From 9e1ffab8430c849b999bdde7dbc20be3a08b5ffe Mon Sep 17 00:00:00 2001
From: izabel <izabel>
Date: Thu, 8 Jul 2010 08:08:46 +0000
Subject: [PATCH] [LMS-1615] Simplify authorization roles management
SVN: 16931
---
.../web/client/ICommonClientService.java | 10 +-
.../web/client/ICommonClientServiceAsync.java | 18 +-
.../web/client/application/SearchWidget.java | 2 +-
.../menu/TabActionMenuItemFactory.java | 2 +-
.../application/menu/dataset/DataSetMenu.java | 2 +-
.../application/renderer/PersonRenderer.java | 2 +-
.../PersonListDeletionConfirmationDialog.java | 2 +-
.../application/ui/RoleAssignmentGrid.java | 2 +-
.../AddPersonToAuthorizationGroupDialog.java | 2 +-
.../application/ui/amc/RoleListBox.java | 37 +--
.../specific/RoleAssignmentColDefKind.java | 2 +-
.../ui/data/AbstractExternalDataGrid.java | 2 +-
.../ui/data/DataSetComputeMenu.java | 2 +-
.../ui/data/DataSetParentsArea.java | 2 +-
.../ui/data/FileFormatTypeGrid.java | 2 +-
.../data/FileFormatTypeSelectionWidget.java | 2 +-
.../entity_type/AbstractEntityTypeGrid.java | 2 +-
.../ui/field/ExperimentChooserField.java | 2 +-
.../ui/field/MultilineVarcharField.java | 2 +-
.../ui/field/PropertyFieldFactory.java | 2 +-
.../ui/file/AttachmentFileUploadField.java | 2 +-
.../PropertyTypeSelectionWidget.java | 2 +-
.../property_type/SectionSelectionWidget.java | 2 +-
.../ui/report/ReportGeneratedCallback.java | 2 +-
.../search/DetailedSearchCriterionWidget.java | 2 +-
.../ui/search/DetailedSearchToolbar.java | 2 +-
.../ui/user/ChangeUserSettingsDialog.java | 2 +-
.../VocabularyRegistrationFieldSet.java | 2 +-
.../vocabulary/VocabularyTermValidator.java | 2 +-
.../web/server/CommonClientService.java | 10 +-
.../server/translator/RoleCodeTranslator.java | 24 +-
.../generic/server/AbstractServer.java | 2 +-
.../openbis/generic/server/CommonServer.java | 2 +-
.../generic/server/CommonServerLogger.java | 2 +-
.../openbis/generic/server/ETLService.java | 2 +-
.../generic/server/TrackingServer.java | 2 +-
.../generic/server/TrackingServerLogger.java | 2 +-
.../api/v1/GeneralInformationService.java | 39 +--
.../generic/server/api/v1/Translator.java | 14 +-
.../DefaultAccessController.java | 39 ++-
.../server/dataaccess/IRoleAssignmentDAO.java | 2 +-
.../dataaccess/db/HibernateSearchDAO.java | 2 +-
.../dataaccess/db/RoleAssignmentDAO.java | 2 +-
.../openbis/generic/shared/ICommonServer.java | 222 +++++++++---------
.../generic/shared/IETLLIMSService.java | 70 +++---
.../cisd/openbis/generic/shared/IServer.java | 4 +-
.../generic/shared/ITrackingServer.java | 11 +-
.../api/v1/IGeneralInformationService.java | 15 +-
.../generic/shared/authorization/Role.java | 99 --------
.../authorization/RoleWithIdentifier.java | 28 ++-
.../authorization/annotation/RoleSet.java | 90 -------
.../annotation/RolesAllowed.java | 5 +-
.../predicate/AbstractGroupPredicate.java | 2 +-
.../predicate/AbstractTechIdPredicate.java | 2 +-
.../DatabaseInstanceIdentifierPredicate.java | 2 +-
.../validator/ExpressionValidator.java | 2 +-
.../validator/MatchingEntityValidator.java | 2 +-
.../validator/ProjectValidator.java | 2 +-
.../validator/SampleValidator.java | 2 +-
.../shared/basic/dto/RoleAssignment.java | 11 +-
.../generic/shared/basic/dto/RoleSetCode.java | 41 ----
.../shared/basic/dto/RoleWithHierarchy.java | 173 ++++++++++++++
.../generic/shared/dto/NewRoleAssignment.java | 1 +
.../generic/shared/dto/RoleAssignmentPE.java | 1 +
.../openbis/generic/shared/dto/RoleCode.java | 29 ---
.../dto/identifier/IdentifierHelper.java | 2 +-
.../translator/RoleAssignmentTranslator.java | 52 +---
.../module/TopMenuItemDemoModuleMenu.java | 2 +-
.../plugin/demo/shared/IDemoServer.java | 8 +-
.../sample/GenericSampleBatchUpdateForm.java | 2 +-
.../sample/GenericSampleEditForm.java | 4 +-
.../sample/GenericSampleRegistrationForm.java | 4 +-
.../sample/SampleDataSetsSection.java | 2 +-
.../plugin/generic/shared/IGenericServer.java | 44 ++--
.../web/client/IQueryClientService.java | 2 +-
.../web/client/IQueryClientServiceAsync.java | 2 +-
.../plugin/query/server/QueryServer.java | 6 +-
.../query/shared/DatabaseDefinition.java | 8 +-
.../plugin/query/shared/IQueryServer.java | 18 +-
.../authorization/AuthorizationChecker.java | 11 +-
.../authorization/IAuthorizationChecker.java | 4 +-
.../authorization/QueryAccessController.java | 12 +-
.../result_filter/QueryResultFilter.java | 4 +-
.../openbis/generic/OpenbisClientTest.java | 2 +-
.../AuthorizationManagementConsolTest.java | 10 +-
.../application/locator/ViewLocatorTest.java | 1 -
.../application/ui/amc/FillAddPersonForm.java | 2 +-
.../ui/amc/FillRoleAssignmentForm.java | 4 +-
.../FillVocabularyRegistrationForm.java | 2 +-
.../calculator/StandardFunctionsTest.java | 10 +-
.../generic/server/CommonServerTest.java | 6 +-
.../api/v1/GeneralInformationServiceTest.java | 62 ++---
.../authorization/AuthorizationTestUtil.java | 2 +-
.../DefaultAccessControllerTest.java | 47 +++-
.../authorization/PredicateExecutorTest.java | 2 +-
.../business/bo/RoleAssignmentTableTest.java | 2 +-
.../DatasetListingQueryTest.java | 1 -
.../dataaccess/db/RoleAssignmentDAOTest.java | 2 +-
.../shared/ICommonServer.java.expected | 222 +++++++++---------
.../shared/IETLLIMSService.java.expected | 70 +++---
.../authorization/AuthorizationTestCase.java | 8 +-
.../authorization/RoleWithIdentifierTest.java | 35 +--
.../ListSampleCriteriaPredicateTest.java | 2 +-
.../MatchingEntityValidatorTest.java | 2 +-
.../shared/basic/ExpressionUtilTest.java | 1 -
.../basic/dto/RoleWithHierarchyTest.java | 103 ++++++++
.../demo/shared/IDemoServer.java.expected | 8 +-
.../sample/FillSampleRegistrationForm.java | 2 +-
.../shared/IGenericServer.java.expected | 44 ++--
.../query/shared/IQueryServer.java.expected | 18 +-
.../QueryAccessControllerTest.java | 28 ++-
.../result_filter/QueryResultFilterTest.java | 6 +-
.../systemtest/SetSessionUserTest.java | 49 ++--
.../shared/IPhosphoNetXServer.java | 18 +-
.../shared/IRawDataServiceInternal.java | 6 +-
.../shared/api/v1/IRawDataService.java | 14 +-
.../screening/shared/IScreeningServer.java | 20 +-
.../shared/api/v1/IScreeningApiServer.java | 10 +-
118 files changed, 1070 insertions(+), 1013 deletions(-)
delete mode 100644 openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/Role.java
delete mode 100644 openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/annotation/RoleSet.java
delete mode 100644 openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleSetCode.java
create mode 100644 openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleWithHierarchy.java
delete mode 100644 openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/RoleCode.java
create mode 100644 openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleWithHierarchyTest.java
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/ICommonClientService.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/ICommonClientService.java
index 2165814d92c..1622c7b622f 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/ICommonClientService.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/ICommonClientService.java
@@ -79,8 +79,8 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Person;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Project;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ProjectUpdates;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.PropertyType;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleAssignment;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleSetCode;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleType;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
@@ -168,25 +168,25 @@ public interface ICommonClientService extends IClientService
/**
* Registers a new role from given role set code, group code and grantee.
*/
- public void registerGroupRole(RoleSetCode roleSetCode, String group, Grantee grantee)
+ public void registerGroupRole(RoleWithHierarchy roleSetCode, String group, Grantee grantee)
throws UserFailureException;
/**
* Deletes the role described by given role set code, group code and grantee.
*/
- public void deleteGroupRole(RoleSetCode roleSetCode, String group, Grantee grantee)
+ public void deleteGroupRole(RoleWithHierarchy roleSetCode, String group, Grantee grantee)
throws UserFailureException;
/**
* Registers a new role from given role set code and grantee.
*/
- public void registerInstanceRole(RoleSetCode roleSetCode, Grantee grantee)
+ public void registerInstanceRole(RoleWithHierarchy roleSetCode, Grantee grantee)
throws UserFailureException;
/**
* Deletes the role described by given role set code and grantee.
*/
- public void deleteInstanceRole(RoleSetCode roleSetCode, Grantee grantee)
+ public void deleteInstanceRole(RoleWithHierarchy roleSetCode, Grantee grantee)
throws UserFailureException;
/**
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/ICommonClientServiceAsync.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/ICommonClientServiceAsync.java
index c579da48d55..029060cea7a 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/ICommonClientServiceAsync.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/ICommonClientServiceAsync.java
@@ -81,8 +81,8 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Person;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Project;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ProjectUpdates;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.PropertyType;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleAssignment;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleSetCode;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleType;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
@@ -136,20 +136,20 @@ public interface ICommonClientServiceAsync extends IClientServiceAsync
public void prepareExportRoleAssignments(TableExportCriteria<RoleAssignment> exportCriteria,
AsyncCallback<String> callback);
- /** @see ICommonClientService#registerGroupRole(RoleSetCode, String, Grantee) */
- public void registerGroupRole(RoleSetCode roleSetCode, String group, Grantee grantee,
+ /** @see ICommonClientService#registerGroupRole(RoleWithHierarchy, String, Grantee) */
+ public void registerGroupRole(RoleWithHierarchy roleSetCode, String group, Grantee grantee,
AsyncCallback<Void> asyncCallback);
- /** @see ICommonClientService#deleteGroupRole(RoleSetCode, String, Grantee) */
- public void deleteGroupRole(RoleSetCode roleSetCode, String group, Grantee grantee,
+ /** @see ICommonClientService#deleteGroupRole(RoleWithHierarchy, String, Grantee) */
+ public void deleteGroupRole(RoleWithHierarchy roleSetCode, String group, Grantee grantee,
AsyncCallback<Void> asyncCallback);
- /** @see ICommonClientService#registerInstanceRole(RoleSetCode, Grantee) */
- public void registerInstanceRole(RoleSetCode roleSetCode, Grantee grantee,
+ /** @see ICommonClientService#registerInstanceRole(RoleWithHierarchy, Grantee) */
+ public void registerInstanceRole(RoleWithHierarchy roleSetCode, Grantee grantee,
AsyncCallback<Void> asyncCallback);
- /** @see ICommonClientService#deleteInstanceRole(RoleSetCode, Grantee) */
- public void deleteInstanceRole(RoleSetCode roleSetCode, Grantee grantee,
+ /** @see ICommonClientService#deleteInstanceRole(RoleWithHierarchy, Grantee) */
+ public void deleteInstanceRole(RoleWithHierarchy roleSetCode, Grantee grantee,
AsyncCallback<Void> asyncCallback);
/** @see ICommonClientService#listSampleTypes() */
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/SearchWidget.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/SearchWidget.java
index 11281e3e8de..19154300c7b 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/SearchWidget.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/SearchWidget.java
@@ -21,6 +21,7 @@ import com.extjs.gxt.ui.client.widget.MessageBox;
import com.extjs.gxt.ui.client.widget.form.TextField;
import com.extjs.gxt.ui.client.widget.layout.TableRowLayout;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.ICommonClientServiceAsync;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.framework.AbstractTabItemFactory;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.framework.DefaultTabItem;
@@ -33,7 +34,6 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.application.model.Mode
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.EnterKeyListener;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.ButtonWithLoadingMask;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.IDataRefreshCallback;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.SearchableEntity;
/**
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/menu/TabActionMenuItemFactory.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/menu/TabActionMenuItemFactory.java
index f22ae723502..69607940a1a 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/menu/TabActionMenuItemFactory.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/menu/TabActionMenuItemFactory.java
@@ -18,9 +18,9 @@ package ch.systemsx.cisd.openbis.generic.client.web.client.application.menu;
import ch.systemsx.cisd.openbis.generic.client.web.client.IClientServiceAsync;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.IViewContext;
+import ch.systemsx.cisd.openbis.generic.client.web.client.application.framework.AbstractTabItemFactory;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.framework.DefaultTabItem;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.framework.ITabItem;
-import ch.systemsx.cisd.openbis.generic.client.web.client.application.framework.AbstractTabItemFactory;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.help.HelpPageIdentifier;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.IMessageProvider;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/menu/dataset/DataSetMenu.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/menu/dataset/DataSetMenu.java
index 2f765243f1b..8e9923f7a33 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/menu/dataset/DataSetMenu.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/menu/dataset/DataSetMenu.java
@@ -18,6 +18,7 @@ package ch.systemsx.cisd.openbis.generic.client.web.client.application.menu.data
import com.extjs.gxt.ui.client.widget.menu.Menu;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.CommonViewContext;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.Dict;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.framework.ComponentProvider;
@@ -25,7 +26,6 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.application.menu.Actio
import ch.systemsx.cisd.openbis.generic.client.web.client.application.menu.TopMenu;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.menu.TopMenuItem;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.IMessageProvider;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
/**
* Data Set top menu.
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/renderer/PersonRenderer.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/renderer/PersonRenderer.java
index 5b23575b225..0d0925acb99 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/renderer/PersonRenderer.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/renderer/PersonRenderer.java
@@ -19,9 +19,9 @@ package ch.systemsx.cisd.openbis.generic.client.web.client.application.renderer;
import com.google.gwt.user.client.DOM;
import com.google.gwt.user.client.Element;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.columns.framework.renderers.SimplePersonRenderer;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.DOMUtils;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.lang.StringEscapeUtils;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Person;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/PersonListDeletionConfirmationDialog.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/PersonListDeletionConfirmationDialog.java
index 6110d4ec8fb..b3c0b3a6983 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/PersonListDeletionConfirmationDialog.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/PersonListDeletionConfirmationDialog.java
@@ -19,12 +19,12 @@ package ch.systemsx.cisd.openbis.generic.client.web.client.application.ui;
import java.util.ArrayList;
import java.util.List;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.ICommonClientServiceAsync;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.AbstractAsyncCallback;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.Dict;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.IViewContext;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.AbstractDataConfirmationDialog;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.AuthorizationGroup;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Person;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/RoleAssignmentGrid.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/RoleAssignmentGrid.java
index 7ff86fd0d10..7438debd960 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/RoleAssignmentGrid.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/RoleAssignmentGrid.java
@@ -22,6 +22,7 @@ import com.extjs.gxt.ui.client.event.ButtonEvent;
import com.extjs.gxt.ui.client.event.SelectionListener;
import com.extjs.gxt.ui.client.widget.button.Button;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.ICommonClientServiceAsync;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.AbstractAsyncCallback;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.Dict;
@@ -35,7 +36,6 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.columns
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.grid.AbstractSimpleBrowserGrid;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.grid.IDisposableComponent;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.ConfirmationDialog;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.DefaultResultSetConfig;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.ResultSet;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.TableExportCriteria;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/amc/AddPersonToAuthorizationGroupDialog.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/amc/AddPersonToAuthorizationGroupDialog.java
index 180efbeced1..bdf4c458dac 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/amc/AddPersonToAuthorizationGroupDialog.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/amc/AddPersonToAuthorizationGroupDialog.java
@@ -30,6 +30,7 @@ import com.extjs.gxt.ui.client.widget.form.RadioGroup;
import com.extjs.gxt.ui.client.widget.form.TextArea;
import com.google.gwt.user.client.rpc.AsyncCallback;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.ICommonClientServiceAsync;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.Dict;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.GenericConstants;
@@ -39,7 +40,6 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.FieldUtil;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.GWTUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.IDelegatedAction;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.AuthorizationGroup;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/amc/RoleListBox.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/amc/RoleListBox.java
index d99cbcee1d0..d0c0ddfb5cb 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/amc/RoleListBox.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/amc/RoleListBox.java
@@ -22,7 +22,7 @@ import com.google.gwt.user.client.ui.ListBox;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.GroupSelectionWidget;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.FieldUtil;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleSetCode;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
/**
* {@link ListBox} with RoleSets.
@@ -31,39 +31,40 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleSetCode;
*/
public class RoleListBox extends ListBox
{
- public RoleListBox(final GroupSelectionWidget group)
+ public RoleListBox(final GroupSelectionWidget groupWidget)
{
- RoleSetCode[] values = RoleSetCode.values();
- for (RoleSetCode visibleRoleCode : values)
+ RoleWithHierarchy[] values = RoleWithHierarchy.values();
+ for (RoleWithHierarchy visibleRoleCode : values)
{
addItem(visibleRoleCode.toString());
}
setVisibleItemCount(1);
+ updateWidgetsVisibility(groupWidget);
addChangeHandler(new ChangeHandler()
{
- //
- // ChangeListener
- //
public final void onChange(final ChangeEvent sender)
{
- int index = getSelectedIndex();
- RoleSetCode[] roleSetCodes = RoleSetCode.values();
- if (index < 0 || index >= roleSetCodes.length)
- return;
-
- boolean groupLevel = roleSetCodes[index].isSpaceLevel();
- FieldUtil.setMandatoryFlag(group, groupLevel);
- group.setVisible(groupLevel);
+ updateWidgetsVisibility(groupWidget);
}
-
});
}
- public final RoleSetCode getValue()
+ public final RoleWithHierarchy getValue()
+ {
+ return RoleWithHierarchy.values()[getSelectedIndex()];
+ }
+
+ private void updateWidgetsVisibility(final GroupSelectionWidget group)
{
- return RoleSetCode.values()[getSelectedIndex()];
+ int index = getSelectedIndex();
+ RoleWithHierarchy[] roles = RoleWithHierarchy.values();
+ if (index < 0 || index >= roles.length)
+ return;
+ boolean groupLevel = roles[index].isSpaceLevel();
+ FieldUtil.setMandatoryFlag(group, groupLevel);
+ group.setVisible(groupLevel);
}
}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/columns/specific/RoleAssignmentColDefKind.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/columns/specific/RoleAssignmentColDefKind.java
index 3f8f9379101..45e59609f20 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/columns/specific/RoleAssignmentColDefKind.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/columns/specific/RoleAssignmentColDefKind.java
@@ -21,9 +21,9 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.columns
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.columns.framework.IColumnDefinitionKind;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.AuthorizationGroup;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseInstance;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Person;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleAssignment;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
/**
* @author Piotr Buczek
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/AbstractExternalDataGrid.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/AbstractExternalDataGrid.java
index a9e36322f3b..dcaec5550ef 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/AbstractExternalDataGrid.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/AbstractExternalDataGrid.java
@@ -25,6 +25,7 @@ import com.extjs.gxt.ui.client.widget.Dialog;
import com.extjs.gxt.ui.client.widget.button.Button;
import com.extjs.gxt.ui.client.widget.grid.GridCellRenderer;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.ICommonClientServiceAsync;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.AbstractAsyncCallback;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.Dict;
@@ -44,7 +45,6 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.grid.en
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.grid.entity.PropertyTypesFilterUtil;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.listener.OpenEntityDetailsTabAction;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.IDelegatedActionWithResult;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.TextToolItem;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.DefaultResultSetConfig;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.DisplayedOrSelectedDatasetCriteria;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/DataSetComputeMenu.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/DataSetComputeMenu.java
index c359ee877d2..4f80407c0e4 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/DataSetComputeMenu.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/DataSetComputeMenu.java
@@ -34,6 +34,7 @@ import com.extjs.gxt.ui.client.widget.button.Button;
import com.extjs.gxt.ui.client.widget.form.RadioGroup;
import com.extjs.gxt.ui.client.widget.menu.Menu;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.ICommonClientServiceAsync;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.AbstractAsyncCallback;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.AsyncCallbackWithProgressBar;
@@ -50,7 +51,6 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.Dialo
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.IDelegatedAction;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.IDelegatedActionWithResult;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.IMessageProvider;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.TextToolItem;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.DisplayedOrSelectedDatasetCriteria;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DataSetType;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/DataSetParentsArea.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/DataSetParentsArea.java
index ebd1de54acb..17236c69bbd 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/DataSetParentsArea.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/DataSetParentsArea.java
@@ -20,11 +20,11 @@ import java.util.List;
import com.extjs.gxt.ui.client.widget.form.TextArea;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.Dict;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.GenericConstants;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.field.MultilineVarcharField;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.IMessageProvider;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ExternalData;
/**
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/FileFormatTypeGrid.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/FileFormatTypeGrid.java
index 5738646459a..1a1bba4a178 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/FileFormatTypeGrid.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/FileFormatTypeGrid.java
@@ -26,6 +26,7 @@ import com.extjs.gxt.ui.client.widget.Window;
import com.extjs.gxt.ui.client.widget.button.Button;
import com.google.gwt.user.client.rpc.AsyncCallback;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.ICommonClientServiceAsync;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.AbstractAsyncCallback;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.Dict;
@@ -43,7 +44,6 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.grid.ID
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.AbstractRegistrationDialog;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.ConfirmationDialog;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.IDelegatedAction;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.TextToolItem;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.DefaultResultSetConfig;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.ResultSet;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/FileFormatTypeSelectionWidget.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/FileFormatTypeSelectionWidget.java
index 4c9a3becb44..9343087ba29 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/FileFormatTypeSelectionWidget.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/data/FileFormatTypeSelectionWidget.java
@@ -25,8 +25,8 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.ICommonClientServiceAs
import ch.systemsx.cisd.openbis.generic.client.web.client.application.AbstractAsyncCallback;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.Dict;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.IViewContext;
-import ch.systemsx.cisd.openbis.generic.client.web.client.application.model.NonHierarchicalBaseModelData;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.model.ModelDataPropertyNames;
+import ch.systemsx.cisd.openbis.generic.client.web.client.application.model.NonHierarchicalBaseModelData;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.DropDownList;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseModificationKind;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.FileFormatType;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/entity_type/AbstractEntityTypeGrid.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/entity_type/AbstractEntityTypeGrid.java
index d8d8a19d6fe..bc0b10c59fb 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/entity_type/AbstractEntityTypeGrid.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/entity_type/AbstractEntityTypeGrid.java
@@ -25,6 +25,7 @@ import com.extjs.gxt.ui.client.widget.Window;
import com.extjs.gxt.ui.client.widget.button.Button;
import com.google.gwt.user.client.rpc.AsyncCallback;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.ICommonClientServiceAsync;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.AbstractAsyncCallback;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.Dict;
@@ -39,7 +40,6 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.grid.Co
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.AbstractRegistrationDialog;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.ConfirmationDialog;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.IDelegatedAction;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.TextToolItem;
import ch.systemsx.cisd.openbis.generic.shared.basic.IColumnDefinition;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseModificationKind;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/field/ExperimentChooserField.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/field/ExperimentChooserField.java
index 365076b5964..86308d8a6c2 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/field/ExperimentChooserField.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/field/ExperimentChooserField.java
@@ -19,13 +19,13 @@ package ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.field;
import com.extjs.gxt.ui.client.event.ComponentEvent;
import com.extjs.gxt.ui.client.widget.form.Field;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.ICommonClientServiceAsync;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.Dict;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.IViewContext;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.experiment.ExperimentBrowserGrid;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.grid.DisposableEntityChooser;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.FieldUtil;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.ExperimentIdentifier;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Experiment;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/field/MultilineVarcharField.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/field/MultilineVarcharField.java
index c9f2a9f789d..dad3b8675c1 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/field/MultilineVarcharField.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/field/MultilineVarcharField.java
@@ -18,9 +18,9 @@ package ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.field;
import com.extjs.gxt.ui.client.widget.form.TextArea;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.GenericConstants;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.FieldUtil;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
/**
* A {@link TextArea} extension for registering multiline text with adjustable height.
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/field/PropertyFieldFactory.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/field/PropertyFieldFactory.java
index af29256fa61..7caefb55b23 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/field/PropertyFieldFactory.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/field/PropertyFieldFactory.java
@@ -21,13 +21,13 @@ import java.util.Date;
import com.extjs.gxt.ui.client.widget.form.Field;
import com.google.gwt.user.client.ui.AbstractImagePrototype;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.ICommonClientServiceAsync;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.IViewContext;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.framework.DatabaseModificationAwareField;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.model.VocabularyTermModel;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.renderer.DateRenderer;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.FieldUtil;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DataTypeCode;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.PropertyType;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Vocabulary;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/file/AttachmentFileUploadField.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/file/AttachmentFileUploadField.java
index b30b08a74a9..2481776fa84 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/file/AttachmentFileUploadField.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/file/AttachmentFileUploadField.java
@@ -20,12 +20,12 @@ import com.extjs.gxt.ui.client.widget.form.FieldSet;
import com.extjs.gxt.ui.client.widget.form.FileUploadField;
import com.extjs.gxt.ui.client.widget.layout.FormLayout;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.Dict;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.AbstractRegistrationForm;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.field.DescriptionField;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.field.VarcharField;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.IMessageProvider;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewAttachment;
/**
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/property_type/PropertyTypeSelectionWidget.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/property_type/PropertyTypeSelectionWidget.java
index 1018bac0a63..04f7b3ca414 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/property_type/PropertyTypeSelectionWidget.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/property_type/PropertyTypeSelectionWidget.java
@@ -26,8 +26,8 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.ICommonClientServiceAs
import ch.systemsx.cisd.openbis.generic.client.web.client.application.AbstractAsyncCallback;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.Dict;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.IViewContext;
-import ch.systemsx.cisd.openbis.generic.client.web.client.application.model.NonHierarchicalBaseModelData;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.model.ModelDataPropertyNames;
+import ch.systemsx.cisd.openbis.generic.client.web.client.application.model.NonHierarchicalBaseModelData;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.renderer.PropertyTypeRenderer;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.DropDownList;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.GWTUtils;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/property_type/SectionSelectionWidget.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/property_type/SectionSelectionWidget.java
index 15dff5d3911..04e45277e2d 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/property_type/SectionSelectionWidget.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/property_type/SectionSelectionWidget.java
@@ -24,11 +24,11 @@ import java.util.Set;
import com.extjs.gxt.ui.client.widget.form.ComboBox;
import com.extjs.gxt.ui.client.widget.form.SimpleComboBox;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.ICommonClientServiceAsync;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.Dict;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.IViewContext;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.GWTUtils;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.EntityTypePropertyType;
/**
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/report/ReportGeneratedCallback.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/report/ReportGeneratedCallback.java
index f4db17e5aeb..82d4ba5c51c 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/report/ReportGeneratedCallback.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/report/ReportGeneratedCallback.java
@@ -19,12 +19,12 @@ package ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.report
import com.extjs.gxt.ui.client.widget.MessageBox;
import com.google.gwt.user.client.rpc.AsyncCallback;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.ICommonClientServiceAsync;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.AbstractAsyncCallback;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.AsyncCallbackWithProgressBar;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.IViewContext;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.grid.IDisposableComponent;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.TableModelReference;
import ch.systemsx.cisd.openbis.generic.shared.basic.IReportInformationProvider;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/search/DetailedSearchCriterionWidget.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/search/DetailedSearchCriterionWidget.java
index 8e88b9b386e..6a942bdf37b 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/search/DetailedSearchCriterionWidget.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/search/DetailedSearchCriterionWidget.java
@@ -30,11 +30,11 @@ import com.extjs.gxt.ui.client.widget.form.TextField;
import com.extjs.gxt.ui.client.widget.layout.TableData;
import com.google.gwt.event.dom.client.KeyCodes;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.ICommonClientServiceAsync;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.GenericConstants;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.IViewContext;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.model.DetailedSearchFieldComboModel;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.shared.basic.AttributeSearchFieldKindProvider;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DetailedSearchCriterion;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DetailedSearchField;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/search/DetailedSearchToolbar.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/search/DetailedSearchToolbar.java
index 18e9ca72e7a..6259df6be3b 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/search/DetailedSearchToolbar.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/search/DetailedSearchToolbar.java
@@ -9,8 +9,8 @@ import com.extjs.gxt.ui.client.widget.toolbar.LabelToolItem;
import com.extjs.gxt.ui.client.widget.toolbar.ToolBar;
import com.google.gwt.user.client.Element;
-import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.GWTUtils;
import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
+import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.GWTUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.TextToolItem;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DetailedSearchCriteria;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.PropertyType;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/user/ChangeUserSettingsDialog.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/user/ChangeUserSettingsDialog.java
index 486e843e3a2..a37aa678e2d 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/user/ChangeUserSettingsDialog.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/user/ChangeUserSettingsDialog.java
@@ -46,8 +46,8 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.GWTUt
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.IDelegatedAction;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DisplaySettings;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RealNumberFormatingParameters;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
/**
* {@link Window} containing form for changing logged user settings.
