
/**
@@ -76,12 +78,8 @@ public class ExperimentAuthorizationExecutor implements IExperimentAuthorization
@DatabaseCreateOrDeleteModification(value = { ObjectKind.EXPERIMENT, ObjectKind.DELETION })
@RolesAllowed({ RoleWithHierarchy.SPACE_POWER_USER, RoleWithHierarchy.SPACE_ETL_SERVER })
@Capability("DELETE_EXPERIMENT")
- public void canDelete(IOperationContext context)
- {
- }
-
- @Override
- public void canDelete(IOperationContext context, IExperimentId id, ExperimentPE experiment)
+ public void canDelete(IOperationContext context, IExperimentId id,
+ @AuthorizationGuard(guardClass = ExperimentPEPredicate.class) ExperimentPE experiment)
{
if (false == new ExperimentByIdentiferValidator().doValidation(context.getSession().tryGetPerson(), experiment))
{
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/experiment/IExperimentAuthorizationExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/experiment/IExperimentAuthorizationExecutor.java
index 1f98851190ecd43b21a09f72ccc87f290cf91fe6..cbe61d85ebcde6e2ce575894cc13f03cfa717de8 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/experiment/IExperimentAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/experiment/IExperimentAuthorizationExecutor.java
@@ -35,8 +35,6 @@ public interface IExperimentAuthorizationExecutor extends IObjectAuthorizationEx
void canUpdate(IOperationContext context, IExperimentId id, ExperimentPE experiment);
- void canDelete(IOperationContext context);
-
void canDelete(IOperationContext context, IExperimentId id, ExperimentPE experiment);
void canGet(IOperationContext context);
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/material/DeleteMaterialExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/material/DeleteMaterialExecutor.java
index 0afe979714441f253fbc1670e76fc93cc1d70b57..fe937c88dada4be0ac275101b9aeec68d8ff49ea 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/material/DeleteMaterialExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/material/DeleteMaterialExecutor.java
@@ -51,12 +51,6 @@ public class DeleteMaterialExecutor extends AbstractDeleteEntityExecutor<Void, I
return mapMaterialByIdExecutor.map(context, entityIds);
}
- @Override
- protected void checkAccess(IOperationContext context)
- {
- authorizationExecutor.canDelete(context);
- }
-
@Override
protected void checkAccess(IOperationContext context, IMaterialId entityId, MaterialPE entity)
{
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/material/IMaterialAuthorizationExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/material/IMaterialAuthorizationExecutor.java
index d280e826f9f3ad7e2cd7def4fdd1574c6ac90a1a..05f58105b657eddc1149bbb09d6091535e27b617 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/material/IMaterialAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/material/IMaterialAuthorizationExecutor.java
@@ -35,8 +35,6 @@ public interface IMaterialAuthorizationExecutor extends IObjectAuthorizationExec
void canUpdate(IOperationContext context, IMaterialId id, MaterialPE material);
- void canDelete(IOperationContext context);
-
void canDelete(IOperationContext context, IMaterialId id, MaterialPE material);
void canGet(IOperationContext context);
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/material/MaterialAuthorizationExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/material/MaterialAuthorizationExecutor.java
index 9ea76d0e504bd37ad2fce181eb309bb90f5ead52..41d8c6321b433e5011a3bc1a3fb0bc7cbf5ae1a7 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/material/MaterialAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/material/MaterialAuthorizationExecutor.java
@@ -24,8 +24,8 @@ import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.Capabili
import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.RolesAllowed;
import ch.systemsx.cisd.openbis.generic.shared.DatabaseCreateOrDeleteModification;
import ch.systemsx.cisd.openbis.generic.shared.DatabaseUpdateModification;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseModificationKind.ObjectKind;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.dto.MaterialPE;
/**
@@ -67,11 +67,6 @@ public class MaterialAuthorizationExecutor implements IMaterialAuthorizationExec
@DatabaseCreateOrDeleteModification(value = { ObjectKind.MATERIAL, ObjectKind.DELETION })
@RolesAllowed({ RoleWithHierarchy.INSTANCE_ADMIN, RoleWithHierarchy.INSTANCE_ETL_SERVER })
