diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java
index 4460cb1e4afda8ae6253612b09c99f356c599052..5e0ba9043b8764c443844b4a4608111804e9b5c1 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java
@@ -59,6 +59,7 @@ import ch.systemsx.cisd.openbis.dss.generic.server.ConfigParameters.PluginServle
import ch.systemsx.cisd.openbis.dss.generic.server.api.v1.DssServiceRpcGeneric;
import ch.systemsx.cisd.openbis.dss.generic.shared.IEncapsulatedOpenBISService;
import ch.systemsx.cisd.openbis.dss.generic.shared.ServiceProvider;
+import ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.IDssServiceRpcGenericInternal;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.DataStoreApiUrlUtilities;
import ch.systemsx.cisd.openbis.dss.generic.shared.utils.DssPropertyParametersUtil;
import ch.systemsx.cisd.openbis.generic.shared.IServer;
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DssServiceRpcAuthorizationAdvisor.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DssServiceRpcAuthorizationAdvisor.java
index f183acec8a564a92b79242f84faddbd386cd99b1..dc99cbe01e1b64f8a8a27f5b1d90a8b711fcd9a9 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DssServiceRpcAuthorizationAdvisor.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DssServiceRpcAuthorizationAdvisor.java
@@ -76,17 +76,17 @@ public class DssServiceRpcAuthorizationAdvisor extends DefaultPointcutAdvisor
*
* @param methodInterceptor
*/
- DssServiceRpcAuthorizationAdvisor(MethodInterceptor methodInterceptor)
+ public DssServiceRpcAuthorizationAdvisor(MethodInterceptor methodInterceptor)
{
super(new AnnotationMatchingPointcut(null, DataSetAccessGuard.class), methodInterceptor);
}
/**
- * Package visible class for verifying authorization.
+ * Class for verifying authorization. Made public so it can be extended in tests.
*
* @author Chandrasekhar Ramakrishnan
*/
- static class DssServiceRpcAuthorizationMethodInterceptor implements MethodInterceptor
+ public static class DssServiceRpcAuthorizationMethodInterceptor implements MethodInterceptor
{
/**
* Get the session token and any guarded parameters and invoke the guards on those
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/api/v1/DssServiceRpcGeneric.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/api/v1/DssServiceRpcGeneric.java
index f82007a7c9363c41860963d451e03d06e481a5c1..4a15b239513a4113e000e2295c2d85d85c63eeb1 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/api/v1/DssServiceRpcGeneric.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/api/v1/DssServiceRpcGeneric.java
@@ -25,8 +25,8 @@ import java.util.ArrayList;
import ch.systemsx.cisd.base.exceptions.IOExceptionUnchecked;
import ch.systemsx.cisd.etlserver.api.v1.PutDataSetService;
import ch.systemsx.cisd.openbis.dss.generic.server.AbstractDssServiceRpc;
-import ch.systemsx.cisd.openbis.dss.generic.server.IDssServiceRpcGenericInternal;
import ch.systemsx.cisd.openbis.dss.generic.shared.IEncapsulatedOpenBISService;
+import ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.IDssServiceRpcGenericInternal;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.DataSetFileDTO;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.FileInfoDssBuilder;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.FileInfoDssDTO;
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataSetCodeStringPredicate.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/DataSetCodeStringPredicate.java
similarity index 90%
rename from datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataSetCodeStringPredicate.java
rename to datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/DataSetCodeStringPredicate.java
index d93a912ad216f5c9dc3edef177ccb39d54e8bc7b..3906b6c795eb479028d83a4e869b6ca29f3b9bb1 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataSetCodeStringPredicate.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/DataSetCodeStringPredicate.java
@@ -14,11 +14,10 @@
* limitations under the License.
*/
-package ch.systemsx.cisd.openbis.dss.generic.server;
+package ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization;
import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
-import ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.IAuthorizationGuardPredicate;
/**
* Predicate for checking that the current user has access to a data set specified by code.
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataSetFileDTOPredicate.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/DataSetFileDTOPredicate.java
similarity index 91%
rename from datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataSetFileDTOPredicate.java
rename to datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/DataSetFileDTOPredicate.java
index 494639b2bd9da77e31d278c65f2a1f95520c9893..3317fc860f55c07d87c13fa88e1b0411a71c9ac4 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataSetFileDTOPredicate.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/DataSetFileDTOPredicate.java
@@ -14,11 +14,10 @@
* limitations under the License.
*/
-package ch.systemsx.cisd.openbis.dss.generic.server;
+package ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization;
import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
-import ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.IAuthorizationGuardPredicate;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.DataSetFileDTO;
/**
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/IAuthorizationGuardPredicate.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/IAuthorizationGuardPredicate.java
index 8a8fc37c0749a5c26c0f26b6c6c9e4d5af28e092..b31739a7812ff43bc08a47956e9072a50709a734 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/IAuthorizationGuardPredicate.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/IAuthorizationGuardPredicate.java
@@ -21,10 +21,22 @@ import ch.systemsx.cisd.common.exceptions.UserFailureException;
/**
* Interface for objects that can function as guardClasses in an AuthorizationGuard.
+ * <p>
+ * Predicates should return Status.OK if the user is authorized for the action; they should return a
+ * status with an appropriate error message if the user is not authorized.
*
* @author Chandrasekhar Ramakrishnan
*/
public interface IAuthorizationGuardPredicate<T /* Receiver */, D /* Argument */>
{
+
+ /**
+ * Evaluate the predicate for the receiver object, sessionToken, and predicate argument.