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/vocabulary/VocabularyRegistrationFieldSet.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/vocabulary/VocabularyRegistrationFieldSet.java
index f2f82172066..97e1b9b282b 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/vocabulary/VocabularyRegistrationFieldSet.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/vocabulary/VocabularyRegistrationFieldSet.java
@@ -33,6 +33,7 @@ import com.extjs.gxt.ui.client.widget.form.RadioGroup;
import com.extjs.gxt.ui.client.widget.form.TextArea;
import com.extjs.gxt.ui.client.widget.layout.FormLayout;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.Dict;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.field.CheckBoxField;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.field.CodeField;
@@ -43,7 +44,6 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.file.Ba
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.ConfirmationDialog;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.FieldUtil;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.IMessageProvider;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.shared.basic.BasicConstant;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewVocabulary;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.VocabularyTerm;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/vocabulary/VocabularyTermValidator.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/vocabulary/VocabularyTermValidator.java
index bd464bbdbac..02e8ed57902 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/vocabulary/VocabularyTermValidator.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/vocabulary/VocabularyTermValidator.java
@@ -9,10 +9,10 @@ import java.util.Set;
import com.extjs.gxt.ui.client.widget.form.Field;
import com.extjs.gxt.ui.client.widget.form.Validator;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.Dict;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.field.CodeField.CodeFieldKind;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.IMessageProvider;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.VocabularyTerm;
/**
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/CommonClientService.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/CommonClientService.java
index 4627c6a1315..8f6c8a11235 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/CommonClientService.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/CommonClientService.java
@@ -123,8 +123,8 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Person;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Project;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ProjectUpdates;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.PropertyType;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleAssignment;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleSetCode;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleType;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleTypePropertyType;
@@ -317,7 +317,7 @@ public final class CommonClientService extends AbstractClientService implements
}
}
- public final void registerGroupRole(final RoleSetCode roleSetCode, final String group,
+ public final void registerGroupRole(final RoleWithHierarchy roleSetCode, final String group,
final Grantee grantee)
throws ch.systemsx.cisd.openbis.generic.client.web.client.exception.UserFailureException
{
@@ -334,7 +334,7 @@ public final class CommonClientService extends AbstractClientService implements
}
}
- public final void registerInstanceRole(final RoleSetCode roleSetCode, final Grantee grantee)
+ public final void registerInstanceRole(final RoleWithHierarchy roleSetCode, final Grantee grantee)
throws ch.systemsx.cisd.openbis.generic.client.web.client.exception.UserFailureException
{
try
@@ -348,7 +348,7 @@ public final class CommonClientService extends AbstractClientService implements
}
}
- public final void deleteGroupRole(final RoleSetCode roleSetCode, final String group,
+ public final void deleteGroupRole(final RoleWithHierarchy roleSetCode, final String group,
final Grantee grantee)
throws ch.systemsx.cisd.openbis.generic.client.web.client.exception.UserFailureException
{
@@ -366,7 +366,7 @@ public final class CommonClientService extends AbstractClientService implements
}
- public final void deleteInstanceRole(final RoleSetCode roleSetCode, final Grantee grantee)
+ public final void deleteInstanceRole(final RoleWithHierarchy roleSetCode, final Grantee grantee)
throws ch.systemsx.cisd.openbis.generic.client.web.client.exception.UserFailureException
{
try
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/translator/RoleCodeTranslator.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/translator/RoleCodeTranslator.java
index 743a4a83a66..16b024c5a3b 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/translator/RoleCodeTranslator.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/translator/RoleCodeTranslator.java
@@ -16,8 +16,8 @@
package ch.systemsx.cisd.openbis.generic.client.web.server.translator;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleSetCode;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
/**
* A role code translator.
@@ -32,25 +32,9 @@ public final class RoleCodeTranslator
// Can not be instantiated.
}
- public final static RoleCode translate(final RoleSetCode code)
+ public final static RoleCode translate(final RoleWithHierarchy code)// FIXME: remove class
{
- switch (code)
- {
- case SPACE_ADMIN:
- case INSTANCE_ADMIN:
- return RoleCode.ADMIN;
- case SPACE_ETL_SERVER:
- case INSTANCE_ETL_SERVER:
- return RoleCode.ETL_SERVER;
- case OBSERVER:
- case INSTANCE_ADMIN_OBSERVER:
- return RoleCode.OBSERVER;
- case POWER_USER:
- return RoleCode.POWER_USER;
- case USER:
- return RoleCode.USER;
- }
- throw new IllegalArgumentException("Unknown role set");
+ return code.getRoleCode();
}
}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/AbstractServer.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/AbstractServer.java
index 5253f69be8e..0b501f0aed7 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/AbstractServer.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/AbstractServer.java
@@ -41,6 +41,7 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DisplaySettings;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.EntityKind;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.GridCustomColumn;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.DataSetTypePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.DataStorePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.GridCustomColumnPE;
@@ -48,7 +49,6 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.IAuthSession;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.SampleTypePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.Session;
import ch.systemsx.cisd.openbis.generic.shared.dto.SessionContextDTO;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/CommonServer.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/CommonServer.java
index 38cc88bf9ae..97e36328334 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/CommonServer.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/CommonServer.java
@@ -125,6 +125,7 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.UpdatedSample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Vocabulary;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.VocabularyTerm;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.VocabularyTermReplacement;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.AttachmentHolderPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.AttachmentPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.AuthorizationGroupPE;
@@ -151,7 +152,6 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.ProjectPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.ProjectUpdatesDTO;
import ch.systemsx.cisd.openbis.generic.shared.dto.PropertyTypePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.SampleTypePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.SampleTypePropertyTypePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.SearchableEntity;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/CommonServerLogger.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/CommonServerLogger.java
index 74ad5185073..6184c1eaef2 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/CommonServerLogger.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/CommonServerLogger.java
@@ -75,11 +75,11 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TableModel;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Vocabulary;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.VocabularyTerm;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.VocabularyTermReplacement;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.DataSetUploadContext;
import ch.systemsx.cisd.openbis.generic.shared.dto.ListSampleCriteriaDTO;
import ch.systemsx.cisd.openbis.generic.shared.dto.ProjectUpdatesDTO;
import ch.systemsx.cisd.openbis.generic.shared.dto.PropertyTypePE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.SampleParentWithDerivedDTO;
import ch.systemsx.cisd.openbis.generic.shared.dto.SamplePropertyPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.SearchableEntity;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/ETLService.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/ETLService.java
index 6285970c71f..19d535b3c4b 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/ETLService.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/ETLService.java
@@ -16,8 +16,8 @@
package ch.systemsx.cisd.openbis.generic.server;
-import static ch.systemsx.cisd.openbis.generic.shared.GenericSharedConstants.DATA_STORE_SERVER_WEB_APPLICATION_NAME;
import static ch.systemsx.cisd.openbis.generic.shared.GenericSharedConstants.DATA_STORE_SERVER_APPLICATION_PATH;
+import static ch.systemsx.cisd.openbis.generic.shared.GenericSharedConstants.DATA_STORE_SERVER_WEB_APPLICATION_NAME;
import java.util.ArrayList;
import java.util.Collections;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/TrackingServer.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/TrackingServer.java
index 34da2a35eca..64357994dca 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/TrackingServer.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/TrackingServer.java
@@ -30,9 +30,9 @@ import ch.systemsx.cisd.openbis.generic.server.dataaccess.IDAOFactory;
import ch.systemsx.cisd.openbis.generic.shared.ITrackingServer;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ExternalData;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ListOrSearchSampleCriteria;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TrackingSampleCriteria;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TrackingDataSetCriteria;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TrackingSampleCriteria;
import ch.systemsx.cisd.openbis.generic.shared.dto.Session;
public final class TrackingServer extends AbstractServer<ITrackingServer> implements
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/TrackingServerLogger.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/TrackingServerLogger.java
index 0069ff7ac2b..f7ad71eb7bf 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/TrackingServerLogger.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/TrackingServerLogger.java
@@ -22,9 +22,9 @@ import ch.systemsx.cisd.authentication.ISessionManager;
import ch.systemsx.cisd.common.spring.IInvocationLoggerContext;
import ch.systemsx.cisd.openbis.generic.shared.ITrackingServer;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ExternalData;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TrackingSampleCriteria;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TrackingDataSetCriteria;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TrackingSampleCriteria;
import ch.systemsx.cisd.openbis.generic.shared.dto.Session;
/**
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/api/v1/GeneralInformationService.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/api/v1/GeneralInformationService.java
index 0df5d41566e..622d0bd13a6 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/api/v1/GeneralInformationService.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/api/v1/GeneralInformationService.java
@@ -36,7 +36,6 @@ import ch.systemsx.cisd.openbis.generic.shared.api.v1.IGeneralInformationService
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.Project;
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.Role;
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.SpaceWithProjectsAndRoleAssignments;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.dto.AuthorizationGroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.DatabaseInstancePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
@@ -47,8 +46,6 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.Session;
import ch.systemsx.cisd.openbis.generic.shared.dto.SessionContextDTO;
/**
- *
- *
* @author Franz-Josef Elmer
*/
@Component(ResourceNames.GENERAL_INFORMATION_SERVICE_SERVER)
@@ -59,7 +56,7 @@ public class GeneralInformationService extends AbstractServer<IGeneralInformatio
public GeneralInformationService()
{
}
-
+
GeneralInformationService(ISessionManager<Session> sessionManager, IDAOFactory daoFactory)
{
super(sessionManager, daoFactory);
@@ -79,14 +76,15 @@ public class GeneralInformationService extends AbstractServer<IGeneralInformatio
public Map<String, Set<Role>> listNamedRoleSets(String sessionToken)
{
checkSession(sessionToken);
-
+
Map<String, Set<Role>> namedRoleSets = new LinkedHashMap<String, Set<Role>>();
- RoleSet[] values = RoleSet.values();
- for (RoleSet roleSet : values)
+ ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy[] values =
+ ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.values();
+ for (ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy roleSet : values)
{
- Set<ch.systemsx.cisd.openbis.generic.shared.authorization.Role> roles = roleSet.getRoles();
+ Set<ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy> roles = roleSet.getRoles();
Set<Role> translatedRoles = new HashSet<Role>();
- for (ch.systemsx.cisd.openbis.generic.shared.authorization.Role role : roles)
+ for (ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy role : roles)
{
translatedRoles.add(Translator.translate(role));
}
@@ -99,12 +97,12 @@ public class GeneralInformationService extends AbstractServer<IGeneralInformatio
String sessionToken, String databaseInstanceCodeOrNull)
{
checkSession(sessionToken);
-
+
Map<String, List<RoleAssignmentPE>> roleAssignmentsPerSpace = getRoleAssignmentsPerSpace();
List<RoleAssignmentPE> instanceRoleAssignments = roleAssignmentsPerSpace.get(null);
List<GroupPE> spaces = listSpaces(databaseInstanceCodeOrNull);
List<SpaceWithProjectsAndRoleAssignments> result =
- new ArrayList<SpaceWithProjectsAndRoleAssignments>();
+ new ArrayList<SpaceWithProjectsAndRoleAssignments>();
for (GroupPE space : spaces)
{
SpaceWithProjectsAndRoleAssignments fullSpace =
@@ -133,8 +131,10 @@ public class GeneralInformationService extends AbstractServer<IGeneralInformatio
private Map<String, List<RoleAssignmentPE>> getRoleAssignmentsPerSpace()
{
- List<RoleAssignmentPE> roleAssignments = getDAOFactory().getRoleAssignmentDAO().listRoleAssignments();
- Map<String, List<RoleAssignmentPE>> roleAssignmentsPerSpace = new HashMap<String, List<RoleAssignmentPE>>();
+ List<RoleAssignmentPE> roleAssignments =
+ getDAOFactory().getRoleAssignmentDAO().listRoleAssignments();
+ Map<String, List<RoleAssignmentPE>> roleAssignmentsPerSpace =
+ new HashMap<String, List<RoleAssignmentPE>>();
for (RoleAssignmentPE roleAssignment : roleAssignments)
{
GroupPE space = roleAssignment.getGroup();
@@ -149,7 +149,7 @@ public class GeneralInformationService extends AbstractServer<IGeneralInformatio
}
return roleAssignmentsPerSpace;
}
-
+
private List<GroupPE> listSpaces(String databaseInstanceCodeOrNull)
{
IDAOFactory daoFactory = getDAOFactory();
@@ -158,11 +158,11 @@ public class GeneralInformationService extends AbstractServer<IGeneralInformatio
{
IDatabaseInstanceDAO databaseInstanceDAO = daoFactory.getDatabaseInstanceDAO();
databaseInstance =
- databaseInstanceDAO.tryFindDatabaseInstanceByCode(databaseInstanceCodeOrNull);
+ databaseInstanceDAO.tryFindDatabaseInstanceByCode(databaseInstanceCodeOrNull);
}
return daoFactory.getGroupDAO().listGroups(databaseInstance);
}
-
+
private void addProjectsTo(SpaceWithProjectsAndRoleAssignments fullSpace, GroupPE space)
{
List<ProjectPE> projects = getDAOFactory().getProjectDAO().listProjects(space);
@@ -171,12 +171,14 @@ public class GeneralInformationService extends AbstractServer<IGeneralInformatio
fullSpace.add(new Project(fullSpace.getCode(), project.getCode()));
}
}
-
+
private void addRoles(SpaceWithProjectsAndRoleAssignments fullSpace, List<RoleAssignmentPE> list)
{
for (RoleAssignmentPE roleAssignment : list)
{
- Role role = Translator.translate(roleAssignment.getRole(), roleAssignment.getGroup() != null);
+ Role role =
+ Translator.translate(roleAssignment.getRole(),
+ roleAssignment.getGroup() != null);
Set<PersonPE> persons;
AuthorizationGroupPE authorizationGroup = roleAssignment.getAuthorizationGroup();
if (authorizationGroup != null)
@@ -193,4 +195,3 @@ public class GeneralInformationService extends AbstractServer<IGeneralInformatio
}
}
}
-
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/api/v1/Translator.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/api/v1/Translator.java
index f64b894e0e0..022b6d78472 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/api/v1/Translator.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/api/v1/Translator.java
@@ -17,26 +17,24 @@
package ch.systemsx.cisd.openbis.generic.server.api.v1;
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.Role;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.Role.RoleLevel;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleLevel;
/**
- *
- *
* @author Franz-Josef Elmer
*/
class Translator
{
- static Role translate(ch.systemsx.cisd.openbis.generic.shared.authorization.Role role)
+ static Role translate(ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy role)
{
- return translate(role.getRoleName(), role.getRoleLevel().equals(RoleLevel.SPACE));
+ return translate(role.getRoleCode(), role.getRoleLevel().equals(RoleLevel.SPACE));
}
-
+
static Role translate(RoleCode roleCode, boolean spaceLevel)
{
return new Role(roleCode.name(), spaceLevel);
}
-
+
private Translator()
{
}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/DefaultAccessController.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/DefaultAccessController.java
index 1dfc54d4a9c..05639f028cc 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/DefaultAccessController.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/DefaultAccessController.java
@@ -19,6 +19,7 @@ package ch.systemsx.cisd.openbis.generic.server.authorization;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.HashMap;
+import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
@@ -35,9 +36,9 @@ import ch.systemsx.cisd.common.logging.LogCategory;
import ch.systemsx.cisd.common.logging.LogFactory;
import ch.systemsx.cisd.common.utilities.MethodUtils;
import ch.systemsx.cisd.openbis.generic.server.dataaccess.IAuthorizationDAOFactory;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.Role;
import ch.systemsx.cisd.openbis.generic.shared.authorization.RoleWithIdentifier;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.dto.IAuthSession;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
@@ -68,7 +69,7 @@ public final class DefaultAccessController implements IAccessController
/**
* Cache for the method roles as they are <code>static</code>.
*/
- private final Map<Method, Set<Role>> methodRolesCache = new HashMap<Method, Set<Role>>();
+ private final Map<Method, Set<RoleWithHierarchy>> methodRolesCache = new HashMap<Method, Set<RoleWithHierarchy>>();
public DefaultAccessController(final IAuthorizationDAOFactory daoFactory)
{
@@ -103,18 +104,21 @@ public final class DefaultAccessController implements IAccessController
}
}
- private Set<Role> getMethodRoles(final Method method)
+ private Set<RoleWithHierarchy> getMethodRoles(final Method method)
{
synchronized (methodRolesCache)
{
- Set<Role> roles = methodRolesCache.get(method);
+ Set<RoleWithHierarchy> roles = methodRolesCache.get(method);
if (roles == null)
{
- roles = new LinkedHashSet<Role>();
+ roles = new LinkedHashSet<RoleWithHierarchy>();
final RolesAllowed rolesAllowed = method.getAnnotation(RolesAllowed.class);
if (rolesAllowed != null)
{
- roles = rolesAllowed.value().getRoles();
+ for (RoleWithHierarchy role : rolesAllowed.value())
+ {
+ roles.addAll(role.getRoles());
+ }
}
methodRolesCache.put(method, roles);
}
@@ -132,7 +136,7 @@ public final class DefaultAccessController implements IAccessController
stopWatch.start();
try
{
- final Set<Role> methodRoles = getMethodRoles(method);
+ final Set<RoleWithHierarchy> methodRoles = getMethodRoles(method);
if (methodRoles.size() == 0)
{
// TODO 2008-08-07, Tomasz Pylak: why this is not a programming error? What a user
@@ -151,7 +155,8 @@ public final class DefaultAccessController implements IAccessController
return Status.createError(msg);
}
final List<RoleWithIdentifier> userRoles = getUserRoles(person);
- userRoles.retainAll(methodRoles);
+ retainMatchingRoleWithIdentifiers(userRoles, methodRoles);
+
if (userRoles.size() == 0)
{
final String msg =
@@ -176,4 +181,22 @@ public final class DefaultAccessController implements IAccessController
logTimeTaken(stopWatch, method);
}
}
+
+ /**
+ * Retains {@link RoleWithIdentifier}s with {@link RoleWithIdentifier#getRole()} included in the
+ * set of {@link RoleWithHierarchy}s.
+ */
+ public static void retainMatchingRoleWithIdentifiers(final List<RoleWithIdentifier> userRoles,
+ final Set<RoleWithHierarchy> methodRoles)
+ {
+ Iterator<RoleWithIdentifier> it = userRoles.iterator();
+ while (it.hasNext())
+ {
+ RoleWithIdentifier roleWithIdentifier = it.next();
+ if (methodRoles.contains(roleWithIdentifier.getRole()) == false)
+ {
+ it.remove();
+ }
+ }
+ }
}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IRoleAssignmentDAO.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IRoleAssignmentDAO.java
index 904f8c3b9d5..848517395e5 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IRoleAssignmentDAO.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IRoleAssignmentDAO.java
@@ -22,10 +22,10 @@ import org.springframework.dao.DataAccessException;
import org.springframework.dao.DataIntegrityViolationException;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Grantee;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.AuthorizationGroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
/**
* <i>Data Access Object</i> for {@link RoleAssignmentPE}.
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/db/HibernateSearchDAO.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/db/HibernateSearchDAO.java
index c1f7e8df2a0..20f816641d4 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/db/HibernateSearchDAO.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/db/HibernateSearchDAO.java
@@ -61,9 +61,9 @@ import ch.systemsx.cisd.openbis.generic.server.dataaccess.IHibernateSearchDAO;
import ch.systemsx.cisd.openbis.generic.server.dataaccess.db.search.LuceneQueryBuilder;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.BasicEntityType;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DetailedSearchCriteria;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.MatchingEntity;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Person;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.dto.SearchableEntity;
import ch.systemsx.cisd.openbis.generic.shared.dto.hibernate.SearchFieldConstants;
import ch.systemsx.cisd.openbis.generic.shared.dto.properties.EntityKind;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/db/RoleAssignmentDAO.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/db/RoleAssignmentDAO.java
index be394035522..c040ab08e26 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/db/RoleAssignmentDAO.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/db/RoleAssignmentDAO.java
@@ -32,11 +32,11 @@ import ch.systemsx.cisd.common.utilities.MethodUtils;
import ch.systemsx.cisd.openbis.generic.server.dataaccess.IRoleAssignmentDAO;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Grantee;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Grantee.GranteeType;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.AuthorizationGroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.DatabaseInstancePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
/**
* <i>Data Access Object</i> implementation for {@link RoleAssignmentPE}.
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/ICommonServer.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/ICommonServer.java
index 14b23da2346..82cfce701c6 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/ICommonServer.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/ICommonServer.java
@@ -25,7 +25,6 @@ import org.springframework.transaction.annotation.Transactional;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.AuthorizationGuard;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.ReturnValueFilter;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.DataSetCodeCollectionPredicate;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.DataSetCodePredicate;
@@ -90,6 +89,7 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Person;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Project;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.PropertyType;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleAssignment;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleType;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
@@ -98,9 +98,9 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Vocabulary;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.VocabularyTerm;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.VocabularyTermReplacement;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseModificationKind.ObjectKind;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.DataSetUploadContext;
import ch.systemsx.cisd.openbis.generic.shared.dto.ProjectUpdatesDTO;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.SearchableEntity;
import ch.systemsx.cisd.openbis.generic.shared.dto.VocabularyTermWithStats;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.DatabaseInstanceIdentifier;
@@ -116,7 +116,7 @@ public interface ICommonServer extends IServer
{
/** Keeps the session with specified token alive. */
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public void keepSessionAlive(String sessionToken);
/**
@@ -125,7 +125,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link Space}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = SpaceValidator.class)
public List<Space> listSpaces(String sessionToken, DatabaseInstanceIdentifier identifier);
@@ -133,7 +133,7 @@ public interface ICommonServer extends IServer
* Registers a new space with specified code and optional description.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SPACE)
public void registerSpace(String sessionToken, String spaceCode, String descriptionOrNull);
@@ -141,7 +141,7 @@ public interface ICommonServer extends IServer
* Updates a property type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.SPACE)
public void updateSpace(final String sessionToken, final ISpaceUpdates updates);
@@ -149,7 +149,7 @@ public interface ICommonServer extends IServer
* Registers a new authorization group.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.AUTHORIZATION_GROUP)
public void registerAuthorizationGroup(String sessionToken,
NewAuthorizationGroup newAuthorizationGroup);
@@ -158,7 +158,7 @@ public interface ICommonServer extends IServer
* Deletes selected authorization groups.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.AUTHORIZATION_GROUP)
public void deleteAuthorizationGroups(String sessionToken, List<TechId> authGroupIds,
String reason);
@@ -169,7 +169,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link Person}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
public List<Person> listPersons(String sessionToken);
/**
@@ -178,7 +178,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link Project}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = ProjectValidator.class)
public List<Project> listProjects(String sessionToken);
@@ -186,7 +186,7 @@ public interface ICommonServer extends IServer
* Registers a new person.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.PERSON)
public void registerPerson(String sessionToken, String userID);
@@ -194,14 +194,14 @@ public interface ICommonServer extends IServer
* Returns a list of all roles.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.SPACE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ADMIN)
public List<RoleAssignment> listRoleAssignments(String sessionToken);
/**
* Registers a new space role.
*/
@Transactional
- @RolesAllowed(RoleSet.SPACE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.ROLE_ASSIGNMENT)
public void registerSpaceRole(
String sessionToken,
@@ -213,7 +213,7 @@ public interface ICommonServer extends IServer
* Registers a new instance role.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.ROLE_ASSIGNMENT)
public void registerInstanceRole(String sessionToken, RoleCode roleCode, Grantee grantee);
@@ -221,7 +221,7 @@ public interface ICommonServer extends IServer
* Deletes role described by given role code, space identifier and grantee.
*/
@Transactional
- @RolesAllowed(RoleSet.SPACE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.ROLE_ASSIGNMENT)
public void deleteSpaceRole(
String sessionToken,
@@ -233,7 +233,7 @@ public interface ICommonServer extends IServer
* Deletes role described by given role code and user id.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.ROLE_ASSIGNMENT)
public void deleteInstanceRole(String sessionToken, RoleCode roleCode, Grantee grantee);
@@ -243,7 +243,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link SampleType}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<SampleType> listSampleTypes(String sessionToken);
/**
@@ -252,7 +252,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link Sample}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = SampleValidator.class)
public List<Sample> listSamples(
final String sessionToken,
@@ -264,7 +264,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link Experiment}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<Experiment> listExperiments(
final String sessionToken,
ExperimentType experimentType,
@@ -276,7 +276,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link ExternalData}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<ExternalData> listSampleExternalData(final String sessionToken,
@AuthorizationGuard(guardClass = SampleTechIdPredicate.class) final TechId sampleId,
final boolean showOnlyDirectlyConnected);
@@ -287,7 +287,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link ExternalData}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<ExternalData> listExperimentExternalData(
final String sessionToken,
@AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class) final TechId experimentId);
@@ -299,7 +299,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link ExternalData}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<ExternalData> listDataSetRelationships(final String sessionToken,
@AuthorizationGuard(guardClass = DataSetTechIdPredicate.class) final TechId datasetId,
final DataSetRelationshipRole role);
@@ -308,7 +308,7 @@ public interface ICommonServer extends IServer
* Performs an <i>Hibernate Search</i> based on given parameters.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = MatchingEntityValidator.class)
public List<MatchingEntity> listMatchingEntities(final String sessionToken,
final SearchableEntity[] searchableEntities, final String queryText,
@@ -320,7 +320,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link ExperimentType}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<ExperimentType> listExperimentTypes(String sessionToken);
/**
@@ -329,7 +329,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link PropertyType}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<PropertyType> listPropertyTypes(final String sessionToken, boolean withRelations);
/**
@@ -338,7 +338,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link DataType}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<DataType> listDataTypes(final String sessionToken);
/**
@@ -347,7 +347,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link FileFormatType}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<FileFormatType> listFileFormatTypes(String sessionToken);
/**
@@ -356,7 +356,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link Vocabulary}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<Vocabulary> listVocabularies(final String sessionToken, final boolean withTerms,
boolean excludeInternal);
@@ -364,7 +364,7 @@ public interface ICommonServer extends IServer
* Registers given {@link PropertyType}.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.PROPERTY_TYPE)
public void registerPropertyType(final String sessionToken, final PropertyType propertyType);
@@ -372,7 +372,7 @@ public interface ICommonServer extends IServer
* Updates a property type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.PROPERTY_TYPE)
public void updatePropertyType(final String sessionToken, final IPropertyTypeUpdates updates);
@@ -380,7 +380,7 @@ public interface ICommonServer extends IServer
* Deletes specified property types.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.PROPERTY_TYPE)
public void deletePropertyTypes(String sessionToken, List<TechId> propertyTypeIds, String reason);
@@ -388,7 +388,7 @@ public interface ICommonServer extends IServer
* Assigns property type to entity type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.PROPERTY_TYPE_ASSIGNMENT)
public String assignPropertyType(final String sessionToken, final EntityKind entityKind,
final String propertyTypeCode, final String entityTypeCode, final boolean isMandatory,
@@ -398,7 +398,7 @@ public interface ICommonServer extends IServer
* Update property type assignment to entity type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.PROPERTY_TYPE_ASSIGNMENT)
public void updatePropertyTypeAssignment(final String sessionToken,
final EntityKind entityKind, final String propertyTypeCode,
@@ -409,7 +409,7 @@ public interface ICommonServer extends IServer
* Unassigns property type to entity type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.PROPERTY_TYPE_ASSIGNMENT)
public void unassignPropertyType(String sessionToken, EntityKind entityKind,
String propertyTypeCode, String entityTypeCode);
@@ -419,7 +419,7 @@ public interface ICommonServer extends IServer
* type.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public int countPropertyTypedEntities(String sessionToken, EntityKind entityKind,
String propertyTypeCode, String entityTypeCode);
@@ -427,7 +427,7 @@ public interface ICommonServer extends IServer
* Registers given {@link NewVocabulary}.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.VOCABULARY)
public void registerVocabulary(final String sessionToken, final NewVocabulary vocabulary);
@@ -435,7 +435,7 @@ public interface ICommonServer extends IServer
* Updates a vocabulary.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.VOCABULARY)
public void updateVocabulary(String sessionToken, IVocabularyUpdates updates);
@@ -443,7 +443,7 @@ public interface ICommonServer extends IServer
* Deletes specified vocabularies.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.VOCABULARY)
public void deleteVocabularies(String sessionToken, List<TechId> vocabularyIds, String reason);
@@ -451,7 +451,7 @@ public interface ICommonServer extends IServer
* Deletes specified projects.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.PROJECT)
public void deleteProjects(String sessionToken,
@AuthorizationGuard(guardClass = ProjectTechIdPredicate.class) List<TechId> projectIds,
@@ -461,7 +461,7 @@ public interface ICommonServer extends IServer
* Deletes specified spaces.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SPACE)
public void deleteSpaces(String sessionToken,
@AuthorizationGuard(guardClass = SpaceTechIdPredicate.class) List<TechId> spaceIds,
@@ -471,7 +471,7 @@ public interface ICommonServer extends IServer
* Adds new terms to a vocabulary starting from specified ordinal + 1.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.VOCABULARY_TERM)
public void addVocabularyTerms(String sessionToken, TechId vocabularyId,
List<String> vocabularyTerms, Long previousTermOrdinal);
@@ -480,7 +480,7 @@ public interface ICommonServer extends IServer
* Updates a vocabulary term.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.VOCABULARY_TERM)
public void updateVocabularyTerm(final String sessionToken, final IVocabularyTermUpdates updates);
@@ -488,7 +488,7 @@ public interface ICommonServer extends IServer
* Deletes from the specified vocabulary the specified terms.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.VOCABULARY_TERM)
public void deleteVocabularyTerms(String sessionToken, TechId vocabularyId,
List<VocabularyTerm> termsToBeDeleted, List<VocabularyTermReplacement> termsToBeReplaced);
@@ -497,7 +497,7 @@ public interface ICommonServer extends IServer
* Registers new project.