@Capability("DELETE_MATERIAL")
- public void canDelete(IOperationContext context)
- {
- }
-
- @Override
public void canDelete(IOperationContext context, IMaterialId id, MaterialPE material)
{
// nothing to do
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/operation/delete/DeleteOperationExecutionExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/operation/delete/DeleteOperationExecutionExecutor.java
index 381c3bc8b6a5753333ddeb5630a3b2b00d4524df..a8979a81d0616c53026513624a09e3186fdf018b 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/operation/delete/DeleteOperationExecutionExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/operation/delete/DeleteOperationExecutionExecutor.java
@@ -72,12 +72,6 @@ public class DeleteOperationExecutionExecutor
return map;
}
- @Override
- protected void checkAccess(IOperationContext context)
- {
- authorizationExecutor.canDelete(context);
- }
-
@Override
protected void checkAccess(IOperationContext context, IOperationExecutionId entityId, OperationExecutionPE entity)
{
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/project/DeleteProjectExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/project/DeleteProjectExecutor.java
index 78d495fa5b22a6cfbd64df5195e34b507d23d9d4..a16885111d6a5d90e3d899238fa30d4874fc684a 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/project/DeleteProjectExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/project/DeleteProjectExecutor.java
@@ -51,12 +51,6 @@ public class DeleteProjectExecutor extends AbstractDeleteEntityExecutor<Void, IP
return mapProjectByIdExecutor.map(context, entityIds);
}
- @Override
- protected void checkAccess(IOperationContext context)
- {
- authorizationExecutor.canDelete(context);
- }
-
@Override
protected void checkAccess(IOperationContext context, IProjectId entityId, ProjectPE entity)
{
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/project/IProjectAuthorizationExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/project/IProjectAuthorizationExecutor.java
index ab730c7187941a32a11a5ee7be91e240497c80f9..bce2850db73895b699b31b0e81eeef2b8ece273d 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/project/IProjectAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/project/IProjectAuthorizationExecutor.java
@@ -35,8 +35,6 @@ public interface IProjectAuthorizationExecutor extends IObjectAuthorizationExecu
void canUpdate(IOperationContext context, IProjectId id, ProjectPE project);
- void canDelete(IOperationContext context);
-
void canDelete(IOperationContext context, IProjectId id, ProjectPE project);
void canGet(IOperationContext context);
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/project/ProjectAuthorizationExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/project/ProjectAuthorizationExecutor.java
index cd3397d31aeecfab189fa6d9f220acbc8dc9a0a4..0c78126c9ea70e710b813a09027664b0223568c1 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/project/ProjectAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/project/ProjectAuthorizationExecutor.java
@@ -22,14 +22,16 @@ import ch.ethz.sis.openbis.generic.asapi.v3.dto.project.id.IProjectId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.project.id.ProjectIdentifier;
import ch.ethz.sis.openbis.generic.asapi.v3.exceptions.UnauthorizedObjectAccessException;
import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.IOperationContext;
+import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.AuthorizationGuard;
import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.Capability;
import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.RolesAllowed;
+import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.ProjectPEPredicate;
import ch.systemsx.cisd.openbis.generic.server.authorization.validator.ProjectByIdentiferValidator;
import ch.systemsx.cisd.openbis.generic.shared.DatabaseCreateOrDeleteModification;
import ch.systemsx.cisd.openbis.generic.shared.DatabaseUpdateModification;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseModificationKind.ObjectKind;
-import ch.systemsx.cisd.openbis.generic.shared.dto.ProjectPE;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
+import ch.systemsx.cisd.openbis.generic.shared.dto.ProjectPE;
/**
* @author pkupczyk
@@ -76,12 +78,7 @@ public class ProjectAuthorizationExecutor implements IProjectAuthorizationExecut
@DatabaseCreateOrDeleteModification(value = { ObjectKind.PROJECT, ObjectKind.DELETION })