+ *
+ * @param receiver The object on which the guarded method was called
+ * @param sessionToken A token identifying the user
+ * @param argument The argument to the predicate
+ * @return Status.OK if the action is allowed, Status.createError(<a message>) otherwise.
+ */
public Status evaluate(T receiver, String sessionToken, D argument) throws UserFailureException;
}
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/IDssServiceRpcGenericInternal.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/IDssServiceRpcGenericInternal.java
similarity index 91%
rename from datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/IDssServiceRpcGenericInternal.java
rename to datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/IDssServiceRpcGenericInternal.java
index 4c261c5c3620011cd17a84d51105cb083ffc9654..c84a710d73ec060f9093c46193a3befad4925049 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/IDssServiceRpcGenericInternal.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/IDssServiceRpcGenericInternal.java
@@ -14,10 +14,11 @@
* limitations under the License.
*/
-package ch.systemsx.cisd.openbis.dss.generic.server;
+package ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization;
import java.io.File;
+import ch.systemsx.cisd.openbis.dss.generic.server.DataStoreServer;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.IDssServiceRpcGeneric;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.SpaceIdentifier;
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/NewDataSetPredicate.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/NewDataSetPredicate.java
similarity index 96%
rename from datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/NewDataSetPredicate.java
rename to datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/NewDataSetPredicate.java
index 20e64f4025d886dfa73e10bd041a1008a690e4a2..977ed3cd686b71398ec20918266dfc5d45891667 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/NewDataSetPredicate.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/NewDataSetPredicate.java
@@ -14,11 +14,10 @@
* limitations under the License.
*/
-package ch.systemsx.cisd.openbis.dss.generic.server;
+package ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization;
import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
-import ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.IAuthorizationGuardPredicate;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.NewDataSetDTO;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.NewDataSetDTO.DataSetOwner;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.ExperimentIdentifier;
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/v1/IDssServiceRpcGeneric.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/v1/IDssServiceRpcGeneric.java
index d6769be89314f431010de4567082ed8a24ced157..7976c9bf308d937b6726ed181d31fa16e7ecc074 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/v1/IDssServiceRpcGeneric.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/v1/IDssServiceRpcGeneric.java
@@ -20,11 +20,11 @@ import java.io.InputStream;
import ch.systemsx.cisd.base.exceptions.IOExceptionUnchecked;
import ch.systemsx.cisd.common.api.IRpcService;
-import ch.systemsx.cisd.openbis.dss.generic.server.DataSetCodeStringPredicate;
-import ch.systemsx.cisd.openbis.dss.generic.server.DataSetFileDTOPredicate;
-import ch.systemsx.cisd.openbis.dss.generic.server.NewDataSetPredicate;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.AuthorizationGuard;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.DataSetAccessGuard;
+import ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.DataSetCodeStringPredicate;
+import ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.DataSetFileDTOPredicate;
+import ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.NewDataSetPredicate;
/**
* Generic functionality for interacting with the DSS.
diff --git a/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/client/api/v1/impl/DssComponentTest.java b/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/client/api/v1/impl/DssComponentTest.java
index 835039f3a5e9eb1da8a2d2f97f0d10ab75986d24..b0a95c7523c8d8f643e949e7ab8a82c19e719473 100644
--- a/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/client/api/v1/impl/DssComponentTest.java
+++ b/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/client/api/v1/impl/DssComponentTest.java
@@ -46,9 +46,9 @@ import ch.systemsx.cisd.common.exceptions.EnvironmentFailureException;
import ch.systemsx.cisd.openbis.dss.client.api.v1.IDataSetDss;
import ch.systemsx.cisd.openbis.dss.generic.server.AbstractDssServiceRpc;
import ch.systemsx.cisd.openbis.dss.generic.server.DssServiceRpcAuthorizationAdvisor;
-import ch.systemsx.cisd.openbis.dss.generic.server.IDssServiceRpcGenericInternal;
import ch.systemsx.cisd.openbis.dss.generic.server.api.v1.DssServiceRpcGeneric;
import ch.systemsx.cisd.openbis.dss.generic.shared.IEncapsulatedOpenBISService;
+import ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.IDssServiceRpcGenericInternal;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.DataSetFileDTO;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.DataStoreApiUrlUtilities;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.FileInfoDssBuilder;
diff --git a/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/generic/server/DssServiceRpcV1Test.java b/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/generic/server/DssServiceRpcV1Test.java
index 56ecc3ec1706d90886ff2313279911a5ff112ddc..79e1ad71fe882d845e1a19563590b1cac3fbcf45 100644
--- a/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/generic/server/DssServiceRpcV1Test.java
+++ b/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/generic/server/DssServiceRpcV1Test.java
@@ -57,6 +57,7 @@ import ch.systemsx.cisd.etlserver.validation.IDataSetValidator;
import ch.systemsx.cisd.openbis.dss.generic.server.DssServiceRpcAuthorizationAdvisor.DssServiceRpcAuthorizationMethodInterceptor;
import ch.systemsx.cisd.openbis.dss.generic.server.api.v1.DssServiceRpcGeneric;
import ch.systemsx.cisd.openbis.dss.generic.shared.IEncapsulatedOpenBISService;
+import ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.IDssServiceRpcGenericInternal;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.DataSetFileDTO;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.FileInfoDssBuilder;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.FileInfoDssDTO;
@@ -499,7 +500,7 @@ public class DssServiceRpcV1Test extends AbstractFileSystemTestCase
private static class TestMethodInterceptor extends DssServiceRpcAuthorizationMethodInterceptor
implements MethodInterceptor
{
- boolean methodInvoked = false;
+ private boolean methodInvoked = false;
@Override
public Object invoke(MethodInvocation methodInvocation) throws Throwable