*/
@Transactional
- @RolesAllowed(RoleSet.SPACE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.PROJECT)
public void registerProject(
String sessionToken,
@@ -508,7 +508,7 @@ public interface ICommonServer extends IServer
* Performs an <i>Hibernate Search</i> based on given parameters.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = ExternalDataValidator.class)
public List<ExternalData> searchForDataSets(String sessionToken, DetailedSearchCriteria criteria);
@@ -516,7 +516,7 @@ public interface ICommonServer extends IServer
* For given {@link TechId} returns the corresponding {@link ExternalData}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public ExternalData getDataSetInfo(String sessionToken,
@AuthorizationGuard(guardClass = DataSetTechIdPredicate.class) TechId datasetId);
@@ -524,7 +524,7 @@ public interface ICommonServer extends IServer
* Performs an <i>Hibernate Search</i> based on given parameters.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = SampleValidator.class)
public List<Sample> searchForSamples(String sessionToken, DetailedSearchCriteria criteria);
@@ -532,7 +532,7 @@ public interface ICommonServer extends IServer
* Returns all data sets related to specified entities.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = ExternalDataValidator.class)
public List<ExternalData> listRelatedDataSets(String sessionToken,
DataSetRelatedEntities entities);
@@ -543,7 +543,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link MaterialType}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<MaterialType> listMaterialTypes(String sessionToken);
/**
@@ -552,7 +552,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link Material}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<Material> listMaterials(String sessionToken, MaterialType materialType,
boolean withProperties);
@@ -560,7 +560,7 @@ public interface ICommonServer extends IServer
* Creates a new material type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.MATERIAL_TYPE)
public void registerMaterialType(String sessionToken, MaterialType entityType);
@@ -568,7 +568,7 @@ public interface ICommonServer extends IServer
* Updates a material type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.MATERIAL_TYPE)
public void updateMaterialType(String sessionToken, EntityType entityType);
@@ -576,7 +576,7 @@ public interface ICommonServer extends IServer
* Creates a new sample type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SAMPLE_TYPE)
public void registerSampleType(String sessionToken, SampleType entityType);
@@ -584,7 +584,7 @@ public interface ICommonServer extends IServer
* Updates a sample type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.SAMPLE_TYPE)
public void updateSampleType(String sessionToken, EntityType entityType);
@@ -592,7 +592,7 @@ public interface ICommonServer extends IServer
* Creates a new experiment type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.EXPERIMENT_TYPE)
public void registerExperimentType(String sessionToken, ExperimentType entityType);
@@ -600,7 +600,7 @@ public interface ICommonServer extends IServer
* Updates a experiment type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.EXPERIMENT_TYPE)
public void updateExperimentType(String sessionToken, EntityType entityType);
@@ -608,7 +608,7 @@ public interface ICommonServer extends IServer
* Creates a new file format type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.FILE_FORMAT_TYPE)
public void registerFileFormatType(String sessionToken, FileFormatType type);
@@ -616,7 +616,7 @@ public interface ICommonServer extends IServer
* Creates a new data set type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.DATASET_TYPE)
public void registerDataSetType(String sessionToken, DataSetType entityType);
@@ -624,7 +624,7 @@ public interface ICommonServer extends IServer
* Updates a data set type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.DATASET_TYPE)
public void updateDataSetType(String sessionToken, EntityType entityType);
@@ -632,7 +632,7 @@ public interface ICommonServer extends IServer
* Deletes specified data sets.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.DATA_SET)
public void deleteDataSets(String sessionToken,
@AuthorizationGuard(guardClass = DataSetCodePredicate.class) List<String> dataSetCodes,
@@ -642,7 +642,7 @@ public interface ICommonServer extends IServer
* Deletes specified samples.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SAMPLE)
public void deleteSamples(
String sessionToken,
@@ -653,7 +653,7 @@ public interface ICommonServer extends IServer
* Deletes specified experiments.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.EXPERIMENT)
public void deleteExperiments(
String sessionToken,
@@ -664,7 +664,7 @@ public interface ICommonServer extends IServer
* Deletes specified attachments (all versions with given file names) of specified experiment.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.EXPERIMENT)
public void deleteExperimentAttachments(String sessionToken,
@AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class) TechId experimentId,
@@ -674,7 +674,7 @@ public interface ICommonServer extends IServer
* Deletes specified attachments (all versions with given file names) of specified sample.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.SAMPLE)
public void deleteSampleAttachments(String sessionToken,
@AuthorizationGuard(guardClass = SampleTechIdPredicate.class) TechId sampleId,
@@ -684,7 +684,7 @@ public interface ICommonServer extends IServer
* Deletes specified attachments (all versions with given file names) of specified project.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.PROJECT)
public void deleteProjectAttachments(String sessionToken,
@AuthorizationGuard(guardClass = ProjectTechIdPredicate.class) TechId projectId,
@@ -694,7 +694,7 @@ public interface ICommonServer extends IServer
* Returns all attachments (all versions) of specified experiment.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<Attachment> listExperimentAttachments(String sessionToken,
@AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class) TechId experimentId);
@@ -702,7 +702,7 @@ public interface ICommonServer extends IServer
* Returns all attachments (all versions) of specified sample.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<Attachment> listSampleAttachments(String sessionToken,
@AuthorizationGuard(guardClass = SampleTechIdPredicate.class) TechId sampleId);
@@ -710,7 +710,7 @@ public interface ICommonServer extends IServer
* Returns all attachments (all versions) of specified project.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<Attachment> listProjectAttachments(String sessionToken,
@AuthorizationGuard(guardClass = ProjectTechIdPredicate.class) TechId projectId);
@@ -720,7 +720,7 @@ public interface ICommonServer extends IServer
* @return a message or an empty string
*/
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public String uploadDataSets(String sessionToken, List<String> dataSetCodes,
DataSetUploadContext uploadContext);
@@ -728,7 +728,7 @@ public interface ICommonServer extends IServer
* Lists vocabulary terms of a given vocabulary. Includes terms usage statistics.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<VocabularyTermWithStats> listVocabularyTermsWithStatistics(String sessionToken,
Vocabulary vocabulary);
@@ -736,7 +736,7 @@ public interface ICommonServer extends IServer
* Lists vocabulary terms of a given vocabulary.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public Set<VocabularyTerm> listVocabularyTerms(String sessionToken, Vocabulary vocabulary);
/**
@@ -745,21 +745,21 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link DataSetType}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<DataSetType> listDataSetTypes(String sessionToken);
/**
* @return Information about the time and kind of the last modification, separately for each
* kind of database object.
*/
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public LastModificationState getLastModificationState(String sessionToken);
/**
* For given {@link TechId} returns the corresponding {@link Project}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public Project getProjectInfo(String sessionToken,
@AuthorizationGuard(guardClass = ProjectTechIdPredicate.class) TechId projectId);
@@ -768,7 +768,7 @@ public interface ICommonServer extends IServer
* attachments).
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public Project getProjectInfo(
String sessionToken,
@AuthorizationGuard(guardClass = SpaceIdentifierPredicate.class) ProjectIdentifier projectIdentifier);
@@ -777,14 +777,14 @@ public interface ICommonServer extends IServer
* Returns unique code.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
public String generateCode(String sessionToken, String prefix);
/**
* Saves changed project.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseUpdateModification(value = ObjectKind.PROJECT)
public Date updateProject(
String sessionToken,
@@ -794,7 +794,7 @@ public interface ICommonServer extends IServer
* Deletes specified data set types.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value =
{ ObjectKind.DATASET_TYPE, ObjectKind.PROPERTY_TYPE_ASSIGNMENT })
public void deleteDataSetTypes(String sessionToken, List<String> entityTypesCodes);
@@ -803,7 +803,7 @@ public interface ICommonServer extends IServer
* Deletes specified sample types.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value =
{ ObjectKind.SAMPLE_TYPE, ObjectKind.PROPERTY_TYPE_ASSIGNMENT })
public void deleteSampleTypes(String sessionToken, List<String> entityTypesCodes);
@@ -812,7 +812,7 @@ public interface ICommonServer extends IServer
* Deletes specified experiment types.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value =
{ ObjectKind.EXPERIMENT_TYPE, ObjectKind.PROPERTY_TYPE_ASSIGNMENT })
public void deleteExperimentTypes(String sessionToken, List<String> entityTypesCodes);
@@ -821,7 +821,7 @@ public interface ICommonServer extends IServer
* Deletes specified file format types.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value =
{ ObjectKind.FILE_FORMAT_TYPE })
public void deleteFileFormatTypes(String sessionToken, List<String> codes);
@@ -830,7 +830,7 @@ public interface ICommonServer extends IServer
* Deletes specified material types.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value =
{ ObjectKind.MATERIAL_TYPE, ObjectKind.PROPERTY_TYPE_ASSIGNMENT })
public void deleteMaterialTypes(String sessionToken, List<String> entityTypesCodes);
@@ -840,7 +840,7 @@ public interface ICommonServer extends IServer
* {@link IEntityInformationHolder}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public IEntityInformationHolder getEntityInformationHolder(String sessionToken,
EntityKind entityKind, String permId);
@@ -849,7 +849,7 @@ public interface ICommonServer extends IServer
* {@link IEntityInformationHolder}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public IEntityInformationHolder getMaterialInformationHolder(String sessionToken,
MaterialIdentifier identifier);
@@ -857,7 +857,7 @@ public interface ICommonServer extends IServer
* Returns file template available during batch operation of entity of given type.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public String getTemplateColumns(String sessionToken, EntityKind kind, String type,
boolean autoGenerate, boolean withExperiments, BatchOperationKind operationKind);
@@ -865,7 +865,7 @@ public interface ICommonServer extends IServer
* Updates file format type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.FILE_FORMAT_TYPE)
public void updateFileFormatType(String sessionToken, AbstractType type);
@@ -873,7 +873,7 @@ public interface ICommonServer extends IServer
* Updates the experiment attachment.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.EXPERIMENT)
public void updateExperimentAttachments(String sessionToken, TechId experimentId,
Attachment attachment);
@@ -882,7 +882,7 @@ public interface ICommonServer extends IServer
* Updates the sample attachment.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.SAMPLE)
public void updateSampleAttachments(String sessionToken, TechId sampleId, Attachment attachment);
@@ -890,26 +890,26 @@ public interface ICommonServer extends IServer
* Updates the project attachment.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.PROJECT)
public void updateProjectAttachments(String sessionToken, TechId projectId,
Attachment attachment);
/** Lists all available datastore services of the specified kind */
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<DatastoreServiceDescription> listDataStoreServices(String sessionToken,
DataStoreServiceKind dataStoreServiceKind);
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public TableModel createReportFromDatasets(
String sessionToken,
DatastoreServiceDescription serviceDescription,
@AuthorizationGuard(guardClass = DataSetCodeCollectionPredicate.class) List<String> datasetCodes);
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
public void processDatasets(
String sessionToken,
DatastoreServiceDescription serviceDescription,
@@ -921,7 +921,7 @@ public interface ICommonServer extends IServer
* @return number of data sets scheduled for archiving.
*/
@Transactional
- @RolesAllowed(RoleSet.SPACE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public int archiveDatasets(
String sessionToken,
@@ -933,7 +933,7 @@ public interface ICommonServer extends IServer
* @return number of data sets scheduled for unarchiving.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public int unarchiveDatasets(
String sessionToken,
@@ -945,7 +945,7 @@ public interface ICommonServer extends IServer
* @return number of data sets scheduled for locking.
*/
@Transactional
- @RolesAllowed(RoleSet.SPACE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public int lockDatasets(
String sessionToken,
@@ -957,7 +957,7 @@ public interface ICommonServer extends IServer
* @return number of data sets scheduled for unlocking.
*/
@Transactional
- @RolesAllowed(RoleSet.SPACE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public int unlockDatasets(
String sessionToken,
@@ -967,14 +967,14 @@ public interface ICommonServer extends IServer
* Returns all authorization groups.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<AuthorizationGroup> listAuthorizationGroups(String sessionToken);
/**
* Saves changed authorization group.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.AUTHORIZATION_GROUP)
public Date updateAuthorizationGroup(String sessionToken, AuthorizationGroupUpdates updates);
@@ -982,7 +982,7 @@ public interface ICommonServer extends IServer
* Returns all persons belonging to given authorization group.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<Person> listPersonInAuthorizationGroup(String sessionToken,
TechId authorizatonGroupId);
@@ -990,7 +990,7 @@ public interface ICommonServer extends IServer
* Adds specified persons to given authorization group.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
public void addPersonsToAuthorizationGroup(String sessionToken, TechId authorizationGroupId,
List<String> personsCodes);
@@ -998,7 +998,7 @@ public interface ICommonServer extends IServer
* Removes specified persons from given authorization group.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
public void removePersonsFromAuthorizationGroup(String sessionToken,
TechId authorizationGroupId, List<String> personsCodes);
@@ -1006,7 +1006,7 @@ public interface ICommonServer extends IServer
* Lists filters available for selected grid.
*/
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = ExpressionValidator.class)
public List<GridCustomFilter> listFilters(String sessionToken, String gridId);
@@ -1014,7 +1014,7 @@ public interface ICommonServer extends IServer
* Creates a new filter.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.GRID_CUSTOM_FILTER)
public void registerFilter(String sessionToken, NewColumnOrFilter filter);
@@ -1022,7 +1022,7 @@ public interface ICommonServer extends IServer
* Deletes specified filters.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.GRID_CUSTOM_FILTER)
public void deleteFilters(
String sessionToken,
@@ -1032,7 +1032,7 @@ public interface ICommonServer extends IServer
* Updates a filter.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.GRID_CUSTOM_FILTER)
public void updateFilter(
String sessionToken,
@@ -1044,7 +1044,7 @@ public interface ICommonServer extends IServer
* Lists columns available for selected grid.
*/
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = ExpressionValidator.class)
public List<GridCustomColumn> listGridCustomColumns(String sessionToken, String gridId);
@@ -1052,7 +1052,7 @@ public interface ICommonServer extends IServer
* Creates a new column.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.GRID_CUSTOM_COLUMN)
public void registerGridCustomColumn(String sessionToken, NewColumnOrFilter column);
@@ -1060,7 +1060,7 @@ public interface ICommonServer extends IServer
* Deletes specified columns.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.GRID_CUSTOM_COLUMN)
public void deleteGridCustomColumns(
String sessionToken,
@@ -1070,7 +1070,7 @@ public interface ICommonServer extends IServer
* Updates a column.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.GRID_CUSTOM_COLUMN)
public void updateGridCustomColumn(
String sessionToken,
@@ -1080,7 +1080,7 @@ public interface ICommonServer extends IServer
* Updates vocabulary terms.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.VOCABULARY_TERM)
public void updateVocabularyTerms(String sessionToken, TechId vocabularyId,
List<VocabularyTerm> terms);
@@ -1089,7 +1089,7 @@ public interface ICommonServer extends IServer
* Deletes specified materials.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.MATERIAL)
public void deleteMaterials(String sessionToken, List<TechId> materialIds, String reason);
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/IETLLIMSService.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/IETLLIMSService.java
index 0e37e403f7a..b47a2e2fa09 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/IETLLIMSService.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/IETLLIMSService.java
@@ -25,7 +25,6 @@ import ch.systemsx.cisd.common.exceptions.UserFailureException;
import ch.systemsx.cisd.openbis.generic.shared.authorization.ISessionProvider;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.AuthorizationGuard;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.ReturnValueFilter;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.DataSetCodeCollectionPredicate;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.DataSetCodePredicate;
@@ -53,6 +52,7 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.IEntityProperty;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ListSampleCriteria;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewExperiment;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewSample;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleType;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseModificationKind.ObjectKind;
@@ -79,14 +79,14 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Returns the home database instance.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public DatabaseInstance getHomeDatabaseInstance(final String sessionToken);
/**
* Registers a Data Store Server for the specified info.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public void registerDataStoreServer(String sessionToken, DataStoreServerInfo dataStoreServerInfo);
/**
@@ -96,7 +96,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @param experimentIdentifier an identifier which uniquely identifies the experiment.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public Experiment tryToGetExperiment(
String sessionToken,
@AuthorizationGuard(guardClass = SpaceIdentifierPredicate.class) ExperimentIdentifier experimentIdentifier)
@@ -112,7 +112,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* <var>sampleIdentifier</var>.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public Sample tryGetSampleWithExperiment(
final String sessionToken,
@AuthorizationGuard(guardClass = SampleOwnerIdentifierPredicate.class) final SampleIdentifier sampleIdentifier)
@@ -124,7 +124,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @return <code>null</code> if nothing found.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public SampleIdentifier tryToGetSampleIdentifier(String sessionToken, String samplePermID)
throws UserFailureException;
@@ -133,7 +133,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* type code.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public ExperimentType getExperimentType(String sessionToken, String experimentTypeCode)
throws UserFailureException;
@@ -141,7 +141,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Returns the SampleType together with assigned property types for specified sample type code.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public SampleType getSampleType(String sessionToken, String sampleTypeCode)
throws UserFailureException;
@@ -150,7 +150,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* code.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public DataSetTypeWithVocabularyTerms getDataSetType(String sessionToken, String dataSetTypeCode)
throws UserFailureException;
@@ -160,7 +160,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @return a sorted list of {@link ExternalData}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public List<ExternalData> listDataSetsByExperimentID(
final String sessionToken,
@AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class) final TechId experimentID)
@@ -172,7 +172,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @return a sorted list of {@link ExternalData}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public List<ExternalData> listDataSetsBySampleID(final String sessionToken,
@AuthorizationGuard(guardClass = SampleTechIdPredicate.class) final TechId sampleId,
final boolean showOnlyDirectlyConnected) throws UserFailureException;
@@ -183,7 +183,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @return a sorted list of {@link Sample}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@ReturnValueFilter(validatorClass = SampleValidator.class)
public List<Sample> listSamples(
final String sessionToken,
@@ -199,7 +199,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* sample found with no properties.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public IEntityProperty[] tryToGetPropertiesOfTopSampleRegisteredFor(
final String sessionToken,
@AuthorizationGuard(guardClass = SampleOwnerIdentifierPredicate.class) final SampleIdentifier sampleIdentifier)
@@ -209,7 +209,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Registers experiment.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.EXPERIMENT)
public long registerExperiment(String sessionToken,
@AuthorizationGuard(guardClass = NewExperimentPredicate.class) NewExperiment experiment)
@@ -221,7 +221,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @return the technical ID of the new sample.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SAMPLE)
public long registerSample(final String sessionToken,
@AuthorizationGuard(guardClass = NewSamplePredicate.class) final NewSample newSample,
@@ -231,7 +231,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Saves changed sample.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseUpdateModification(value = ObjectKind.SAMPLE)
public void updateSample(String sessionToken,
@AuthorizationGuard(guardClass = SampleUpdatesPredicate.class) SampleUpdatesDTO updates);
@@ -248,7 +248,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* layer.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.DATA_SET)
public void registerDataSet(
final String sessionToken,
@@ -267,7 +267,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* layer.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.DATA_SET)
public void registerDataSet(
final String sessionToken,
@@ -279,7 +279,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* dataset.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public void checkDataSetAccess(String sessionToken,
@AuthorizationGuard(guardClass = DataSetCodePredicate.class) String dataSetCode)
throws UserFailureException;
@@ -291,7 +291,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @param dataSetCodes The data set codes the user wants to access.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public void checkDataSetCollectionAccess(
String sessionToken,
@AuthorizationGuard(guardClass = DataSetCodeCollectionPredicate.class) List<String> dataSetCodes);
@@ -300,7 +300,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Tries to return the data set specified by its code.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public ExternalData tryGetDataSet(String sessionToken,
@AuthorizationGuard(guardClass = DataSetCodePredicate.class) String dataSetCode)
throws UserFailureException;
@@ -309,7 +309,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Creates and returns a unique code for a new data set.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public String createDataSetCode(final String sessionToken) throws UserFailureException;
/**
@@ -317,7 +317,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* experiments etc. which is guaranteed to be unique.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public long drawANewUniqueID(String sessionToken) throws UserFailureException;
/**
@@ -325,7 +325,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* to see the details.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public List<Sample> listSamplesByCriteria(
final String sessionToken,
@AuthorizationGuard(guardClass = ListSamplesByPropertyPredicate.class) final ListSamplesByPropertyCriteria criteria)
@@ -335,7 +335,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Lists data sets belonging to chosen data store.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public List<SimpleDataSetInformationDTO> listDataSets(final String sessionToken,
String dataStore) throws UserFailureException;
@@ -343,7 +343,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* List data sets deleted after specified date.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public List<DeletedDataSet> listDeletedDataSets(String sessionToken,
Long lastSeenDeletionEventIdOrNull);
@@ -351,7 +351,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* List 'AVAILABLE' data sets (not locked) that match given criteria.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public List<ExternalData> listAvailableDataSets(String sessionToken, String dataStoreCode,
ArchiverDataSetCriteria criteria);
@@ -359,7 +359,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Adds specified properties of given data set. Properties defined before will not be updated.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public void addPropertiesToDataSet(
String sessionToken,
@@ -372,7 +372,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Updates status of given data sets.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public void updateDataSetStatuses(
String sessionToken,
@@ -385,7 +385,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @return number of data sets scheduled for archiving.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public int archiveDatasets(
String sessionToken,
@@ -397,7 +397,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @return number of data sets scheduled for unarchiving.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public int unarchiveDatasets(
String sessionToken,
@@ -407,7 +407,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Returns the URL for the default data store server for this openBIS AS.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public String getDefaultDataStoreBaseURL(String sessionToken);
/**
@@ -417,7 +417,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @param spaceId The id for the space the user wants to access
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
public void checkSpaceAccess(String sessionToken,
@AuthorizationGuard(guardClass = SpaceIdentifierPredicate.class) SpaceIdentifier spaceId);
@@ -425,7 +425,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Load perm ids of samples contained in given container. Register samples that don't exist.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SAMPLE)
public Map<String, String> listOrRegisterComponents(
final String sessionToken,
@@ -436,7 +436,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* For the ETL Server to get data sets.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public ExternalData tryGetDataSetForServer(String sessionToken,
@AuthorizationGuard(guardClass = DataSetCodePredicate.class) String dataSetCode)
throws UserFailureException;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/IServer.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/IServer.java
index 383fd19389a..b4086e0ea5b 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/IServer.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/IServer.java
@@ -23,11 +23,11 @@ import org.springframework.transaction.annotation.Transactional;
import ch.systemsx.cisd.common.exceptions.AuthorizationFailureException;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
import ch.systemsx.cisd.openbis.generic.shared.authorization.ISessionProvider;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DisplaySettings;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.GridCustomColumn;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ServiceVersionHolder;
import ch.systemsx.cisd.openbis.generic.shared.dto.SessionContextDTO;
@@ -102,7 +102,7 @@ public interface IServer extends ISessionProvider
* address or else it will throw an {@link AuthorizationFailureException}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
public void setSessionUser(String sessionToken, String userID);
}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/ITrackingServer.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/ITrackingServer.java
index b0365dae172..ac66d85887a 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/ITrackingServer.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/ITrackingServer.java
@@ -20,13 +20,13 @@ import java.util.List;
import org.springframework.transaction.annotation.Transactional;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ExternalData;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TrackingSampleCriteria;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TrackingDataSetCriteria;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TrackingSampleCriteria;
/**
* Definition of the client-server interface for tracking creation of samples and datasets.
@@ -42,9 +42,8 @@ public interface ITrackingServer extends IServer
* @return a sorted list of {@link Sample}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
- public List<Sample> listSamples(final String sessionToken,
- final TrackingSampleCriteria criteria);
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
+ public List<Sample> listSamples(final String sessionToken, final TrackingSampleCriteria criteria);
/**
* For given sample {@link TechId} returns the corresponding list of {@link ExternalData}.
@@ -52,7 +51,7 @@ public interface ITrackingServer extends IServer
* @return a sorted list of {@link ExternalData}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
public List<ExternalData> listDataSets(final String sessionToken,
final TrackingDataSetCriteria criteria);
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/api/v1/IGeneralInformationService.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/api/v1/IGeneralInformationService.java
index e1064da06ce..e068c6bf4d0 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/api/v1/IGeneralInformationService.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/api/v1/IGeneralInformationService.java
@@ -25,12 +25,11 @@ import org.springframework.transaction.annotation.Transactional;
import ch.systemsx.cisd.common.api.IRpcService;
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.Role;
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.SpaceWithProjectsAndRoleAssignments;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
/**
* Service for retrieving general informations.
- *
+ *
* @author Franz-Josef Elmer
*/
public interface IGeneralInformationService extends IRpcService
@@ -39,12 +38,12 @@ public interface IGeneralInformationService extends IRpcService
* Name of this service for which it is registered at the RPC name server.
*/
public static final String SERVICE_NAME = "general-information";
-
+
/**
* Application part of the URL to access this service remotely.
*/
public static final String SERVICE_URL = "/rmi-" + SERVICE_NAME + "-v1";
-
+
/**
* Tries to authenticate specified user with specified password. Returns session token if
* succeeded otherwise <code>null</code> is returned. The returned session token can be used for
@@ -59,14 +58,14 @@ public interface IGeneralInformationService extends IRpcService
*/
@Transactional(readOnly = true)
public void logout(String sessionToken);
-
+
/**
* Returns all named role sets. The name is the key of the returned map.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.INSTANCE_ADMIN_OBSERVER)
+ @RolesAllowed(ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.INSTANCE_OBSERVER)
public Map<String, Set<Role>> listNamedRoleSets(String sessionToken);
-
+
/**
* Returns all spaces of specified database instance enriched with their projects and role
* assignments.