@RolesAllowed({ RoleWithHierarchy.SPACE_POWER_USER, RoleWithHierarchy.SPACE_ETL_SERVER })
@Capability("DELETE_PROJECT")
- public void canDelete(IOperationContext context)
- {
- }
-
- @Override
- public void canDelete(IOperationContext context, IProjectId id, ProjectPE project)
+ public void canDelete(IOperationContext context, IProjectId id, @AuthorizationGuard(guardClass = ProjectPEPredicate.class) ProjectPE project)
{
if (false == new ProjectByIdentiferValidator().doValidation(context.getSession().tryGetPerson(), project))
{
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/sample/DeleteSampleExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/sample/DeleteSampleExecutor.java
index 74ac1063c1d7cd311a6e78f97886d55ec2f51ced..88a51631a54b1b6843ed758e1e92003180690140 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/sample/DeleteSampleExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/sample/DeleteSampleExecutor.java
@@ -31,6 +31,8 @@ import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.delete.SampleDeletionOpti
import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.id.ISampleId;
import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.IOperationContext;
import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.entity.AbstractDeleteEntityExecutor;
+import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.AuthorizationGuard;
+import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.SamplePredicate;
import ch.systemsx.cisd.openbis.generic.server.business.bo.ITrashBO;
import ch.systemsx.cisd.openbis.generic.shared.dto.DeletionPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.ExperimentPE;
@@ -60,12 +62,6 @@ public class DeleteSampleExecutor extends AbstractDeleteEntityExecutor<IDeletion
return mapSampleByIdExecutor.map(context, entityIds);
}
- @Override
- protected void checkAccess(IOperationContext context)
- {
- authorizationExecutor.canDelete(context);
- }
-
@Override
protected void checkAccess(IOperationContext context, ISampleId entityId, SamplePE entity)
{
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/sample/ISampleAuthorizationExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/sample/ISampleAuthorizationExecutor.java
index d72093138b4e4526f9c717f04ab811ee93c48231..1dd0db0948b42721c5dc72030bac96e24f70ac37 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/sample/ISampleAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/sample/ISampleAuthorizationExecutor.java
@@ -35,8 +35,6 @@ public interface ISampleAuthorizationExecutor extends IObjectAuthorizationExecut
void canUpdate(IOperationContext context, ISampleId id, SamplePE sample);
- void canDelete(IOperationContext context);
-
void canDelete(IOperationContext context, ISampleId id, SamplePE sample);
void canSearch(IOperationContext context);
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/sample/SampleAuthorizationExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/sample/SampleAuthorizationExecutor.java
index 5851a40014e4cd7471105626ef465b160bfaf1fd..917f4166f6bf074f6d08997fb4d07dfbfc87f40a 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/sample/SampleAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/sample/SampleAuthorizationExecutor.java
@@ -22,14 +22,16 @@ import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.id.ISampleId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.id.SampleIdentifier;
import ch.ethz.sis.openbis.generic.asapi.v3.exceptions.UnauthorizedObjectAccessException;
import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.IOperationContext;
+import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.AuthorizationGuard;
import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.Capability;
import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.RolesAllowed;
+import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.SamplePEPredicate;
import ch.systemsx.cisd.openbis.generic.server.authorization.validator.SampleByIdentiferValidator;
import ch.systemsx.cisd.openbis.generic.shared.DatabaseCreateOrDeleteModification;
import ch.systemsx.cisd.openbis.generic.shared.DatabaseUpdateModification;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseModificationKind.ObjectKind;
-import ch.systemsx.cisd.openbis.generic.shared.dto.SamplePE;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
+import ch.systemsx.cisd.openbis.generic.shared.dto.SamplePE;