@@ -75,7 +74,7 @@ public interface IGeneralInformationService extends IRpcService
* for the home database instance is meant.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.INSTANCE_ADMIN_OBSERVER)
+ @RolesAllowed(ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.INSTANCE_OBSERVER)
public List<SpaceWithProjectsAndRoleAssignments> listSpacesWithProjectsAndRoleAssignments(
String sessionToken, String databaseInstanceCodeOrNull);
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/Role.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/Role.java
deleted file mode 100644
index c3501793b17..00000000000
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/Role.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright 2008 ETH Zuerich, CISD
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package ch.systemsx.cisd.openbis.generic.shared.authorization;
-
-import org.apache.commons.lang.builder.EqualsBuilder;
-import org.apache.commons.lang.builder.HashCodeBuilder;
-
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
-
-/**
- * A well defined role, composed of a {@link RoleLevel} and a {@link RoleCode}.
- *
- * @author Christian Ribeaud
- */
-public class Role
-{
- private final RoleLevel roleLevel;
-
- private final RoleCode roleName;
-
- public Role(final RoleLevel roleLevel, final RoleCode roleName)
- {
- assert roleLevel != null : "Unspecified role level";
- assert roleName != null : "Unspecified role name";
- this.roleLevel = roleLevel;
- this.roleName = roleName;
- }
-
- public final RoleLevel getRoleLevel()
- {
- return roleLevel;
- }
-
- public final RoleCode getRoleName()
- {
- return roleName;
- }
-
- //
- // Object
- //
-
- @Override
- public final boolean equals(final Object obj)
- {
- if (obj == this)
- {
- return true;
- }
- if (obj instanceof Role == false)
- {
- return false;
- }
- final Role that = (Role) obj;
- final EqualsBuilder builder = new EqualsBuilder();
- builder.append(roleLevel, that.roleLevel);
- builder.append(roleName, that.roleName);
- return builder.isEquals();
- }
-
- @Override
- public final int hashCode()
- {
- final HashCodeBuilder builder = new HashCodeBuilder();
- builder.append(roleLevel);
- builder.append(roleName);
- return builder.toHashCode();
- }
-
- @Override
- public String toString()
- {
- return roleLevel + "." + roleName;
- }
-
- //
- // Helper classes
- //
-
- public static enum RoleLevel
- {
- INSTANCE, SPACE;
- }
-
-}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/RoleWithIdentifier.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/RoleWithIdentifier.java
index 0654f197de6..07b90df392b 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/RoleWithIdentifier.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/RoleWithIdentifier.java
@@ -17,14 +17,16 @@
package ch.systemsx.cisd.openbis.generic.shared.authorization;
import ch.rinn.restrictions.Private;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleLevel;
import ch.systemsx.cisd.openbis.generic.shared.dto.DatabaseInstancePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.IdentifierHelper;
/**
- * Stores the {@link Role} and the "owner" to which this role is connected: database instance or a
+ * Stores the {@link RoleWithHierarchy} and the "owner" to which this role is connected: database instance or a
* group.
* <p>
* Note that {@link #equals(Object)} resp. {@link #hashCode()} are not overridden and so do not
@@ -33,8 +35,11 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.IdentifierHelper;
*
* @author Christian Ribeaud
*/
-public final class RoleWithIdentifier extends Role
+public final class RoleWithIdentifier
{
+
+ RoleWithHierarchy role;
+
private final DatabaseInstancePE databaseInstanceOrNull;
private final GroupPE groupOrNull;
@@ -43,7 +48,7 @@ public final class RoleWithIdentifier extends Role
RoleWithIdentifier(final RoleLevel roleGroup, final RoleCode roleName,
final DatabaseInstancePE databaseInstanceOrNull, final GroupPE groupOrNull)
{
- super(roleGroup, roleName);
+ role = RoleWithHierarchy.valueOf(roleGroup, roleName);
if (RoleLevel.SPACE.equals(roleGroup))
{
assert groupOrNull != null : "Unspecified identifier";
@@ -125,4 +130,19 @@ public final class RoleWithIdentifier extends Role
return IdentifierHelper.createGroupIdentifier(groupOrNull).toString();
}
}
+
+ public RoleLevel getRoleLevel()
+ {
+ return role.getRoleLevel();
+ }
+
+ public RoleCode getRoleName()
+ {
+ return role.getRoleCode();
+ }
+
+ public RoleWithHierarchy getRole()
+ {
+ return role;
+ }
}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/annotation/RoleSet.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/annotation/RoleSet.java
deleted file mode 100644
index 9988ce4fa09..00000000000
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/annotation/RoleSet.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright 2008 ETH Zuerich, CISD
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package ch.systemsx.cisd.openbis.generic.shared.authorization.annotation;
-
-import java.util.Arrays;
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-import ch.systemsx.cisd.common.collections.CollectionUtils;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.Role;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.Role.RoleLevel;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
-
-/**
- * An enumeration which defines some role sets.
- *
- * @author Christian Ribeaud
- */
-public enum RoleSet
-{
- NONE(),
-
- INSTANCE_ADMIN(instanceRole(RoleCode.ADMIN)),
-
- SPACE_ADMIN(INSTANCE_ADMIN, spaceRole(RoleCode.ADMIN)),
-
- POWER_USER(SPACE_ADMIN, spaceRole(RoleCode.POWER_USER)),
-
- USER(POWER_USER, spaceRole(RoleCode.USER)),
-
- INSTANCE_ADMIN_OBSERVER(INSTANCE_ADMIN, instanceRole(RoleCode.OBSERVER)),
-
- OBSERVER(USER, spaceRole(RoleCode.OBSERVER)),
-
- ETL_SERVER(INSTANCE_ADMIN, spaceRole(RoleCode.ETL_SERVER), instanceRole(RoleCode.ETL_SERVER));
-
- private final Set<Role> roles;
-
- private RoleSet(final RoleSet roleSet, final Role... roles)
- {
- this(roles);
- this.roles.addAll(roleSet.roles);
- }
-
- private RoleSet(final Role... roles)
- {
- this.roles = new LinkedHashSet<Role>();
- this.roles.addAll(Arrays.asList(roles));
- }
-
- private static Role spaceRole(final RoleCode roleCode)
- {
- return createRole(RoleLevel.SPACE, roleCode);
- }
-
- private static Role instanceRole(final RoleCode roleCode)
- {
- return createRole(RoleLevel.INSTANCE, roleCode);
- }
-
- private static Role createRole(final RoleLevel level, final RoleCode roleCode)
- {
- return new Role(level, roleCode);
- }
-
- public final Set<Role> getRoles()
- {
- return roles;
- }
-
- @Override
- public String toString()
- {
- return CollectionUtils.abbreviate(roles, -1);
- }
-}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/annotation/RolesAllowed.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/annotation/RolesAllowed.java
index 810962c70ce..3894826831e 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/annotation/RolesAllowed.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/annotation/RolesAllowed.java
@@ -22,6 +22,8 @@ import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
+
/**
* The roles that are allowed to execute an <i>openBIS</i> method.
* <p>
@@ -41,5 +43,6 @@ public @interface RolesAllowed
* Should be the primary choice to specify roles.
* </p>
*/
- RoleSet value() default RoleSet.NONE;
+ RoleWithHierarchy[] value() default {};
+
}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/AbstractGroupPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/AbstractGroupPredicate.java
index 9617d1068e0..47f70d58bd5 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/AbstractGroupPredicate.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/AbstractGroupPredicate.java
@@ -22,7 +22,7 @@ import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
import ch.systemsx.cisd.openbis.generic.shared.authorization.IAuthorizationDataProvider;
import ch.systemsx.cisd.openbis.generic.shared.authorization.RoleWithIdentifier;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.Role.RoleLevel;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleLevel;
import ch.systemsx.cisd.openbis.generic.shared.dto.DatabaseInstancePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/AbstractTechIdPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/AbstractTechIdPredicate.java
index 02433a520b9..78a04e44165 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/AbstractTechIdPredicate.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/AbstractTechIdPredicate.java
@@ -19,8 +19,8 @@ package ch.systemsx.cisd.openbis.generic.shared.authorization.predicate;
import java.util.List;
import ch.systemsx.cisd.common.exceptions.Status;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.SpaceOwnerKind;
import ch.systemsx.cisd.openbis.generic.shared.authorization.RoleWithIdentifier;
+import ch.systemsx.cisd.openbis.generic.shared.authorization.SpaceOwnerKind;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.dto.DatabaseInstancePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/DatabaseInstanceIdentifierPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/DatabaseInstanceIdentifierPredicate.java
index fe498465781..a1bbf327068 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/DatabaseInstanceIdentifierPredicate.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/DatabaseInstanceIdentifierPredicate.java
@@ -20,7 +20,7 @@ import java.util.List;
import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.openbis.generic.shared.authorization.RoleWithIdentifier;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.Role.RoleLevel;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleLevel;
import ch.systemsx.cisd.openbis.generic.shared.dto.DatabaseInstancePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.DatabaseInstanceIdentifier;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/ExpressionValidator.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/ExpressionValidator.java
index 83305a1c889..fb4e0b1d4d4 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/ExpressionValidator.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/ExpressionValidator.java
@@ -22,10 +22,10 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.AbstractExpression;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseInstance;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Person;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.DatabaseInstancePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
/**
* A {@link IValidator} implementation for grid custom filter or column. Public internal class
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/MatchingEntityValidator.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/MatchingEntityValidator.java
index 652efce7293..9284d8a0f3f 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/MatchingEntityValidator.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/MatchingEntityValidator.java
@@ -16,8 +16,8 @@
package ch.systemsx.cisd.openbis.generic.shared.authorization.validator;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.MatchingEntity;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
/**
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/ProjectValidator.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/ProjectValidator.java
index d7d497f0e22..de74d78ee00 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/ProjectValidator.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/ProjectValidator.java
@@ -16,8 +16,8 @@
package ch.systemsx.cisd.openbis.generic.shared.authorization.validator;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Project;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
/**
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/SampleValidator.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/SampleValidator.java
index 0cc9136df97..b541a474ec1 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/SampleValidator.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/SampleValidator.java
@@ -17,8 +17,8 @@
package ch.systemsx.cisd.openbis.generic.shared.authorization.validator;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseInstance;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
/**
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleAssignment.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleAssignment.java
index 87cb9eec480..fd4cbb0cefc 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleAssignment.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleAssignment.java
@@ -16,6 +16,7 @@
package ch.systemsx.cisd.openbis.generic.shared.basic.dto;
+
/**
* The DTO for authorization role assignments.
*
@@ -25,7 +26,7 @@ public final class RoleAssignment extends Code<RoleAssignment>
{
private static final long serialVersionUID = ServiceVersionHolder.VERSION;
- private RoleSetCode roleSetCode;
+ private RoleWithHierarchy role;
private Person person;
@@ -49,14 +50,14 @@ public final class RoleAssignment extends Code<RoleAssignment>
{
}
- public final RoleSetCode getRoleSetCode()
+ public final RoleWithHierarchy getRoleSetCode()
{
- return roleSetCode;
+ return role;
}
- public final void setRoleSetCode(RoleSetCode roleSetCode)
+ public final void setRoleSetCode(RoleWithHierarchy roleSetCode)
{
- this.roleSetCode = roleSetCode;
+ this.role = roleSetCode;
setCode(roleSetCode.toString());
}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleSetCode.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleSetCode.java
deleted file mode 100644
index ae7059386ed..00000000000
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleSetCode.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2009 ETH Zuerich, CISD
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package ch.systemsx.cisd.openbis.generic.shared.basic.dto;
-
-import com.google.gwt.user.client.rpc.IsSerializable;
-
-/**
- * @author Franz-Josef Elmer
- */
-public enum RoleSetCode implements IsSerializable
-{
- OBSERVER(true), USER(true), POWER_USER(true), SPACE_ETL_SERVER(true), SPACE_ADMIN(true),
- INSTANCE_ETL_SERVER(false), INSTANCE_ADMIN(false), INSTANCE_ADMIN_OBSERVER(false);
-
- private final boolean spaceLevel;
-
- private RoleSetCode(boolean spaceLevel)
- {
- this.spaceLevel = spaceLevel;
- }
-
- public final boolean isSpaceLevel()
- {
- return spaceLevel;
- }
-
-}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleWithHierarchy.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleWithHierarchy.java
new file mode 100644
index 00000000000..ccb30ebc980
--- /dev/null
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleWithHierarchy.java
@@ -0,0 +1,173 @@
+/*
+ * Copyright 2010 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.shared.basic.dto;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import com.google.gwt.user.client.rpc.IsSerializable;
+
+/**
+ * Hierarchical role. Combines {@link RoleCode} with {@link RoleLevel} and a set of
+ * {@link RoleWithHierarchy}s that are stronger.
+ * <p>
+ * Available roles can:
+ * <li>be presented to the user
+ * <li>be easily mapped to database structure
+ * <li>be used to restrict access to server methods
+ * <li>define the role hierarchy by specifying which roles are stronger (users that have only the
+ * "stronger" role will also be able to access given server method)
+ * </p>
+ *
+ * @author Izabela Adamczyk
+ */
+public enum RoleWithHierarchy implements IsSerializable
+{
+ //
+ // NOTE: Each role should match the following naming convention: <RoleLevel>_<RoleCode>,
+ // it will be used to automatically figure the RoleLevel and RoleCode.
+ //
+
+ INSTANCE_ADMIN,
+
+ INSTANCE_OBSERVER(INSTANCE_ADMIN),
+
+ INSTANCE_ETL_SERVER(INSTANCE_ADMIN),
+
+ SPACE_ADMIN(INSTANCE_ADMIN),
+
+ SPACE_POWER_USER(SPACE_ADMIN),
+
+ SPACE_USER(SPACE_POWER_USER),
+
+ SPACE_OBSERVER(SPACE_USER),
+
+ SPACE_ETL_SERVER(INSTANCE_ETL_SERVER),
+
+ ;
+
+ public static enum RoleLevel implements IsSerializable
+ {
+ INSTANCE, SPACE;
+ }
+
+ /**
+ * Role codes corresponding to values stored in the database.
+ */
+ // NOTE: Adding values to this class should be followed by extending appropriate database
+ // domain.
+ public static enum RoleCode implements IsSerializable
+ {
+ ADMIN, USER, POWER_USER, OBSERVER, ETL_SERVER;
+ }
+
+ /**
+ * Returns the {@link RoleWithHierarchy} defined by given {@link RoleLevel} and {@link RoleCode}
+ */
+ public static RoleWithHierarchy valueOf(final RoleLevel roleLevel, final RoleCode roleCode)
+ {
+ return RoleWithHierarchy.valueOf(roleLevel.name() + SEPARATOR + roleCode.name());
+ }
+
+ private static final String ERROR_MSG_ROLE_DOESN_T_MATCH_NAMING_CONVENTION =
+ "Role doesn't match naming convention";
+
+ private static final String SEPARATOR = "_";
+
+ private final RoleCode roleCode;
+
+ private final RoleLevel roleLevel;
+
+ private final Set<RoleWithHierarchy> strongerRoles = new HashSet<RoleWithHierarchy>();
+
+ private RoleWithHierarchy(RoleWithHierarchy... strongerRoles)
+ {
+ roleLevel = figureRoleLevel(name());
+ roleCode = figureRoleCode(name(), roleLevel);
+ for (RoleWithHierarchy strongerRole : strongerRoles)
+ {
+ getStrongerRoles().add(strongerRole);
+ for (RoleWithHierarchy role : strongerRole.getStrongerRoles())
+ {
+ getStrongerRoles().add(role);
+ }
+ }
+ }
+
+ private Set<RoleWithHierarchy> getStrongerRoles()
+ {
+ return strongerRoles;
+ }
+
+ static RoleLevel figureRoleLevel(String roleWithHierarchyName)
+ {
+ for (RoleLevel level : RoleLevel.values())
+ {
+ if (roleWithHierarchyName.startsWith(level.name() + SEPARATOR))
+ {
+ return level;
+ }
+ }
+ throw new IllegalArgumentException(ERROR_MSG_ROLE_DOESN_T_MATCH_NAMING_CONVENTION);
+ }
+
+ static RoleCode figureRoleCode(String roleWithHierarchyName, RoleLevel roleLevel)
+ {
+ for (RoleCode code : RoleCode.values())
+ {
+ if (code.name().equals(roleWithHierarchyName.substring(roleLevel.name().length() + 1)))
+ {
+ return code;
+ }
+ }
+ throw new IllegalArgumentException(ERROR_MSG_ROLE_DOESN_T_MATCH_NAMING_CONVENTION);
+ }
+
+ public Set<RoleWithHierarchy> getRoles()
+ {
+ HashSet<RoleWithHierarchy> roles = new HashSet<RoleWithHierarchy>(strongerRoles);
+ roles.add(this);
+ return roles;
+ }
+
+ public boolean isInstanceLevel()
+ {
+ return roleLevel.equals(RoleLevel.INSTANCE);
+ }
+
+ public boolean isSpaceLevel()
+ {
+ return roleLevel.equals(RoleLevel.SPACE);
+ }
+
+ public RoleLevel getRoleLevel()
+ {
+ return roleLevel;
+ }
+
+ public final RoleCode getRoleCode()
+ {
+ return roleCode;
+ }
+
+ @Override
+ public String toString()
+ {
+ return name();
+ }
+
+}
\ No newline at end of file
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/NewRoleAssignment.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/NewRoleAssignment.java
index 9b3e6ec53d3..757f8c691a4 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/NewRoleAssignment.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/NewRoleAssignment.java
@@ -22,6 +22,7 @@ import ch.systemsx.cisd.common.annotation.BeanProperty;
import ch.systemsx.cisd.common.utilities.AbstractHashable;
import ch.systemsx.cisd.openbis.generic.shared.IServer;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Grantee;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.DatabaseInstanceIdentifier;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.SpaceIdentifier;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/RoleAssignmentPE.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/RoleAssignmentPE.java
index 25cda7a07bb..35c1a0ec001 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/RoleAssignmentPE.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/RoleAssignmentPE.java
@@ -42,6 +42,7 @@ import ch.rinn.restrictions.Private;
import ch.systemsx.cisd.common.utilities.ModifiedShortPrefixToStringStyle;
import ch.systemsx.cisd.openbis.generic.shared.IServer;
import ch.systemsx.cisd.openbis.generic.shared.basic.IIdHolder;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.util.EqualsHashUtils;
/**
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/RoleCode.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/RoleCode.java
deleted file mode 100644
index 70b6abfe355..00000000000
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/RoleCode.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright 2008 ETH Zuerich, CISD
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package ch.systemsx.cisd.openbis.generic.shared.dto;
-
-/**
- * The <i>openBIS</i> role codes.
- * <p>
- * These names reflect the ones that could be found in the database.
- * </p>
- *
- * @author Christian Ribeaud
- */
-public enum RoleCode
-{
- ADMIN, USER, POWER_USER, OBSERVER, ETL_SERVER;
-}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/identifier/IdentifierHelper.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/identifier/IdentifierHelper.java
index 6bcf8da7a79..fcd7dc9eabc 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/identifier/IdentifierHelper.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/identifier/IdentifierHelper.java
@@ -23,11 +23,11 @@ import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewExperiment;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewSample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewSamplesWithTypes;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.dto.DatabaseInstancePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.ExperimentPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/translator/RoleAssignmentTranslator.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/translator/RoleAssignmentTranslator.java
index 98cc5e6c366..5f7eb09b6b9 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/translator/RoleAssignmentTranslator.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/translator/RoleAssignmentTranslator.java
@@ -19,8 +19,9 @@ package ch.systemsx.cisd.openbis.generic.shared.translator;
import java.util.ArrayList;
import java.util.List;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleAssignment;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleSetCode;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleLevel;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
/**
@@ -61,48 +62,17 @@ public final class RoleAssignmentTranslator
return result;
}
- private final static RoleSetCode getRoleCode(final RoleAssignmentPE role)
+ private final static RoleWithHierarchy getRoleCode(final RoleAssignmentPE role)
{
- RoleSetCode code;
- switch (role.getRole())
+ RoleLevel roleLevel = null;
+ if (role.getGroup() != null)
{
- case ADMIN:
- if (role.getGroup() == null)
- {
- code = RoleSetCode.INSTANCE_ADMIN;
- } else
- {
- code = RoleSetCode.SPACE_ADMIN;
- }
- break;
- case OBSERVER:
- if (role.getGroup() == null)
- {
- code = RoleSetCode.INSTANCE_ADMIN_OBSERVER;
- } else
- {
- code = RoleSetCode.OBSERVER;
- }
- break;
- case USER:
- code = RoleSetCode.USER;
- break;
- case POWER_USER:
- code = RoleSetCode.POWER_USER;
- break;
- case ETL_SERVER:
- if (role.getGroup() == null)
- {
- code = RoleSetCode.INSTANCE_ETL_SERVER;
- } else
- {
- code = RoleSetCode.SPACE_ETL_SERVER;
- }
- break;
- default:
- throw new IllegalArgumentException("Unknown role");
+ roleLevel = RoleLevel.SPACE;
}
- return code;
+ if (role.getDatabaseInstance() != null)
+ {
+ roleLevel = RoleLevel.INSTANCE;
+ }
+ return RoleWithHierarchy.valueOf(roleLevel, role.getRole());
}
-
}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/demo/client/web/client/application/module/TopMenuItemDemoModuleMenu.java b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/demo/client/web/client/application/module/TopMenuItemDemoModuleMenu.java
index 6090f471ebe..e325c242a6c 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/demo/client/web/client/application/module/TopMenuItemDemoModuleMenu.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/demo/client/web/client/application/module/TopMenuItemDemoModuleMenu.java
@@ -21,9 +21,9 @@ import com.extjs.gxt.ui.client.widget.menu.MenuItem;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.GenericConstants;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.IViewContext;
+import ch.systemsx.cisd.openbis.generic.client.web.client.application.framework.AbstractTabItemFactory;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.framework.DefaultTabItem;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.framework.ITabItem;
-import ch.systemsx.cisd.openbis.generic.client.web.client.application.framework.AbstractTabItemFactory;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.help.HelpPageIdentifier;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.menu.ActionMenu;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.menu.IActionMenuItem;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/demo/shared/IDemoServer.java b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/demo/shared/IDemoServer.java
index 65551019324..7b567646c8d 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/demo/shared/IDemoServer.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/demo/shared/IDemoServer.java
@@ -24,13 +24,13 @@ import ch.systemsx.cisd.common.exceptions.UserFailureException;
import ch.systemsx.cisd.openbis.generic.shared.DatabaseCreateOrDeleteModification;
import ch.systemsx.cisd.openbis.generic.shared.IServer;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.AuthorizationGuard;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.NewSamplePredicate;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.SampleTechIdPredicate;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewAttachment;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewSample;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleParentWithDerived;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseModificationKind.ObjectKind;
@@ -46,7 +46,7 @@ public interface IDemoServer extends IServer
* Returns number of experiments.
*/
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public int getNumberOfExperiments(String sessionToken);
/**
@@ -57,7 +57,7 @@ public interface IDemoServer extends IServer
* uniquely identified by given <var>sampleId</var> does not exist.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public SampleParentWithDerived getSampleInfo(final String sessionToken,
@AuthorizationGuard(guardClass = SampleTechIdPredicate.class) final TechId sampleId)
throws UserFailureException;
@@ -66,7 +66,7 @@ public interface IDemoServer extends IServer
* Registers a new sample.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SAMPLE)
public void registerSample(final String sessionToken,
@AuthorizationGuard(guardClass = NewSamplePredicate.class) final NewSample newSample,
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/GenericSampleBatchUpdateForm.java b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/GenericSampleBatchUpdateForm.java
index 7371b0f245d..3a05e7f142a 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/GenericSampleBatchUpdateForm.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/GenericSampleBatchUpdateForm.java
@@ -46,8 +46,8 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.Windo
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.BatchRegistrationResult;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.BatchOperationKind;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.EntityKind;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleType;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.plugin.generic.client.web.client.IGenericClientServiceAsync;
/**
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/GenericSampleEditForm.java b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/GenericSampleEditForm.java
index 24e6d0e766c..aa1ad7e12ce 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/GenericSampleEditForm.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/GenericSampleEditForm.java
@@ -19,20 +19,20 @@ package ch.systemsx.cisd.openbis.plugin.generic.client.web.client.application.sa
import java.util.Date;
import java.util.List;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.AbstractAsyncCallback;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.IViewContext;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.framework.DatabaseModificationAwareComponent;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.AbstractRegistrationForm;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.GroupSelectionWidget;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.ExperimentIdentifier;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.SampleUpdates;
import ch.systemsx.cisd.openbis.generic.shared.basic.IIdAndCodeHolder;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Experiment;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.IEntityProperty;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewAttachment;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.plugin.generic.client.web.client.IGenericClientServiceAsync;
/**
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/GenericSampleRegistrationForm.java b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/GenericSampleRegistrationForm.java
index 9c011ae8f67..6dc3e74f7a3 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/GenericSampleRegistrationForm.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/GenericSampleRegistrationForm.java
@@ -18,14 +18,14 @@ package ch.systemsx.cisd.openbis.plugin.generic.client.web.client.application.sa
import java.util.List;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.IViewContext;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.AbstractRegistrationForm;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.GroupSelectionWidget;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.IEntityProperty;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewSample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleType;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.plugin.generic.client.web.client.IGenericClientServiceAsync;
/**
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/SampleDataSetsSection.java b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/SampleDataSetsSection.java
index fff3fe9b1cf..9cd3a9e55a0 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/SampleDataSetsSection.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/SampleDataSetsSection.java
@@ -18,8 +18,8 @@ package ch.systemsx.cisd.openbis.plugin.generic.client.web.client.application.sa
import com.extjs.gxt.ui.client.widget.form.CheckBox;
-import ch.systemsx.cisd.openbis.generic.client.web.client.application.DisposableSectionPanel;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.Dict;
+import ch.systemsx.cisd.openbis.generic.client.web.client.application.DisposableSectionPanel;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.IViewContext;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.grid.IDisposableComponent;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/shared/IGenericServer.java b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/shared/IGenericServer.java
index 072e43b3054..08a0e3347ef 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/shared/IGenericServer.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/generic/shared/IGenericServer.java
@@ -27,7 +27,6 @@ import ch.systemsx.cisd.openbis.generic.shared.DatabaseCreateOrDeleteModificatio
import ch.systemsx.cisd.openbis.generic.shared.DatabaseUpdateModification;
import ch.systemsx.cisd.openbis.generic.shared.IServer;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.AuthorizationGuard;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.DataSetUpdatesPredicate;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.ExperimentUpdatesPredicate;
@@ -55,6 +54,7 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewExperiment;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewMaterial;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewSample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewSamplesWithTypes;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleParentWithDerived;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseModificationKind.ObjectKind;
@@ -78,7 +78,7 @@ public interface IGenericServer extends IServer
* uniquely identified by given <var>sampleId</var> does not exist.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public SampleParentWithDerived getSampleInfo(final String sessionToken,
@AuthorizationGuard(guardClass = SampleTechIdPredicate.class) final TechId sampleId)
throws UserFailureException;
@@ -87,7 +87,7 @@ public interface IGenericServer extends IServer
* Registers a new sample.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SAMPLE)
public void registerSample(final String sessionToken,
@AuthorizationGuard(guardClass = NewSamplePredicate.class) final NewSample newSample,
@@ -97,7 +97,7 @@ public interface IGenericServer extends IServer
* For given {@link ExperimentIdentifier} returns the corresponding {@link Experiment}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public Experiment getExperimentInfo(
String sessionToken,
@AuthorizationGuard(guardClass = SpaceIdentifierPredicate.class) ExperimentIdentifier identifier);
@@ -106,7 +106,7 @@ public interface IGenericServer extends IServer
* For given {@link TechId} returns the corresponding {@link Experiment}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public Experiment getExperimentInfo(String sessionToken,
@AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class) TechId experimentId);
@@ -114,14 +114,14 @@ public interface IGenericServer extends IServer
* For given {@link TechId} returns the corresponding {@link Material}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public Material getMaterialInfo(String sessionToken, TechId materialId);
/**
* For given {@link TechId} returns the corresponding {@link ExternalData}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public ExternalData getDataSetInfo(String sessionToken,
@AuthorizationGuard(guardClass = DataSetTechIdPredicate.class) TechId datasetId);
@@ -129,7 +129,7 @@ public interface IGenericServer extends IServer
* Returns attachment described by given experiment identifier, filename and version.