/**
* @author pkupczyk
@@ -76,13 +78,10 @@ public class SampleAuthorizationExecutor implements ISampleAuthorizationExecutor
@DatabaseCreateOrDeleteModification(value = { ObjectKind.SAMPLE, ObjectKind.DELETION })
@RolesAllowed({ RoleWithHierarchy.SPACE_POWER_USER, RoleWithHierarchy.SPACE_ETL_SERVER })
@Capability("DELETE_SAMPLE")
- public void canDelete(IOperationContext context)
+ public void canDelete(IOperationContext context, ISampleId id,
+ @AuthorizationGuard(guardClass = SamplePEPredicate.class) SamplePE sample)
{
- }
- @Override
- public void canDelete(IOperationContext context, ISampleId id, SamplePE sample)
- {
if (false == new SampleByIdentiferValidator().doValidation(context.getSession().tryGetPerson(), sample))
{
throw new UnauthorizedObjectAccessException(id);
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/space/DeleteSpaceExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/space/DeleteSpaceExecutor.java
index 587c14fd3da5f9cc3c4351d972a11d878bf57f90..7a3b9232a5068f9e203c659a179ab1b6db6755d2 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/space/DeleteSpaceExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/space/DeleteSpaceExecutor.java
@@ -50,12 +50,6 @@ public class DeleteSpaceExecutor extends AbstractDeleteEntityExecutor<Void, ISpa
return mapSpaceByIdExecutor.map(context, entityIds);
}
- @Override
- protected void checkAccess(IOperationContext context)
- {
- authorizationExecutor.canDelete(context);
- }
-
@Override
protected void checkAccess(IOperationContext context, ISpaceId entityId, SpacePE entity)
{
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/space/ISpaceAuthorizationExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/space/ISpaceAuthorizationExecutor.java
index 99854e526351627dee7baccb3c2855857a52fb17..ce10c8846b27003f9c59c0ad09e47082dc832510 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/space/ISpaceAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/space/ISpaceAuthorizationExecutor.java
@@ -35,8 +35,6 @@ public interface ISpaceAuthorizationExecutor extends IObjectAuthorizationExecuto
void canUpdate(IOperationContext context, ISpaceId id, SpacePE space);
- void canDelete(IOperationContext context);
-
void canDelete(IOperationContext context, ISpaceId id, SpacePE space);
void canGet(IOperationContext context);
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/space/SpaceAuthorizationExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/space/SpaceAuthorizationExecutor.java
index 8f3d232132f0ce2a17833c81dcd0d1a78265f88f..2fd28ffd81cce7e6219ab0ec23621ddb68168e98 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/space/SpaceAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/space/SpaceAuthorizationExecutor.java
@@ -72,11 +72,6 @@ public class SpaceAuthorizationExecutor implements ISpaceAuthorizationExecutor
@DatabaseCreateOrDeleteModification(value = { ObjectKind.SPACE, ObjectKind.DELETION })
@RolesAllowed({ RoleWithHierarchy.SPACE_ADMIN, RoleWithHierarchy.SPACE_ETL_SERVER })
@Capability("DELETE_SPACE")
- public void canDelete(IOperationContext context)
- {
- }
-
- @Override
public void canDelete(IOperationContext context, ISpaceId id, SpacePE space)
{
if (false == new SimpleSpaceValidator().doValidation(context.getSession().tryGetPerson(), space))
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/tag/DeleteTagExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/tag/DeleteTagExecutor.java
index dd734f6f23ae143304672cc89d6d5c172341cfe2..7bcb848c733c49620c61fe16b68d5635369dcafc 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/tag/DeleteTagExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/tag/DeleteTagExecutor.java
@@ -64,12 +64,6 @@ public class DeleteTagExecutor extends AbstractDeleteEntityExecutor<Void, ITagId
return mapTagByIdExecutor.map(context, entityIds);
}
- @Override
- protected void checkAccess(IOperationContext context)
- {
- authorizationExecutor.canDelete(context);
- }
-
@Override
protected void checkAccess(IOperationContext context, ITagId entityId, MetaprojectPE entity)
{
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/tag/ITagAuthorizationExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/tag/ITagAuthorizationExecutor.java
index b86e3a5c0df1ac5be562e014be57bdab59d64a43..984d1f0a94d1f944e53cbd22a96ca9c0e081da15 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/tag/ITagAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/tag/ITagAuthorizationExecutor.java
@@ -35,8 +35,6 @@ public interface ITagAuthorizationExecutor extends IObjectAuthorizationExecutor
void canUpdate(IOperationContext context, ITagId id, MetaprojectPE tag);
- void canDelete(IOperationContext context);
-
void canDelete(IOperationContext context, ITagId id, MetaprojectPE tag);
void canGet(IOperationContext context);
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/tag/TagAuthorizationExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/tag/TagAuthorizationExecutor.java
index d3be29ffcd601bacee0800d5492f1c893a0b576c..66d917bbc0a9344cb6e659e1b30e95e52fd9df79 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/tag/TagAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/tag/TagAuthorizationExecutor.java
@@ -72,11 +72,6 @@ public class TagAuthorizationExecutor implements ITagAuthorizationExecutor
@DatabaseCreateOrDeleteModification(value = { ObjectKind.METAPROJECT, ObjectKind.DELETION })
@RolesAllowed({ RoleWithHierarchy.SPACE_USER, RoleWithHierarchy.SPACE_ETL_SERVER })
@Capability("DELETE_TAG")
- public void canDelete(IOperationContext context)
- {
- }
-
- @Override
public void canDelete(IOperationContext context, ITagId id, MetaprojectPE tag)
{
new TagAuthorization(context).checkAccess(tag);
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/vocabulary/DeleteVocabularyTermExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/vocabulary/DeleteVocabularyTermExecutor.java
index 258d937fb5e450be9b5d1286b2aa3d5e56b21f20..0dbd9f76899633f0cdf17059120bc5c7a74adb2d 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/vocabulary/DeleteVocabularyTermExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/vocabulary/DeleteVocabularyTermExecutor.java
@@ -60,12 +60,6 @@ public class DeleteVocabularyTermExecutor
return mapTermByIdExecutor.map(context, entityIds);
}
- @Override
- protected void checkAccess(IOperationContext context)
- {
- authorizationExecutor.canDelete(context);
- }
-
@Override
protected void checkAccess(IOperationContext context, IVocabularyTermId entityId, VocabularyTermPE entity)
{
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/vocabulary/IVocabularyTermAuthorizationExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/vocabulary/IVocabularyTermAuthorizationExecutor.java
index f05d60ebecf2f578ca4630d8002a22cde87b626e..8cb3e70830f84f90a3a23b829c5e5aec8699679c 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/vocabulary/IVocabularyTermAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/vocabulary/IVocabularyTermAuthorizationExecutor.java
@@ -41,8 +41,6 @@ public interface IVocabularyTermAuthorizationExecutor extends IObjectAuthorizati
boolean canUpdateInternallyManaged(IOperationContext context);
- void canDelete(IOperationContext context);
-
void canDelete(IOperationContext context, IVocabularyTermId id, VocabularyTermPE term);
void canGet(IOperationContext context);
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/vocabulary/VocabularyTermAuthorizationExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/vocabulary/VocabularyTermAuthorizationExecutor.java
index 0c82574008f196b56f990d3d04734c947705717c..19e4d616037db8f309052feab350ffc78314585b 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/vocabulary/VocabularyTermAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/vocabulary/VocabularyTermAuthorizationExecutor.java
@@ -27,10 +27,10 @@ import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.RolesAll
import ch.systemsx.cisd.openbis.generic.shared.DatabaseCreateOrDeleteModification;
import ch.systemsx.cisd.openbis.generic.shared.DatabaseUpdateModification;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseModificationKind.ObjectKind;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.VocabularyTermPE;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
/**
* @author pkupczyk
@@ -99,15 +99,11 @@ public class VocabularyTermAuthorizationExecutor implements IVocabularyTermAutho
return false;
}
+
@Override
@DatabaseCreateOrDeleteModification(value = { ObjectKind.VOCABULARY_TERM, ObjectKind.DELETION })
@RolesAllowed({ RoleWithHierarchy.SPACE_POWER_USER, RoleWithHierarchy.SPACE_ETL_SERVER })
@Capability("DELETE_VOCABULARY_TERM")
- public void canDelete(IOperationContext context)
- {
- }
-
- @Override
public void canDelete(IOperationContext context, IVocabularyTermId id, VocabularyTermPE term)