*/
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public AttachmentWithContent getExperimentFileAttachment(String sessionToken,
@AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class) TechId experimentId,
String filename, int version) throws UserFailureException;
@@ -138,7 +138,7 @@ public interface IGenericServer extends IServer
* Registers samples of different types in batches.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SAMPLE)
public void registerSamples(
final String sessionToken,
@@ -149,7 +149,7 @@ public interface IGenericServer extends IServer
* Registers or updates samples of different types in batches.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SAMPLE)
public void registerOrUpdateSamples(
final String sessionToken,
@@ -160,7 +160,7 @@ public interface IGenericServer extends IServer
* Updates samples of different types in batches.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseUpdateModification(value = ObjectKind.SAMPLE)
public void updateSamples(
final String sessionToken,
@@ -171,7 +171,7 @@ public interface IGenericServer extends IServer
* Registers experiment. At the same time samples may be registered or updated.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseCreateOrDeleteModification(value =
{ ObjectKind.EXPERIMENT, ObjectKind.SAMPLE })
@DatabaseUpdateModification(value = ObjectKind.SAMPLE)
@@ -184,7 +184,7 @@ public interface IGenericServer extends IServer
* Registers materials in batch.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.MATERIAL)
public void registerMaterials(String sessionToken, String materialTypeCode,
List<NewMaterial> newMaterials) throws UserFailureException;
@@ -194,7 +194,7 @@ public interface IGenericServer extends IServer
* are not mentioned stay unchanged).
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.MATERIAL)
public void registerOrUpdateMaterials(String sessionToken, String materialTypeCode,
List<NewMaterial> newMaterials) throws UserFailureException;
@@ -203,7 +203,7 @@ public interface IGenericServer extends IServer
* Returns attachment described by given sample identifier, filename and version.
*/
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public AttachmentWithContent getSampleFileAttachment(String sessionToken,
@AuthorizationGuard(guardClass = SampleTechIdPredicate.class) TechId sampleId,
String fileName, int version);
@@ -212,7 +212,7 @@ public interface IGenericServer extends IServer
* Returns attachment described by given project identifier, filename and version.
*/
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public AttachmentWithContent getProjectFileAttachment(String sessionToken,
@AuthorizationGuard(guardClass = ProjectTechIdPredicate.class) TechId projectId,
String fileName, int version);
@@ -221,14 +221,14 @@ public interface IGenericServer extends IServer
* Returns a list of unique codes.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<String> generateCodes(String sessionToken, String prefix, int number);
/**
* Saves changed experiment.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseUpdateModification(value =
{ ObjectKind.EXPERIMENT, ObjectKind.SAMPLE })
public ExperimentUpdateResult updateExperiment(
@@ -239,7 +239,7 @@ public interface IGenericServer extends IServer
* Saves changed material.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.MATERIAL)
public Date updateMaterial(String sessionToken, TechId materialId,
List<IEntityProperty> properties, Date version);
@@ -248,7 +248,7 @@ public interface IGenericServer extends IServer
* Saves changed sample.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseUpdateModification(value = ObjectKind.SAMPLE)
public Date updateSample(String sessionToken,
@AuthorizationGuard(guardClass = SampleUpdatesPredicate.class) SampleUpdatesDTO updates);
@@ -257,7 +257,7 @@ public interface IGenericServer extends IServer
* Saves changed data set.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public DataSetUpdateResult updateDataSet(
String sessionToken,
@@ -267,7 +267,7 @@ public interface IGenericServer extends IServer
* Updates data sets of different types in batches.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public void updateDataSets(
final String sessionToken,
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/client/web/client/IQueryClientService.java b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/client/web/client/IQueryClientService.java
index 26c035ee644..3a297ba5849 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/client/web/client/IQueryClientService.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/client/web/client/IQueryClientService.java
@@ -25,10 +25,10 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.dto.TableExportCriteri
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.TableModelReference;
import ch.systemsx.cisd.openbis.generic.client.web.client.exception.UserFailureException;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.QueryType;
import ch.systemsx.cisd.openbis.plugin.query.shared.basic.dto.IQueryUpdates;
import ch.systemsx.cisd.openbis.plugin.query.shared.basic.dto.NewQuery;
import ch.systemsx.cisd.openbis.plugin.query.shared.basic.dto.QueryDatabase;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.QueryType;
import ch.systemsx.cisd.openbis.plugin.query.shared.basic.dto.QueryExpression;
import ch.systemsx.cisd.openbis.plugin.query.shared.basic.dto.QueryParameterBindings;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/client/web/client/IQueryClientServiceAsync.java b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/client/web/client/IQueryClientServiceAsync.java
index d8163b29863..cfd02d758df 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/client/web/client/IQueryClientServiceAsync.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/client/web/client/IQueryClientServiceAsync.java
@@ -27,10 +27,10 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.dto.TableExportCriteri
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.TableModelReference;
import ch.systemsx.cisd.openbis.generic.client.web.client.exception.UserFailureException;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.QueryType;
import ch.systemsx.cisd.openbis.plugin.query.shared.basic.dto.IQueryUpdates;
import ch.systemsx.cisd.openbis.plugin.query.shared.basic.dto.NewQuery;
import ch.systemsx.cisd.openbis.plugin.query.shared.basic.dto.QueryDatabase;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.QueryType;
import ch.systemsx.cisd.openbis.plugin.query.shared.basic.dto.QueryExpression;
import ch.systemsx.cisd.openbis.plugin.query.shared.basic.dto.QueryParameterBindings;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/server/QueryServer.java b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/server/QueryServer.java
index 40e302a3c84..2684970905d 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/server/QueryServer.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/server/QueryServer.java
@@ -45,9 +45,9 @@ import ch.systemsx.cisd.openbis.generic.server.dataaccess.IDAOFactory;
import ch.systemsx.cisd.openbis.generic.server.dataaccess.IQueryDAO;
import ch.systemsx.cisd.openbis.generic.server.plugin.IDataSetTypeSlaveServerPlugin;
import ch.systemsx.cisd.openbis.generic.server.plugin.ISampleTypeSlaveServerPlugin;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.QueryType;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TableModel;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.QueryPE;
@@ -76,7 +76,7 @@ public class QueryServer extends AbstractServer<IQueryServer> implements IQueryS
private static final String CREATOR_MINIMAL_ROLE_KEY = "creator-minimal-role";
- private static final String DEFAULT_CREATOR_MINIMAL_ROLE = RoleSet.POWER_USER.name();
+ private static final String DEFAULT_CREATOR_MINIMAL_ROLE = RoleWithHierarchy.SPACE_POWER_USER.name();
private static final String DATA_SPACE_KEY = "data-space";
@@ -331,7 +331,7 @@ public class QueryServer extends AbstractServer<IQueryServer> implements IQueryS
}
try
{
- final RoleSet creatorMinimalRole = RoleSet.valueOf(creatorMinimalRoleString);
+ final RoleWithHierarchy creatorMinimalRole = RoleWithHierarchy.valueOf(creatorMinimalRoleString);
definitions.put(databaseKey, new DatabaseDefinition(configurationContext,
databaseKey, label, creatorMinimalRole, dataSpaceOrNull));
} catch (IllegalArgumentException ex)
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/DatabaseDefinition.java b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/DatabaseDefinition.java
index 8a60420c5de..c3f784c1cea 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/DatabaseDefinition.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/DatabaseDefinition.java
@@ -17,7 +17,7 @@
package ch.systemsx.cisd.openbis.plugin.query.shared;
import ch.systemsx.cisd.dbmigration.SimpleDatabaseConfigurationContext;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
/**
@@ -31,12 +31,12 @@ public class DatabaseDefinition
private final GroupPE dataSpaceOrNull;
- private final RoleSet creatorMinimalRole;
+ private final RoleWithHierarchy creatorMinimalRole;
private final SimpleDatabaseConfigurationContext configurationContext;
public DatabaseDefinition(SimpleDatabaseConfigurationContext configurationContext, String key,
- String label, RoleSet creatorMinimalRole, GroupPE dataSpaceOrNull)
+ String label, RoleWithHierarchy creatorMinimalRole, GroupPE dataSpaceOrNull)
{
assert key != null;
assert label != null;
@@ -59,7 +59,7 @@ public class DatabaseDefinition
return label;
}
- public RoleSet getCreatorMinimalRole()
+ public RoleWithHierarchy getCreatorMinimalRole()
{
return creatorMinimalRole;
}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/IQueryServer.java b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/IQueryServer.java
index 2a163ca6ea2..dfed3bf9c18 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/IQueryServer.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/IQueryServer.java
@@ -24,11 +24,11 @@ import ch.systemsx.cisd.openbis.generic.shared.DatabaseCreateOrDeleteModificatio
import ch.systemsx.cisd.openbis.generic.shared.DatabaseUpdateModification;
import ch.systemsx.cisd.openbis.generic.shared.IServer;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.ReturnValueFilter;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
import ch.systemsx.cisd.openbis.generic.shared.authorization.validator.ExpressionValidator;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.QueryType;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TableModel;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseModificationKind.ObjectKind;
import ch.systemsx.cisd.openbis.plugin.query.shared.authorization.QueryAccessController;
@@ -46,40 +46,40 @@ public interface IQueryServer extends IServer
{
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public int initDatabases(String sessionToken);
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<QueryDatabase> listQueryDatabases(String sessionToken);
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public TableModel queryDatabase(String sessionToken, QueryDatabase database, String sqlQuery,
QueryParameterBindings bindings);
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public TableModel queryDatabase(String sessionToken, TechId queryId,
QueryParameterBindings bindings);
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = ExpressionValidator.class)
public List<QueryExpression> listQueries(String sessionToken, QueryType queryType);
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.QUERY)
public void registerQuery(String sessionToken, NewQuery expression);
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.QUERY)
public void deleteQueries(String sessionToken, List<TechId> queryIds);
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@DatabaseUpdateModification(value = ObjectKind.QUERY)
public void updateQuery(String sessionToken, IQueryUpdates updates);
}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/AuthorizationChecker.java b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/AuthorizationChecker.java
index ae25e60e58d..ee6765fb625 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/AuthorizationChecker.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/AuthorizationChecker.java
@@ -20,10 +20,9 @@ import java.util.List;
import java.util.Set;
import ch.systemsx.cisd.openbis.generic.server.authorization.DefaultAccessController;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.Role;
import ch.systemsx.cisd.openbis.generic.shared.authorization.RoleWithIdentifier;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.Role.RoleLevel;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleLevel;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
@@ -36,13 +35,13 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
public class AuthorizationChecker implements IAuthorizationChecker
{
- public boolean isAuthorized(PersonPE person, GroupPE dataSpaceOrNull, RoleSet minimalRole)
+ public boolean isAuthorized(PersonPE person, GroupPE dataSpaceOrNull, RoleWithHierarchy minimalRole)
{
- final Set<Role> requiredRoles = minimalRole.getRoles();
+ final Set<RoleWithHierarchy> requiredRoles = minimalRole.getRoles();
if (person != null)
{
List<RoleWithIdentifier> userRoles = DefaultAccessController.getUserRoles(person);
- userRoles.retainAll(requiredRoles);
+ DefaultAccessController.retainMatchingRoleWithIdentifiers(userRoles, requiredRoles);
if (userRoles.size() > 0)
{
if (dataSpaceOrNull == null)
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/IAuthorizationChecker.java b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/IAuthorizationChecker.java
index c14b8bf3c31..f6606434574 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/IAuthorizationChecker.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/IAuthorizationChecker.java
@@ -16,7 +16,7 @@
package ch.systemsx.cisd.openbis.plugin.query.shared.authorization;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
@@ -27,5 +27,5 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
*/
public interface IAuthorizationChecker
{
- boolean isAuthorized(PersonPE person, GroupPE dataSpaceOrNull, RoleSet minimalRole);
+ boolean isAuthorized(PersonPE person, GroupPE dataSpaceOrNull, RoleWithHierarchy minimalRole);
}
\ No newline at end of file
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/QueryAccessController.java b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/QueryAccessController.java
index be283480c65..9df6251608f 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/QueryAccessController.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/QueryAccessController.java
@@ -25,7 +25,7 @@ import ch.systemsx.cisd.common.logging.LogCategory;
import ch.systemsx.cisd.common.logging.LogFactory;
import ch.systemsx.cisd.openbis.generic.server.authorization.AuthorizationAdvisor;
import ch.systemsx.cisd.openbis.generic.server.dataaccess.IDAOFactory;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TableModel;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
@@ -54,7 +54,7 @@ public class QueryAccessController
DatabaseDefinition database = definitionsByDbKey.get(dbKey);
PersonPE person = session.tryGetPerson();
GroupPE dataSpaceOrNull = database.tryGetDataSpace();
- RoleSet minimalRole = database.getCreatorMinimalRole();
+ RoleWithHierarchy minimalRole = database.getCreatorMinimalRole();
checkAuthorization(session, operation, database, person, dataSpaceOrNull, minimalRole);
}
@@ -64,14 +64,14 @@ public class QueryAccessController
DatabaseDefinition database = definitionsByDbKey.get(dbKey);
PersonPE person = session.tryGetPerson();
GroupPE dataSpaceOrNull = database.tryGetDataSpace();
- RoleSet minimalRole = RoleSet.OBSERVER;
+ RoleWithHierarchy minimalRole = RoleWithHierarchy.SPACE_OBSERVER;
checkAuthorization(session, "perform", database, person, dataSpaceOrNull, minimalRole);
}
private static void checkAuthorization(Session session, String operation,
DatabaseDefinition database, PersonPE person, GroupPE dataSpaceOrNull,
- RoleSet minimalRole)
+ RoleWithHierarchy minimalRole)
{
if (isAuthorized(person, dataSpaceOrNull, minimalRole) == false)
{
@@ -82,13 +82,13 @@ public class QueryAccessController
}
}
- static boolean isAuthorized(PersonPE person, GroupPE dataSpaceOrNull, RoleSet minimalRole)
+ static boolean isAuthorized(PersonPE person, GroupPE dataSpaceOrNull, RoleWithHierarchy minimalRole)
{
return new AuthorizationChecker().isAuthorized(person, dataSpaceOrNull, minimalRole);
}
private static String createErrorMessage(String operation, String userName,
- GroupPE dataSpaceOrNull, RoleSet minimalRole, String database)
+ GroupPE dataSpaceOrNull, RoleWithHierarchy minimalRole, String database)
{
String minimalRoleDescription = minimalRole.name();
if (dataSpaceOrNull != null)
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/result_filter/QueryResultFilter.java b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/result_filter/QueryResultFilter.java
index fcaa9e27f86..9b6816686e2 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/result_filter/QueryResultFilter.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/result_filter/QueryResultFilter.java
@@ -25,9 +25,9 @@ import java.util.Set;
import ch.rinn.restrictions.Private;
import ch.systemsx.cisd.openbis.generic.server.dataaccess.IDAOFactory;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.EntityKind;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ISerializableComparable;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TableModel;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TableModelColumnHeader;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TableModelRow;
@@ -88,7 +88,7 @@ public class QueryResultFilter
ISerializableComparable value = row.getValues().get(c);
if (value != null
&& authorizationChecker.isAuthorized(person, entitySpaces.get(value
- .toString()), RoleSet.OBSERVER) == false)
+ .toString()), RoleWithHierarchy.SPACE_OBSERVER) == false)
{
rowIterator.remove();
continue rowLoop;
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/OpenbisClientTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/OpenbisClientTest.java
index 68981f956f8..ed9b28b461f 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/OpenbisClientTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/OpenbisClientTest.java
@@ -17,11 +17,11 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.EntityKind;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ExternalData;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.IEntityProperty;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TrackingSampleCriteria;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Person;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleParentWithDerived;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TrackingDataSetCriteria;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TrackingSampleCriteria;
import ch.systemsx.cisd.openbis.generic.shared.dto.SessionContextDTO;
import ch.systemsx.cisd.openbis.plugin.generic.shared.IGenericServer;
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/AuthorizationManagementConsolTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/AuthorizationManagementConsolTest.java
index 5b266222b58..58e0cf2222c 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/AuthorizationManagementConsolTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/AuthorizationManagementConsolTest.java
@@ -33,7 +33,7 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.grid.Ab
import ch.systemsx.cisd.openbis.generic.client.web.client.testframework.AbstractGWTTestCase;
import ch.systemsx.cisd.openbis.generic.client.web.client.testframework.FailureExpectation;
import ch.systemsx.cisd.openbis.generic.client.web.client.testframework.Row;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleSetCode;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
/**
* A {@link AbstractGWTTestCase} extension to test <i>AMC</i>.
@@ -82,10 +82,10 @@ public class AuthorizationManagementConsolTest extends AbstractGWTTestCase
remoteConsole.prepare(new OpenRoleAssignmentDialog());
remoteConsole.prepare(FillRoleAssignmentForm.fillPersonRole(TEST_GROUP.toUpperCase(),
- TestConstants.USER_ID_O, RoleSetCode.OBSERVER.toString()));
+ TestConstants.USER_ID_O, RoleWithHierarchy.SPACE_OBSERVER.toString()));
final CheckRoleAssignmentTable table = new CheckRoleAssignmentTable();
table.expectedRow(RoleAssignmentRow.personRoleRow(TEST_GROUP.toUpperCase(),
- TestConstants.USER_ID_O, RoleSetCode.OBSERVER.toString()));
+ TestConstants.USER_ID_O, RoleWithHierarchy.SPACE_OBSERVER.toString()));
remoteConsole.prepare(table);
launchTest();
@@ -97,10 +97,10 @@ public class AuthorizationManagementConsolTest extends AbstractGWTTestCase
remoteConsole.prepare(new OpenRoleAssignmentDialog());
remoteConsole.prepare(FillRoleAssignmentForm.fillAuthorizationGroupRole(TEST_GROUP
- .toUpperCase(), TestConstants.ADMINS_GROUP, RoleSetCode.OBSERVER.toString()));
+ .toUpperCase(), TestConstants.ADMINS_GROUP, RoleWithHierarchy.SPACE_OBSERVER.toString()));
final CheckRoleAssignmentTable table = new CheckRoleAssignmentTable();
table.expectedRow(RoleAssignmentRow.authorizationGroupRoleRow(TEST_GROUP.toUpperCase(),
- ADMINS_GROUP, RoleSetCode.OBSERVER.toString()));
+ ADMINS_GROUP, RoleWithHierarchy.SPACE_OBSERVER.toString()));
remoteConsole.prepare(table);
launchTest();
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/locator/ViewLocatorTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/locator/ViewLocatorTest.java
index 0cc71d6e6a4..d476a3dbcec 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/locator/ViewLocatorTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/locator/ViewLocatorTest.java
@@ -18,7 +18,6 @@ package ch.systemsx.cisd.openbis.generic.client.web.client.application.locator;
import java.util.Map;
-import ch.systemsx.cisd.openbis.generic.client.web.client.application.locator.ViewLocator;
import ch.systemsx.cisd.openbis.generic.client.web.client.testframework.AbstractGWTTestCase;
/**
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/amc/FillAddPersonForm.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/amc/FillAddPersonForm.java
index 1a36a1f8351..8f886e39090 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/amc/FillAddPersonForm.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/amc/FillAddPersonForm.java
@@ -19,10 +19,10 @@ package ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.amc;
import java.util.Arrays;
import java.util.List;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.model.ModelDataPropertyNames;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.PersonSelectionWidget;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.AbstractSaveDialog;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.testframework.AbstractDefaultTestCommand;
import ch.systemsx.cisd.openbis.generic.client.web.client.testframework.GWTTestUtil;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.AuthorizationGroup;
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/amc/FillRoleAssignmentForm.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/amc/FillRoleAssignmentForm.java
index f9acc8cca18..c1bca8eea9a 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/amc/FillRoleAssignmentForm.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/amc/FillRoleAssignmentForm.java
@@ -24,7 +24,7 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.widget.
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.GWTUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.testframework.AbstractDefaultTestCommand;
import ch.systemsx.cisd.openbis.generic.client.web.client.testframework.GWTTestUtil;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleSetCode;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
/**
* Wait until all fields are loaded and fill role assignment form.
@@ -80,7 +80,7 @@ public class FillRoleAssignmentForm extends AbstractDefaultTestCommand
GWTUtils.setSelectedItem(listBox, roleNameOrNull);
} else
{
- GWTUtils.setSelectedItem(listBox, RoleSetCode.INSTANCE_ADMIN.toString());
+ GWTUtils.setSelectedItem(listBox, RoleWithHierarchy.INSTANCE_ADMIN.toString());
}
if (personRole == false)
{
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/vocabulary/FillVocabularyRegistrationForm.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/vocabulary/FillVocabularyRegistrationForm.java
index 960c2d09436..374ae6914f3 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/vocabulary/FillVocabularyRegistrationForm.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/client/application/ui/vocabulary/FillVocabularyRegistrationForm.java
@@ -16,8 +16,8 @@
package ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.vocabulary;
-import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.AbstractRegistrationForm;
import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
+import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.AbstractRegistrationForm;
import ch.systemsx.cisd.openbis.generic.client.web.client.testframework.AbstractDefaultTestCommand;
import ch.systemsx.cisd.openbis.generic.client.web.client.testframework.GWTTestUtil;
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/server/calculator/StandardFunctionsTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/server/calculator/StandardFunctionsTest.java
index 69f4ef00fac..18a07cfc071 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/server/calculator/StandardFunctionsTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/server/calculator/StandardFunctionsTest.java
@@ -19,18 +19,18 @@ package ch.systemsx.cisd.openbis.generic.client.web.server.calculator;
import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.DOUBLE_DEFAULT_VALUE;
import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.INTEGER_DEFAULT_VALUE;
import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.avg;
+import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.avgOrDefault;
import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.choose;
import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.max;
+import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.maxOrDefault;
import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.median;
+import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.medianOrDefault;
import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.min;
+import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.minOrDefault;
import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.stdev;
+import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.stdevOrDefault;
import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.toFloat;
import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.toInt;
-import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.avgOrDefault;
-import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.maxOrDefault;
-import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.medianOrDefault;
-import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.minOrDefault;
-import static ch.systemsx.cisd.openbis.generic.client.web.server.calculator.StandardFunctions.stdevOrDefault;
import java.util.Arrays;
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/CommonServerTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/CommonServerTest.java
index a87d57294e1..6fd861701c2 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/CommonServerTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/CommonServerTest.java
@@ -51,12 +51,13 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewVocabulary;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Person;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.PropertyType;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleAssignment;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleSetCode;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleType;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Vocabulary;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.VocabularyTerm;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.VocabularyTermReplacement;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.DataSetTypePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.DataSetUploadContext;
import ch.systemsx.cisd.openbis.generic.shared.dto.DataStorePE;
@@ -74,7 +75,6 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.ProjectPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.PropertyTypePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.SampleTypePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.Session;
import ch.systemsx.cisd.openbis.generic.shared.dto.SessionContextDTO;
@@ -489,7 +489,7 @@ public final class CommonServerTest extends AbstractServerTestCase
final List<RoleAssignment> roles = createServer().listRoleAssignments(SESSION_TOKEN);
- assertEquals(RoleSetCode.INSTANCE_ETL_SERVER, roles.get(0).getRoleSetCode());
+ assertEquals(RoleWithHierarchy.INSTANCE_ETL_SERVER, roles.get(0).getRoleSetCode());
assertEquals(1, roles.size());
context.assertIsSatisfied();
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/api/v1/GeneralInformationServiceTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/api/v1/GeneralInformationServiceTest.java
index b6e4df82577..bf985948f02 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/api/v1/GeneralInformationServiceTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/api/v1/GeneralInformationServiceTest.java
@@ -34,18 +34,18 @@ import ch.systemsx.cisd.openbis.generic.shared.AbstractServerTestCase;
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.Project;
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.Role;
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.SpaceWithProjectsAndRoleAssignments;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.ProjectPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
/**
* @author Franz-Josef Elmer
*/
// PLEASE, if you add here a new test add also a system test to
// ch.systemsx.cisd.openbis.systemtest.api.v1.GeneralInformationService
-@Friend(toClasses=RoleAssignmentPE.class)
+@Friend(toClasses = RoleAssignmentPE.class)
public class GeneralInformationServiceTest extends AbstractServerTestCase
{
private GeneralInformationService service;
@@ -74,19 +74,20 @@ public class GeneralInformationServiceTest extends AbstractServerTestCase
return e1.getKey().compareTo(e2.getKey());
}
});
- assertNamedRoles("ETL_SERVER", "[ADMIN(instance), "
- + "ETL_SERVER(instance), ETL_SERVER(space)]", entries.get(0));
- assertNamedRoles("INSTANCE_ADMIN", "[ADMIN(instance)]", entries.get(1));
- assertNamedRoles("INSTANCE_ADMIN_OBSERVER", "[ADMIN(instance), OBSERVER(instance)]",
- entries.get(2));
- assertNamedRoles("NONE", "[]", entries.get(3));
- assertNamedRoles("OBSERVER", "[ADMIN(instance), ADMIN(space), OBSERVER(space), "
- + "POWER_USER(space), USER(space)]", entries.get(4));
- assertNamedRoles("POWER_USER", "[ADMIN(instance), ADMIN(space), POWER_USER(space)]",
- entries.get(5));
- assertNamedRoles("SPACE_ADMIN", "[ADMIN(instance), ADMIN(space)]", entries.get(6));
- assertNamedRoles("USER", "[ADMIN(instance), ADMIN(space), POWER_USER(space), USER(space)]",
- entries.get(7));
+ assertNamedRoles("INSTANCE_ADMIN", "[ADMIN(instance)]", entries.get(0));
+ assertNamedRoles("INSTANCE_ETL_SERVER", "[ADMIN(instance), " + "ETL_SERVER(instance)]",
+ entries.get(1));
+ assertNamedRoles("INSTANCE_OBSERVER", "[ADMIN(instance), OBSERVER(instance)]", entries
+ .get(2));
+ assertNamedRoles("SPACE_ADMIN", "[ADMIN(instance), ADMIN(space)]", entries.get(3));
+ assertNamedRoles("SPACE_ETL_SERVER", "[ADMIN(instance), "
+ + "ETL_SERVER(instance), ETL_SERVER(space)]", entries.get(4));
+ assertNamedRoles("SPACE_OBSERVER", "[ADMIN(instance), ADMIN(space), OBSERVER(space), "
+ + "POWER_USER(space), USER(space)]", entries.get(5));
+ assertNamedRoles("SPACE_POWER_USER", "[ADMIN(instance), ADMIN(space), POWER_USER(space)]",
+ entries.get(6));
+ assertNamedRoles("SPACE_USER",
+ "[ADMIN(instance), ADMIN(space), POWER_USER(space), USER(space)]", entries.get(7));
assertEquals(8, entries.size());
context.assertIsSatisfied();
}
@@ -114,15 +115,18 @@ public class GeneralInformationServiceTest extends AbstractServerTestCase
{
{
one(roleAssignmentDAO).listRoleAssignments();
- RoleAssignmentPE assignment1 = createUserAssignment("user1", null, RoleCode.ADMIN);
- RoleAssignmentPE assignment2 = createUserAssignment("user2", "s2", RoleCode.OBSERVER);
- RoleAssignmentPE assignment3 = createUserAssignment("user1", "s1", RoleCode.USER);
+ RoleAssignmentPE assignment1 =
+ createUserAssignment("user1", null, RoleCode.ADMIN);
+ RoleAssignmentPE assignment2 =
+ createUserAssignment("user2", "s2", RoleCode.OBSERVER);
+ RoleAssignmentPE assignment3 =
+ createUserAssignment("user1", "s1", RoleCode.USER);
will(returnValue(Arrays.asList(assignment1, assignment2, assignment3)));
-
+
one(groupDAO).listGroups(daoFactory.getHomeDatabaseInstance());
List<GroupPE> spaces = createSpaces("s1", "s2", "s3");
will(returnValue(spaces));
-
+
one(projectDAO).listProjects(spaces.get(0));
ProjectPE a = new ProjectPE();
a.setCode("a");
@@ -131,10 +135,10 @@ public class GeneralInformationServiceTest extends AbstractServerTestCase
b.setCode("b");
b.setGroup(spaces.get(0));
will(returnValue(Arrays.asList(a, b)));
-
+
one(projectDAO).listProjects(spaces.get(1));
will(returnValue(Arrays.asList()));
-
+
one(projectDAO).listProjects(spaces.get(2));
ProjectPE c = new ProjectPE();
c.setCode("c");
@@ -145,20 +149,20 @@ public class GeneralInformationServiceTest extends AbstractServerTestCase
List<SpaceWithProjectsAndRoleAssignments> spaces =
service.listSpacesWithProjectsAndRoleAssignments(SESSION_TOKEN, null);
-
+
assertSpaceAndProjects("s1", "[/s1/a, /s1/b]", spaces.get(0));
assertRoles("[]", spaces.get(0).getRoles("unknown user"));
assertRoles("[ADMIN(instance), USER(space)]", spaces.get(0).getRoles("user1"));
assertRoles("[]", spaces.get(0).getRoles("user2"));
-
+
assertSpaceAndProjects("s2", "[]", spaces.get(1));
assertRoles("[ADMIN(instance)]", spaces.get(1).getRoles("user1"));
assertRoles("[OBSERVER(space)]", spaces.get(1).getRoles("user2"));
-
+
assertSpaceAndProjects("s3", "[/s3/c]", spaces.get(2));
assertRoles("[ADMIN(instance)]", spaces.get(2).getRoles("user1"));
assertRoles("[]", spaces.get(2).getRoles("user2"));
-
+
assertEquals(3, spaces.size());
context.assertIsSatisfied();
}
@@ -197,7 +201,7 @@ public class GeneralInformationServiceTest extends AbstractServerTestCase
RoleAssignmentPE assignment = new RoleAssignmentPE();
if (spaceCodeOrNull != null)
{
- assignment.setGroup(createGroup(spaceCodeOrNull));
+ assignment.setGroup(createGroup(spaceCodeOrNull));
}
assignment.setRole(roleCode);
PersonPE person = new PersonPE();
@@ -205,7 +209,7 @@ public class GeneralInformationServiceTest extends AbstractServerTestCase
assignment.setPersonInternal(person);
return assignment;
}
-
+
private List<GroupPE> createSpaces(String... codes)
{
List<GroupPE> list = new ArrayList<GroupPE>();
@@ -215,5 +219,5 @@ public class GeneralInformationServiceTest extends AbstractServerTestCase
}
return list;
}
-
+
}
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/AuthorizationTestUtil.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/AuthorizationTestUtil.java
index 0c52deb736d..39dbaecd212 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/AuthorizationTestUtil.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/AuthorizationTestUtil.java
@@ -35,13 +35,13 @@ import org.springframework.beans.factory.config.BeanPostProcessor;
import ch.systemsx.cisd.openbis.generic.server.dataaccess.IAuthorizationDAOFactory;
import ch.systemsx.cisd.openbis.generic.server.dataaccess.IDatabaseInstanceDAO;
import ch.systemsx.cisd.openbis.generic.server.dataaccess.IGroupDAO;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.CodeConverter;
import ch.systemsx.cisd.openbis.generic.shared.dto.DatabaseInstancePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.IAuthSession;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
/**
* Utility methods for {@link AuthorizationAdvisor}. Can be used to test authorization of concrete
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/DefaultAccessControllerTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/DefaultAccessControllerTest.java
index 210e7b88a5a..bbcaf75b0e2 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/DefaultAccessControllerTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/DefaultAccessControllerTest.java
@@ -22,6 +22,7 @@ import static org.testng.AssertJUnit.assertNull;
import static org.testng.AssertJUnit.assertTrue;
import java.lang.reflect.Method;
+import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
@@ -30,13 +31,13 @@ import org.testng.annotations.Test;
import ch.rinn.restrictions.Friend;
import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.common.exceptions.StatusFlag;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.DatabaseInstancePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.IAuthSession;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
/**
* Test cases for corresponding {@link DefaultAccessController} class.
@@ -46,7 +47,7 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
@Friend(toClasses = DefaultAccessController.class)
public final class DefaultAccessControllerTest
{
- private DefaultAccessController accessController = new DefaultAccessController(null);
+ private final DefaultAccessController accessController = new DefaultAccessController(null);
private final static Set<RoleAssignmentPE> createRoleAssignments()
{
@@ -118,9 +119,11 @@ public final class DefaultAccessControllerTest
final Argument<?>[] arguments = Argument.EMPTY_ARRAY;
final Status authorized = accessController.isAuthorized(session, method, arguments);
assertEquals(StatusFlag.ERROR, authorized.getFlag());
+ Set<RoleWithHierarchy> roles =
+ new HashSet<RoleWithHierarchy>(Arrays.asList(RoleWithHierarchy.INSTANCE_ADMIN));
String expectedMessage =
- String.format(DefaultAccessController.MATCHING_ROLE_NOT_FOUND_TEMPLATE,
- RoleSet.INSTANCE_ADMIN, session.getUserName());
+ String.format(DefaultAccessController.MATCHING_ROLE_NOT_FOUND_TEMPLATE, roles,
+ session.getUserName());
assertEquals(expectedMessage, authorized.tryGetErrorMessage());
}
@@ -137,6 +140,32 @@ public final class DefaultAccessControllerTest
assertNull(authorized.tryGetErrorMessage());
}
+ @Test
+ public final void testIsAuthorizedWithMatchingFirstRole() throws Exception
+ {
+ final IAuthSession session = AuthorizationTestUtil.createSession();
+ session.tryGetPerson().setRoleAssignments(createRoleAssignments());
+ final Method method = MyInterface.class.getMethod("myMethodWithTwoRoles");
+ assertNotNull(method);
+ final Argument<?>[] arguments = Argument.EMPTY_ARRAY;
+ final Status authorized = accessController.isAuthorized(session, method, arguments);
+ assertEquals(StatusFlag.OK, authorized.getFlag());
+ assertNull(authorized.tryGetErrorMessage());
+ }
+
+ @Test
+ public final void testIsAuthorizedWithMatchingSecondRole() throws Exception
+ {
+ final IAuthSession session = AuthorizationTestUtil.createSession();
+ session.tryGetPerson().setRoleAssignments(createRoleAssignments());
+ final Method method = MyInterface.class.getMethod("myMethodWithTwoRoles");
+ assertNotNull(method);
+ final Argument<?>[] arguments = Argument.EMPTY_ARRAY;
+ final Status authorized = accessController.isAuthorized(session, method, arguments);
+ assertEquals(StatusFlag.OK, authorized.getFlag());
+ assertNull(authorized.tryGetErrorMessage());
+ }
+
//
// Helper classes
//
@@ -148,10 +177,14 @@ public final class DefaultAccessControllerTest
@RolesAllowed
public void myMethodWithEmptyRoles();
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
public void myMethodWithSomeRoles();
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public void myMethodWithOtherRoles();
+
+ @RolesAllowed(
+ { RoleWithHierarchy.SPACE_ETL_SERVER, RoleWithHierarchy.SPACE_OBSERVER })
+ public void myMethodWithTwoRoles();
}
}
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/PredicateExecutorTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/PredicateExecutorTest.java
index 9773ca1a11f..a2e9a424cf2 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/PredicateExecutorTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/authorization/PredicateExecutorTest.java
@@ -34,8 +34,8 @@ import ch.systemsx.cisd.openbis.generic.shared.authorization.AuthorizationTestCa
import ch.systemsx.cisd.openbis.generic.shared.authorization.IAuthorizationDataProvider;
import ch.systemsx.cisd.openbis.generic.shared.authorization.RoleWithIdentifier;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.IPredicate;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.GroupIdentifier;
/**
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/business/bo/RoleAssignmentTableTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/business/bo/RoleAssignmentTableTest.java
index 51e82ca7e3a..32a6a30126a 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/business/bo/RoleAssignmentTableTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/business/bo/RoleAssignmentTableTest.java
@@ -23,11 +23,11 @@ import org.testng.annotations.Test;
import ch.systemsx.cisd.openbis.generic.server.business.ManagerTestTool;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Grantee;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.DatabaseInstancePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.NewRoleAssignment;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.GroupIdentifier;
/**
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/business/bo/datasetlister/DatasetListingQueryTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/business/bo/datasetlister/DatasetListingQueryTest.java
index 0fa3d56670d..8724a64f0d2 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/business/bo/datasetlister/DatasetListingQueryTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/business/bo/datasetlister/DatasetListingQueryTest.java
@@ -21,7 +21,6 @@ import static ch.systemsx.cisd.openbis.generic.server.business.bo.common.EntityL
import static org.testng.AssertJUnit.assertEquals;
import static org.testng.AssertJUnit.assertNotNull;
import static org.testng.AssertJUnit.assertTrue;
-
import it.unimi.dsi.fastutil.longs.LongArraySet;
import java.sql.SQLException;
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/db/RoleAssignmentDAOTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/db/RoleAssignmentDAOTest.java
index 6afd53fa8a4..b0b9376ec6b 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/db/RoleAssignmentDAOTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/db/RoleAssignmentDAOTest.java
@@ -19,11 +19,11 @@ package ch.systemsx.cisd.openbis.generic.server.dataaccess.db;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.AuthorizationGroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
/**
* Test cases for {@link RoleAssignmentDAO}.
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/ICommonServer.java.expected b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/ICommonServer.java.expected
index 14b23da2346..82cfce701c6 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/ICommonServer.java.expected
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/ICommonServer.java.expected
@@ -25,7 +25,6 @@ import org.springframework.transaction.annotation.Transactional;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.AuthorizationGuard;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.ReturnValueFilter;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.DataSetCodeCollectionPredicate;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.DataSetCodePredicate;
@@ -90,6 +89,7 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Person;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Project;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.PropertyType;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleAssignment;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleType;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
@@ -98,9 +98,9 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Vocabulary;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.VocabularyTerm;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.VocabularyTermReplacement;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseModificationKind.ObjectKind;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.DataSetUploadContext;
import ch.systemsx.cisd.openbis.generic.shared.dto.ProjectUpdatesDTO;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.SearchableEntity;
import ch.systemsx.cisd.openbis.generic.shared.dto.VocabularyTermWithStats;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.DatabaseInstanceIdentifier;
@@ -116,7 +116,7 @@ public interface ICommonServer extends IServer
{
/** Keeps the session with specified token alive. */
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public void keepSessionAlive(String sessionToken);
/**
@@ -125,7 +125,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link Space}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = SpaceValidator.class)
public List<Space> listSpaces(String sessionToken, DatabaseInstanceIdentifier identifier);
@@ -133,7 +133,7 @@ public interface ICommonServer extends IServer
* Registers a new space with specified code and optional description.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SPACE)
public void registerSpace(String sessionToken, String spaceCode, String descriptionOrNull);
@@ -141,7 +141,7 @@ public interface ICommonServer extends IServer
* Updates a property type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.SPACE)
public void updateSpace(final String sessionToken, final ISpaceUpdates updates);
@@ -149,7 +149,7 @@ public interface ICommonServer extends IServer
* Registers a new authorization group.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.AUTHORIZATION_GROUP)
public void registerAuthorizationGroup(String sessionToken,
NewAuthorizationGroup newAuthorizationGroup);
@@ -158,7 +158,7 @@ public interface ICommonServer extends IServer
* Deletes selected authorization groups.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.AUTHORIZATION_GROUP)
public void deleteAuthorizationGroups(String sessionToken, List<TechId> authGroupIds,
String reason);
@@ -169,7 +169,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link Person}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
public List<Person> listPersons(String sessionToken);
/**
@@ -178,7 +178,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link Project}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = ProjectValidator.class)
public List<Project> listProjects(String sessionToken);
@@ -186,7 +186,7 @@ public interface ICommonServer extends IServer
* Registers a new person.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.PERSON)
public void registerPerson(String sessionToken, String userID);
@@ -194,14 +194,14 @@ public interface ICommonServer extends IServer
* Returns a list of all roles.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.SPACE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ADMIN)
public List<RoleAssignment> listRoleAssignments(String sessionToken);
/**
* Registers a new space role.
*/
@Transactional
- @RolesAllowed(RoleSet.SPACE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.ROLE_ASSIGNMENT)
public void registerSpaceRole(
String sessionToken,
@@ -213,7 +213,7 @@ public interface ICommonServer extends IServer
* Registers a new instance role.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.ROLE_ASSIGNMENT)
public void registerInstanceRole(String sessionToken, RoleCode roleCode, Grantee grantee);
@@ -221,7 +221,7 @@ public interface ICommonServer extends IServer
* Deletes role described by given role code, space identifier and grantee.
*/
@Transactional
- @RolesAllowed(RoleSet.SPACE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.ROLE_ASSIGNMENT)
public void deleteSpaceRole(
String sessionToken,
@@ -233,7 +233,7 @@ public interface ICommonServer extends IServer
* Deletes role described by given role code and user id.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.ROLE_ASSIGNMENT)
public void deleteInstanceRole(String sessionToken, RoleCode roleCode, Grantee grantee);
@@ -243,7 +243,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link SampleType}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<SampleType> listSampleTypes(String sessionToken);
/**
@@ -252,7 +252,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link Sample}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = SampleValidator.class)
public List<Sample> listSamples(
final String sessionToken,
@@ -264,7 +264,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link Experiment}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<Experiment> listExperiments(
final String sessionToken,
ExperimentType experimentType,
@@ -276,7 +276,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link ExternalData}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<ExternalData> listSampleExternalData(final String sessionToken,
@AuthorizationGuard(guardClass = SampleTechIdPredicate.class) final TechId sampleId,
final boolean showOnlyDirectlyConnected);
@@ -287,7 +287,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link ExternalData}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<ExternalData> listExperimentExternalData(
final String sessionToken,
@AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class) final TechId experimentId);
@@ -299,7 +299,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link ExternalData}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<ExternalData> listDataSetRelationships(final String sessionToken,
@AuthorizationGuard(guardClass = DataSetTechIdPredicate.class) final TechId datasetId,
final DataSetRelationshipRole role);
@@ -308,7 +308,7 @@ public interface ICommonServer extends IServer
* Performs an <i>Hibernate Search</i> based on given parameters.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = MatchingEntityValidator.class)
public List<MatchingEntity> listMatchingEntities(final String sessionToken,
final SearchableEntity[] searchableEntities, final String queryText,
@@ -320,7 +320,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link ExperimentType}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<ExperimentType> listExperimentTypes(String sessionToken);
/**
@@ -329,7 +329,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link PropertyType}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<PropertyType> listPropertyTypes(final String sessionToken, boolean withRelations);
/**
@@ -338,7 +338,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link DataType}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<DataType> listDataTypes(final String sessionToken);
/**
@@ -347,7 +347,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link FileFormatType}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<FileFormatType> listFileFormatTypes(String sessionToken);
/**
@@ -356,7 +356,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link Vocabulary}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<Vocabulary> listVocabularies(final String sessionToken, final boolean withTerms,
boolean excludeInternal);
@@ -364,7 +364,7 @@ public interface ICommonServer extends IServer
* Registers given {@link PropertyType}.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.PROPERTY_TYPE)
public void registerPropertyType(final String sessionToken, final PropertyType propertyType);
@@ -372,7 +372,7 @@ public interface ICommonServer extends IServer
* Updates a property type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.PROPERTY_TYPE)
public void updatePropertyType(final String sessionToken, final IPropertyTypeUpdates updates);
@@ -380,7 +380,7 @@ public interface ICommonServer extends IServer
* Deletes specified property types.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.PROPERTY_TYPE)
public void deletePropertyTypes(String sessionToken, List<TechId> propertyTypeIds, String reason);
@@ -388,7 +388,7 @@ public interface ICommonServer extends IServer
* Assigns property type to entity type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.PROPERTY_TYPE_ASSIGNMENT)
public String assignPropertyType(final String sessionToken, final EntityKind entityKind,
final String propertyTypeCode, final String entityTypeCode, final boolean isMandatory,
@@ -398,7 +398,7 @@ public interface ICommonServer extends IServer
* Update property type assignment to entity type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.PROPERTY_TYPE_ASSIGNMENT)
public void updatePropertyTypeAssignment(final String sessionToken,
final EntityKind entityKind, final String propertyTypeCode,
@@ -409,7 +409,7 @@ public interface ICommonServer extends IServer
* Unassigns property type to entity type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.PROPERTY_TYPE_ASSIGNMENT)
public void unassignPropertyType(String sessionToken, EntityKind entityKind,
String propertyTypeCode, String entityTypeCode);
@@ -419,7 +419,7 @@ public interface ICommonServer extends IServer
* type.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public int countPropertyTypedEntities(String sessionToken, EntityKind entityKind,
String propertyTypeCode, String entityTypeCode);
@@ -427,7 +427,7 @@ public interface ICommonServer extends IServer
* Registers given {@link NewVocabulary}.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.VOCABULARY)
public void registerVocabulary(final String sessionToken, final NewVocabulary vocabulary);
@@ -435,7 +435,7 @@ public interface ICommonServer extends IServer
* Updates a vocabulary.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.VOCABULARY)
public void updateVocabulary(String sessionToken, IVocabularyUpdates updates);
@@ -443,7 +443,7 @@ public interface ICommonServer extends IServer
* Deletes specified vocabularies.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.VOCABULARY)
public void deleteVocabularies(String sessionToken, List<TechId> vocabularyIds, String reason);
@@ -451,7 +451,7 @@ public interface ICommonServer extends IServer
* Deletes specified projects.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.PROJECT)
public void deleteProjects(String sessionToken,
@AuthorizationGuard(guardClass = ProjectTechIdPredicate.class) List<TechId> projectIds,
@@ -461,7 +461,7 @@ public interface ICommonServer extends IServer
* Deletes specified spaces.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SPACE)
public void deleteSpaces(String sessionToken,
@AuthorizationGuard(guardClass = SpaceTechIdPredicate.class) List<TechId> spaceIds,
@@ -471,7 +471,7 @@ public interface ICommonServer extends IServer
* Adds new terms to a vocabulary starting from specified ordinal + 1.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.VOCABULARY_TERM)
public void addVocabularyTerms(String sessionToken, TechId vocabularyId,
List<String> vocabularyTerms, Long previousTermOrdinal);
@@ -480,7 +480,7 @@ public interface ICommonServer extends IServer
* Updates a vocabulary term.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.VOCABULARY_TERM)
public void updateVocabularyTerm(final String sessionToken, final IVocabularyTermUpdates updates);
@@ -488,7 +488,7 @@ public interface ICommonServer extends IServer
* Deletes from the specified vocabulary the specified terms.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.VOCABULARY_TERM)
public void deleteVocabularyTerms(String sessionToken, TechId vocabularyId,
List<VocabularyTerm> termsToBeDeleted, List<VocabularyTermReplacement> termsToBeReplaced);
@@ -497,7 +497,7 @@ public interface ICommonServer extends IServer
* Registers new project.
*/
@Transactional
- @RolesAllowed(RoleSet.SPACE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.PROJECT)
public void registerProject(
String sessionToken,
@@ -508,7 +508,7 @@ public interface ICommonServer extends IServer
* Performs an <i>Hibernate Search</i> based on given parameters.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = ExternalDataValidator.class)
public List<ExternalData> searchForDataSets(String sessionToken, DetailedSearchCriteria criteria);
@@ -516,7 +516,7 @@ public interface ICommonServer extends IServer
* For given {@link TechId} returns the corresponding {@link ExternalData}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public ExternalData getDataSetInfo(String sessionToken,
@AuthorizationGuard(guardClass = DataSetTechIdPredicate.class) TechId datasetId);
@@ -524,7 +524,7 @@ public interface ICommonServer extends IServer
* Performs an <i>Hibernate Search</i> based on given parameters.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = SampleValidator.class)
public List<Sample> searchForSamples(String sessionToken, DetailedSearchCriteria criteria);
@@ -532,7 +532,7 @@ public interface ICommonServer extends IServer
* Returns all data sets related to specified entities.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = ExternalDataValidator.class)
public List<ExternalData> listRelatedDataSets(String sessionToken,
DataSetRelatedEntities entities);
@@ -543,7 +543,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link MaterialType}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<MaterialType> listMaterialTypes(String sessionToken);
/**
@@ -552,7 +552,7 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link Material}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<Material> listMaterials(String sessionToken, MaterialType materialType,
boolean withProperties);
@@ -560,7 +560,7 @@ public interface ICommonServer extends IServer
* Creates a new material type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.MATERIAL_TYPE)
public void registerMaterialType(String sessionToken, MaterialType entityType);
@@ -568,7 +568,7 @@ public interface ICommonServer extends IServer
* Updates a material type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.MATERIAL_TYPE)
public void updateMaterialType(String sessionToken, EntityType entityType);
@@ -576,7 +576,7 @@ public interface ICommonServer extends IServer
* Creates a new sample type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SAMPLE_TYPE)
public void registerSampleType(String sessionToken, SampleType entityType);
@@ -584,7 +584,7 @@ public interface ICommonServer extends IServer
* Updates a sample type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.SAMPLE_TYPE)
public void updateSampleType(String sessionToken, EntityType entityType);
@@ -592,7 +592,7 @@ public interface ICommonServer extends IServer
* Creates a new experiment type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.EXPERIMENT_TYPE)
public void registerExperimentType(String sessionToken, ExperimentType entityType);
@@ -600,7 +600,7 @@ public interface ICommonServer extends IServer
* Updates a experiment type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.EXPERIMENT_TYPE)
public void updateExperimentType(String sessionToken, EntityType entityType);
@@ -608,7 +608,7 @@ public interface ICommonServer extends IServer
* Creates a new file format type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.FILE_FORMAT_TYPE)
public void registerFileFormatType(String sessionToken, FileFormatType type);
@@ -616,7 +616,7 @@ public interface ICommonServer extends IServer
* Creates a new data set type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.DATASET_TYPE)
public void registerDataSetType(String sessionToken, DataSetType entityType);
@@ -624,7 +624,7 @@ public interface ICommonServer extends IServer
* Updates a data set type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.DATASET_TYPE)
public void updateDataSetType(String sessionToken, EntityType entityType);
@@ -632,7 +632,7 @@ public interface ICommonServer extends IServer
* Deletes specified data sets.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.DATA_SET)
public void deleteDataSets(String sessionToken,
@AuthorizationGuard(guardClass = DataSetCodePredicate.class) List<String> dataSetCodes,
@@ -642,7 +642,7 @@ public interface ICommonServer extends IServer
* Deletes specified samples.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SAMPLE)
public void deleteSamples(
String sessionToken,
@@ -653,7 +653,7 @@ public interface ICommonServer extends IServer
* Deletes specified experiments.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.EXPERIMENT)
public void deleteExperiments(
String sessionToken,
@@ -664,7 +664,7 @@ public interface ICommonServer extends IServer
* Deletes specified attachments (all versions with given file names) of specified experiment.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.EXPERIMENT)
public void deleteExperimentAttachments(String sessionToken,
@AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class) TechId experimentId,
@@ -674,7 +674,7 @@ public interface ICommonServer extends IServer
* Deletes specified attachments (all versions with given file names) of specified sample.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.SAMPLE)
public void deleteSampleAttachments(String sessionToken,
@AuthorizationGuard(guardClass = SampleTechIdPredicate.class) TechId sampleId,
@@ -684,7 +684,7 @@ public interface ICommonServer extends IServer
* Deletes specified attachments (all versions with given file names) of specified project.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.PROJECT)
public void deleteProjectAttachments(String sessionToken,
@AuthorizationGuard(guardClass = ProjectTechIdPredicate.class) TechId projectId,
@@ -694,7 +694,7 @@ public interface ICommonServer extends IServer
* Returns all attachments (all versions) of specified experiment.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<Attachment> listExperimentAttachments(String sessionToken,
@AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class) TechId experimentId);
@@ -702,7 +702,7 @@ public interface ICommonServer extends IServer
* Returns all attachments (all versions) of specified sample.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<Attachment> listSampleAttachments(String sessionToken,
@AuthorizationGuard(guardClass = SampleTechIdPredicate.class) TechId sampleId);
@@ -710,7 +710,7 @@ public interface ICommonServer extends IServer
* Returns all attachments (all versions) of specified project.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<Attachment> listProjectAttachments(String sessionToken,
@AuthorizationGuard(guardClass = ProjectTechIdPredicate.class) TechId projectId);
@@ -720,7 +720,7 @@ public interface ICommonServer extends IServer
* @return a message or an empty string
*/
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public String uploadDataSets(String sessionToken, List<String> dataSetCodes,
DataSetUploadContext uploadContext);
@@ -728,7 +728,7 @@ public interface ICommonServer extends IServer
* Lists vocabulary terms of a given vocabulary. Includes terms usage statistics.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<VocabularyTermWithStats> listVocabularyTermsWithStatistics(String sessionToken,
Vocabulary vocabulary);
@@ -736,7 +736,7 @@ public interface ICommonServer extends IServer
* Lists vocabulary terms of a given vocabulary.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public Set<VocabularyTerm> listVocabularyTerms(String sessionToken, Vocabulary vocabulary);
/**
@@ -745,21 +745,21 @@ public interface ICommonServer extends IServer
* @return a sorted list of {@link DataSetType}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<DataSetType> listDataSetTypes(String sessionToken);
/**
* @return Information about the time and kind of the last modification, separately for each
* kind of database object.
*/
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public LastModificationState getLastModificationState(String sessionToken);
/**
* For given {@link TechId} returns the corresponding {@link Project}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public Project getProjectInfo(String sessionToken,
@AuthorizationGuard(guardClass = ProjectTechIdPredicate.class) TechId projectId);
@@ -768,7 +768,7 @@ public interface ICommonServer extends IServer
* attachments).
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public Project getProjectInfo(
String sessionToken,
@AuthorizationGuard(guardClass = SpaceIdentifierPredicate.class) ProjectIdentifier projectIdentifier);
@@ -777,14 +777,14 @@ public interface ICommonServer extends IServer
* Returns unique code.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
public String generateCode(String sessionToken, String prefix);
/**
* Saves changed project.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseUpdateModification(value = ObjectKind.PROJECT)
public Date updateProject(
String sessionToken,
@@ -794,7 +794,7 @@ public interface ICommonServer extends IServer
* Deletes specified data set types.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value =
{ ObjectKind.DATASET_TYPE, ObjectKind.PROPERTY_TYPE_ASSIGNMENT })
public void deleteDataSetTypes(String sessionToken, List<String> entityTypesCodes);
@@ -803,7 +803,7 @@ public interface ICommonServer extends IServer
* Deletes specified sample types.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value =
{ ObjectKind.SAMPLE_TYPE, ObjectKind.PROPERTY_TYPE_ASSIGNMENT })
public void deleteSampleTypes(String sessionToken, List<String> entityTypesCodes);
@@ -812,7 +812,7 @@ public interface ICommonServer extends IServer
* Deletes specified experiment types.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value =
{ ObjectKind.EXPERIMENT_TYPE, ObjectKind.PROPERTY_TYPE_ASSIGNMENT })
public void deleteExperimentTypes(String sessionToken, List<String> entityTypesCodes);
@@ -821,7 +821,7 @@ public interface ICommonServer extends IServer
* Deletes specified file format types.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value =
{ ObjectKind.FILE_FORMAT_TYPE })
public void deleteFileFormatTypes(String sessionToken, List<String> codes);
@@ -830,7 +830,7 @@ public interface ICommonServer extends IServer
* Deletes specified material types.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value =
{ ObjectKind.MATERIAL_TYPE, ObjectKind.PROPERTY_TYPE_ASSIGNMENT })
public void deleteMaterialTypes(String sessionToken, List<String> entityTypesCodes);
@@ -840,7 +840,7 @@ public interface ICommonServer extends IServer
* {@link IEntityInformationHolder}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public IEntityInformationHolder getEntityInformationHolder(String sessionToken,
EntityKind entityKind, String permId);
@@ -849,7 +849,7 @@ public interface ICommonServer extends IServer
* {@link IEntityInformationHolder}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public IEntityInformationHolder getMaterialInformationHolder(String sessionToken,
MaterialIdentifier identifier);
@@ -857,7 +857,7 @@ public interface ICommonServer extends IServer
* Returns file template available during batch operation of entity of given type.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public String getTemplateColumns(String sessionToken, EntityKind kind, String type,
boolean autoGenerate, boolean withExperiments, BatchOperationKind operationKind);
@@ -865,7 +865,7 @@ public interface ICommonServer extends IServer
* Updates file format type.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.FILE_FORMAT_TYPE)
public void updateFileFormatType(String sessionToken, AbstractType type);
@@ -873,7 +873,7 @@ public interface ICommonServer extends IServer
* Updates the experiment attachment.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.EXPERIMENT)
public void updateExperimentAttachments(String sessionToken, TechId experimentId,
Attachment attachment);
@@ -882,7 +882,7 @@ public interface ICommonServer extends IServer
* Updates the sample attachment.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.SAMPLE)
public void updateSampleAttachments(String sessionToken, TechId sampleId, Attachment attachment);
@@ -890,26 +890,26 @@ public interface ICommonServer extends IServer
* Updates the project attachment.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.PROJECT)
public void updateProjectAttachments(String sessionToken, TechId projectId,
Attachment attachment);
/** Lists all available datastore services of the specified kind */
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<DatastoreServiceDescription> listDataStoreServices(String sessionToken,
DataStoreServiceKind dataStoreServiceKind);
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public TableModel createReportFromDatasets(
String sessionToken,
DatastoreServiceDescription serviceDescription,
@AuthorizationGuard(guardClass = DataSetCodeCollectionPredicate.class) List<String> datasetCodes);
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
public void processDatasets(
String sessionToken,
DatastoreServiceDescription serviceDescription,
@@ -921,7 +921,7 @@ public interface ICommonServer extends IServer
* @return number of data sets scheduled for archiving.