{
// nothing to do
diff --git a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteDataSetTest.java b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteDataSetTest.java
index a2ef92d49a25fe4315642e464fc987c2f977223f..146c6a70675060b430d2c228135b6871bdaa7412 100644
--- a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteDataSetTest.java
+++ b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteDataSetTest.java
@@ -19,13 +19,14 @@ package ch.ethz.sis.openbis.systemtest.asapi.v3;
import java.util.ArrayList;
import java.util.Collections;
+import junit.framework.Assert;
+
import org.testng.annotations.Test;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.dataset.delete.DataSetDeletionOptions;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.dataset.id.DataSetPermId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.deletion.id.IDeletionId;
-
-import junit.framework.Assert;
+import ch.systemsx.cisd.common.action.IDelegatedAction;
/**
* @author pkupczyk
@@ -117,6 +118,26 @@ public class DeleteDataSetTest extends AbstractDeletionTest
assertDataSetDoesNotExist(component1);
assertDataSetExists(component2);
}
+
+ @Test
+ public void testDeleteDSWithPowerUserInAnotherSpace()
+ {
+ final DataSetPermId permId = new DataSetPermId("20120619092259000-22");
+
+ assertAuthorizationFailureException(new IDelegatedAction()
+ {
+ @Override
+ public void execute()
+ {
+ String sessionToken = v3api.login(TEST_POWER_USER_CISD, PASSWORD);
+
+ DataSetDeletionOptions options = new DataSetDeletionOptions();
+ options.setReason("It is just a test");
+
+ v3api.deleteDataSets(sessionToken, Collections.singletonList(permId), options);
+ }
+ });
+ }
// waiting for better times
// @Test
// public void testDeleteContainerInDifferentExperiment()
diff --git a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteExperimentTest.java b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteExperimentTest.java
index 57b62b3d16145ef2ec8b87db611c5f7540b8f941..c69c2b6dd829d6209398ad2b5231e1f79abbc90d 100644
--- a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteExperimentTest.java
+++ b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteExperimentTest.java
@@ -23,6 +23,8 @@ import java.util.Arrays;
import java.util.Collections;
import java.util.List;
+import junit.framework.Assert;
+
import org.springframework.test.context.transaction.TestTransaction;
import org.testng.annotations.Test;
@@ -36,8 +38,6 @@ import ch.ethz.sis.openbis.systemtest.asapi.v3.index.RemoveFromIndexState;
import ch.systemsx.cisd.common.action.IDelegatedAction;
import ch.systemsx.cisd.openbis.generic.shared.dto.ExperimentPE;
-import junit.framework.Assert;
-
/**
* @author pkupczyk
*/
@@ -150,7 +150,7 @@ public class DeleteExperimentTest extends AbstractDeletionTest
{
final ExperimentPermId permId = createCisdExperiment();
- assertUnauthorizedObjectAccessException(new IDelegatedAction()
+ assertAuthorizationFailureException(new IDelegatedAction()
{
@Override
public void execute()
@@ -162,7 +162,27 @@ public class DeleteExperimentTest extends AbstractDeletionTest
v3api.deleteExperiments(sessionToken, Collections.singletonList(permId), options);
}
- }, permId);
+ });
+ }
+
+ @Test
+ public void testDeleteExperimentWithPowerUserInAnotherSpace()
+ {
+ final ExperimentPermId permId = new ExperimentPermId("200902091255058-1037");
+
+ assertAuthorizationFailureException(new IDelegatedAction()
+ {
+ @Override
+ public void execute()
+ {
+ String sessionToken = v3api.login(TEST_POWER_USER_CISD, PASSWORD);
+
+ ExperimentDeletionOptions options = new ExperimentDeletionOptions();
+ options.setReason("It is just a test");
+
+ v3api.deleteExperiments(sessionToken, Collections.singletonList(permId), options);
+ }
+ });
}
}
diff --git a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteProjectTest.java b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteProjectTest.java
index 715f4d779ffde4a2f1613324c5cf8cc3571cf3cb..24e657c8ab03bba1e2e17a552adf7642dbfd5a1b 100644
--- a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteProjectTest.java
+++ b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteProjectTest.java
@@ -88,7 +88,7 @@ public class DeleteProjectTest extends AbstractDeletionTest
{
final ProjectPermId permId = createCisdProject();
- assertUnauthorizedObjectAccessException(new IDelegatedAction()