*/
@Transactional
- @RolesAllowed(RoleSet.SPACE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public int archiveDatasets(
String sessionToken,
@@ -933,7 +933,7 @@ public interface ICommonServer extends IServer
* @return number of data sets scheduled for unarchiving.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public int unarchiveDatasets(
String sessionToken,
@@ -945,7 +945,7 @@ public interface ICommonServer extends IServer
* @return number of data sets scheduled for locking.
*/
@Transactional
- @RolesAllowed(RoleSet.SPACE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public int lockDatasets(
String sessionToken,
@@ -957,7 +957,7 @@ public interface ICommonServer extends IServer
* @return number of data sets scheduled for unlocking.
*/
@Transactional
- @RolesAllowed(RoleSet.SPACE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public int unlockDatasets(
String sessionToken,
@@ -967,14 +967,14 @@ public interface ICommonServer extends IServer
* Returns all authorization groups.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<AuthorizationGroup> listAuthorizationGroups(String sessionToken);
/**
* Saves changed authorization group.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.AUTHORIZATION_GROUP)
public Date updateAuthorizationGroup(String sessionToken, AuthorizationGroupUpdates updates);
@@ -982,7 +982,7 @@ public interface ICommonServer extends IServer
* Returns all persons belonging to given authorization group.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<Person> listPersonInAuthorizationGroup(String sessionToken,
TechId authorizatonGroupId);
@@ -990,7 +990,7 @@ public interface ICommonServer extends IServer
* Adds specified persons to given authorization group.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
public void addPersonsToAuthorizationGroup(String sessionToken, TechId authorizationGroupId,
List<String> personsCodes);
@@ -998,7 +998,7 @@ public interface ICommonServer extends IServer
* Removes specified persons from given authorization group.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
public void removePersonsFromAuthorizationGroup(String sessionToken,
TechId authorizationGroupId, List<String> personsCodes);
@@ -1006,7 +1006,7 @@ public interface ICommonServer extends IServer
* Lists filters available for selected grid.
*/
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = ExpressionValidator.class)
public List<GridCustomFilter> listFilters(String sessionToken, String gridId);
@@ -1014,7 +1014,7 @@ public interface ICommonServer extends IServer
* Creates a new filter.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.GRID_CUSTOM_FILTER)
public void registerFilter(String sessionToken, NewColumnOrFilter filter);
@@ -1022,7 +1022,7 @@ public interface ICommonServer extends IServer
* Deletes specified filters.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.GRID_CUSTOM_FILTER)
public void deleteFilters(
String sessionToken,
@@ -1032,7 +1032,7 @@ public interface ICommonServer extends IServer
* Updates a filter.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.GRID_CUSTOM_FILTER)
public void updateFilter(
String sessionToken,
@@ -1044,7 +1044,7 @@ public interface ICommonServer extends IServer
* Lists columns available for selected grid.
*/
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = ExpressionValidator.class)
public List<GridCustomColumn> listGridCustomColumns(String sessionToken, String gridId);
@@ -1052,7 +1052,7 @@ public interface ICommonServer extends IServer
* Creates a new column.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.GRID_CUSTOM_COLUMN)
public void registerGridCustomColumn(String sessionToken, NewColumnOrFilter column);
@@ -1060,7 +1060,7 @@ public interface ICommonServer extends IServer
* Deletes specified columns.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.GRID_CUSTOM_COLUMN)
public void deleteGridCustomColumns(
String sessionToken,
@@ -1070,7 +1070,7 @@ public interface ICommonServer extends IServer
* Updates a column.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.GRID_CUSTOM_COLUMN)
public void updateGridCustomColumn(
String sessionToken,
@@ -1080,7 +1080,7 @@ public interface ICommonServer extends IServer
* Updates vocabulary terms.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.VOCABULARY_TERM)
public void updateVocabularyTerms(String sessionToken, TechId vocabularyId,
List<VocabularyTerm> terms);
@@ -1089,7 +1089,7 @@ public interface ICommonServer extends IServer
* Deletes specified materials.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.MATERIAL)
public void deleteMaterials(String sessionToken, List<TechId> materialIds, String reason);
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/IETLLIMSService.java.expected b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/IETLLIMSService.java.expected
index 0e37e403f7a..b47a2e2fa09 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/IETLLIMSService.java.expected
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/IETLLIMSService.java.expected
@@ -25,7 +25,6 @@ import ch.systemsx.cisd.common.exceptions.UserFailureException;
import ch.systemsx.cisd.openbis.generic.shared.authorization.ISessionProvider;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.AuthorizationGuard;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.ReturnValueFilter;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.DataSetCodeCollectionPredicate;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.DataSetCodePredicate;
@@ -53,6 +52,7 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.IEntityProperty;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ListSampleCriteria;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewExperiment;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewSample;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleType;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseModificationKind.ObjectKind;
@@ -79,14 +79,14 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Returns the home database instance.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public DatabaseInstance getHomeDatabaseInstance(final String sessionToken);
/**
* Registers a Data Store Server for the specified info.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public void registerDataStoreServer(String sessionToken, DataStoreServerInfo dataStoreServerInfo);
/**
@@ -96,7 +96,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @param experimentIdentifier an identifier which uniquely identifies the experiment.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public Experiment tryToGetExperiment(
String sessionToken,
@AuthorizationGuard(guardClass = SpaceIdentifierPredicate.class) ExperimentIdentifier experimentIdentifier)
@@ -112,7 +112,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* <var>sampleIdentifier</var>.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public Sample tryGetSampleWithExperiment(
final String sessionToken,
@AuthorizationGuard(guardClass = SampleOwnerIdentifierPredicate.class) final SampleIdentifier sampleIdentifier)
@@ -124,7 +124,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @return <code>null</code> if nothing found.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public SampleIdentifier tryToGetSampleIdentifier(String sessionToken, String samplePermID)
throws UserFailureException;
@@ -133,7 +133,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* type code.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public ExperimentType getExperimentType(String sessionToken, String experimentTypeCode)
throws UserFailureException;
@@ -141,7 +141,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Returns the SampleType together with assigned property types for specified sample type code.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public SampleType getSampleType(String sessionToken, String sampleTypeCode)
throws UserFailureException;
@@ -150,7 +150,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* code.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public DataSetTypeWithVocabularyTerms getDataSetType(String sessionToken, String dataSetTypeCode)
throws UserFailureException;
@@ -160,7 +160,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @return a sorted list of {@link ExternalData}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public List<ExternalData> listDataSetsByExperimentID(
final String sessionToken,
@AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class) final TechId experimentID)
@@ -172,7 +172,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @return a sorted list of {@link ExternalData}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public List<ExternalData> listDataSetsBySampleID(final String sessionToken,
@AuthorizationGuard(guardClass = SampleTechIdPredicate.class) final TechId sampleId,
final boolean showOnlyDirectlyConnected) throws UserFailureException;
@@ -183,7 +183,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @return a sorted list of {@link Sample}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@ReturnValueFilter(validatorClass = SampleValidator.class)
public List<Sample> listSamples(
final String sessionToken,
@@ -199,7 +199,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* sample found with no properties.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public IEntityProperty[] tryToGetPropertiesOfTopSampleRegisteredFor(
final String sessionToken,
@AuthorizationGuard(guardClass = SampleOwnerIdentifierPredicate.class) final SampleIdentifier sampleIdentifier)
@@ -209,7 +209,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Registers experiment.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.EXPERIMENT)
public long registerExperiment(String sessionToken,
@AuthorizationGuard(guardClass = NewExperimentPredicate.class) NewExperiment experiment)
@@ -221,7 +221,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @return the technical ID of the new sample.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SAMPLE)
public long registerSample(final String sessionToken,
@AuthorizationGuard(guardClass = NewSamplePredicate.class) final NewSample newSample,
@@ -231,7 +231,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Saves changed sample.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseUpdateModification(value = ObjectKind.SAMPLE)
public void updateSample(String sessionToken,
@AuthorizationGuard(guardClass = SampleUpdatesPredicate.class) SampleUpdatesDTO updates);
@@ -248,7 +248,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* layer.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.DATA_SET)
public void registerDataSet(
final String sessionToken,
@@ -267,7 +267,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* layer.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.DATA_SET)
public void registerDataSet(
final String sessionToken,
@@ -279,7 +279,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* dataset.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public void checkDataSetAccess(String sessionToken,
@AuthorizationGuard(guardClass = DataSetCodePredicate.class) String dataSetCode)
throws UserFailureException;
@@ -291,7 +291,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @param dataSetCodes The data set codes the user wants to access.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public void checkDataSetCollectionAccess(
String sessionToken,
@AuthorizationGuard(guardClass = DataSetCodeCollectionPredicate.class) List<String> dataSetCodes);
@@ -300,7 +300,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Tries to return the data set specified by its code.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public ExternalData tryGetDataSet(String sessionToken,
@AuthorizationGuard(guardClass = DataSetCodePredicate.class) String dataSetCode)
throws UserFailureException;
@@ -309,7 +309,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Creates and returns a unique code for a new data set.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public String createDataSetCode(final String sessionToken) throws UserFailureException;
/**
@@ -317,7 +317,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* experiments etc. which is guaranteed to be unique.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public long drawANewUniqueID(String sessionToken) throws UserFailureException;
/**
@@ -325,7 +325,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* to see the details.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public List<Sample> listSamplesByCriteria(
final String sessionToken,
@AuthorizationGuard(guardClass = ListSamplesByPropertyPredicate.class) final ListSamplesByPropertyCriteria criteria)
@@ -335,7 +335,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Lists data sets belonging to chosen data store.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public List<SimpleDataSetInformationDTO> listDataSets(final String sessionToken,
String dataStore) throws UserFailureException;
@@ -343,7 +343,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* List data sets deleted after specified date.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public List<DeletedDataSet> listDeletedDataSets(String sessionToken,
Long lastSeenDeletionEventIdOrNull);
@@ -351,7 +351,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* List 'AVAILABLE' data sets (not locked) that match given criteria.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public List<ExternalData> listAvailableDataSets(String sessionToken, String dataStoreCode,
ArchiverDataSetCriteria criteria);
@@ -359,7 +359,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Adds specified properties of given data set. Properties defined before will not be updated.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public void addPropertiesToDataSet(
String sessionToken,
@@ -372,7 +372,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Updates status of given data sets.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public void updateDataSetStatuses(
String sessionToken,
@@ -385,7 +385,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @return number of data sets scheduled for archiving.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public int archiveDatasets(
String sessionToken,
@@ -397,7 +397,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @return number of data sets scheduled for unarchiving.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public int unarchiveDatasets(
String sessionToken,
@@ -407,7 +407,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Returns the URL for the default data store server for this openBIS AS.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public String getDefaultDataStoreBaseURL(String sessionToken);
/**
@@ -417,7 +417,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* @param spaceId The id for the space the user wants to access
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
public void checkSpaceAccess(String sessionToken,
@AuthorizationGuard(guardClass = SpaceIdentifierPredicate.class) SpaceIdentifier spaceId);
@@ -425,7 +425,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* Load perm ids of samples contained in given container. Register samples that don't exist.
*/
@Transactional
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SAMPLE)
public Map<String, String> listOrRegisterComponents(
final String sessionToken,
@@ -436,7 +436,7 @@ public interface IETLLIMSService extends IServer, ISessionProvider
* For the ETL Server to get data sets.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.ETL_SERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_ETL_SERVER)
public ExternalData tryGetDataSetForServer(String sessionToken,
@AuthorizationGuard(guardClass = DataSetCodePredicate.class) String dataSetCode)
throws UserFailureException;
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/authorization/AuthorizationTestCase.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/authorization/AuthorizationTestCase.java
index 2ecbf95596b..28dc9b4915d 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/authorization/AuthorizationTestCase.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/authorization/AuthorizationTestCase.java
@@ -28,8 +28,9 @@ import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import ch.rinn.restrictions.Friend;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.Role.RoleLevel;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleLevel;
import ch.systemsx.cisd.openbis.generic.shared.dto.DatabaseInstancePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.ExperimentPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.ExperimentTypePE;
@@ -38,7 +39,6 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.ProjectPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.SamplePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.SampleTypePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.DatabaseInstanceIdentifier;
@@ -315,7 +315,7 @@ public class AuthorizationTestCase extends AssertJUnit
* Creates a list of roles which contains a group role for a USER and group defined by code
* {@link #SPACE_CODE} and database instance {@link AuthorizationTestCase#INSTANCE_CODE}. If
* <code>withInstanceRole == true</code> the list contains in addition an instance role for a
- * USER and database instance defined by {@link #ANOTHER_INSTANCE_CODE}.
+ * ADMIN and database instance defined by {@link #ANOTHER_INSTANCE_CODE}.
*/
protected List<RoleWithIdentifier> createRoles(final boolean withInstanceRole)
{
@@ -326,7 +326,7 @@ public class AuthorizationTestCase extends AssertJUnit
if (withInstanceRole)
{
final RoleWithIdentifier databaseInstanceRole =
- createInstanceRole(RoleCode.USER, new DatabaseInstanceIdentifier(
+ createInstanceRole(RoleCode.ADMIN, new DatabaseInstanceIdentifier(
ANOTHER_INSTANCE_CODE));
list.add(databaseInstanceRole);
}
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/authorization/RoleWithIdentifierTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/authorization/RoleWithIdentifierTest.java
index 6e8c31c4a59..bc6f262874f 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/authorization/RoleWithIdentifierTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/authorization/RoleWithIdentifierTest.java
@@ -24,11 +24,13 @@ import java.util.Set;
import org.testng.annotations.Test;
import ch.rinn.restrictions.Friend;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.Role.RoleLevel;
+import ch.systemsx.cisd.openbis.generic.server.authorization.DefaultAccessController;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleLevel;
import ch.systemsx.cisd.openbis.generic.shared.dto.DatabaseInstancePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.GroupIdentifier;
/**
@@ -42,25 +44,26 @@ public final class RoleWithIdentifierTest extends AuthorizationTestCase
@Test
public final void testEqualityWithRole()
{
- final Role role = new Role(RoleLevel.SPACE, RoleCode.ADMIN);
+ final RoleWithHierarchy role = RoleWithHierarchy.valueOf(RoleLevel.SPACE, RoleCode.ADMIN);
RoleWithIdentifier roleWithCode =
createGroupRole(RoleCode.ADMIN, new GroupIdentifier(INSTANCE_IDENTIFIER, "CISD"));
- assertEquals(role, roleWithCode);
- roleWithCode = createGroupRole(RoleCode.ADMIN, new GroupIdentifier(INSTANCE_IDENTIFIER, ""));
- assertEquals(role, roleWithCode);
+ assertEquals(role, roleWithCode.getRole());
+ roleWithCode =
+ createGroupRole(RoleCode.ADMIN, new GroupIdentifier(INSTANCE_IDENTIFIER, ""));
+ assertEquals(role, roleWithCode.getRole());
}
@Test
public final void testRetainAll()
{
- final Set<Role> singleton =
- Collections.singleton(new Role(RoleLevel.SPACE, RoleCode.ADMIN));
+ final Set<RoleWithHierarchy> singleton =
+ Collections.singleton(RoleWithHierarchy.valueOf(RoleLevel.SPACE, RoleCode.ADMIN));
final List<RoleWithIdentifier> list = new ArrayList<RoleWithIdentifier>();
list.add(createGroupRole(RoleCode.ADMIN, new GroupIdentifier(INSTANCE_IDENTIFIER, "CISD")));
list.add(createGroupRole(RoleCode.USER, new GroupIdentifier(INSTANCE_IDENTIFIER, "3V")));
list.add(createGroupRole(RoleCode.ADMIN, new GroupIdentifier(INSTANCE_IDENTIFIER, "IMSB")));
- list.add(createInstanceRole(RoleCode.USER, INSTANCE_IDENTIFIER));
- list.retainAll(singleton);
+ list.add(createInstanceRole(RoleCode.ETL_SERVER, INSTANCE_IDENTIFIER));
+ DefaultAccessController.retainMatchingRoleWithIdentifiers(list, singleton);
assertEquals(2, list.size());
}
@@ -70,7 +73,7 @@ public final class RoleWithIdentifierTest extends AuthorizationTestCase
GroupPE group = new GroupPE();
DatabaseInstancePE instance = new DatabaseInstancePE();
new RoleWithIdentifier(RoleLevel.SPACE, RoleCode.USER, null, group);
- new RoleWithIdentifier(RoleLevel.INSTANCE, RoleCode.USER, instance, null);
+ new RoleWithIdentifier(RoleLevel.INSTANCE, RoleCode.OBSERVER, instance, null);
boolean fail = true;
try
{
@@ -83,7 +86,7 @@ public final class RoleWithIdentifierTest extends AuthorizationTestCase
fail = true;
try
{
- new RoleWithIdentifier(RoleLevel.INSTANCE, RoleCode.USER, null, group);
+ new RoleWithIdentifier(RoleLevel.INSTANCE, RoleCode.OBSERVER, null, group);
} catch (final AssertionError ex)
{
fail = false;
@@ -120,8 +123,8 @@ public final class RoleWithIdentifierTest extends AuthorizationTestCase
final RoleAssignmentPE roleAssignment = new RoleAssignmentPE();
roleAssignment.setDatabaseInstance(new DatabaseInstancePE());
roleAssignment.setRole(RoleCode.ADMIN);
- Role role = RoleWithIdentifier.createRole(roleAssignment);
- assertEquals(role.getRoleLevel(), Role.RoleLevel.INSTANCE);
+ RoleWithIdentifier role = RoleWithIdentifier.createRole(roleAssignment);
+ assertEquals(role.getRoleLevel(), RoleLevel.INSTANCE);
assertEquals(role.getRoleName(), RoleCode.ADMIN);
}
@@ -133,8 +136,8 @@ public final class RoleWithIdentifierTest extends AuthorizationTestCase
group.setDatabaseInstance(new DatabaseInstancePE());
roleAssignment.setGroup(group);
roleAssignment.setRole(RoleCode.OBSERVER);
- Role role = RoleWithIdentifier.createRole(roleAssignment);
- assertEquals(role.getRoleLevel(), Role.RoleLevel.SPACE);
+ RoleWithIdentifier role = RoleWithIdentifier.createRole(roleAssignment);
+ assertEquals(role.getRoleLevel(), RoleLevel.SPACE);
assertEquals(role.getRoleName(), RoleCode.OBSERVER);
}
}
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/ListSampleCriteriaPredicateTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/ListSampleCriteriaPredicateTest.java
index 0eee70dc19b..88d20cd779c 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/ListSampleCriteriaPredicateTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/ListSampleCriteriaPredicateTest.java
@@ -24,8 +24,8 @@ import org.testng.annotations.Test;
import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
import ch.systemsx.cisd.openbis.generic.shared.authorization.AuthorizationTestCase;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.SpaceOwnerKind;
import ch.systemsx.cisd.openbis.generic.shared.authorization.RoleWithIdentifier;
+import ch.systemsx.cisd.openbis.generic.shared.authorization.SpaceOwnerKind;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ListSampleCriteria;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/MatchingEntityValidatorTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/MatchingEntityValidatorTest.java
index 015715aece4..5d3c9ed23b6 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/MatchingEntityValidatorTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/authorization/validator/MatchingEntityValidatorTest.java
@@ -20,8 +20,8 @@ import org.testng.annotations.Test;
import ch.rinn.restrictions.Friend;
import ch.systemsx.cisd.openbis.generic.shared.authorization.AuthorizationTestCase;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.MatchingEntity;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
import ch.systemsx.cisd.openbis.generic.shared.dto.ExperimentPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.IMatchingEntity;
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/basic/ExpressionUtilTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/basic/ExpressionUtilTest.java
index 5dcf7d70025..422aaa24aef 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/basic/ExpressionUtilTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/basic/ExpressionUtilTest.java
@@ -22,7 +22,6 @@ import java.util.Collection;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;
-import ch.systemsx.cisd.openbis.generic.shared.basic.ExpressionUtil;
import ch.systemsx.cisd.openbis.generic.shared.translator.GridCustomExpressionTranslator.GridCustomFilterTranslator;
/**
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleWithHierarchyTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleWithHierarchyTest.java
new file mode 100644
index 00000000000..9ffd9b48f93
--- /dev/null
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleWithHierarchyTest.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2010 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.shared.basic.dto;
+
+import org.testng.AssertJUnit;
+import org.testng.annotations.Test;
+
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleLevel;
+
+/**
+ * Test cases for {@link RoleWithHierarchy}.
+ *
+ * @author Izabela Adamczyk
+ */
+public class RoleWithHierarchyTest extends AssertJUnit
+{
+
+ @Test
+ public void testNamingConvention()
+ {
+ for (RoleWithHierarchy role : RoleWithHierarchy.values())
+ {
+ boolean matchingConvention = false;
+ for (RoleLevel level : RoleLevel.values())
+ {
+ for (RoleCode code : RoleCode.values())
+ {
+ if (role.name().equals(level.name() + "_" + code.name()))
+ {
+ matchingConvention = true;
+ }
+ }
+ }
+ assertTrue(matchingConvention);
+ }
+ }
+
+ @Test
+ public void testValueOf() throws Exception
+ {
+ assertEquals(RoleWithHierarchy.INSTANCE_OBSERVER, RoleWithHierarchy.valueOf(
+ RoleLevel.INSTANCE, RoleCode.OBSERVER));
+ assertEquals(RoleWithHierarchy.SPACE_ADMIN, RoleWithHierarchy.valueOf(RoleLevel.SPACE,
+ RoleCode.ADMIN));
+ }
+
+ @Test
+ public void testFigureRoleCode() throws Exception
+ {
+ assertEquals(RoleCode.USER, RoleWithHierarchy.figureRoleCode("SPACE_USER", RoleLevel.SPACE));
+ assertEquals(RoleCode.POWER_USER, RoleWithHierarchy.figureRoleCode("SPACE_POWER_USER",
+ RoleLevel.SPACE));
+ assertEquals(RoleCode.ADMIN, RoleWithHierarchy.figureRoleCode("INSTANCE_ADMIN",
+ RoleLevel.INSTANCE));
+ }
+
+ @Test(expectedExceptions = IllegalArgumentException.class)
+ public void testFigureRoleCodeNotMatchingConvention() throws Exception
+ {
+ RoleWithHierarchy.figureRoleCode("INSTANCE_ADMIN", RoleLevel.SPACE);
+ }
+
+ @Test
+ public void testFigureRoleLevel() throws Exception
+ {
+ assertEquals(RoleLevel.SPACE, RoleWithHierarchy.figureRoleLevel("SPACE_USER"));
+ assertEquals(RoleLevel.INSTANCE, RoleWithHierarchy.figureRoleLevel("INSTANCE_USER"));
+ }
+
+ @Test(expectedExceptions = IllegalArgumentException.class)
+ public void testFigureRoleLevelNotMatchingConvention() throws Exception
+ {
+ RoleWithHierarchy.figureRoleLevel("NONE");
+ }
+
+ @Test(expectedExceptions = IllegalArgumentException.class)
+ public void testFigureRoleLevelNotMatchingConventionNoSeparator() throws Exception
+ {
+ RoleWithHierarchy.figureRoleLevel("SPACEUSER");
+ }
+
+ @Test(expectedExceptions = IllegalArgumentException.class)
+ public void testFigureRoleLevelNotMatchingConventionNonexistentLevel() throws Exception
+ {
+ RoleWithHierarchy.figureRoleLevel("PROJECT_USER");
+ }
+
+}
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/demo/shared/IDemoServer.java.expected b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/demo/shared/IDemoServer.java.expected
index bc042427913..a539f7222d6 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/demo/shared/IDemoServer.java.expected
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/demo/shared/IDemoServer.java.expected
@@ -24,13 +24,13 @@ import ch.systemsx.cisd.common.exceptions.UserFailureException;
import ch.systemsx.cisd.openbis.generic.shared.DatabaseCreateOrDeleteModification;
import ch.systemsx.cisd.openbis.generic.shared.IServer;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.AuthorizationGuard;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.NewSamplePredicate;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.SampleTechIdPredicate;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewAttachment;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewSample;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleParentWithDerived;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseModificationKind.ObjectKind;
@@ -46,7 +46,7 @@ public interface IDemoServer extends IServer
* Returns number of experiments.
*/
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public int getNumberOfExperiments(String sessionToken);
/**
@@ -57,7 +57,7 @@ public interface IDemoServer extends IServer
* uniquely identified by given <var>sampleId</var> does not exist.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public SampleParentWithDerived getSampleInfo(final String sessionToken,
@AuthorizationGuard(guardClass = SampleTechIdPredicate.class) final TechId sampleId)
throws UserFailureException;
@@ -66,7 +66,7 @@ public interface IDemoServer extends IServer
* Registers a new sample.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SAMPLE)
public void registerSample(final String sessionToken,
@AuthorizationGuard(guardClass = NewSamplePredicate.class) final NewSample newSample,
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/FillSampleRegistrationForm.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/FillSampleRegistrationForm.java
index b7952ef59b2..34d26032b54 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/FillSampleRegistrationForm.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/generic/client/web/client/application/sample/FillSampleRegistrationForm.java
@@ -19,13 +19,13 @@ package ch.systemsx.cisd.openbis.plugin.generic.client.web.client.application.sa
import java.util.ArrayList;
import java.util.List;
+import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.model.ModelDataPropertyNames;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.AbstractRegistrationForm;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.GroupSelectionWidget;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.field.ExperimentChooserField;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.ui.field.SampleChooserField;
import ch.systemsx.cisd.openbis.generic.client.web.client.application.util.GWTUtils;
-import ch.systemsx.cisd.common.shared.basic.utils.StringUtils;
import ch.systemsx.cisd.openbis.generic.client.web.client.testframework.AbstractDefaultTestCommand;
import ch.systemsx.cisd.openbis.generic.client.web.client.testframework.GWTTestUtil;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/generic/shared/IGenericServer.java.expected b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/generic/shared/IGenericServer.java.expected
index 072e43b3054..08a0e3347ef 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/generic/shared/IGenericServer.java.expected
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/generic/shared/IGenericServer.java.expected
@@ -27,7 +27,6 @@ import ch.systemsx.cisd.openbis.generic.shared.DatabaseCreateOrDeleteModificatio
import ch.systemsx.cisd.openbis.generic.shared.DatabaseUpdateModification;
import ch.systemsx.cisd.openbis.generic.shared.IServer;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.AuthorizationGuard;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.DataSetUpdatesPredicate;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.ExperimentUpdatesPredicate;
@@ -55,6 +54,7 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewExperiment;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewMaterial;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewSample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewSamplesWithTypes;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleParentWithDerived;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseModificationKind.ObjectKind;
@@ -78,7 +78,7 @@ public interface IGenericServer extends IServer
* uniquely identified by given <var>sampleId</var> does not exist.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public SampleParentWithDerived getSampleInfo(final String sessionToken,
@AuthorizationGuard(guardClass = SampleTechIdPredicate.class) final TechId sampleId)
throws UserFailureException;
@@ -87,7 +87,7 @@ public interface IGenericServer extends IServer
* Registers a new sample.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SAMPLE)
public void registerSample(final String sessionToken,
@AuthorizationGuard(guardClass = NewSamplePredicate.class) final NewSample newSample,
@@ -97,7 +97,7 @@ public interface IGenericServer extends IServer
* For given {@link ExperimentIdentifier} returns the corresponding {@link Experiment}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public Experiment getExperimentInfo(
String sessionToken,
@AuthorizationGuard(guardClass = SpaceIdentifierPredicate.class) ExperimentIdentifier identifier);
@@ -106,7 +106,7 @@ public interface IGenericServer extends IServer
* For given {@link TechId} returns the corresponding {@link Experiment}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public Experiment getExperimentInfo(String sessionToken,
@AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class) TechId experimentId);
@@ -114,14 +114,14 @@ public interface IGenericServer extends IServer
* For given {@link TechId} returns the corresponding {@link Material}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public Material getMaterialInfo(String sessionToken, TechId materialId);
/**
* For given {@link TechId} returns the corresponding {@link ExternalData}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public ExternalData getDataSetInfo(String sessionToken,
@AuthorizationGuard(guardClass = DataSetTechIdPredicate.class) TechId datasetId);
@@ -129,7 +129,7 @@ public interface IGenericServer extends IServer
* Returns attachment described by given experiment identifier, filename and version.