+ assertAuthorizationFailureException(new IDelegatedAction()
{
@Override
public void execute()
@@ -100,7 +100,26 @@ public class DeleteProjectTest extends AbstractDeletionTest
v3api.deleteProjects(sessionToken, Collections.singletonList(permId), options);
}
- }, permId);
+ });
}
+ @Test
+ public void testDeleteProjectWithPowerUserInAnotherSpace()
+ {
+ final ProjectPermId permId = new ProjectPermId("20120814110011738-105");
+
+ assertAuthorizationFailureException(new IDelegatedAction()
+ {
+ @Override
+ public void execute()
+ {
+ String sessionToken = v3api.login(TEST_POWER_USER_CISD, PASSWORD);
+
+ ProjectDeletionOptions options = new ProjectDeletionOptions();
+ options.setReason("It is just a test");
+
+ v3api.deleteProjects(sessionToken, Collections.singletonList(permId), options);
+ }
+ });
+ }
}
diff --git a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteSampleTest.java b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteSampleTest.java
index f8fb6e04587aec61e1632701aa8bd07dd51fe861..80e7c4277230aa4f5d4fc6fd795c4e97c8624600 100644
--- a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteSampleTest.java
+++ b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteSampleTest.java
@@ -23,6 +23,8 @@ import java.util.Arrays;
import java.util.Collections;
import java.util.List;
+import junit.framework.Assert;
+
import org.springframework.test.context.transaction.TestTransaction;
import org.testng.annotations.Test;
@@ -37,8 +39,6 @@ import ch.ethz.sis.openbis.systemtest.asapi.v3.index.RemoveFromIndexState;
import ch.systemsx.cisd.common.action.IDelegatedAction;
import ch.systemsx.cisd.openbis.generic.shared.dto.SamplePE;
-import junit.framework.Assert;
-
/**
* @author pkupczyk
*/
@@ -57,6 +57,26 @@ public class DeleteSampleTest extends AbstractDeletionTest
Assert.assertNull(deletionId);
}
+ @Test
+ public void testDeleteSampleWithPowerUserInAnotherSpace()
+ {
+ final SamplePermId permId = new SamplePermId("200902091250077-1060");
+
+ assertAuthorizationFailureException(new IDelegatedAction()
+ {
+ @Override
+ public void execute()
+ {
+ String sessionToken = v3api.login(TEST_POWER_USER_CISD, PASSWORD);
+
+ SampleDeletionOptions options = new SampleDeletionOptions();
+ options.setReason("It is just a test");
+
+ v3api.deleteSamples(sessionToken, Collections.singletonList(permId), options);
+ }
+ });
+ }
+
@Test
public void testDeleteWithIndexCheck() throws Exception
{
@@ -164,7 +184,7 @@ public class DeleteSampleTest extends AbstractDeletionTest
{
final SamplePermId permId = createCisdSample(null);
- assertUnauthorizedObjectAccessException(new IDelegatedAction()
+ assertAuthorizationFailureException(new IDelegatedAction()
{
@Override
public void execute()
@@ -176,7 +196,7 @@ public class DeleteSampleTest extends AbstractDeletionTest
v3api.deleteSamples(sessionToken, Collections.singletonList(permId), options);
}
- }, permId);
+ });
}
}
diff --git a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/UpdateDataSetTest.java b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/UpdateDataSetTest.java
index 11bb12ad8cc0d8bf65b26f5cbd658e0fa2f127dd..fba74040933fd27cf9459af2875ac0eabacd2700 100644
--- a/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/UpdateDataSetTest.java
+++ b/openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/UpdateDataSetTest.java
@@ -148,7 +148,7 @@ public class UpdateDataSetTest extends AbstractSampleTest
assertEquals(result.getExperiment().getCode(), "EXP-SPACE-TEST");
}
- @Test(expectedExceptions = { UserFailureException.class }, expectedExceptionsMessageRegExp = "(?s).*Access denied.*")
+ @Test(expectedExceptions = { UserFailureException.class }, expectedExceptionsMessageRegExp = "(?s).*Authorization failure.*")
public void testUpdateWithSampleNotAllowed()
{
String sessionToken = v3api.login(TEST_POWER_USER_CISD, PASSWORD);
diff --git a/openbis/sourceTest/sql/postgresql/156/051=role_assignments.tsv b/openbis/sourceTest/sql/postgresql/156/051=role_assignments.tsv
index 875f6e01affebb6d32005b161e11aef95acde9ec..3855f5d2b3e12c26047f5e33600cde220d485633 100644
--- a/openbis/sourceTest/sql/postgresql/156/051=role_assignments.tsv
+++ b/openbis/sourceTest/sql/postgresql/156/051=role_assignments.tsv
@@ -7,3 +7,4 @@
7 ETL_SERVER \N 4 2 2008-11-05 09:18:11.471+01 \N
8 POWER_USER 1 6 2 2008-11-05 09:18:11.471+01 \N
9 ADMIN 3 7 2 2008-11-05 09:18:11.471+01 \N
+10 OBSERVER 3 6 2 2008-11-05 09:18:11.471+01 \N