*/
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public AttachmentWithContent getExperimentFileAttachment(String sessionToken,
@AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class) TechId experimentId,
String filename, int version) throws UserFailureException;
@@ -138,7 +138,7 @@ public interface IGenericServer extends IServer
* Registers samples of different types in batches.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SAMPLE)
public void registerSamples(
final String sessionToken,
@@ -149,7 +149,7 @@ public interface IGenericServer extends IServer
* Registers or updates samples of different types in batches.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.SAMPLE)
public void registerOrUpdateSamples(
final String sessionToken,
@@ -160,7 +160,7 @@ public interface IGenericServer extends IServer
* Updates samples of different types in batches.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseUpdateModification(value = ObjectKind.SAMPLE)
public void updateSamples(
final String sessionToken,
@@ -171,7 +171,7 @@ public interface IGenericServer extends IServer
* Registers experiment. At the same time samples may be registered or updated.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseCreateOrDeleteModification(value =
{ ObjectKind.EXPERIMENT, ObjectKind.SAMPLE })
@DatabaseUpdateModification(value = ObjectKind.SAMPLE)
@@ -184,7 +184,7 @@ public interface IGenericServer extends IServer
* Registers materials in batch.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.MATERIAL)
public void registerMaterials(String sessionToken, String materialTypeCode,
List<NewMaterial> newMaterials) throws UserFailureException;
@@ -194,7 +194,7 @@ public interface IGenericServer extends IServer
* are not mentioned stay unchanged).
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseCreateOrDeleteModification(value = ObjectKind.MATERIAL)
public void registerOrUpdateMaterials(String sessionToken, String materialTypeCode,
List<NewMaterial> newMaterials) throws UserFailureException;
@@ -203,7 +203,7 @@ public interface IGenericServer extends IServer
* Returns attachment described by given sample identifier, filename and version.
*/
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public AttachmentWithContent getSampleFileAttachment(String sessionToken,
@AuthorizationGuard(guardClass = SampleTechIdPredicate.class) TechId sampleId,
String fileName, int version);
@@ -212,7 +212,7 @@ public interface IGenericServer extends IServer
* Returns attachment described by given project identifier, filename and version.
*/
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public AttachmentWithContent getProjectFileAttachment(String sessionToken,
@AuthorizationGuard(guardClass = ProjectTechIdPredicate.class) TechId projectId,
String fileName, int version);
@@ -221,14 +221,14 @@ public interface IGenericServer extends IServer
* Returns a list of unique codes.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<String> generateCodes(String sessionToken, String prefix, int number);
/**
* Saves changed experiment.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseUpdateModification(value =
{ ObjectKind.EXPERIMENT, ObjectKind.SAMPLE })
public ExperimentUpdateResult updateExperiment(
@@ -239,7 +239,7 @@ public interface IGenericServer extends IServer
* Saves changed material.
*/
@Transactional
- @RolesAllowed(RoleSet.INSTANCE_ADMIN)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
@DatabaseUpdateModification(value = ObjectKind.MATERIAL)
public Date updateMaterial(String sessionToken, TechId materialId,
List<IEntityProperty> properties, Date version);
@@ -248,7 +248,7 @@ public interface IGenericServer extends IServer
* Saves changed sample.
*/
@Transactional
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@DatabaseUpdateModification(value = ObjectKind.SAMPLE)
public Date updateSample(String sessionToken,
@AuthorizationGuard(guardClass = SampleUpdatesPredicate.class) SampleUpdatesDTO updates);
@@ -257,7 +257,7 @@ public interface IGenericServer extends IServer
* Saves changed data set.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public DataSetUpdateResult updateDataSet(
String sessionToken,
@@ -267,7 +267,7 @@ public interface IGenericServer extends IServer
* Updates data sets of different types in batches.
*/
@Transactional
- @RolesAllowed(RoleSet.POWER_USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_POWER_USER)
@DatabaseUpdateModification(value = ObjectKind.DATA_SET)
public void updateDataSets(
final String sessionToken,
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/query/shared/IQueryServer.java.expected b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/query/shared/IQueryServer.java.expected
index 529a9d6f83b..94725f5fe17 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/query/shared/IQueryServer.java.expected
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/query/shared/IQueryServer.java.expected
@@ -24,11 +24,11 @@ import ch.systemsx.cisd.openbis.generic.shared.DatabaseCreateOrDeleteModificatio
import ch.systemsx.cisd.openbis.generic.shared.DatabaseUpdateModification;
import ch.systemsx.cisd.openbis.generic.shared.IServer;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.ReturnValueFilter;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
import ch.systemsx.cisd.openbis.generic.shared.authorization.validator.ExpressionValidator;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.QueryType;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TableModel;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.DatabaseModificationKind.ObjectKind;
import ch.systemsx.cisd.openbis.plugin.query.shared.authorization.QueryAccessController;
@@ -46,40 +46,40 @@ public interface IQueryServer extends IServer
{
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public int initDatabases(String sessionToken);
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<QueryDatabase> listQueryDatabases(String sessionToken);
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public TableModel queryDatabase(String sessionToken, QueryDatabase database, String sqlQuery,
QueryParameterBindings bindings);
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public TableModel queryDatabase(String sessionToken, TechId queryId,
QueryParameterBindings bindings);
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = ExpressionValidator.class)
public List<QueryExpression> listQueries(String sessionToken, QueryType queryType);
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.QUERY)
public void registerQuery(String sessionToken, NewQuery expression);
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@DatabaseCreateOrDeleteModification(value = ObjectKind.QUERY)
public void deleteQueries(String sessionToken, List<TechId> queryIds);
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@DatabaseUpdateModification(value = ObjectKind.QUERY)
public void updateQuery(String sessionToken, IQueryUpdates updates);
}
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/QueryAccessControllerTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/QueryAccessControllerTest.java
index 6470fcc50b7..d066492e56c 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/QueryAccessControllerTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/QueryAccessControllerTest.java
@@ -24,12 +24,12 @@ import java.util.Set;
import org.testng.annotations.Test;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
import ch.systemsx.cisd.openbis.generic.shared.dto.DatabaseInstancePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.GroupPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.RoleCode;
/**
* Test cases for {@link QueryAccessController}
@@ -84,7 +84,7 @@ public class QueryAccessControllerTest
@Test
public final void testIsAuthorizedWithNoPersonFailure()
{
- assertFalse(QueryAccessController.isAuthorized(null, null, RoleSet.USER));
+ assertFalse(QueryAccessController.isAuthorized(null, null, RoleWithHierarchy.SPACE_USER));
}
// no space
@@ -97,7 +97,8 @@ public class QueryAccessControllerTest
roleAssignments.add(createInstanceRole(RoleCode.ADMIN));
person.setRoleAssignments(roleAssignments);
- assertTrue(QueryAccessController.isAuthorized(person, null, RoleSet.INSTANCE_ADMIN));
+ assertTrue(QueryAccessController.isAuthorized(person, null,
+ RoleWithHierarchy.INSTANCE_ADMIN));
}
@Test
@@ -109,7 +110,8 @@ public class QueryAccessControllerTest
roleAssignments.add(createGroupRole("G2", RoleCode.POWER_USER));
person.setRoleAssignments(roleAssignments);
- assertTrue(QueryAccessController.isAuthorized(person, null, RoleSet.POWER_USER));
+ assertTrue(QueryAccessController.isAuthorized(person, null,
+ RoleWithHierarchy.SPACE_POWER_USER));
}
@Test
@@ -121,7 +123,8 @@ public class QueryAccessControllerTest
roleAssignments.add(createGroupRole("G2", RoleCode.POWER_USER));
person.setRoleAssignments(roleAssignments);
- assertFalse(QueryAccessController.isAuthorized(person, null, RoleSet.INSTANCE_ADMIN));
+ assertFalse(QueryAccessController.isAuthorized(person, null,
+ RoleWithHierarchy.INSTANCE_ADMIN));
}
@Test
@@ -133,7 +136,8 @@ public class QueryAccessControllerTest
roleAssignments.add(createGroupRole("G2", RoleCode.USER));
person.setRoleAssignments(roleAssignments);
- assertFalse(QueryAccessController.isAuthorized(person, null, RoleSet.POWER_USER));
+ assertFalse(QueryAccessController.isAuthorized(person, null,
+ RoleWithHierarchy.SPACE_POWER_USER));
}
// with space
@@ -147,8 +151,8 @@ public class QueryAccessControllerTest
roleAssignments.add(createGroupRole("G2", RoleCode.POWER_USER));
person.setRoleAssignments(roleAssignments);
- assertTrue(QueryAccessController
- .isAuthorized(person, createGroup("G2"), RoleSet.POWER_USER));
+ assertTrue(QueryAccessController.isAuthorized(person, createGroup("G2"),
+ RoleWithHierarchy.SPACE_POWER_USER));
}
@Test
@@ -159,8 +163,8 @@ public class QueryAccessControllerTest
roleAssignments.add(createInstanceRole(RoleCode.ADMIN));
person.setRoleAssignments(roleAssignments);
- assertTrue(QueryAccessController
- .isAuthorized(person, createGroup("G1"), RoleSet.POWER_USER));
+ assertTrue(QueryAccessController.isAuthorized(person, createGroup("G1"),
+ RoleWithHierarchy.SPACE_POWER_USER));
}
@Test
@@ -173,7 +177,7 @@ public class QueryAccessControllerTest
person.setRoleAssignments(roleAssignments);
assertFalse(QueryAccessController.isAuthorized(person, createGroup("G1"),
- RoleSet.POWER_USER));
+ RoleWithHierarchy.SPACE_POWER_USER));
}
@Test
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/result_filter/QueryResultFilterTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/result_filter/QueryResultFilterTest.java
index 30e473d2b39..5706cfda12d 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/result_filter/QueryResultFilterTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/plugin/query/shared/authorization/result_filter/QueryResultFilterTest.java
@@ -28,9 +28,9 @@ import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
import ch.rinn.restrictions.Friend;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.EntityKind;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ISerializableComparable;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.StringTableCell;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TableModel;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TableModelColumnHeader;
@@ -187,10 +187,10 @@ public class QueryResultFilterTest extends AssertJUnit
exactly(2).of(loader).loadGroups(new HashSet<String>());
will(returnValue(new HashMap<String, GroupPE>()));
- one(authorizationChecker).isAuthorized(person, group, RoleSet.OBSERVER);
+ one(authorizationChecker).isAuthorized(person, group, RoleWithHierarchy.SPACE_OBSERVER);
will(returnValue(true));
- one(authorizationChecker).isAuthorized(person, null, RoleSet.OBSERVER);
+ one(authorizationChecker).isAuthorized(person, null, RoleWithHierarchy.SPACE_OBSERVER);
will(returnValue(false));
}
});
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/SetSessionUserTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/SetSessionUserTest.java
index a0a8e3da0e9..4fe812f74a7 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/SetSessionUserTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/SetSessionUserTest.java
@@ -35,24 +35,22 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleType;
import ch.systemsx.cisd.openbis.generic.shared.dto.SessionContextDTO;
/**
- *
- *
* @author Franz-Josef Elmer
*/
@Test(groups = "system test")
public class SetSessionUserTest extends SystemTestCase
{
@Autowired
- public WhiteListBasedRemoteHostValidator remoteHostValidator;
-
+ public WhiteListBasedRemoteHostValidator remoteHostValidator;
+
private BufferedAppender logRecorder;
-
+
@BeforeMethod
public void setUp()
{
logRecorder = new BufferedAppender("%m%n", Level.INFO);
}
-
+
@AfterMethod
public void tearDown()
{
@@ -63,7 +61,7 @@ public class SetSessionUserTest extends SystemTestCase
@Test
public void testNotInstanceAdmin()
{
-
+
SessionContextDTO session = commonServer.tryToAuthenticate("observer", "a");
String sessionToken = session.getSessionToken();
try
@@ -72,11 +70,11 @@ public class SetSessionUserTest extends SystemTestCase
fail("AuthorizationFailureException expected");
} catch (AuthorizationFailureException ex)
{
- assertEquals("Authorization failure: None of method roles '[INSTANCE.ADMIN]' " +
- "could be found in roles of user 'observer'.", ex.getMessage());
+ assertEquals("Authorization failure: None of method roles '[INSTANCE_ADMIN]' "
+ + "could be found in roles of user 'observer'.", ex.getMessage());
}
}
-
+
@Test
public void testUnkownRemoteHost()
{
@@ -89,14 +87,15 @@ public class SetSessionUserTest extends SystemTestCase
fail("UserFailureException expected");
} catch (UserFailureException ex)
{
- assertEquals("It is not allowed to change the user from remote host localhost", ex.getMessage());
+ assertEquals("It is not allowed to change the user from remote host localhost", ex
+ .getMessage());
}
}
-
+
@Test
public void testUnkownUser()
{
-
+
SessionContextDTO session = commonServer.tryToAuthenticate("test", "a");
String sessionToken = session.getSessionToken();
try
@@ -108,32 +107,32 @@ public class SetSessionUserTest extends SystemTestCase
assertEquals("Unknown user: dontKnow", ex.getMessage());
}
}
-
+
@Test
public void testLogging()
{
SessionContextDTO session = commonServer.tryToAuthenticate("test", "a");
String sessionToken = session.getSessionToken();
-
+
commonServer.setSessionUser(sessionToken, "observer");
-
+
String[] logContent = logRecorder.getLogContent().split("\n");
assertEquals(3, logContent.length);
String logLine = logContent[2];
assertTrue("Following log line does start as expected: " + logLine, logLine
.startsWith("[USER:'test' SPACE:'CISD' HOST:'localhost'"));
assertTrue("Following log line does end as expected: " + logLine, logLine
- .endsWith("set_session_user USER('observer')"));
-
+ .endsWith("set_session_user USER('observer')"));
+
commonServer.logout(sessionToken);
-
+
logContent = logRecorder.getLogContent().split("\n");
assertEquals(5, logContent.length);
logLine = logContent[4];
assertEquals("LOGOUT: Session '" + sessionToken + "' of user 'observer' has been closed.",
logLine);
}
-
+
@Test
public void testAuthorization()
{
@@ -145,13 +144,13 @@ public class SetSessionUserTest extends SystemTestCase
criteria.setSampleType(sampleType);
criteria.setIncludeSpace(true);
// INSTANCE ADMIN sees all samples
- assertEquals(15, commonServer.listSamples(sessionToken, criteria).size());
-
+ assertEquals(15, commonServer.listSamples(sessionToken, criteria).size());
+
commonServer.setSessionUser(sessionToken, "test");
commonServer.setSessionUser(sessionToken, "observer"); // allowed because still user 'test'
// Observer of another space sees nothing
assertEquals(0, commonServer.listSamples(sessionToken, criteria).size());
-
+
try
{
// not allowed because user 'observer' has no INSTANCE ADMIN rights
@@ -159,8 +158,8 @@ public class SetSessionUserTest extends SystemTestCase
fail("AuthorizationFailureException expected");
} catch (AuthorizationFailureException ex)
{
- assertEquals("Authorization failure: None of method roles '[INSTANCE.ADMIN]' " +
- "could be found in roles of user 'observer'.", ex.getMessage());
+ assertEquals("Authorization failure: None of method roles '[INSTANCE_ADMIN]' "
+ + "could be found in roles of user 'observer'.", ex.getMessage());
}
}
}
diff --git a/rtd_phosphonetx/source/java/ch/systemsx/cisd/openbis/plugin/phosphonetx/shared/IPhosphoNetXServer.java b/rtd_phosphonetx/source/java/ch/systemsx/cisd/openbis/plugin/phosphonetx/shared/IPhosphoNetXServer.java
index 8935dcee6f7..6a864326873 100644
--- a/rtd_phosphonetx/source/java/ch/systemsx/cisd/openbis/plugin/phosphonetx/shared/IPhosphoNetXServer.java
+++ b/rtd_phosphonetx/source/java/ch/systemsx/cisd/openbis/plugin/phosphonetx/shared/IPhosphoNetXServer.java
@@ -23,10 +23,10 @@ import org.springframework.transaction.annotation.Transactional;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
import ch.systemsx.cisd.openbis.generic.shared.IServer;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.AuthorizationGuard;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.AbstractTechIdPredicate.ExperimentTechIdPredicate;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Vocabulary;
import ch.systemsx.cisd.openbis.plugin.phosphonetx.shared.basic.dto.AbundanceColumnDefinition;
import ch.systemsx.cisd.openbis.plugin.phosphonetx.shared.basic.dto.AggregateFunction;
@@ -45,18 +45,18 @@ import ch.systemsx.cisd.openbis.plugin.phosphonetx.shared.basic.dto.SampleWithPr
public interface IPhosphoNetXServer extends IServer
{
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public Vocabulary getTreatmentTypeVocabulary(String sessionToken) throws UserFailureException;
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<AbundanceColumnDefinition> getAbundanceColumnDefinitionsForProteinByExperiment(
String sessionToken, @AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class)
TechId experimentID, String treatmentTypeOrNull) throws UserFailureException;
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<ProteinInfo> listProteinsByExperiment(String sessionToken,
@AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class)
TechId experimentId, double falseDiscoveryRate, AggregateFunction function,
@@ -64,30 +64,30 @@ public interface IPhosphoNetXServer extends IServer
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<ProteinSummary> listProteinSummariesByExperiment(String sessionToken,
@AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class) TechId experimentId)
throws UserFailureException;
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public ProteinByExperiment getProteinByExperiment(String sessionToken,
@AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class)
TechId experimentId, TechId proteinReferenceID) throws UserFailureException;
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<ProteinSequence> listProteinSequencesByProteinReference(String sessionToken,
TechId proteinReferenceID) throws UserFailureException;
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<DataSetProtein> listProteinsByExperimentAndReference(String sessionToken,
@AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class)
TechId experimentId, TechId proteinReferenceID) throws UserFailureException;
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<SampleWithPropertiesAndAbundance> listSamplesWithAbundanceByProtein(
String sessionToken, TechId experimentID, TechId proteinReferenceID)
throws UserFailureException;
diff --git a/rtd_phosphonetx/source/java/ch/systemsx/cisd/openbis/plugin/phosphonetx/shared/IRawDataServiceInternal.java b/rtd_phosphonetx/source/java/ch/systemsx/cisd/openbis/plugin/phosphonetx/shared/IRawDataServiceInternal.java
index 72c86d06156..a4d819a6e21 100644
--- a/rtd_phosphonetx/source/java/ch/systemsx/cisd/openbis/plugin/phosphonetx/shared/IRawDataServiceInternal.java
+++ b/rtd_phosphonetx/source/java/ch/systemsx/cisd/openbis/plugin/phosphonetx/shared/IRawDataServiceInternal.java
@@ -22,8 +22,8 @@ import org.springframework.transaction.annotation.Transactional;
import ch.systemsx.cisd.openbis.generic.shared.IServer;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.ReturnValueFilter;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.plugin.phosphonetx.shared.authorization.validator.RawDataSampleValidator;
import ch.systemsx.cisd.openbis.plugin.phosphonetx.shared.dto.MsInjectionSample;
@@ -39,12 +39,12 @@ public interface IRawDataServiceInternal extends IServer
* the specified user is allow to read.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
@ReturnValueFilter(validatorClass = RawDataSampleValidator.class)
public List<MsInjectionSample> listRawDataSamples(String sessionToken);
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.USER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_USER)
public void processRawData(String sessionToken, String dataSetProcessingKey,
long[] rawDataSampleIDs, String dataSetType);
}
\ No newline at end of file
diff --git a/rtd_phosphonetx/source/java/ch/systemsx/cisd/openbis/plugin/phosphonetx/shared/api/v1/IRawDataService.java b/rtd_phosphonetx/source/java/ch/systemsx/cisd/openbis/plugin/phosphonetx/shared/api/v1/IRawDataService.java
index 7a02066e4ee..d9793dedec3 100644
--- a/rtd_phosphonetx/source/java/ch/systemsx/cisd/openbis/plugin/phosphonetx/shared/api/v1/IRawDataService.java
+++ b/rtd_phosphonetx/source/java/ch/systemsx/cisd/openbis/plugin/phosphonetx/shared/api/v1/IRawDataService.java
@@ -21,8 +21,8 @@ import java.util.List;
import org.springframework.transaction.annotation.Transactional;
import ch.systemsx.cisd.common.api.IRpcService;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.plugin.phosphonetx.shared.api.v1.dto.DataStoreServerProcessingPluginInfo;
import ch.systemsx.cisd.openbis.plugin.phosphonetx.shared.api.v1.dto.MsInjectionDataInfo;
@@ -37,7 +37,7 @@ public interface IRawDataService extends IRpcService
* Name of this service for which it is registered at the RPC name server.
*/
public static final String SERVICE_NAME = "phosphonetx-raw-data";
-
+
/**
* Service part of the URL to access this service remotely.
*/
@@ -56,30 +56,30 @@ public interface IRawDataService extends IRpcService
*/
@Transactional(readOnly = true)
public void logout(String sessionToken);
-
+
/**
* Returns all samples of type MS_INJECTION in space MS_DATA which have a parent sample which
* the specified user is allow to read.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.INSTANCE_ADMIN_OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_OBSERVER)
public List<MsInjectionDataInfo> listRawDataSamples(String sessionToken, String userID);
/**
* Lists all processing plugins on DSS.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.INSTANCE_ADMIN_OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_OBSERVER)
public List<DataStoreServerProcessingPluginInfo> listDataStoreServerProcessingPluginInfos(
String sessionToken);
-
+
/**
* Processes the data sets of specified samples by the DSS processing plug-in of specified key
* for the specified user. Implementations should check that the specified user is allowed to
* read specified samples.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.INSTANCE_ADMIN_OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_OBSERVER)
public void processingRawData(String sessionToken, String userID, String dataSetProcessingKey,
long[] rawDataSampleIDs, String dataSetType);
}
diff --git a/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/IScreeningServer.java b/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/IScreeningServer.java
index aeb22f8e52e..8195cc72e97 100644
--- a/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/IScreeningServer.java
+++ b/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/IScreeningServer.java
@@ -23,7 +23,6 @@ import org.springframework.transaction.annotation.Transactional;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
import ch.systemsx.cisd.openbis.generic.shared.IServer;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.AuthorizationGuard;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.SampleTechIdPredicate;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.SpaceIdentifierPredicate;
@@ -31,6 +30,7 @@ import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.AbstractT
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.AbstractTechIdPredicate.ExperimentTechIdPredicate;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ExternalData;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleParentWithDerived;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.TableModel;
@@ -54,7 +54,7 @@ public interface IScreeningServer extends IServer
* image analysis only if one dataset with such a data exist.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public PlateContent getPlateContent(String sessionToken,
@AuthorizationGuard(guardClass = SampleTechIdPredicate.class) TechId plateId);
@@ -63,19 +63,19 @@ public interface IScreeningServer extends IServer
* specified dataset, which is supposed to contain images in BDS-HCS format.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public PlateImages getPlateContentForDataset(String sessionToken,
@AuthorizationGuard(guardClass = DataSetTechIdPredicate.class) TechId datasetId);
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<WellContent> getPlateLocations(
String sessionToken,
TechId geneMaterialId,
@AuthorizationGuard(guardClass = SpaceIdentifierPredicate.class) ExperimentIdentifier experimentIdentifier);
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<WellContent> listPlateLocations(
String sessionToken,
@AuthorizationGuard(guardClass = PlateMaterialsSearchCriteriaPredicate.class) PlateMaterialsSearchCriteria materialCriteria);
@@ -85,7 +85,7 @@ public interface IScreeningServer extends IServer
* specified experiment. It is assumed that all datasets are CSV files with the same headers.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public TableModel loadImageAnalysisForExperiment(String sessionToken,
@AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class) TechId experimentId);
@@ -94,7 +94,7 @@ public interface IScreeningServer extends IServer
* specified plate. It is assumed that all datasets are CSV files with the same headers.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public TableModel loadImageAnalysisForPlate(String sessionToken,
@AuthorizationGuard(guardClass = SampleTechIdPredicate.class) TechId plateId);
@@ -106,7 +106,7 @@ public interface IScreeningServer extends IServer
* uniquely identified by given <var>sampleId</var> does not exist.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public SampleParentWithDerived getSampleInfo(final String sessionToken,
@AuthorizationGuard(guardClass = SampleTechIdPredicate.class) final TechId sampleId)
throws UserFailureException;
@@ -115,7 +115,7 @@ public interface IScreeningServer extends IServer
* For given {@link TechId} returns the corresponding {@link ExternalData}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public ExternalData getDataSetInfo(String sessionToken,
@AuthorizationGuard(guardClass = DataSetTechIdPredicate.class) TechId datasetId);
@@ -123,6 +123,6 @@ public interface IScreeningServer extends IServer
* Returns vocabulary with given code.
*/
@Transactional
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public Vocabulary getVocabulary(String sessionToken, String code) throws UserFailureException;
}
diff --git a/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/api/v1/IScreeningApiServer.java b/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/api/v1/IScreeningApiServer.java
index ec3f11e0776..afa1183a174 100644
--- a/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/api/v1/IScreeningApiServer.java
+++ b/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/api/v1/IScreeningApiServer.java
@@ -23,9 +23,9 @@ import org.springframework.transaction.annotation.Transactional;
import ch.systemsx.cisd.common.api.IRpcService;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.AuthorizationGuard;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.ReturnValueFilter;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RoleSet;
import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.DataSetCodeCollectionPredicate;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.plugin.screening.shared.api.authorization.ScreenerPlateValidator;
import ch.systemsx.cisd.openbis.plugin.screening.shared.api.authorization.ScreenerReadonlyPlatePredicate;
import ch.systemsx.cisd.openbis.plugin.screening.shared.api.v1.dto.FeatureVectorDatasetReference;
@@ -72,7 +72,7 @@ public interface IScreeningApiServer extends IRpcService
* hierarchical context (space, project, experiment).
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@ReturnValueFilter(validatorClass = ScreenerPlateValidator.class)
List<Plate> listPlates(String sessionToken) throws IllegalArgumentException;
@@ -81,7 +81,7 @@ public interface IScreeningApiServer extends IRpcService
* sets containing feature vectors for each of these plates.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
List<FeatureVectorDatasetReference> listFeatureVectorDatasets(
String sessionToken,
@AuthorizationGuard(guardClass = ScreenerReadonlyPlatePredicate.class) List<? extends PlateIdentifier> plates)
@@ -92,7 +92,7 @@ public interface IScreeningApiServer extends IRpcService
* these plates.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
List<ImageDatasetReference> listImageDatasets(
String sessionToken,
@AuthorizationGuard(guardClass = ScreenerReadonlyPlatePredicate.class) List<? extends PlateIdentifier> plates)
@@ -102,7 +102,7 @@ public interface IScreeningApiServer extends IRpcService
* Converts a given list of dataset codes to dataset identifiers.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleSet.OBSERVER)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
List<IDatasetIdentifier> getDatasetIdentifiers(
String sessionToken,
@AuthorizationGuard(guardClass = DataSetCodeCollectionPredicate.class) List<String> datasetCodes);
--
GitLab